WorldWideScience

Sample records for modelling security requirements

  1. DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTURES – WEB SERVICES CASE STUDY

    Directory of Open Access Journals (Sweden)

    M.Upendra Kumar

    2011-07-01

    Full Text Available Software Engineering covers the definition of processes, techniques and models suitable for its environment to guarantee quality of results. An important design artifact in any software development project is the Software Architecture. Software Architecture’s important part is the set of architectural design rules. A primary goal of the architecture is to capture the architecture design decisions. An important part of these design decisions consists of architectural design rules In an MDA (Model-Driven Architecture context, the design of the system architecture is captured in the models of the system. MDA is known to be layered approach for modeling the architectural design rules and uses design patterns to improve the quality of software system. And to include the security to the software system, security patterns are introduced that offer security at the architectural level. More over, agile software development methods are used to build secure systems. There are different methods defined in agile development as extreme programming (XP, scrum, feature driven development (FDD, test driven development (TDD, etc. Agile processing is includes the phases as agile analysis, agile design and agile testing. These phases are defined in layers of MDA to provide security at the modeling level which ensures that security at the system architecture stage will improve the requirements for that system. Agile modeled Layered Security Architectures increase the dependability of the architecture in terms of privacy requirements. We validate this with a case study of dependability of privacy of Web Services Security Architectures, which helps for secure service oriented security architecture. In this paper the major part is given to model architectural design rules using MDA so that architects and developers are responsible to automatic enforcement on the detailed design and easy to understand and use by both of them. This MDA approach is implemented in use of

  2. INDECT Advanced Security Requirements

    CERN Document Server

    Uruena, Manuel; Martinez, Maria; Niemiec, Marcin; Stoianov, Nikolai

    2010-01-01

    This paper reviews the requirements for the security mechanisms that are currently being developed in the framework of the European research project INDECT. An overview of features for integrated technologies such as Virtual Private Networks (VPNs), Cryptographic Algorithms, Quantum Cryptography, Federated ID Management and Secure Mobile Ad-hoc networking are described together with their expected use in INDECT.

  3. Reusable Security Requirements

    Science.gov (United States)

    2016-06-13

    2003 by Carnegie Mellon University page 1 Carnegie Mellon Software Engineering Institute Reusable Security Requirements RE’2003 RHAS’03 Workshop...PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) Carnegie Mellon University , Software Engineering Institute,Pittsburgh,PA,15213 8. PERFORMING...Carnegie Mellon University page 2 Carnegie Mellon Software Engineering Institute In a Nut Shell • Similar Assets, Attackers, and Threats • Security

  4. Software Security Requirements Gathering Instrument

    OpenAIRE

    2011-01-01

    Security breaches are largely caused by the vulnerable software. Since individuals and organizations mostly depend on softwares, it is important to produce in secured manner. The first step towards producing secured software is through gathering security requirements. This paper describes Software Security Requirements Gathering Instrument (SSRGI) that helps gather security requirements from the various stakeholders. This will guide the developers to gather security requirements along with th...

  5. Capturing security requirements for software systems

    Directory of Open Access Journals (Sweden)

    Hassan El-Hadary

    2014-07-01

    Full Text Available Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.

  6. Capturing security requirements for software systems.

    Science.gov (United States)

    El-Hadary, Hassan; El-Kassas, Sherif

    2014-07-01

    Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.

  7. Software Security Requirements Gathering Instrument

    Directory of Open Access Journals (Sweden)

    Smriti Jain

    2011-08-01

    Full Text Available Security breaches are largely caused by the vulnerable software. Since individuals and organizations mostly depend on softwares, it is important to produce in secured manner. The first step towards producing secured software is through gathering security requirements. This paper describes Software Security Requirements Gathering Instrument (SSRGI that helps gather security requirements from the various stakeholders. This will guide the developers to gather security requirements along with the functional requirements and further incorporate security during other phases of software development. We subsequently present case studies that describe the integration of the SSRGI instrument with Software Requirements Specification (SRS document as specified in standard IEEE 830-1998. Proposed SSRGI will support the software developers in gathering security requirements in detail during requirements gathering phase.

  8. Windows Security patch required

    CERN Multimedia

    2003-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables, ... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  9. Windows Security patch required

    CERN Multimedia

    2003-01-01

    This concerns Windows PCs which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables, ... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  10. Windows Security patch required

    CERN Multimedia

    3004-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables,... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  11. Windows Security patch required

    CERN Multimedia

    2003-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables,... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  12. Teaching Case: IS Security Requirements Identification from Conceptual Models in Systems Analysis and Design: The Fun & Fitness, Inc. Case

    Science.gov (United States)

    Spears, Janine L.; Parrish, James L., Jr.

    2013-01-01

    This teaching case introduces students to a relatively simple approach to identifying and documenting security requirements within conceptual models that are commonly taught in systems analysis and design courses. An introduction to information security is provided, followed by a classroom example of a fictitious company, "Fun &…

  13. Teaching Case: IS Security Requirements Identification from Conceptual Models in Systems Analysis and Design: The Fun & Fitness, Inc. Case

    Science.gov (United States)

    Spears, Janine L.; Parrish, James L., Jr.

    2013-01-01

    This teaching case introduces students to a relatively simple approach to identifying and documenting security requirements within conceptual models that are commonly taught in systems analysis and design courses. An introduction to information security is provided, followed by a classroom example of a fictitious company, "Fun &…

  14. Getting Grip on Security Requirements Elicitation by Structuring and Reusing Security Requirements Sources

    Directory of Open Access Journals (Sweden)

    Christian Schmitt

    2015-07-01

    Full Text Available This paper presents a model for structuring and reusing security requirements sources. The model serves as blueprint for the development of an organization-specific repository, which provides relevant security requirements sources, such as security information and knowledge sources and relevant compliance obligations, in a structured and reusable form. The resulting repository is intended to be used by development teams during the elicitation and analysis of security requirements with the goal to understand the security problem space, incorporate all relevant requirements sources, and to avoid unnecessary effort for identifying, understanding, and correlating applicable security requirements sources on a project-wise basis. We start with an overview and categorization of important security requirements sources, followed by the description of the generic model. To demonstrate the applicability and benefits of the model, the instantiation approach and details of the resulting repository of security requirements sources are presented.

  15. Teaching Security Requirements Engineering Using SQUARE

    Science.gov (United States)

    2011-02-01

    engineering as part of its curricu- lum. The Top SE program includes discussion of misuse cases, TROPOS [18], and goal-driven requirements engineering (KAOS...H. Mouratidis, and N. Zannone, “Modeling security and trust with Secure Tropos ,” in Integrating Security and Software Engineering: Advances and

  16. Security Requirements for Cryptographic Modules

    Science.gov (United States)

    1999-01-01

    module interfaces; roles, services, and authentication; finite state machine model ; physical security; operating system security; cryptographic key...15 4.4 Finite State Machine Model .......................................................................................................... 17...These areas include cryptographic module specification; module interfaces; roles, services, and authentication; finite state machine model ; physical

  17. GRID INFORMATION SECURITY FUNCTIONAL REQUIREMENT

    Directory of Open Access Journals (Sweden)

    Amy Poh Ai Ling

    2011-07-01

    Full Text Available This paper describes the background of smart information infrastructure and the needs for smart grid information security. It introduces the conceptual analysis to the methodology with the application ofhermeneutic circle and information security functional requirement identification. Information security for the grid market cover matters includes automation and communications industry that affects the operation of electric power systems and the functioning of the utilities that manage them and its awareness of this information infrastructure has become critical to the reliability of the power system. Community benefits from of cost savings, flexibility and deployment along with the establishment of wireless communications. However, concern revolves around the security protections for easily accessible devices such as the smart meter and the related communications hardware. On the other hand, the changing points between traditional versus smart grid networking trend and the information security importance on the communication field reflects the criticality of grid information security functional requirement identification. The goal of this paper is to identify the functional requirement and relate its significance addresses to the consumer requirement of an information security of a smart grid. Vulnerabilities may bring forth possibility for an attacker to penetrate a network, make headway admission to control software, alter it to load conditions that destabilize the grid in unpredictable ways. Focusing on the grid information security functional requirement is stepping ahead in developing consumer trust and satisfaction towardsmart grid completeness.

  18. Towards security requirements: Iconicity as a feature of an informal modeling language

    NARCIS (Netherlands)

    Vasenev, Alexandr; Ionita, Dan; Zoppi, Tomasso; Ceccarelli, Andrea; Wieringa, Roelf J.

    2017-01-01

    Self-adaptive systems need to be designed with respect to threats within their operating conditions. Identifying such threats during the design phase can benefit from the involvement of stakeholders. Using a system model, the stakeholders, who may neither be IT experts nor security experts, can iden

  19. Towards security requirements: Iconicity as a feature of an informal modeling language

    NARCIS (Netherlands)

    Vasenev, Alexandr; Ionita, Dan; Zoppi, Tomasso; Ceccarelli, Andrea; Wieringa, Roelf J.

    2017-01-01

    Self-adaptive systems need to be designed with respect to threats within their operating conditions. Identifying such threats during the design phase can benefit from the involvement of stakeholders. Using a system model, the stakeholders, who may neither be IT experts nor security experts, can

  20. Measuring Security of Web Services in Requirement Engineering Phase

    Directory of Open Access Journals (Sweden)

    Davoud Mougouei

    2015-05-01

    Full Text Available Addressing security in early stages of web service development has always been a major engineering trend. However, to assure security of web services it is required to perform security evaluation in a rigorous and tangible manner. The results of such an evaluation if performed in early stages of the development process can be used to improve the quality of the target web service. On the other hand, it is impossible to remove all of the security faults during the security analysis of web services. As a result, absolute security is never possible to achieve and a security failure may occur during the execution of web service. To avoid security failures, a measurable level of fault tolerance is required to be achieved through partial satisfaction of security goals. Thus any proposed measurement technique must care for this partiality. Even though there are some approaches toward assessing the security of web services but still there is no precise model for evaluation of security goal satisfaction specifically during the requirement engineering phase. This paper introduces a Security Measurement Model (SMM for evaluating the Degree of Security (DS in security requirements of web services by taking into consideration partial satisfaction of security goals. The proposed model evaluates overall security of the target service through measuring the security in Security Requirement Model (SRM of the service. The proposed SMM also takes into account cost, technical ability, impact and flexibility as the key features of security evaluation.

  1. Information Security Maturity Model

    OpenAIRE

    Information Security Maturity Model

    2011-01-01

    To ensure security, it is important to build-in security in both the planning and the design phases andadapt a security architecture which makes sure that regular and security related tasks, are deployedcorrectly. Security requirements must be linked to the business goals. We identified four domains thataffect security at an organization namely, organization governance, organizational culture, thearchitecture of the systems, and service management. In order to identify and explore the strengt...

  2. Security Requirements Reusability and the SQUARE Methodology

    Science.gov (United States)

    2010-09-01

    creation of SQUARE. Section 3 briefly describes the SQUARE metho - dology. Section 4 presents an argument for reuse in security requirements...be per- formed for each request. physical protection. Secure systems must be protected not only from electronic attack but also physical threats...this is often cost ver- sus benefit. Various other options are explored in SQUARE case studies, including triage, Win- Win, and mathematical models

  3. Model-Based Security Testing

    CERN Document Server

    Schieferdecker, Ina; Schneider, Martin; 10.4204/EPTCS.80.1

    2012-01-01

    Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST) is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing,...

  4. Security Measurement Based On GQM To Improve Application Security During Requirements Stage

    Directory of Open Access Journals (Sweden)

    Ala A. Abdulrazeg

    2015-05-01

    Full Text Available Developing secure web applications that can withstand malicious attacks requires a careful injection of security considerations into early stages of development lifecycle. Assessing security at the requirement analysis stage of the application development life cycle may help in mitigating security defects before they spread their wings into the latter stages of the development life cycle and into the final version of product. In this paper, we present a security metrics model based on the Goal Question Metric (GQM approach, focusing on the design of the misuse case model. Misuse case is a technique to identify threats and integrate security requirements during the requirement analysis stage. The security metrics model helps in discovering and evaluating the misuse case models by ensuring a defect-free model. Here, the security metrics are based on the OWASP top 10-2010, in addition to misuse case modeling antipattern.

  5. Security Architectures for Model Driven Web Requirements – Financial Application Case Study

    Directory of Open Access Journals (Sweden)

    A.V.Krishna Prasad

    2010-07-01

    Full Text Available MDA with executable UML offers an approach that embodies all the key ingredients of the process for developing dependable systems, by offering: A uniform strategy for preserving investment in existing models built using unsupported tools, by automatically migrating them to profiled UML models for subsequent maintenance and development using state of the art UML tools; A clean separation of application behavior from the platform specific implementation using technologies such as Integrated Modular Avionics (IMA, allowing the full potential of IMA to be realized in a consistent and dependable way; A semantically well defined formalism that can be used a basis for modular certification of safety related systems; The ability to generate not only the components of the target system, but components of development tool chain, providing scope for model translation and offering “executable specifications” that can be tested early and mapped reliably onto the target, leading to greater levels of dependency. MDA is a new approach for most organizations, and therefore carries additional training and learning curve costs and also currently the availability of production quality code generators is currently limited. MDA requires developers to work at a more abstract level than code although experience shows that most do not have any difficulty making the adjustment, there will be some who find this change of emphasis difficult to achieve. Building upon the initial success of MDA deployment so far, work is now proceeding on the enhancement of Ada code mapping rules to cover the entire xUML formalism. Work is also underway to develop a generic “adapter/router”component to provide a standard component to provide a standard way to interface re-engineered xUML components with pre-existing components. These techniques are now being applied to another avionics system in the same organization, in response to the customers need for a faster and cheaper upgrade

  6. Model-Based Security Testing

    Directory of Open Access Journals (Sweden)

    Ina Schieferdecker

    2012-02-01

    Full Text Available Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.

  7. Security Requirements and Security Solutions For Community Administrations

    OpenAIRE

    Koneva, Natalia

    2003-01-01

    The Internet is slowly becoming a mirror of the society. Everything we do in the real world, we want to do out on the Net: conduct private conversations, keep personal papers, sign letters and contracts, shop, publish documents etc. All these things require security, but we go ahead using the net without asking too many questions. Today security issues are not a fundamental starting point. This also means that the limits of security are the limits of the Internet. There are several reaso...

  8. Information technology - Security techniques - Information security management systems - Requirements

    CERN Document Server

    International Organization for Standardization. Geneva

    2005-01-01

    ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

  9. Motorola Secure Software Development Model

    Directory of Open Access Journals (Sweden)

    Francis Mahendran

    2008-08-01

    Full Text Available In today's world, the key to meeting the demand for improved security is to implement repeatable processes that reliably deliver measurably improved security. While many organizations have announced efforts to institutionalize a secure software development process, there is little or no industry acceptance for a common process improvement framework for secure software development. Motorola has taken the initiative to develop such a framework, and plans to share this with the Software Engineering Institute for possible inclusion into its Capability Maturity Model Integration (CMMI®. This paper will go into the details of how Motorola is addressing this issue. The model that is being developed is designed as an extension of the existing CMMI structure. The assumption is that the audience will have a basic understanding of the SEI CMM® / CMMI® process framework. The paper will not describe implementation details of a security process model or improvement framework, but will address WHAT security practices are required for a company with many organizations operating at different maturity levels. It is left to the implementing organization to answer the HOW, WHEN, WHO and WHERE aspects. The paper will discuss how the model is being implemented in the Motorola Software Group.

  10. Security Requirements – Analysis of the Issue

    Directory of Open Access Journals (Sweden)

    Jhon Vincent

    2013-12-01

    Full Text Available Needs about security are matters little taken into account when managing requirements engineering , and when considered in the life cycle of the system , they tend to become a general list of functions, as password of protection , firewalls , virus detection tools , and other similar. But in fact, they cannot be considered as requirements of security, because they are implementation mechanisms to try to meet unspecified requirements, as an authenticated access. As a result, the security requirements for the system are ignored, which are required to protect essential services and assets, besides, when are specified, is not considered the prospect of future attacks. This paper describes the need for a systematic approach to managing security requirements engineering, in order to help avoid the problem of generic lists and take into account the future perspective. Several related approaches are described and also are provided references additional material that can help requirements engineers to ensure that their products be taken into account, effectively , the security requirements.

  11. Experiences in Eliciting Security Requirements

    Science.gov (United States)

    2006-12-01

    FODA ) FODA is a domain analysis and engineer- ing method that focuses on developing reusable assets [9]. By examining related software systems and...systems in the form of a domain model, and a set of approaches for their implementation. The FODA method was founded on two modeling concepts...SSM QFD CORE IBIS JAD FODA CDA ARM Adaptability 3 1 3 2 2 3 2 1 2 CASE Tool 1 2 1 1 3 2 1 1 1 Stakeholder Acceptance 2 2 2 2 3 2 1 3 3 Easy

  12. Cloud computing security requirements: a systematic review

    NARCIS (Netherlands)

    Iankoulova, Iliana; Daneva, Maya; Rolland, C.; Castro, J.; Pastor, O.

    2012-01-01

    Many publications have dealt with various types of security requirements in cloud computing but not all types have been explored in sufficient depth. It is also hard to understand which types of requirements have been under-researched and which are most investigated. This paper's goal is to provide

  13. Argumentation-Based Security Requirements Elicitation: The Next Round

    NARCIS (Netherlands)

    Ionita, Dan; Bullee, Jan-Willem; Wieringa, Roelf J.

    2014-01-01

    Information Security Risk Assessment can be viewed as part of requirements engineering because it is used to translate security goals into security requirements, where security requirements are the desired system properties that mitigate threats to security goals. To improve the defensibility of

  14. Argumentation-based security requirements elicitation: the next round

    NARCIS (Netherlands)

    Ionita, Dan; Bullee, Jan-Willem; Wieringa, Roel

    2014-01-01

    Information Security Risk Assessment can be viewed as part of requirements engineering because it is used to translate security goals into security requirements, where security requirements are the desired system properties that mitigate threats to security goals. To improve the defensibility of the

  15. Application of Improved SQUARE Model in Software Security Requirements Elicitation%改进的 SQUARE 模型在软件安全需求获取中的应用

    Institute of Scientific and Technical Information of China (English)

    范洁; 许盛伟; 娄嘉鹏

    2013-01-01

    The eliciting of security requirement is a key factor to ensure software's security .To obtain the software's security requirement effectively , on the basis of the analysis of the Security Quality Re-quirements Engineering model , the steps of the SQUARE model was improved , and the classification standard about security requirements was defined , and the XML Schema definition of security require-ments document was presented .This thesis applied the Light -SQUARE model to university student Score Management System and elicited its security requirement , and stored the security requirement with XML format , realized cross-platform usability of the security requirement .%安全需求的获取是确保软件安全性的关键因素。为有效地获取软件的安全需求,在分析安全质量需求工程SQUARE模型的基础上,改进了该模型的执行步骤,制定了安全需求的分类标准,给出了安全需求文档的XML模式定义。应用改进的SQUARE模型对高校学生成绩管理系统进行安全需求获取,并将安全需求文档以XML格式进行存储,实现了安全需求的跨平台通用。

  16. A model of security monitoring

    Science.gov (United States)

    Bishop, Matt

    1990-01-01

    A model of security monitoring is presented that distinguishes between two types of logging and auditing. Implications for the design and use of security monitoring mechanisms are drawn from this model. The usefulness of the model is then demonstrated by analyzing several different monitoring mechanisms.

  17. Generating WS-SecurityPolicy documents via security model transformation

    DEFF Research Database (Denmark)

    Jensen, Meiko

    2009-01-01

    When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriate...... security model definition and transformation approach, targeting the WS-SecurityPolicy and WS-BPEL specifications, in order to enable a Web-Service-based secure business process development....

  18. Information risk and security modeling

    Science.gov (United States)

    Zivic, Predrag

    2005-03-01

    This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

  19. Security and Privacy in Video Surveillance: Requirements and Challenges

    DEFF Research Database (Denmark)

    Mahmood Rajpoot, Qasim; Jensen, Christian D.

    2014-01-01

    Use of video surveillance has substantially increased in the last few decades. Modern video surveillance systems are equipped with techniques that allow traversal of data in an effective and efficient manner, giving massive powers to operators and potentially compromising the privacy of anyone...... observed by the system. Several techniques to protect the privacy of individuals have therefore been proposed, but very little research work has focused on the specific security requirements of video surveillance data (in transit or in storage) and on authorizing access to this data. In this paper, we...... present a general model of video surveillance systems that will help identify the major security and privacy requirements for a video surveillance system and we use this model to identify practical challenges in ensuring the security of video surveillance data in all stages (in transit and at rest). Our...

  20. Pattern and security requirements engineering-based establishment of security standards

    CERN Document Server

    Beckers, Kristian

    2015-01-01

    Security threats are a significant problem for information technology companies today. This book focuses on how to mitigate these threats by using security standards and provides ways to address associated problems faced by engineers caused by ambiguities in the standards. The security standards are analysed, fundamental concepts of the security standards presented, and the relations to the elementary concepts of security requirements engineering (SRE) methods explored. Using this knowledge, engineers can build customised methods that support the establishment of security standards. Standard

  1. Requirements of a Better Secure Program Coding

    Directory of Open Access Journals (Sweden)

    Marius POPA

    2012-01-01

    Full Text Available Secure program coding refers to how manage the risks determined by the security breaches because of the program source code. The papers reviews the best practices must be doing during the software development life cycle for secure software assurance, the methods and techniques used for a secure coding assurance, the most known and common vulnerabilities determined by a bad coding process and how the security risks are managed and mitigated. As a tool of the better secure program coding, the code review process is presented, together with objective measures for code review assurance and estimation of the effort for the code improvement.

  2. Campus network security model study

    Science.gov (United States)

    Zhang, Yong-ku; Song, Li-ren

    2011-12-01

    Campus network security is growing importance, Design a very effective defense hacker attacks, viruses, data theft, and internal defense system, is the focus of the study in this paper. This paper compared the firewall; IDS based on the integrated, then design of a campus network security model, and detail the specific implementation principle.

  3. Validating Cyber Security Requirements: A Case Study

    Energy Technology Data Exchange (ETDEWEB)

    Abercrombie, Robert K [ORNL; Sheldon, Frederick T [ORNL; Mili, Ali [New Jersey Insitute of Technology

    2011-01-01

    Vulnerabilities in a system may have widely varying impacts on system security. In practice, security should not be defined as the absence of vulnerabilities. In practice, security should not be quantified by the number of vulnerabilities. Security should be managed by pursuing a policy that leads us first to the highest impact vulnerabilities. In light of these observations, we argue in favor of shifting our focus from vulnerability avoidance/removal to measurable security attributes. To this effect, we recommend a logic be used for system security, which captures/represents security properties in quantifiable, verifiable, measurable terms so that it is possible to reason about security in terms of its observable/perceptible effects rather than its hypothesized causes. This approach is orthogonal to existing techniques for vulnerability avoidance, removal, detection, and recovery, in the sense that it provides a means to assess, quantify, and combine these techniques.

  4. Threat modeling designing for security

    CERN Document Server

    Shostack, Adam

    2014-01-01

    Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies. Systems secur

  5. Generating WS-SecurityPolicy documents via security model transformation

    DEFF Research Database (Denmark)

    Jensen, Meiko

    2009-01-01

    When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriat...... security model definition and transformation approach, targeting the WS-SecurityPolicy and WS-BPEL specifications, in order to enable a Web-Service-based secure business process development.......When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriate...

  6. Process Models for Security Architectures

    Directory of Open Access Journals (Sweden)

    Floarea NASTASE

    2006-01-01

    Full Text Available This paper presents a model for an integrated security system, which can be implemented in any organization. It is based on security-specific standards and taxonomies as ISO 7498-2 and Common Criteria. The functionalities are derived from the classes proposed in the Common Criteria document. In the paper we present the process model for each functionality and also we focus on the specific components.

  7. Future consumer mobile phone security: A case study using the data-centric security model

    NARCIS (Netherlands)

    Cleeff, van A.

    2008-01-01

    Consumer mobile phone security requires more attention, now that their data storage capacity is increasing. At the same time, much effort is spent on data-centric security for large enterprises. In this article we try to apply data-centric security to consumer mobile phones. We show a maturity model

  8. Future consumer mobile phone security: A case study using the data-centric security model

    NARCIS (Netherlands)

    van Cleeff, A.

    Consumer mobile phone security requires more attention, now that their data storage capacity is increasing. At the same time, much effort is spent on data-centric security for large enterprises. In this article we try to apply data-centric security to consumer mobile phones. We show a maturity model

  9. Future consumer mobile phone security: A case study using the data-centric security model

    NARCIS (Netherlands)

    van Cleeff, A.

    2008-01-01

    Consumer mobile phone security requires more attention, now that their data storage capacity is increasing. At the same time, much effort is spent on data-centric security for large enterprises. In this article we try to apply data-centric security to consumer mobile phones. We show a maturity model

  10. Validity of information security policy models

    Directory of Open Access Journals (Sweden)

    Joshua Onome Imoniana

    Full Text Available Validity is concerned with establishing evidence for the use of a method to be used with a particular set of population. Thus, when we address the issue of application of security policy models, we are concerned with the implementation of a certain policy, taking into consideration the standards required, through attribution of scores to every item in the research instrument. En today's globalized economic scenarios, the implementation of information security policy, in an information technology environment, is a condition sine qua non for the strategic management process of any organization. Regarding this topic, various studies present evidences that, the responsibility for maintaining a policy rests primarily with the Chief Security Officer. The Chief Security Officer, in doing so, strives to enhance the updating of technologies, in order to meet all-inclusive business continuity planning policies. Therefore, for such policy to be effective, it has to be entirely embraced by the Chief Executive Officer. This study was developed with the purpose of validating specific theoretical models, whose designs were based on literature review, by sampling 10 of the Automobile Industries located in the ABC region of Metropolitan São Paulo City. This sampling was based on the representativeness of such industries, particularly with regards to each one's implementation of information technology in the region. The current study concludes, presenting evidence of the discriminating validity of four key dimensions of the security policy, being such: the Physical Security, the Logical Access Security, the Administrative Security, and the Legal & Environmental Security. On analyzing the Alpha of Crombach structure of these security items, results not only attest that the capacity of those industries to implement security policies is indisputable, but also, the items involved, homogeneously correlate to each other.

  11. 77 FR 63849 - Facility Security Officer Training Requirements; Correction

    Science.gov (United States)

    2012-10-17

    ... SECURITY Coast Guard Facility Security Officer Training Requirements; Correction AGENCY: Coast Guard, DHS...), announcing a public meeting to receive comments on the development of a Facility Security Officer training program. The notice contains an inaccurate Internet link to RSVP for the public meeting. DATES: The...

  12. 7 CFR 764.104 - General real estate security requirements.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 7 2010-01-01 2010-01-01 false General real estate security requirements. 764.104....104 General real estate security requirements. (a) Agency lien position requirements. If real estate... Agency; and (4) Equity in the collateral exists. (b) Real estate held under a purchase contract. If the...

  13. Keystone Business Models for Network Security Processors

    Directory of Open Access Journals (Sweden)

    Arthur Low

    2013-07-01

    Full Text Available Network security processors are critical components of high-performance systems built for cybersecurity. Development of a network security processor requires multi-domain experience in semiconductors and complex software security applications, and multiple iterations of both software and hardware implementations. Limited by the business models in use today, such an arduous task can be undertaken only by large incumbent companies and government organizations. Neither the “fabless semiconductor” models nor the silicon intellectual-property licensing (“IP-licensing” models allow small technology companies to successfully compete. This article describes an alternative approach that produces an ongoing stream of novel network security processors for niche markets through continuous innovation by both large and small companies. This approach, referred to here as the "business ecosystem model for network security processors", includes a flexible and reconfigurable technology platform, a “keystone” business model for the company that maintains the platform architecture, and an extended ecosystem of companies that both contribute and share in the value created by innovation. New opportunities for business model innovation by participating companies are made possible by the ecosystem model. This ecosystem model builds on: i the lessons learned from the experience of the first author as a senior integrated circuit architect for providers of public-key cryptography solutions and as the owner of a semiconductor startup, and ii the latest scholarly research on technology entrepreneurship, business models, platforms, and business ecosystems. This article will be of interest to all technology entrepreneurs, but it will be of particular interest to owners of small companies that provide security solutions and to specialized security professionals seeking to launch their own companies.

  14. Analysis Models for Security Protocols

    NARCIS (Netherlands)

    Corin, R.J.; Corin, Ricardo Javier

    2006-01-01

    In this thesis, we present five significant, orthogonal extensions to the Dolev Yao model. Each extension considers a more realistic setting, closer to the real world, thus providing a stronger security guarantee. We provide examples both from the literature and from industrial case studies to show

  15. Los Alamos Center for Computer Security formal computer security model

    Energy Technology Data Exchange (ETDEWEB)

    Dreicer, J.S.; Hunteman, W.J.; Markin, J.T.

    1989-01-01

    This paper provides a brief presentation of the formal computer security model currently being developed at the Los Alamos Department of Energy (DOE) Center for Computer Security (CCS). The need to test and verify DOE computer security policy implementation first motivated this effort. The actual analytical model was a result of the integration of current research in computer security and previous modeling and research experiences. The model is being developed to define a generic view of the computer and network security domains, to provide a theoretical basis for the design of a security model, and to address the limitations of present formal mathematical models for computer security. The fundamental objective of computer security is to prevent the unauthorized and unaccountable access to a system. The inherent vulnerabilities of computer systems result in various threats from unauthorized access. The foundation of the Los Alamos DOE CCS model is a series of functionally dependent probability equations, relations, and expressions. The model is undergoing continued discrimination and evolution. We expect to apply the model to the discipline of the Bell and LaPadula abstract sets of objects and subjects. 6 refs.

  16. A model based security testing method for protocol implementation.

    Science.gov (United States)

    Fu, Yu Long; Xin, Xiao Long

    2014-01-01

    The security of protocol implementation is important and hard to be verified. Since the penetration testing is usually based on the experience of the security tester and the specific protocol specifications, a formal and automatic verification method is always required. In this paper, we propose an extended model of IOLTS to describe the legal roles and intruders of security protocol implementations, and then combine them together to generate the suitable test cases to verify the security of protocol implementation.

  17. A Model Based Security Testing Method for Protocol Implementation

    Directory of Open Access Journals (Sweden)

    Yu Long Fu

    2014-01-01

    Full Text Available The security of protocol implementation is important and hard to be verified. Since the penetration testing is usually based on the experience of the security tester and the specific protocol specifications, a formal and automatic verification method is always required. In this paper, we propose an extended model of IOLTS to describe the legal roles and intruders of security protocol implementations, and then combine them together to generate the suitable test cases to verify the security of protocol implementation.

  18. 信息系统安全需求分析方法研究%Approaches for Security Requirements Analysis of Information Systems

    Institute of Scientific and Technical Information of China (English)

    曹阳; 张维明

    2003-01-01

    Security requirements analysis is a precondition to provide effective and appropriate safeguard for information systems. Based on the existing theories and approaches, this paper discusses the categories and analysis procedure of security requirements in information systems. And according to the basic steps of security requirements analysis, the security hazard analysis model and the security risk analysis model are presented here. At the end, the methods of security requirements specification and the corresponding improvements are also introduced.

  19. Secure State UML: Modeling and Testing Security Concerns of Software Systems Using UML State Machines

    Directory of Open Access Journals (Sweden)

    S. Batool

    2014-05-01

    Full Text Available In this research we present a technique by using which, extended UML models can be converted to standard UML models so that existing MBT techniques can be applied directly on these models. Existing Model Based Testing (MBT Techniques cannot be directly applied to extended UML models due to the difference of modeling notation and new model elements. Verification of these models is also very important. Realizing and testing non functional requirements such as efficiency, portability and security, at model level strengthens the ability of model to turn down risk, cost and probability of system failure in cost effective way. Access control is most widely used technique for implementing security in software systems. Existing approaches for security modeling focus on representation of access control policies such as authentication, role based access control by introducing security oriented model elements through extension in Unified Modelling Language (UML. But doing so hinders the potential and application of MBT techniques to verify these models and test access control policies. In this research we introduce a technique secure State UML to formally design security models with secure UML and then transform it to UML state machine diagrams so that it can be tested, verified by existing MBT techniques. By applying proposed technique on case studies, we found the results that MBT techniques can be applied on resulting state machine diagrams and generated test paths have potential to identify the risks associated with security constraints violation.

  20. SECURED CLOUD SUPPORT FOR GLOBAL SOFTWARE REQUIREMENT RISK MANAGEMENT

    OpenAIRE

    Shruti Patil; Roshani Ade

    2014-01-01

    This paper presents core problem solution to security of Global Software Development Requirement Information. Currently the major issue deals with hacking of sensitive client information which may lead to major financial as well as social loss. To avoid this system provides cloud security by encryption of data as well as deployment of tool over the cloud will provide significant security to whole global content management system. The core findings are presented in terms of how hac...

  1. Analyzing and Specifying Reusable Security Requirements

    Science.gov (United States)

    2003-09-01

    sections specifying functional requirements. Thus, the functional requirements for an embedded avionics application and an ecommerce website may have...avionics applications and ecommerce applications need to specify levels of identification, authentication, authorization, integrity, privacy, etc. At...consider the following template for specifying integrity requirements: • “The [application / component / data center / business unit] shall protect the

  2. Secure and Resilient Software Requirements, Test Cases, and Testing Methods

    CERN Document Server

    Merkow, Mark S

    2011-01-01

    Secure and Resilient Software: Requirements, Test Cases, and Testing Methods provides a comprehensive set of requirements for secure and resilient software development and operation. It supplies documented test cases for those requirements as well as best practices for testing nonfunctional requirements for improved information assurance. This resource-rich book includes: Pre-developed nonfunctional requirements that can be reused for any software development project Documented test cases that go along with the requirements and can be used to develop a Test Plan for the software Testing method

  3. Decomposition of the Security Requirements for Connected Information Domains

    NARCIS (Netherlands)

    Schotanus, H.A.; Boonstra, D.; Broenink, E.G.

    2011-01-01

    The introduction of network enabled capabilities (NEC) changed the way defence organisations look at their IT infrastructure. Finding the right balance between security and duty-to-share has proven to be a difficult challenge. The situations are complex and may lead to high security requirements t

  4. Decomposition of the Security Requirements for Connected Information Domains

    NARCIS (Netherlands)

    Schotanus, H.A.; Boonstra, D.; Broenink, E.G.

    2011-01-01

    The introduction of network enabled capabilities (NEC) changed the way defence organisations look at their IT infrastructure. Finding the right balance between security and duty-to-share has proven to be a difficult challenge. The situations are complex and may lead to high security requirements t

  5. Norms, standards, models and recommendations for information security management

    Directory of Open Access Journals (Sweden)

    Karol Kreft

    2010-12-01

    Full Text Available Information is the factor which can decide about the potential and market value of a company. An increase in the value of intellectual capital of an information-driven company requires development of an effective security management system. More and more often companies develop information security management systems (ISMS based on already verified models. In the article, the main problems with management of information security were discussed. Security models were described, as well as the risk analysis in information security management.

  6. A Novel Model for Security Evaluation for Compliance

    DEFF Research Database (Denmark)

    Hald, Sara Ligaard; Pedersen, Jens Myrup; Prasad, Neeli R.

    2011-01-01

    for Compliance (SEC) model offers a lightweight alternative for use by decision makers to get a quick overview of the security attributes of different technologies for easy comparison and requirement compliance evaluation. The scientific contribution is this new approach to security modelling as well......With the increasing focus on security in information systems, it is becoming necessary to be able to describe and compare security attributes for different technologies. Existing are well-described and comprehensive, but expensive and resource demanding to apply. The Security Evaluation...

  7. A Novel Model for Security Evaluation for Compliance

    DEFF Research Database (Denmark)

    Hald, Sara Ligaard; Pedersen, Jens Myrup; Prasad, Neeli R.

    2011-01-01

    With the increasing focus on security in information systems, it is becoming necessary to be able to describe and compare security attributes for different technologies. Existing are well-described and comprehensive, but expensive and resource demanding to apply. The Security Evaluation...... for Compliance (SEC) model offers a lightweight alternative for use by decision makers to get a quick overview of the security attributes of different technologies for easy comparison and requirement compliance evaluation. The scientific contribution is this new approach to security modelling as well...

  8. Requirements for multimedia metadata schemes in surveillance applications for security

    NARCIS (Netherlands)

    Rest, J.; Grootjen, F.A.; Grootjen, M.; Wijn, R.; Aarts, O.; Roelofs, M.L.; Burghouts, G.J.; Bouma, H.; Alic, L.; Kraaij, W.

    2014-01-01

    Surveillance for security requires communication between systems and humans, involves behavioural and multimedia research, and demands an objective benchmarking for the performance of system components. Metadata representation schemes are extremely important to facilitate (system) interoperability a

  9. Information security requirements in patient-centred healthcare support systems.

    Science.gov (United States)

    Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

    2013-01-01

    Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

  10. Security Theorems via Model Theory

    Directory of Open Access Journals (Sweden)

    Joshua Guttman

    2009-11-01

    Full Text Available A model-theoretic approach can establish security theorems for cryptographic protocols. Formulas expressing authentication and non-disclosure properties of protocols have a special form. They are quantified implications for all xs . (phi implies for some ys . psi. Models (interpretations for these formulas are *skeletons*, partially ordered structures consisting of a number of local protocol behaviors. *Realized* skeletons contain enough local sessions to explain all the behavior, when combined with some possible adversary behaviors. We show two results. (1 If phi is the antecedent of a security goal, then there is a skeleton A_phi such that, for every skeleton B, phi is satisfied in B iff there is a homomorphism from A_phi to B. (2 A protocol enforces for all xs . (phi implies for some ys . psi iff every realized homomorphic image of A_phi satisfies psi. Hence, to verify a security goal, one can use the Cryptographic Protocol Shapes Analyzer CPSA (TACAS, 2007 to identify minimal realized skeletons, or "shapes," that are homomorphic images of A_phi. If psi holds in each of these shapes, then the goal holds.

  11. A Novel Trusted Computing Model for Network Security Authentication

    Directory of Open Access Journals (Sweden)

    Ling Xing

    2014-02-01

    Full Text Available Network information poses great threats from malicious attacks due to the openness and virtuality of network structure. Traditional methods to ensure infor- mation security may fail when both integrity and source authentication for information are required. Based on the security of data broadcast channel, a novel Trusted Com- puting Model (TCM of network security authentication is proposed to enhance the security of network information. In this model, a method of Uniform content locator security Digital Certificate (UDC, which is capable of fully and uniquely index network information, is developed. Standard of MPEG-2 Transport Streams (TS is adopted to pack UDC data. Additionally, a UDC hashing algorithm (UHA512 is designed to compute the integrity and security of data infor- mation . Experimental results show that the proposed model is feasible and effective to network security authentication. 

  12. A Policy Model for Secure Information Flow

    Science.gov (United States)

    Adetoye, Adedayo O.; Badii, Atta

    When a computer program requires legitimate access to confidential data, the question arises whether such a program may illegally reveal sensitive information. This paper proposes a policy model to specify what information flow is permitted in a computational system. The security definition, which is based on a general notion of information lattices, allows various representations of information to be used in the enforcement of secure information flow in deterministic or nondeterministic systems. A flexible semantics-based analysis technique is presented, which uses the input-output relational model induced by an attacker’s observational power, to compute the information released by the computational system. An illustrative attacker model demonstrates the use of the technique to develop a termination-sensitive analysis. The technique allows the development of various information flow analyses, parametrised by the attacker’s observational power, which can be used to enforce what declassification policies.

  13. Network model of security system

    Directory of Open Access Journals (Sweden)

    Adamczyk Piotr

    2016-01-01

    Full Text Available The article presents the concept of building a network security model and its application in the process of risk analysis. It indicates the possibility of a new definition of the role of the network models in the safety analysis. Special attention was paid to the development of the use of an algorithm describing the process of identifying the assets, vulnerability and threats in a given context. The aim of the article is to present how this algorithm reduced the complexity of the problem by eliminating from the base model these components that have no links with others component and as a result and it was possible to build a real network model corresponding to reality.

  14. Security Quality Requirements Engineering (SQUARE) Methodology

    Science.gov (United States)

    2005-11-01

    Oriented Do- main Analysis ( FODA ) [Kang 90], Critical Discourse Analysis (CDA) [Schiffrin 94], and the Accelerated Requirements Method (ARM) [Hubbard...99]. Table 12: Comparison of Elicitation Techniques Misuse Cases SSM QFD CORE IBIS JAD FODA CDA ARM Adaptability 3 1 3 2 2 3 2 1 2 CASE Tool 1...Feature- Oriented Domain Analysis ( FODA ) Feasibility Study (CMU/SEI- 90-TR-021, ADA235785). Pittsburgh, PA: Software Engineering Institute, Carnegie

  15. Meeting EHR security requirements: SeAAS approach.

    Science.gov (United States)

    Katt, Basel; Trojer, Thomas; Breu, Ruth; Schabetsberger, Thomas; Wozak, Florian

    2010-01-01

    In the last few years, Electronic Health Record (EHR) systems have received a great attention in the literature, as well as in the industry. They are expected to lead to health care savings, increase health care quality and reduce medical errors. This interest has been accompanied by the development of different standards and frameworks to meet EHR challenges. One of the most important initiatives that was developed to solve problems of EHR is IHE (Integrating the Healthcare Enterprise), which adapts the distributed approach to store and manage healthcare data. IHE aims at standardizing the way healthcare systems exchange information in distributed environments. For this purpose it defines several so called Integration Profiles that specify the interactions and the interfaces (Transactions) between various healthcare systems (Actors) or entities. Security was considered also in few profiles that tackled the main security requirements, mainly authentication and audit trails. The security profiles of IHE currently suffer two drawbacks. First, they apply end point security methodology, which has been proven recently to be insufficient and cumbersome in distributed and heterogeneous environment. Second, the current security profiles for more complex security requirements are oversimplified, vague and do not consider architectural design. This recently changed to some extend e.g., with the introduction of newly published white papers regarding privacy [5] and access control [9]. In order to solve the first problem we utilize results of previous studies conducted in the area of security-aware IHE-based systems and the state-of-the-art Security-as-a-Service approach as a convenient methodology to group domain-wide security needs and overcome the end point security shortcomings.

  16. Formal Analysis of Graphical Security Models

    DEFF Research Database (Denmark)

    Aslanyan, Zaruhi

    The increasing usage of computer-based systems in almost every aspects of our daily life makes more and more dangerous the threat posed by potential attackers, and more and more rewarding a successful attack. Moreover, the complexity of these systems is also increasing, including physical devices......, software components and human actors interacting with each other to form so-called socio-technical systems. The importance of socio-technical systems to modern societies requires verifying their security properties formally, while their inherent complexity makes manual analyses impracticable. Graphical...... models for security offer an unrivalled opportunity to describe socio-technical systems, for they allow to represent different aspects like human behaviour, computation and physical phenomena in an abstract yet uniform manner. Moreover, these models can be assigned a formal semantics, thereby allowing...

  17. 48 CFR 1337.110-70 - Personnel security processing requirements.

    Science.gov (United States)

    2010-10-01

    ... where foreign national access to any DOC facility or DOC IT system is required. The language of the... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Personnel security processing requirements. 1337.110-70 Section 1337.110-70 Federal Acquisition Regulations System DEPARTMENT...

  18. Grid Information Security Functional Requirement - Fulfilling Information Security of a Smart Grid System

    CERN Document Server

    Ling, Amy Poh Ai; 10.5121/ijgca.2011.2201

    2011-01-01

    This paper describes the background of smart information infrastructure and the needs for smart grid information security. It introduces the conceptual analysis to the methodology with the application of hermeneutic circle and information security functional requirement identification. Information security for the grid market cover matters includes automation and communications industry that affects the operation of electric power systems and the functioning of the utilities that manage them and its awareness of this information infrastructure has become critical to the reliability of the power system. Community benefits from of cost savings, flexibility and deployment along with the establishment of wireless communications. However, concern revolves around the security protections for easily accessible devices such as the smart meter and the related communications hardware. On the other hand, the changing points between traditional versus smart grid networking trend and the information security importance on...

  19. Security Communication Model of Wireless Trade System

    Institute of Scientific and Technical Information of China (English)

    ZHANG Wen-kai; ZHANG Si-yu

    2005-01-01

    This paper proposes a C/S system model for K Java and PDA named Net-Wireless. It is a discussion and proposal on information security and solutions for K-Java handsets and PDAs in wireless network. It also explains the scheme which between client security module and server security module. Also, We have developed a Security Server and a K-Java encryption module for e-commerce system and other trade systems.

  20. Security Management Model in Cloud Computing Environment

    OpenAIRE

    2016-01-01

    In the cloud computing environment, cloud virtual machine (VM) will be more and more the number of virtual machine security and management faced giant Challenge. In order to address security issues cloud computing virtualization environment, this paper presents a virtual machine based on efficient and dynamic deployment VM security management model state migration and scheduling, study of which virtual machine security architecture, based on AHP (Analytic Hierarchy Process) virtual machine de...

  1. CRISP. Information Security Models and Their Economics

    Energy Technology Data Exchange (ETDEWEB)

    Gustavsson, R.; Mellstrand, P.; Tornqvist, B. [Blekinge Institute of Technology BTH, Karlskrona (Sweden)

    2005-03-15

    The deliverable D1.6 includes background material and specifications of a CRISP Framework on protection of information assets related to power net management and management of business operations related to energy services. During the project it was discovered by the CRISP consortium that the original description of WP 1.6 was not adequate for the project as such. The main insight was that the original emphasis on cost-benefit analysis of security protection measures was to early to address in the project. This issue is of course crucial in itself but requires new models of consequence analysis that still remains to be developed, especially for the new business models we are investigated in the CRISP project. The updated and approved version of the WP1.6 description, together with the also updated WP2.4 focus on Dependable ICT support of Power Grid Operations constitutes an integrated approach towards dependable and secure future utilities and their business processes. This document (D1.6) is a background to deliverable D2.4. Together they provide a dependability and security framework to the three CRISP experiments in WP3.

  2. 48 CFR 52.204-2 - Security Requirements.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 2 2010-10-01 2010-10-01 false Security Requirements. 52.204-2 Section 52.204-2 Federal Acquisition Regulations System FEDERAL ACQUISITION REGULATION... Contractor agrees to insert terms that conform substantially to the language of this clause, including...

  3. Demanding Requirement of Security for Wireless Mobile Devices: A Survey

    Directory of Open Access Journals (Sweden)

    K. Muthumanickam

    2014-12-01

    Full Text Available Today, the technology advancement in telecommunication facilitates users to bear portable devices with convenient and timely accessing to their personal and business data on the fly. In this regard, mobile and ubiquitous devices become part of the user’s personal or business growing. Recently, the usage of portable devices has drastically amplified due to wireless data technologies such as GPRS, GSM, Bluetooth, WI-Fi and WiMAX. As the use of wireless portable devices increases, the risks associated with them also increases. Specifically Android Smart-phone which can access the Internet may now signify an ultimate option for malware authors. As the core open communication mediocre, the Airwave, is susceptible, there has been a rise of a security technique suggested by researchers. When comparing to security measures proposed to protect wireless devices, protecting mobile vulnerabilities is still immature. So in this study, we present an organized and widespread overview of the research on the security elucidation for wireless portable devices. This survey study discusses the security risks imposed by vulnerabilities, threats and security measures in the recent past, mainly spotlighting on complex attacks to user applications. We classify existing countermeasures at guarding wireless mobile devices facing different kinds of attacks into various groups; depend on the revealing technique, collected information and operating systems. In the next phase we will design and implement new security model to protect mobile phone resources against unknown vulnerabilities.

  4. The One Laptop per Child Security Model

    OpenAIRE

    Kristic, Ivan; Garfinkel, Simson L.

    2007-01-01

    Symposium on Usable Security and Privacy, Pittsburgh, PA, July 2007. ACM Press. Refereed Conference Paper We present an integrated security model for a low-cost laptop that will be widely deployed throughout the developing world. Implemented on top of Linux operating system, the model is designed to restrict the laptop's software without restricting the laptop's user.

  5. Testing agile requirements models

    Institute of Scientific and Technical Information of China (English)

    BOTASCHANJAN Jewgenij; PISTER Markus; RUMPE Bernhard

    2004-01-01

    This paper discusses a model-based approach to validate software requirements in agile development processes by simulation and in particular automated testing. The use of models as central development artifact needs to be added to the portfolio of software engineering techniques, to further increase efficiency and flexibility of the development beginning already early in the requirements definition phase. Testing requirements are some of the most important techniques to give feedback and to increase the quality of the result. Therefore testing of artifacts should be introduced as early as possible, even in the requirements definition phase.

  6. Mobile health requires mobile security: challenges, solutions, and standardization.

    Science.gov (United States)

    Pharow, Peter; Blobel, Bernd

    2008-01-01

    Extended communication and advanced cooperation in a permanently growing healthcare and welfare domain require a well-defined set of security services provided by an interoperable security infrastructure based on international and European standards. Any communication and collaboration procedure requires a purpose. But such legal purpose-binding is definitely not the only aspect to carefully be observed and investigated. More and more, aspects of security, safety, privacy, ethics, and quality reach importance while discussing about future-proof health information systems and health networks - regardless whether local, regional or even pan-European networks. During the course of the current paradigm change from an organization-centered to a process-related and to a person-centered health system, different new technologies including mobile solutions need to be applied in order to meet challenges arising from both legal and technical circumstances. Beside the typical Information and Communication Technology systems and applications, the extended use of modern technologies includes large medical devices like, e.g., MRI and CT but also small devices like sensors worn by a person or included in clothing. Security and safety are on top of the priority list. The paper addresses the identification of some specific aspects like mobile technology and safety when moving both IT and people towards mobile health aiming at increasing citizens and patients awareness, confidence, and acceptance in future mobile care - a world often still beyond the horizon.

  7. A data-driven model for estimating industry average numbers of hospital security staff.

    Science.gov (United States)

    Vellani, Karim H; Emery, Robert J; Reingle Gonzalez, Jennifer M

    2015-01-01

    In this article the authors report the results of an expanded survey, financed by the International Healthcare Security and Safety Foundation (IHSSF), applied to the development of a model for determining the number of security officers required by a hospital.

  8. Computational Intelligence, Cyber Security and Computational Models

    CERN Document Server

    Anitha, R; Lekshmi, R; Kumar, M; Bonato, Anthony; Graña, Manuel

    2014-01-01

    This book contains cutting-edge research material presented by researchers, engineers, developers, and practitioners from academia and industry at the International Conference on Computational Intelligence, Cyber Security and Computational Models (ICC3) organized by PSG College of Technology, Coimbatore, India during December 19–21, 2013. The materials in the book include theory and applications for design, analysis, and modeling of computational intelligence and security. The book will be useful material for students, researchers, professionals, and academicians. It will help in understanding current research trends and findings and future scope of research in computational intelligence, cyber security, and computational models.

  9. Self Managed Security Cell, a security model for the Internet of Things and Services

    CERN Document Server

    de Leusse, Pierre; Dimitrakos, Theo; Nair, Srijith K; 10.1109/AFIN.2009.15

    2012-01-01

    The Internet of Things and Services is a rapidly growing concept that illustrates that the ever increasing amount of physical items of our daily life which become addressable through a network could be made more easily manageable and usable through the use of Services. This surge of exposed resources along with the level of privacy and value of the information they hold, together with the increase of their usage make for an augmentation in the number of the security threats and violation attempts that existing security systems do not appear robust enough to address. In this paper, the authors underline this increase in risk and identify the requirements for resources to be more resilient in this type of environment while keeping an important level of flexibility. In addition, the authors propose an architectural model of Self Managed Security Cell, which leverages on current knowledge in large scale security systems, information management and autonomous systems.

  10. A reference model for database security proxy

    Institute of Scientific and Technical Information of China (English)

    2002-01-01

    How to protect the database, the kernel resources of information warfare, is becoming more and more important since the rapid development of computer and communication technology. As an application-level firewall, database security proxy can successfully repulse attacks originated from outside the network, reduce to zerolevel damage from foreign DBMS products. We enhanced the capability of the COAST's firewall reference model by adding a transmission unit modification function and an attribute value mapping function, describes the schematic and semantic layer reference model, and finally forms a reference model for DBMS security proxy which greatly helps in the design and implementation of database security proxies. This modeling process can clearly separate the system functionality into three layers, define the possible security functions for each layer, and estimate the computational cost for each layer.

  11. A reference model for database security proxy

    Institute of Scientific and Technical Information of China (English)

    蔡亮; 杨小虎; 董金祥

    2002-01-01

    How to protect the database, the kernel resources of information warfare, is becoming more and more important since the rapid development of computer and communication technology. As an application-level firewall, database security proxy can successfully repulse attacks originated from outside the network, reduce to zerolevel damage from foreign DBMS products. We enhanced the capability of the COAST' s firewall reference model by adding a transmission unit modification function and an attribute value mapping function,describes the schematic and semantic layer reference model, and finally forms a reference model for DBMS security proxy which greatly helps in the design and implementation of database security proxies. This modeling process can clearly separate the system functionality into three layers, define the possible security functions for each layer, and estimate the computational cost for each layer.

  12. Moving from Requirements to Design Confronting Security Issues: A Case Study

    Science.gov (United States)

    Halkidis, Spyros T.; Chatzigeorgiou, Alexander; Stephanides, George

    Since the emergence of software security as a research area, it has been evident that security should be incorporated as early as possible in the software lifecycle. The advantage is that large gains can be achieved in terms of cost and effort compared to the introduction of security as an afterthought. The earliest possible phase to consider possible attacks is during requirements specification. A widely accepted approach to consider security in the requirements is the employment of misuse cases. In this paper we examine a case study to automatically generate a class diagram, based on the use and misuse cases present in the requirements. Particularly, we extend a natural language processing approach to move beyond a general domain model and produce a detailed class diagram. Moreover, security patterns are introduced in appropriate places of the design to confront the documented attacks and protect the threatened resources. Additionally, we perform an experimental study to investigate the tradeoff between the additional effort to mitigate the attacks and the security risk of the resulting system. Finally, the optimization problem of finding the smallest system regarding additional effort given a maximum acceptable risk is established and an appropriate algorithm to solve it is proposed.

  13. New Models for Protocol Security

    Science.gov (United States)

    2015-06-18

    protocols and primitives (e.g., Schnorrs identification scheme, commitment schemes secure against selective openings, Chaum Blind Signatures , etc...Theory 156: 246-268 (2015) 5 3. Samantha Leung, Edward Lui, Rafael Pass: Voting with Coarse Beliefs. ITCS 2015: 61 4. Jing Chen, Silvio Micali, Rafael...Schneider: Multi-Verifier Signatures . J. Cryptology 25(2): 310-348 (2012) 7 37. Rafael Pass, Muthuramakrishnan Venkitasubramaniam: A Parallel Repetition

  14. Intelligent Model for Video Survillance Security System

    Directory of Open Access Journals (Sweden)

    J. Vidhya

    2013-12-01

    Full Text Available Video surveillance system senses and trails out all the threatening issues in the real time environment. It prevents from security threats with the help of visual devices which gather the information related to videos like CCTV’S and IP (Internet Protocol cameras. Video surveillance system has become a key for addressing problems in the public security. They are mostly deployed on the IP based network. So, all the possible security threats exist in the IP based application might also be the threats available for the reliable application which is available for video surveillance. In result, it may increase cybercrime, illegal video access, mishandling videos and so on. Hence, in this paper an intelligent model is used to propose security for video surveillance system which ensures safety and it provides secured access on video.

  15. Information Governance: A Model for Security in Medical Practice

    Directory of Open Access Journals (Sweden)

    Patricia A.H. Williams

    2007-03-01

    Full Text Available Information governance is becoming an important aspect of organisational accountability. In consideration that information is an integral asset of most organisations, the protection of this asset will increasingly rely on organisational capabilities in security.  In the medical arena this information is primarily sensitive patient-based information. Previous research has shown that application of security measures is a low priority for primary care medical practice and that awareness of the risks are seriously underestimated. Consequently, information security governance will be a key issue for medical practice in the future. Information security governance is a relatively new term and there is little existing research into how to meet governance requirements. The limited research that exists describes information security governance frameworks at a strategic level. However, since medical practice is already lagging in the implementation of appropriate security, such definition may not be practical although it is obviously desirable. This paper describes an on-going action research project undertaken in the area of medical information security, and presents a tactical approach model aimed at addressing information security governance and the protection of medical data. 

  16. A new security model for collaborative environments

    Energy Technology Data Exchange (ETDEWEB)

    Agarwal, Deborah [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States); Lorch, Markus [Virginia Polytechnic Inst. and State Univ. (Virginia Tech), Blacksburg, VA (United States); Thompson, Mary [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States); Perry, Marcia [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States)

    2003-06-06

    Prevalent authentication and authorization models for distributed systems provide for the protection of computer systems and resources from unauthorized use. The rules and policies that drive the access decisions in such systems are typically configured up front and require trust establishment before the systems can be used. This approach does not work well for computer software that moderates human-to-human interaction. This work proposes a new model for trust establishment and management in computer systems supporting collaborative work. The model supports the dynamic addition of new users to a collaboration with very little initial trust placed into their identity and supports the incremental building of trust relationships through endorsements from established collaborators. It also recognizes the strength of a users authentication when making trust decisions. By mimicking the way humans build trust naturally the model can support a wide variety of usage scenarios. Its particular strength lies in the support for ad-hoc and dynamic collaborations and the ubiquitous access to a Computer Supported Collaboration Workspace (CSCW) system from locations with varying levels of trust and security.

  17. A Formal Model for the Security of Proxy Signature Schemes

    Institute of Scientific and Technical Information of China (English)

    GU Chun-xiang; ZHU Yue-fei; ZHANG Ya-juan

    2005-01-01

    This paper provides theoretical foundations for the secure proxy signature primitive. We present a formal model for the security of proxy signature schemes, which defines the capabilities of the adversary and the security goals to capture which mean for a proxy signature scheme to be secure. Then, we present an example of proxy signature scheme that can be proven secure in the standard model.

  18. Research on Assessment Model of Information System Security Based on Various Security Factors

    Institute of Scientific and Technical Information of China (English)

    2007-01-01

    With the rapid development of network technology, the meaning of layers and attributes in respect of information system security must be extended based on the understanding of the concept of information system security. The layering model (LM) of information system security and the five-attribute model (FAM) based on security factors were put forward to perfect the description and modeling of the information system security framework. An effective framework system of risk calculation and assessment was proposed, which is based on FAM.

  19. Adaptive Modeling for Security Infrastructure Fault Response

    Institute of Scientific and Technical Information of China (English)

    CUI Zhong-jie; YAO Shu-ping; HU Chang-zhen

    2008-01-01

    Based on the analysis of inherent limitations in existing security response decision-making systems, a dynamic adaptive model of fault response is presented. Several security fault levels were founded, which comprise the basic level, equipment level and mechanism level. Fault damage cost is calculated using the analytic hierarchy process. Meanwhile, the model evaluates the impact of different responses upon fault repair and normal operation. Response operation cost and response negative cost are introduced through quantitative calculation. This model adopts a comprehensive response decision of security fault in three principles-the maximum and minimum principle, timeliness principle, acquiescence principle, which assure optimal response countermeasure is selected for different situations. Experimental results show that the proposed model has good self-adaptation ability, timeliness and cost-sensitiveness.

  20. Security Modeling on the Supply Chain Networks

    Directory of Open Access Journals (Sweden)

    Marn-Ling Shing

    2007-10-01

    Full Text Available In order to keep the price down, a purchaser sends out the request for quotation to a group of suppliers in a supply chain network. The purchaser will then choose a supplier with the best combination of price and quality. A potential supplier will try to collect the related information about other suppliers so he/she can offer the best bid to the purchaser. Therefore, confidentiality becomes an important consideration for the design of a supply chain network. Chen et al. have proposed the application of the Bell-LaPadula model in the design of a secured supply chain network. In the Bell-LaPadula model, a subject can be in one of different security clearances and an object can be in one of various security classifications. All the possible combinations of (Security Clearance, Classification pair in the Bell-LaPadula model can be thought as different states in the Markov Chain model. This paper extends the work done by Chen et al., provides more details on the Markov Chain model and illustrates how to use it to monitor the security state transition in the supply chain network.

  1. FS-OpenSecurity: A Taxonomic Modeling of Security Threats in SDN for Future Sustainable Computing

    Directory of Open Access Journals (Sweden)

    Yunsick Sung

    2016-09-01

    Full Text Available Software Defined Networking (SDN has brought many changes in terms of the interaction processes between systems and humans. It has become the key enabler of software defined architecture, which allows enterprises to build a highly agile Information Technology (IT infrastructure. For Future Sustainability Computing (FSC, SDN needs to deliver on many information technology commitments—more automation, simplified design, increased agility, policy-based management, and network management bond to more liberal IT workflow systems. To address the sustainability problems, SDN needs to provide greater collaboration and tighter integration with networks, servers, and security teams that will have an impact on how enterprises design, plan, deploy and manage networks. In this paper, we propose FS-OpenSecurity, which is a new and pragmatic security architecture model. It consists of two novel methodologies, Software Defined Orchestrator (SDO and SQUEAK, which offer a robust and secure architecture. The secure architecture is required for protection from diverse threats. Usually, security administrators need to handle each threat individually. However, handling threats automatically by adapting to the threat landscape is a critical demand. Therefore, the architecture must handle defensive processes automatically that are collaboratively based on intelligent external and internal information.

  2. MULTILEVEL RECURRENT MODEL FOR HIERARCHICAL CONTROL OF COMPLEX REGIONAL SECURITY

    Directory of Open Access Journals (Sweden)

    Andrey V. Masloboev

    2014-11-01

    Full Text Available Subject of research. The research goal and scope are development of methods and software for mathematical and computer modeling of the regional security information support systems as multilevel hierarchical systems. Such systems are characterized by loosely formalization, multiple-aspect of descendent system processes and their interconnectivity, high level dynamics and uncertainty. The research methodology is based on functional-target approach and principles of multilevel hierarchical system theory. The work considers analysis and structural-algorithmic synthesis problem-solving of the multilevel computer-aided systems intended for management and decision-making information support in the field of regional security. Main results. A hierarchical control multilevel model of regional socio-economic system complex security has been developed. The model is based on functional-target approach and provides both formal statement and solving, and practical implementation of the automated information system structure and control algorithms synthesis problems of regional security management optimal in terms of specified criteria. An approach for intralevel and interlevel coordination problem-solving in the multilevel hierarchical systems has been proposed on the basis of model application. The coordination is provided at the expense of interconnection requirements satisfaction between the functioning quality indexes (objective functions, which are optimized by the different elements of multilevel systems. That gives the possibility for sufficient coherence reaching of the local decisions, being made on the different control levels, under decentralized decision-making and external environment high dynamics. Recurrent model application provides security control mathematical models formation of regional socioeconomic systems, functioning under uncertainty. Practical relevance. The model implementation makes it possible to automate synthesis realization of

  3. A secured e-tendering modeling using misuse case approach

    Science.gov (United States)

    Mohd, Haslina; Robie, Muhammad Afdhal Muhammad; Baharom, Fauziah; Darus, Norida Muhd; Saip, Mohamed Ali; Yasin, Azman

    2016-08-01

    Major risk factors relating to electronic transactions may lead to destructive impacts on trust and transparency in the process of tendering. Currently, electronic tendering (e-tendering) systems still remain uncertain in issues relating to legal and security compliance and most importantly it has an unclear security framework. Particularly, the available systems are lacking in addressing integrity, confidentiality, authentication, and non-repudiation in e-tendering requirements. Thus, one of the challenges in developing an e-tendering system is to ensure the system requirements include the function for secured and trusted environment. Therefore, this paper aims to model a secured e-tendering system using misuse case approach. The modeling process begins with identifying the e-tendering process, which is based on the Australian Standard Code of Tendering (AS 4120-1994). It is followed by identifying security threats and their countermeasure. Then, the e-tendering was modelled using misuse case approach. The model can contribute to e-tendering developers and also to other researchers or experts in the e-tendering domain.

  4. Modeling behavioral considerations related to information security.

    Energy Technology Data Exchange (ETDEWEB)

    Martinez-Moyano, I. J.; Conrad, S. H.; Andersen, D. F. (Decision and Information Sciences); (SNL); (Univ. at Albany)

    2011-01-01

    The authors present experimental and simulation results of an outcome-based learning model for the identification of threats to security systems. This model integrates judgment, decision-making, and learning theories to provide a unified framework for the behavioral study of upcoming threats.

  5. A security modeling approach for web-service-based business processes

    DEFF Research Database (Denmark)

    Jensen, Meiko; Feja, Sven

    2009-01-01

    The rising need for security in SOA applications requires better support for management of non-functional properties in web-based business processes. Here, the model-driven approach may provide valuable benefits in terms of maintainability and deployment. Apart from modeling the pure functionality...... of a process, the consideration of security properties at the level of a process model is a promising approach. In this work-in-progress paper we present an extension to the ARIS SOA Architect that is capable of modeling security requirements as a separate security model view. Further we provide...... a transformation that automatically derives WS-SecurityPolicy-conformant security policies from the process model, which in conjunction with the generated WS-BPEL processes and WSDL documents provides the ability to deploy and run the complete security-enhanced process based on Web Service technology. © 2009 IEEE....

  6. A security modeling approach for web-service-based business processes

    DEFF Research Database (Denmark)

    Jensen, Meiko; Feja, Sven

    2009-01-01

    The rising need for security in SOA applications requires better support for management of non-functional properties in web-based business processes. Here, the model-driven approach may provide valuable benefits in terms of maintainability and deployment. Apart from modeling the pure functionality...... a transformation that automatically derives WS-SecurityPolicy-conformant security policies from the process model, which in conjunction with the generated WS-BPEL processes and WSDL documents provides the ability to deploy and run the complete security-enhanced process based on Web Service technology....... of a process, the consideration of security properties at the level of a process model is a promising approach. In this work-in-progress paper we present an extension to the ARIS SOA Architect that is capable of modeling security requirements as a separate security model view. Further we provide...

  7. Cyberspace Forensics Readiness and Security Awareness Model

    Directory of Open Access Journals (Sweden)

    Aadil Al-Mahrouqi

    2015-06-01

    Full Text Available The goal of reaching a high level of security in wire- less and wired communication networks is continuously proving difficult to achieve. The speed at which both keepers and violators of secure networks are evolving is relatively close. Nowadays, network infrastructures contain a large number of event logs captured by Firewalls and Domain Controllers (DCs. However, these logs are increasingly becoming an obstacle for network administrators in analyzing networks for malicious activities. Forensic investigators mission to detect malicious activities and reconstruct incident scenarios is extremely complex considering the number, as well as the quality of these event logs. This paper presents the building blocks for a model for automated network readiness and awareness. The idea for this model is to utilize the current network security outputs to construct forensically comprehensive evidence. The proposed model covers the three vital phases of the cybercrime management chain, which are: 1 Forensics Readiness, 2 Active Forensics, and 3 Forensics Awareness.

  8. Model Checking Electronic Commerce Security Protocols Based on CTL

    Institute of Scientific and Technical Information of China (English)

    XIAO De-qin; ZHANG Huan-guo

    2005-01-01

    We present a model based on Computational Temporal Logic (CTL) methods for verifying security requirements of electronic commerce protocols. The model describes formally the authentication, confidentiality integrity,non-repudiation, denial of service and access control of the electronic commerce protocols. We illustrate as case study a variant of the Lu-Smolka protocol proposed by Lu-Smolka.Moreover, we have discovered two attacks that allow a dishonest user to purchase a good debiting the amount to another user. And also, we compared our work with relative research works and found that the formal way of this paper is more general to specify security protocols for E-Commerce.

  9. Using a Prediction Model to Manage Cyber Security Threats

    Directory of Open Access Journals (Sweden)

    Venkatesh Jaganathan

    2015-01-01

    Full Text Available Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

  10. Using a Prediction Model to Manage Cyber Security Threats.

    Science.gov (United States)

    Jaganathan, Venkatesh; Cherurveettil, Priyesh; Muthu Sivashanmugam, Premapriya

    2015-01-01

    Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

  11. Software Security and the "Building Security in Maturity" Model

    CERN Document Server

    CERN. Geneva

    2011-01-01

    Using the framework described in my book "Software Security: Building Security In" I will discuss and describe the state of the practice in software security. This talk is peppered with real data from the field, based on my work with several large companies as a Cigital consultant. As a discipline, software security has made great progress over the last decade. Of the sixty large-scale software security initiatives we are aware of, thirty-two---all household names---are currently included in the BSIMM study. Those companies among the thirty-two who graciously agreed to be identified include: Adobe, Aon, Bank of America, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, Google, Intel, Intuit, McKesson, Microsoft, Nokia, QUALCOMM, Sallie Mae, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, VMware, and Wells Fargo. The BSIMM was created by observing and analyzing real-world data from thirty-two leading software security initiatives. The BSIMM can...

  12. A Business Goal Driven Approach for Understanding and Specifying Information Security Requirements

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; Eck, van P.A.T.

    2006-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most im

  13. 46 CFR 11.811 - Requirements to qualify for an STCW endorsement as vessel security officer.

    Science.gov (United States)

    2010-10-01

    ... 46 Shipping 1 2010-10-01 2010-10-01 false Requirements to qualify for an STCW endorsement as vessel security officer. 11.811 Section 11.811 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY... § 11.811 Requirements to qualify for an STCW endorsement as vessel security officer. (a) The...

  14. A Model of Social Security?

    DEFF Research Database (Denmark)

    Rom-Jensen, Byron Zachary

    2017-01-01

    This essay provides historical perspective to Senator Bernie Sanders’ appropriation of elements of the Nordic model in the 2016 campaign by studying how Scandinavia was used as a political image in 1930s United States. Departing from previous scholarship, this essay argues that accounts of Scandi...... and its 1939 amendments. The surprising plasticity of the Scandinavian image amongst policymakers ultimately reveals the fluid nature of both New Deal-era politics and the Scandinavian images it appropriated....

  15. E-Learning Security Models

    Directory of Open Access Journals (Sweden)

    Vladimir I. Zuev

    2012-06-01

    Full Text Available The article looks into methods and models that are useful when analyzing the risks and vulnerabilities of complex e-learning systems in an emergency management context. Definitions of vulnerability and emergency response capabilities, such as "VLE/PLE attack surface", are suggested.The article provides insight into some of the issues related to analysis of risks and vulnerabilities of e-learning systems, but more research is needed to address this difficult and comprehensive task.

  16. A improved Network Security Situation Awareness Model

    Directory of Open Access Journals (Sweden)

    Li Fangwei

    2015-08-01

    Full Text Available In order to reflect the situation of network security assessment performance fully and accurately, a new network security situation awareness model based on information fusion was proposed. Network security situation is the result of fusion three aspects evaluation. In terms of attack, to improve the accuracy of evaluation, a situation assessment method of DDoS attack based on the information of data packet was proposed. In terms of vulnerability, a improved Common Vulnerability Scoring System (CVSS was raised and maked the assessment more comprehensive. In terms of node weights, the method of calculating the combined weights and optimizing the result by Sequence Quadratic Program (SQP algorithm which reduced the uncertainty of fusion was raised. To verify the validity and necessity of the method, a testing platform was built and used to test through evaluating 2000 DAPRA data sets. Experiments show that the method can improve the accuracy of evaluation results.

  17. On Business-Driven IT Security Management and Mismatches between Security Requirements in Firms, Industry Standards and Research Work

    Science.gov (United States)

    Frühwirth, Christian

    Industry managers have long recognized the vital importance of information security for their businesses, but at the same time they perceived security as a technology-driven rather then a business-driven field. Today, this notion is changing and security management is shifting from technology- to business-oriented approaches. Whereas there is evidence of this shift in the literature, this paper argues that security standards and academic work have not yet taken it fully into account. We examine whether this disconnect has lead to a misalignment of IT security requirements in businesses versus industry standards and academic research. We conducted 13 interviews with practitioners from 9 different firms to investigate this question. The results present evidence for a significant gap between security requirements in industry standards and actually reported security vulnerabilities. We further find mismatches between the prioritization of security factors in businesses, standards and real-world threats. We conclude that security in companies serves the business need of protecting information availability to keep the business running at all times.

  18. Food Security Information Platform Model Based on Internet of Things

    Directory of Open Access Journals (Sweden)

    Lei Zhang

    2015-06-01

    Full Text Available According to the tracking and tracing requirements of food supply chain management and quality and safety, this study built food security information platform using the Internet of things technology, with reference to the EPC standard, the use of RFID technology, adopting the model of SOA, based on SCOR core processes, researches the food security information platform which can set up the whole process from the source to the consumption of the traceability information, provides food information, strengthens the food identity verification, prevents food identification and information of error identification to the consumer and government food safety regulators, provides good practices for food safety traceability.

  19. 33 CFR 105.305 - Facility Security Assessment (FSA) requirements.

    Science.gov (United States)

    2010-07-01

    ..., personnel identification documents and communication, alarm, lighting, access control, and similar systems...-keeping duties and risk of fatigue on facility personnel alertness and performance; (iv) Security training...

  20. A Multilevel Secure Relation-Hierarchical Data Model for a Secure DBMS

    Institute of Scientific and Technical Information of China (English)

    2001-01-01

    A multilevel secure relation-hierarchical data model formultilevel secure database is extended from the relation-hierarchical data model in single level environment in this paper. Based on the model, an upper-lower layer relational integrity is presented after we analyze and eliminate the covert channels caused by the database integrity. Two SQL statements are extended to process polyinstantiation in the multilevel secure environment. The system based on the multilevel secure relation-hierarchical data model is capable of integratively storing and manipulating complicated objects (e.g., multilevel spatial data) and conventional data (e.g., integer, real number and character string) in multilevel secure database.

  1. 7 CFR 1781.9 - Security, feasibility, evidence of debt, title, insurance and other requirements.

    Science.gov (United States)

    2010-01-01

    ... AND DEVELOPMENT (RCD) LOANS AND WATERSHED (WS) LOANS AND ADVANCES § 1781.9 Security, feasibility, evidence of debt, title, insurance and other requirements. (a) Security. WS loans, WS advances, and RCD... secure a WS loan, WS advance, or RCD loan. These should be consistent with the applicable provisions of...

  2. 76 FR 65542 - N.S. Savannah; Exemption From Certain Security Requirements

    Science.gov (United States)

    2011-10-21

    ... plan or procedures, physical security plan, guard training and qualification plan, and cyber security... COMMISSION N.S. Savannah; Exemption From Certain Security Requirements 1.0 Background The U.S. Department of Transportation, Maritime ] Administration (MARAD) is the licensee and holder of Facility Operating License No. NS...

  3. 76 FR 12645 - Ownership Limitations and Governance Requirements for Security-Based Swap Clearing Agencies...

    Science.gov (United States)

    2011-03-08

    ... COMMISSION 17 CFR Part 242 RIN 3235-AK74 Ownership Limitations and Governance Requirements for Security... FURTHER INFORMATION CONTACT: Proposals relating to security-based swap clearing agencies: Catherine Moore... in and the governance of security-based swap clearing agencies, SB SEFs and SBS...

  4. Enhanced Authentication Mechanism Using Multilevel Security Model

    Directory of Open Access Journals (Sweden)

    Abdulameer Hussain

    2009-06-01

    Full Text Available This paper presents a proposed multilevel authentication method which is implemented especially in sensitive applications where they contain multilevel secure and confidential data. The proposed method divides the system into multiple sensitive levels and tests users against different authentication methods for each level. Most levels are subdivided further into secure sublevels. Each sublevel contains its own privileges and data types which are managed by an Identity Manager (IM whose responsibility is to transit users to other higher sublevels. The transition’s decision is done by assigning different weights to each authentication method .After a series of tests, the IM must generate a status report describing the results and the decision made to each user’s activity. This technique permits granting only the required privileges for a selected group of users and limits the configuration functions of those that users in a particular user group can perform.

  5. Mission Assurance Modeling and Simulation: A Cyber Security Roadmap

    Science.gov (United States)

    Gendron, Gerald; Roberts, David; Poole, Donold; Aquino, Anna

    2012-01-01

    This paper proposes a cyber security modeling and simulation roadmap to enhance mission assurance governance and establish risk reduction processes within constrained budgets. The term mission assurance stems from risk management work by Carnegie Mellon's Software Engineering Institute in the late 19905. By 2010, the Defense Information Systems Agency revised its cyber strategy and established the Program Executive Officer-Mission Assurance. This highlights a shift from simply protecting data to balancing risk and begins a necessary dialogue to establish a cyber security roadmap. The Military Operations Research Society has recommended a cyber community of practice, recognizing there are too few professionals having both cyber and analytic experience. The authors characterize the limited body of knowledge in this symbiotic relationship. This paper identifies operational and research requirements for mission assurance M&S supporting defense and homeland security. M&S techniques are needed for enterprise oversight of cyber investments, test and evaluation, policy, training, and analysis.

  6. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization (extended version)

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.

    2010-01-01

    Today, companies are required to be in control of the security of their IT assets. This is especially challenging in the presence of limited budgets and conflicting requirements. Here, we present Risk-Based Requirements Elicitation and Prioritization (RiskREP), a method for managing IT security

  7. DOE/DHS INDUSTRIAL CONTROL SYSTEM CYBER SECURITY PROGRAMS: A MODEL FOR USE IN NUCLEAR FACILITY SAFEGUARDS AND SECURITY

    Energy Technology Data Exchange (ETDEWEB)

    Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

    2011-07-01

    Many critical infrastructure sectors have been investigating cyber security issues for several years especially with the help of two primary government programs. The U.S. Department of Energy (DOE) National SCADA Test Bed and the U.S. Department of Homeland Security (DHS) Control Systems Security Program have both implemented activities aimed at securing the industrial control systems that operate the North American electric grid along with several other critical infrastructure sectors (ICS). These programs have spent the last seven years working with industry including asset owners, educational institutions, standards and regulating bodies, and control system vendors. The programs common mission is to provide outreach, identification of cyber vulnerabilities to ICS and mitigation strategies to enhance security postures. The success of these programs indicates that a similar approach can be successfully translated into other sectors including nuclear operations, safeguards, and security. The industry regulating bodies have included cyber security requirements and in some cases, have incorporated sets of standards with penalties for non-compliance such as the North American Electric Reliability Corporation Critical Infrastructure Protection standards. These DOE and DHS programs that address security improvements by both suppliers and end users provide an excellent model for nuclear facility personnel concerned with safeguards and security cyber vulnerabilities and countermeasures. It is not a stretch to imagine complete surreptitious collapse of protection against the removal of nuclear material or even initiation of a criticality event as witnessed at Three Mile Island or Chernobyl in a nuclear ICS inadequately protected against the cyber threat.

  8. 21 CFR 1301.71 - Security requirements generally.

    Science.gov (United States)

    2010-04-01

    ... local laws and regulations governing the management of waste. (c) When physical security controls become... the Regulatory Section, Drug Enforcement Administration. See the Table of DEA Mailing Addresses in...

  9. 33 CFR 104.305 - Vessel Security Assessment (VSA) requirements.

    Science.gov (United States)

    2010-07-01

    ...) Personnel identification documents; (v) Communication systems; (vi) Alarms; (vii) Lighting; (viii) Access... security assignments; (iii) The impact of watch-keeping duties and risk of fatigue on vessel personnel...

  10. A secure operational model for mobile payments.

    Science.gov (United States)

    Chang, Tao-Ku

    2014-01-01

    Instead of paying by cash, check, or credit cards, customers can now also use their mobile devices to pay for a wide range of services and both digital and physical goods. However, customers' security concerns are a major barrier to the broad adoption and use of mobile payments. In this paper we present the design of a secure operational model for mobile payments in which access control is based on a service-oriented architecture. A customer uses his/her mobile device to get authorization from a remote server and generate a two-dimensional barcode as the payment certificate. This payment certificate has a time limit and can be used once only. The system also provides the ability to remotely lock and disable the mobile payment service.

  11. A Secure Operational Model for Mobile Payments

    Directory of Open Access Journals (Sweden)

    Tao-Ku Chang

    2014-01-01

    Full Text Available Instead of paying by cash, check, or credit cards, customers can now also use their mobile devices to pay for a wide range of services and both digital and physical goods. However, customers’ security concerns are a major barrier to the broad adoption and use of mobile payments. In this paper we present the design of a secure operational model for mobile payments in which access control is based on a service-oriented architecture. A customer uses his/her mobile device to get authorization from a remote server and generate a two-dimensional barcode as the payment certificate. This payment certificate has a time limit and can be used once only. The system also provides the ability to remotely lock and disable the mobile payment service.

  12. Modeling, simulation and analysis of a securities settlement system: the case of Central Securities Depository of Mexico

    Directory of Open Access Journals (Sweden)

    David F. Muñoz

    2012-12-01

    Full Text Available The Instituto para el Depósito de Valores (INDEVAL is the Central Securities Depository of Mexico. It is the only Mexican institution authorized to perform, in an integrated manner, the activities of safe-keeping, custody, management, clearing, settlement and transfer of securities. In this article, we report the modeling, simulation and analysis of a new Securities Settlement System (SSS implemented by INDEVAL, as part of a project for the implementation of a safer and more efficient operating system. The main objective of this research was to use reduced amounts of cash and securities, within reasonable periods of time, for the settlement of securities of the Mexican market. A linear programming model for the netting and clearing of operations was used. The performance of the new SSS was evaluated by performing experiments using a deterministic simulation model under different operation parameters, such as the number and monetary value of transactions, the time between clearing cycles and also under a new set of rules for pre-settlement operations. The results presented may be used by other Central Securities Depositories to make decisions related to the efficient and safer use of their resources. The implementation of the model took more than three years. Now many transactions that would remain pending if processed individually are settled together, thus reducing liquidity requirements dramatically -by 52% in cash and 26% in securities.

  13. Modeling and Security in Cloud Ecosystems

    Directory of Open Access Journals (Sweden)

    Eduardo B. Fernandez

    2016-04-01

    Full Text Available Clouds do not work in isolation but interact with other clouds and with a variety of systems either developed by the same provider or by external entities with the purpose to interact with them; forming then an ecosystem. A software ecosystem is a collection of software systems that have been developed to coexist and evolve together. The stakeholders of such a system need a variety of models to give them a perspective of the possibilities of the system, to evaluate specific quality attributes, and to extend the system. A powerful representation when building or using software ecosystems is the use of architectural models, which describe the structural aspects of such a system. These models have value for security and compliance, are useful to build new systems, can be used to define service contracts, find where quality factors can be monitored, and to plan further expansion. We have described a cloud ecosystem in the form of a pattern diagram where its components are patterns and reference architectures. A pattern is an encapsulated solution to a recurrent problem. We have recently expanded these models to cover fog systems and containers. Fog Computing is a highly-virtualized platform that provides compute, storage, and networking services between end devices and Cloud Computing Data Centers; a Software Container provides an execution environment for applications sharing a host operating system, binaries, and libraries with other containers. We intend to use this architecture to answer a variety of questions about the security of this system as well as a reference to design interacting combinations of heterogeneous components. We defined a metamodel to relate security concepts which is being expanded.

  14. 14 CFR 1274.937 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-01-01

    ... information technology resources. 1274.937 Section 1274.937 Aeronautics and Space NATIONAL AERONAUTICS AND... Conditions § 1274.937 Security requirements for unclassified information technology resources. Security Requirements for Unclassified Information Technology Resources July 2002 (a) The Recipient shall be...

  15. SECURE MATHEMATICALLY- ASSURED COMPOSITION OF CONTROL MODELS

    Science.gov (United States)

    2017-09-27

    that is provably secure against many classes of cyber -attack. The goal of the project is to provide verifiable security ; that is, system designs which...architecture of the secure SMACCMcopter, illustrating the attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 46 Failed cyber -attack...approach for building secure software. DARPA initiated the High Assurance Cyber Military Systems (HACMS) program to develop the technologies needed to

  16. Information security governance: business requirements and research directions

    CSIR Research Space (South Africa)

    Höne, K

    2009-01-01

    Full Text Available -aligned with the needs of the business community. The problem that this paper addresses is twofold. Firstly, it addresses the confusion regarding the meaning of Information Security Governance. Secondly, it assesses the gap between research and business communities from...

  17. Automated analysis of security requirements through risk-based argumentation

    NARCIS (Netherlands)

    Yu, Yijun; Nunes Leal Franqueira, V.; Tun, Thein Tan; Wieringa, Roelf J.; Nuseibeh, Bashar

    2015-01-01

    Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about

  18. Security in transnational interoperable PPDR communications: Threats and requirements

    NARCIS (Netherlands)

    Ferrús, R.; Sallent, O.; Verkoelen, C.; Fransen, F.; Saijonmaa, J.; Olivieri, C.; Duits, M.; Galin, A.; Pangallo, F.; Modi, D.P.

    2015-01-01

    The relevance of cross border security operations has been identified as a priority at European level for a long time. A European network where Public Protection and Disaster Relief (PPDR) forces share communications processes and a legal framework would greatly enforce response to disaster recovery

  19. Adaptable Authentication Model: Exploring Security with Weaker Attacker Models

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    suffer because of the identified vulnerabilities. Therefore, we may need to analyze a protocol for weaker notions of security. In this paper, we present a security model that supports such weaker notions. In this model, the overall goals of an authentication protocol are broken into a finer granularity......; for each fine level authentication goal, we determine the “least strongest-attacker” for which the authentication goal can be satisfied. We demonstrate that this model can be used to reason about the security of supposedly insecure protocols. Such adaptability is particularly useful in those applications......Most methods for protocol analysis classify protocols as “broken” if they are vulnerable to attacks from a strong attacker, e.g., assuming the Dolev-Yao attacker model. In many cases, however, exploitation of existing vulnerabilities may not be practical and, moreover, not all applications may...

  20. Security Policy Development: Towards a Life-Cycle and Logic-Based Verification Model

    Directory of Open Access Journals (Sweden)

    Luay A. Wahsheh

    2008-01-01

    Full Text Available Although security plays a major role in the design of software systems, security requirements and policies are usually added to an already existing system, not created in conjunction with the product. As a result, there are often numerous problems with the overall design. In this paper, we discuss the relationship between software engineering, security engineering, and policy engineering and present a security policy life-cycle; an engineering methodology to policy development in high assurance computer systems. The model provides system security managers with a procedural engineering process to develop security policies. We also present an executable Prolog-based model as a formal specification and knowledge representation method using a theorem prover to verify system correctness with respect to security policies in their life-cycle stages.

  1. Towards a Model of the Costs of Security

    OpenAIRE

    Larochelle, David; Rosasco, Nicholas

    2003-01-01

    We present a simple information security model to determine why, historically, the level of security has not increased despite numerous technical advances. In our model, the software design process involves trade-offs between security and functionality. Developers choose points in the design space corresponding to certain levels of security and functionality. If development resources, such as number of developers, time for completion, etc., are fixed, there is an implicit trade-off between se...

  2. Los Alamos CCS (Center for Computer Security) formal computer security model

    Energy Technology Data Exchange (ETDEWEB)

    Dreicer, J.S.; Hunteman, W.J. (Los Alamos National Lab., NM (USA))

    1989-01-01

    This paper provides a brief presentation of the formal computer security model currently being developed at the Los Alamos Department of Energy (DOE) Center for Computer Security (CCS). The initial motivation for this effort was the need to provide a method by which DOE computer security policy implementation could be tested and verified. The actual analytical model was a result of the integration of current research in computer security and previous modeling and research experiences. The model is being developed to define a generic view of the computer and network security domains, to provide a theoretical basis for the design of a security model, and to address the limitations of present models. Formal mathematical models for computer security have been designed and developed in conjunction with attempts to build secure computer systems since the early 70's. The foundation of the Los Alamos DOE CCS model is a series of functionally dependent probability equations, relations, and expressions. The mathematical basis appears to be justified and is undergoing continued discrimination and evolution. We expect to apply the model to the discipline of the Bell-Lapadula abstract sets of objects and subjects. 5 refs.

  3. A study of the security technology and a new security model for WiFi network

    Science.gov (United States)

    Huang, Jing

    2013-07-01

    The WiFi network is one of the most rapidly developing wireless communication networks, which makes wireless office and wireless life possible and greatly expands the application form and scope of the internet. At the same time, the WiFi network security has received wide attention, and this is also the key factor of WiFi network development. This paper makes a systematic introduction to the WiFi network and WiFi network security problems, and the WiFi network security technology are reviewed and compared. In order to solve the security problems in WiFi network, this paper presents a new WiFi network security model and the key exchange algorithm. Experiments are performed to test the performance of the model, the results show that the new security model can withstand external network attack and ensure stable and safe operation of WiFi network.

  4. DEVELOPING OF THE SYSTEM INFORMATION SECURITY MODEL FOR COMPUTER TRAINING COMPLEX

    Directory of Open Access Journals (Sweden)

    Viktoriia N. Kovalchuk

    2010-08-01

    Full Text Available The regulatory documents regarding the computer training rooms and information communication technologies in respect to the information safety are being analyzed in the given paper. The model of information security system of the computer training complex is developed. In particular there are considered the requirements to the security system construction, its functioning and the stages of the lifecycle. The analysis of typical risks for the information resources is conducted, the main methods of their information security are offered.

  5. Communications Security: A Timeless Requirement While Conducting Warfare

    Science.gov (United States)

    2012-04-10

    during the battles of Pearl Harbor and Midway, along with the ongoing enigma , comprise valid and tangible examples of the importance of communications...Additionally, they leverage tools such as the media and social networking systems to publish their message, recruit followers, and organize attacks...National Security Agency, 2008. Harper, Stephen, Capturing Enigma : How HMS Petard Seized the German Naval Codes. Trowbridge, Wiltshire: Sutton

  6. OPNET Modeler Simulation Testing of the New Model Used to Cooperation Between QoS and Security Mechanisms

    Directory of Open Access Journals (Sweden)

    Jan Papaj

    2012-01-01

    Full Text Available In this article the performance analysis of the new model, used to integration between QoS and Security, is introduced. OPNET modeler simulation testing of the new model with comparation with the standard model is presented. This new model enables the process of cooperation between QoS and Security in MANET. The introduction how the model is implemented to the simulation OPNET modeler is also showed. Model provides possibilities to integration and cooperation of QoS and security by the cross layer design (CLD with modified security service vector (SSV. An overview of the simulation tested of the new model, comparative study in mobile ad-hoc networks, describe requirements and directions for adapted solutions are presented. Main idea of the testing is to show how QoS and Security related services could be provided simultaneously with using minimal interfering with each service.

  7. Generic Model to Send Secure Alerts for Utility Companies

    Directory of Open Access Journals (Sweden)

    Perez–Díaz J.A.

    2010-04-01

    Full Text Available In some industries such as logistics services, bank services, and others, the use of automated systems that deliver critical business information anytime and anywhere play an important role in the decision making process. This paper introduces a "Generic model to send secure alerts and notifications", which operates as a middleware between enterprise data sources and its mobile users. This model uses Short Message Service (SMS as its main mobile messaging technology, however is open to use new types of messaging technologies. Our model is interoperable with existing information systems, it can store any kind of information about alerts or notifications at different levels of granularity, it offers different types of notifications (as analert when critical business problems occur,asanotificationina periodical basis or as 2 way query. Notification rules can be customized by final users according to their preferences. The model provides a security framework in the cases where information requires confidentiality, it is extensible to existing and new messaging technologies (like e–mail, MMS, etc. It is a platform, mobile operator and hardware independent. Currently, our solution is being used at the Comisión Federal de Electricidad (Mexico's utility company to deliver secure alerts related to critical events registered in the main power generation plants of our country.

  8. On the Need for Relaxed Security Models

    DEFF Research Database (Denmark)

    Slides for the opening panel on "Issues in the Security of Wireless Network systems" at ICETE 2008.......Slides for the opening panel on "Issues in the Security of Wireless Network systems" at ICETE 2008....

  9. Technical Security Metrics Model in Compliance with ISO/IEC 27001 Standard

    Directory of Open Access Journals (Sweden)

    M. Azuwa

    2015-05-01

    Full Text Available Technical security metrics provide measurements in ensuring the effectiveness of technical security controls or technology devices/objects that are used in protecting the information systems. However, lack of understanding and method to develop the technical security metrics may lead to unachievable security control objectives and inefficient implementation. This paper proposes a model of technical security metrics to measure the effectiveness of network security management. The measurement is based on the security performance for (1 network security controls such as firewall, Intrusion Detection Prevention System (IDPS, switch, wireless access point and network architecture; and (2 network services such as Hypertext Transfer Protocol Secure (HTTPS and virtual private network (VPN. The methodology used is Plan-Do-Check-Act process model. The proposed technical security metrics provide guidance for organizations in complying with requirements of ISO/IEC 27001 Information Security Management System (ISMS standard. The proposed model should also be able to provide a comprehensive measurement and guide to use ISO/IEC 27004 ISMS Measurement standard.

  10. The IEA Model of Short-term Energy Security

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    2011-07-01

    Ensuring energy security has been at the centre of the IEA mission since its inception, following the oil crises of the early 1970s. While the security of oil supplies remains important, contemporary energy security policies must address all energy sources and cover a comprehensive range of natural, economic and political risks that affect energy sources, infrastructures and services. In response to this challenge, the IEA is currently developing a Model Of Short-term Energy Security (MOSES) to evaluate the energy security risks and resilience capacities of its member countries. The current version of MOSES covers short-term security of supply for primary energy sources and secondary fuels among IEA countries. It also lays the foundation for analysis of vulnerabilities of electricity and end-use energy sectors. MOSES contains a novel approach to analysing energy security, which can be used to identify energy security priorities, as a starting point for national energy security assessments and to track the evolution of a country's energy security profile. By grouping together countries with similar 'energy security profiles', MOSES depicts the energy security landscape of IEA countries. By extending the MOSES methodology to electricity security and energy services in the future, the IEA aims to develop a comprehensive policy-relevant perspective on global energy security. This Working Paper is intended for readers who wish to explore the MOSES methodology in depth; there is also a brochure which provides an overview of the analysis and results.

  11. 76 FR 4489 - Disclosure for Asset-Backed Securities Required by Section 943 of the Dodd-Frank Wall Street...

    Science.gov (United States)

    2011-01-26

    ... 229, 232, 240 and 249 RIN 3235-AK75 Disclosure for Asset-Backed Securities Required by Section 943 of...-backed securities offerings. The final rules require securitizers of asset-backed securities to disclose... mechanisms available to investors in an asset-backed securities offering in any report accompanying a credit...

  12. Model-based security engineering for the internet of things

    OpenAIRE

    NEISSE RICARDO; STERI GARY; NAI FOVINO Igor; Baldini, Gianmarco; VAN HOESEL Lodewijk

    2015-01-01

    We propose in this chapter a Model-based Security Toolkit (SecKit) and methodology to address the control and protection of user data in the deployment of the Internet of Things (IoT). This toolkit takes a more general approach for security engineering including risk analysis, establishment of aspect-specific trust relationships, and enforceable security policies. We describe the integrated metamodels used in the toolkit and the accompanying security engineering methodology for IoT systems...

  13. Critical water requirements for food, methodology and policy consequences for food security

    NARCIS (Netherlands)

    Gerbens-Leenes, P.W.; Nonhebel, S.

    2004-01-01

    Food security and increasing water scarcity have a dominant place on the food policy agenda. Food security requires sufficient water of adequate quality because water is a prerequisite for plant growth. Nowadays, agriculture accounts for 70% of the worldwide human fresh water use. The expected incre

  14. Critical water requirements for food, methodology and policy consequences for food security

    NARCIS (Netherlands)

    Gerbens-Leenes, P.W.; Nonhebel, S.

    2004-01-01

    Food security and increasing water scarcity have a dominant place on the food policy agenda. Food security requires sufficient water of adequate quality because water is a prerequisite for plant growth. Nowadays, agriculture accounts for 70% of the worldwide human fresh water use. The expected

  15. 77 FR 52692 - NIST Federal Information Processing Standard (FIPS) 140-3 (Second Draft), Security Requirements...

    Science.gov (United States)

    2012-08-30

    ... National Institute of Standards and Technology NIST Federal Information Processing Standard (FIPS) 140-3... sections of Federal Information Processing Standard 140-3 (Second Draft), Security Requirements for... may be sent to: Chief, Computer Security Division, Information Technology Laboratory, Attention:...

  16. Secure OpenID Authentication Model by Using Trusted Computing

    Directory of Open Access Journals (Sweden)

    E. Ghazizadeh

    2014-01-01

    Full Text Available The growth of Internet online services has been very quick in recent years. Each online service requires Internet users to create a new account to use the service. The problem can be seen when each user usually needs more than one service and, consequently, has numerous accounts. These numerous accounts have to be managed in a secure and simple way to be protected against identity theft. Single sign-on (SSO and OpenID have been used to decrease the complexity of managing numerous accounts required in the Internet identity environment. Trusted Platform Module (TPM and Trust Multitenancy are great trusted computing-based technologies to solve security concerns in the Internet identity environment. Since trust is one of the pillars of security in the cloud, this paper analyzes the existing cloud identity techniques in order to investigate their strengths and weaknesses. This paper proposes a model in which One Time Password (OTP, TPM, and OpenID are used to provide a solution against phishing as a common identity theft in cloud environment.

  17. Selection of Model in Developing Information Security Criteria for Smart Grid Security System

    CERN Document Server

    Ling, Amy Poh Ai

    2011-01-01

    At present, the "Smart Grid" has emerged as one of the best advanced energy supply chains. This paper looks into the security system of smart grid via the smart planet system. The scope focused on information security criteria that impact on consumer trust and satisfaction. The importance of information security criteria is perceived as the main aspect to impact on customer trust throughout the entire smart grid system. On one hand, this paper also focuses on the selection of the model for developing information security criteria on a smart grid.

  18. A Metadata Based Storage Model for Securing Data in Cloud Environment

    Directory of Open Access Journals (Sweden)

    S. Subashini

    2012-01-01

    Full Text Available Problem statement: Enterprises are migrating to the cloud environment at a faster pace. Security of information that is being processed by the applications and ultimately getting stored in the data centers are of big concerns of this newly evolving environment. The security of the data is a concern not only during transferring of data through the wires but also during its storage phase where data stays most of the time. Approach: In order to keep the data secure during its storage phase, a preventive, robust security model is required. Instead of developing a robust security module to prevent hackers from intruding into data centers, a model which will prevent intruders from getting the required information even at the event of intrusion, will be of utmost use. Conventional security models secure data by encryption or by fragmentation. A security model developed using a fragmentation technique that is based on the sensitivity, criticality and value of the data provides better security by means of disintegration of value of the data and also a good technique for prevention of information leaks. The proposed method also provides solutions to access the fragmented data. Results: The proposed model provides a efficient security solution for data stored in cloud. When compared to conventional methods, the speed of data queries are less for small databases, but prove to be very efficient for huge databases. Conclusion: This model provides an efficient solution for data storage security in cloud environment. This technique coupled with standard encryption techniques will make this model more robust.

  19. 48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

    Science.gov (United States)

    2010-10-01

    ... unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information technology (IT) resources....

  20. 48 CFR 27.203 - Security requirements for patent applications containing classified subject matter.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 1 2010-10-01 2010-10-01 false Security requirements for patent applications containing classified subject matter. 27.203 Section 27.203 Federal Acquisition... subject matter....

  1. Security Issues in Distributed Database System Model

    OpenAIRE

    MD.TABREZ QUASIM

    2013-01-01

    This paper reviews the most common as well as emerging security mechanism used in distributed database system. As distributed database became more popular, the need for improvement in distributed database management system become even more important. The most important issue is security that may arise and possibly compromise the access control and the integrity of the system. In this paper, we propose some solution for some security aspects such as multi-level access control, ...

  2. Engineering Safety- and Security-Related Requirements for Software-Intensive Systems

    Science.gov (United States)

    2016-06-30

    2007 Carnegie Mellon University Engineering Safety- and Security-Related Requirements for Software- Intensive Systems ICCBSS’2007 Conference...Tutorial Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Donald Firesmith 27 February 2007 Report Documentation Page Form...COVERED 00-00-2007 to 00-00-2007 4. TITLE AND SUBTITLE Engineering Safety- and Security-Related Requirements for Software-Intensive Systems 5a

  3. Agent Based Multiviews Requirements Model

    Institute of Scientific and Technical Information of China (English)

    2006-01-01

    Based on the current researches of viewpoints oriented requirements engineering and intelligent agent, we present the concept of viewpoint agent and its abstract model based on a meta-language for multiviews requirements engineering. It provided a basis for consistency checking and integration of different viewpoint requirements, at the same time, these checking and integration works can automatically realized in virtue of intelligent agent's autonomy, proactiveness and social ability. Finally, we introduce the practical application of the model by the case study of data flow diagram.

  4. A value model for evaluating homeland security decisions.

    Science.gov (United States)

    Keeney, Ralph L; von Winterfeldt, Detlof

    2011-09-01

    One of the most challenging tasks of homeland security policymakers is to allocate their limited resources to reduce terrorism risks cost effectively. To accomplish this task, it is useful to develop a comprehensive set of homeland security objectives, metrics to measure each objective, a utility function, and value tradeoffs relevant for making homeland security investments. Together, these elements form a homeland security value model. This article develops a homeland security value model based on literature reviews, a survey, and experience with building value models. The purposes of the article are to motivate the use of a value model for homeland security decision making and to illustrate its use to assess terrorism risks, assess the benefits of countermeasures, and develop a severity index for terrorism attacks. © 2011 Society for Risk Analysis.

  5. Aspect-oriented security hardening of UML design models

    CERN Document Server

    Mouheb, Djedjiga; Pourzandi, Makan; Wang, Lingyu; Nouh, Mariam; Ziarati, Raha; Alhadidi, Dima; Talhi, Chamseddine; Lima, Vitor

    2015-01-01

    This book comprehensively presents a novel approach to the systematic security hardening of software design models expressed in the standard UML language. It combines model-driven engineering and the aspect-oriented paradigm to integrate security practices into the early phases of the software development process. To this end, a UML profile has been developed for the specification of security hardening aspects on UML diagrams. In addition, a weaving framework, with the underlying theoretical foundations, has been designed for the systematic injection of security aspects into UML models. The

  6. Pricing Asset-backed Securities: A Revised Model

    OpenAIRE

    Bradka, Lukas

    2008-01-01

    This paper deals with asset backed securities and the pricing thereof. First, an overview of debt markets is provided with a particular focus on the recent crisis in the sub prime markets. Second, literature surrounding securitization, asset backed securities and related types of debt is analysed and discussed. A revised pricing model for asset backed securities based on two existing models (Ebrahim, 2000; Ebrahim & Ahmed, 2007) is successively developed and implemented in Maple programming l...

  7. Re-designing the PhEDEx Security Model

    Science.gov (United States)

    C-H, Huang; Wildish, T.; X, Zhang

    2014-06-01

    PhEDEx, the data-placement tool used by the CMS experiment at the LHC, was conceived in a more trusting time. The security model provided a safe environment for site agents and operators, but offerred little more protection than that. Data was not sufficiently protected against loss caused by operator error or software bugs or by deliberate manipulation of the database. Operators were given high levels of access to the database, beyond what was actually needed to accomplish their tasks. This exposed them to the risk of suspicion should an incident occur. Multiple implementations of the security model led to difficulties maintaining code, which can lead to degredation of security over time. In order to meet the simultaneous goals of protecting CMS data, protecting the operators from undue exposure to risk, increasing monitoring capabilities and improving maintainability of the security model, the PhEDEx security model was redesigned and re-implemented. Security was moved from the application layer into the database itself, fine-grained access roles were established, and tools and procedures created to control the evolution of the security model over time. In this paper we describe this work, we describe the deployment of the new security model, and we show how these enhancements improve security on several fronts simultaneously.

  8. The help of formal models for healthcare security policies.

    Science.gov (United States)

    Trouessin, G; Barber, B

    1997-01-01

    This article is a personal contribution (i.e., from a strict security expert point of view) towards the help for specification, validation and/or evaluation of reliable, but also secure, healthcare security policies (HSP). The first part is dedicated to show, according to the various aspects of the security policy concept, that healthcare information systems (HIS) offer such a diversity of particularities and potential security needs, that it is necessary for healthcare security policies to be defined as flexible, but also as robust, as possible. Then the formal modelling approach, a wide area of solutions providing both flexibility (by means of modelling) and robustness (by means of formalization), is presented. The most well-known examples of security models are recalled. All of them try to use formal models as a security policy specification/validation tool, but none of them can be helpfully used in the very demanding context of HIS. Lastly, a new approach for the modelling of healthcare security policies, based on modal logic (i.e., epistemic and/or deontic logic) is proposed. It permits to take into account the flexibility (by means of high expressiveness due to modality) and the robustness (by means of high provability due to modelling) needs.

  9. High Assurance Models for Secure Systems

    Science.gov (United States)

    Almohri, Hussain M. J.

    2013-01-01

    Despite the recent advances in systems and network security, attacks on large enterprise networks consistently impose serious challenges to maintaining data privacy and software service integrity. We identify two main problems that contribute to increasing the security risk in a networked environment: (i) vulnerable servers, workstations, and…

  10. High Assurance Models for Secure Systems

    Science.gov (United States)

    Almohri, Hussain M. J.

    2013-01-01

    Despite the recent advances in systems and network security, attacks on large enterprise networks consistently impose serious challenges to maintaining data privacy and software service integrity. We identify two main problems that contribute to increasing the security risk in a networked environment: (i) vulnerable servers, workstations, and…

  11. On Protocol Security in the Cryptographic Model

    DEFF Research Database (Denmark)

    Nielsen, Jesper Buus

    the channels by which they communicate. A general solution to the secure multiparty computation problem is a compiler which given any feasible function describes an efficient protocol which allows the parties to compute the function securely on their local inputs over an open network. Over the past twenty...... previous approaches to the problem. Starting from an open point-to-point network there is a long way to general secure multiparty computation. The dissertation contains contributions at several points along the way. In particular we investigate how to realize secure channels. We also show how threshold...... you as possible. This is the general problem of secure multiparty computation. The usual way of formalizing the problem is to say that a number of parties who do not trust each other wish to compute some function of their local inputs, while keeping their inputs as secret as possible and guaranteeing...

  12. Multilevel security model for ad hoc networks

    Institute of Scientific and Technical Information of China (English)

    Wang Changda; Ju Shiguang

    2008-01-01

    Modern battlefield doctrine is based on mobility, flexibility, and rapid response to changing situations.As is well known, mobile ad hoc network systems are among the best utilities for battlefield activity. Although much research has been done on secure routing, security issues have largely been ignored in applying mobile ad hoc network theory to computer technology. An ad hoc network is usually assumed to be homogeneous, which is an irrational assumption for armies. It is clear that soldiers, commanders, and commanders-in-chief should have different security levels and computation powers as they have access to asymmetric resources. Imitating basic military rank levels in battlefield situations, how multilevel security can be introduced into ad hoc networks is indicated, thereby controlling restricted classified information flows among nodes that have different security levels.

  13. Hierarchical Policy Model for Managing Heterogeneous Security Systems

    Science.gov (United States)

    Lee, Dong-Young; Kim, Minsoo

    2007-12-01

    The integrated security management becomes increasingly complex as security manager must take heterogeneous security systems, different networking technologies, and distributed applications into consideration. The task of managing these security systems and applications depends on various systems and vender specific issues. In this paper, we present a hierarchical policy model which are derived from the conceptual policy, and specify means to enforce this behavior. The hierarchical policy model consist of five levels which are conceptual policy level, goal-oriented policy level, target policy level, process policy level and low-level policy.

  14. Security Model For Service-Oriented Architecture

    CERN Document Server

    Karimi, Oldooz

    2011-01-01

    In this article, we examine how security applies to Service Oriented Architecture (SOA). Before we discuss security for SOA, lets take a step back and examine what SOA is. SOA is an architectural approach which involves applications being exposed as "services". Originally, services in SOA were associated with a stack of technologies which included SOAP, WSDL, and UDDI. This article addresses the defects of traditional enterprise application integration by combining service oriented-architecture and web service technology. Application integration is then simplified to development and integration of services to tackle connectivity of isomerous enterprise application integration, security, loose coupling between systems and process refactoring and optimization.

  15. Security Issues in Distributed Database System Model

    Directory of Open Access Journals (Sweden)

    MD.TABREZ QUASIM

    2013-12-01

    Full Text Available This paper reviews the most common as well as emerging security mechanism used in distributed database system. As distributed database became more popular, the need for improvement in distributed database management system become even more important. The most important issue is security that may arise and possibly compromise the access control and the integrity of the system. In this paper, we propose some solution for some security aspects such as multi-level access control, confidentiality, reliability, integrity and recovery that pertain to a distributed database system.

  16. A risk management model for securing virtual healthcare communities.

    Science.gov (United States)

    Chryssanthou, Anargyros; Varlamis, Iraklis; Latsiou, Charikleia

    2011-01-01

    Virtual healthcare communities aim to bring together healthcare professionals and patients, improve the quality of healthcare services and assist healthcare professionals and researchers in their everyday activities. In a secure and reliable environment, patients share their medical data with doctors, expect confidentiality and demand reliable medical consultation. Apart from a concrete policy framework, several ethical, legal and technical issues must be considered in order to build a trustful community. This research emphasises on security issues, which can arise inside a virtual healthcare community and relate to the communication and storage of data. It capitalises on a standardised risk management methodology and a prototype architecture for healthcare community portals and justifies a security model that allows the identification, estimation and evaluation of potential security risks for the community. A hypothetical virtual healthcare community is employed in order to portray security risks and the solutions that the security model provides.

  17. An Access Control Model of Virtual Machine Security

    Directory of Open Access Journals (Sweden)

    QIN Zhong-yuan

    2013-07-01

    Full Text Available Virtualization technology becomes a hot IT technolo gy with the popu-larity of Cloud Computing. However, new security issues arise with it. Specifically, the resources sharing and data communication in virtual machines are most con cerned. In this paper an access control model is proposed which combines the Chinese Wall a nd BLP model. BLP multi-level security model is introduced with corresponding improvement based on PCW (Prioritized Chinese Wall security model. This model can be used to safely co ntrol the resources and event behaviors in virtual machines. Experimental results show its eff ectiveness and safety.

  18. [Human resources requirements for diabetic patients healthcare in primary care clinics of the Mexican Institute of Social Security].

    Science.gov (United States)

    Doubova, Svetlana V; Ramírez-Sánchez, Claudine; Figueroa-Lara, Alejandro; Pérez-Cuevas, Ricardo

    2013-12-01

    To estimate the requirements of human resources (HR) of two models of care for diabetes patients: conventional and specific, also called DiabetIMSS, which are provided in primary care clinics of the Mexican Institute of Social Security (IMSS). An evaluative research was conducted. An expert group identified the HR activities and time required to provide healthcare consistent with the best clinical practices for diabetic patients. HR were estimated by using the evidence-based adjusted service target approach for health workforce planning; then, comparisons between existing and estimated HRs were made. To provide healthcare in accordance with the patients' metabolic control, the conventional model required increasing the number of family doctors (1.2 times) nutritionists (4.2 times) and social workers (4.1 times). The DiabetIMSS model requires greater increase than the conventional model. Increasing HR is required to provide evidence-based healthcare to diabetes patients.

  19. Human resources requirements for diabetic patients healthcare in primary care clinics of the Mexican Institute of Social Security

    Directory of Open Access Journals (Sweden)

    Svetlana V Doubova

    2013-11-01

    Full Text Available Objective. To estimate the requirements of human resources (HR of two models of care for diabetes patients: conventional and specific, also called DiabetIMSS, which are provided in primary care clinics of the Mexican Institute of Social Security (IMSS. Materials and methods. An evaluative research was conducted. An expert group identified the HR activities and time required to provide healthcare consistent with the best clinical practices for diabetic patients. HR were estimated by using the evidence-based adjusted service target approach for health workforce planning; then, comparisons between existing and estimated HRs were made. Results. To provide healthcare in accordance with the patients’ metabolic control, the conventional model required increasing the number of family doctors (1.2 times nutritionists (4.2 times and social workers (4.1 times. The DiabetIMSS model requires greater increase than the conventional model. Conclusions. Increasing HR is required to provide evidence-based healthcare to diabetes patients.

  20. Security Quality Requirements Engineering (SQUARE): Case Study Phase III

    Science.gov (United States)

    2006-05-01

    domain analysis ( FODA ) • critical discourse analysis (CDA) • accelerated requirements method (ARM) To evaluate the elicitation techniques, the team used...Misuse Cases SSM QFD CORE IBIS JAD FODA CDA ARM Adaptability 3 1 3 2 2 3 2 1 2 CASE Tool 1 2 1 1 3 2 1 1 1 Client Acceptance 2 2 2 2 3 2 1 3 3...dynamic behaviors. Feature-Oriented Domain Analysis ( FODA ) FODA is a domain analysis and engineering technique that focuses on developing reusable

  1. Meeting the security requirements of electronic medical records in the ERA of high-speed computing.

    Science.gov (United States)

    Alanazi, H O; Zaidan, A A; Zaidan, B B; Kiah, M L Mat; Al-Bakri, S H

    2015-01-01

    This study has two objectives. First, it aims to develop a system with a highly secured approach to transmitting electronic medical records (EMRs), and second, it aims to identify entities that transmit private patient information without permission. The NTRU and the Advanced Encryption Standard (AES) cryptosystems are secured encryption methods. The AES is a tested technology that has already been utilized in several systems to secure sensitive data. The United States government has been using AES since June 2003 to protect sensitive and essential information. Meanwhile, NTRU protects sensitive data against attacks through the use of quantum computers, which can break the RSA cryptosystem and elliptic curve cryptography algorithms. A hybrid of AES and NTRU is developed in this work to improve EMR security. The proposed hybrid cryptography technique is implemented to secure the data transmission process of EMRs. The proposed security solution can provide protection for over 40 years and is resistant to quantum computers. Moreover, the technique provides the necessary evidence required by law to identify disclosure or misuse of patient records. The proposed solution can effectively secure EMR transmission and protect patient rights. It also identifies the source responsible for disclosing confidential patient records. The proposed hybrid technique for securing data managed by institutional websites must be improved in the future.

  2. Privacy and data security in E-health: requirements from the user's perspective.

    Science.gov (United States)

    Wilkowska, Wiktoria; Ziefle, Martina

    2012-09-01

    In this study two currently relevant aspects of using medical assistive technologies were addressed-security and privacy. In a two-step empirical approach that used focus groups (n = 19) and a survey (n = 104), users' requirements for the use of medical technologies were collected and evaluated. Specifically, we focused on the perceived importance of data security and privacy issues. Outcomes showed that both security and privacy aspects play an important role in the successful adoption of medical assistive technologies in the home environment. In particular, analysis of data with respect to gender, health-status and age (young, middle-aged and old users) revealed that females and healthy adults require, and insist on, the highest security and privacy standards compared with males and the ailing elderly.

  3. Requirements for Development of an Assessment System for IT&C Security Audit

    Directory of Open Access Journals (Sweden)

    Marius Popa

    2010-12-01

    Full Text Available IT&C security audit processes are carried out to implement information security management. The audit processes are included in an audit program as decision of the management staff to establish the organization situation against to the planned or expected one. The audit processes require evidence to highlight the above issues. The evidences are gathered by audit team and some automation processes to increase the productivity and accuracy of the audit are needed. The paper presents some issues of the requirements for development of an assessment system with some considerations for IT&C security audit. The emphasized issues are grouped in the following sections: IT&C security audit processes, characteristics of the indicators development process and implementation issues of an assessment system.

  4. Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems

    Directory of Open Access Journals (Sweden)

    Ludovic Apvrille

    2014-04-01

    Full Text Available We introduce SysML-Sec, a SysML-based Model-Driven Engineering environment aimed at fostering the collaboration between system designers and security experts at all methodological stages of the development of an embedded system. A central issue in the design of an embedded system is the definition of the hardware/software partitioning of the architecture of the system, which should take place as early as possible. SysML-Sec aims to extend the relevance of this analysis through the integration of security requirements and threats. In particular, we propose an agile methodology whose aim is to assess early on the impact of the security requirements and of the security mechanisms designed to satisfy them over the safety of the system. Security concerns are captured in a component-centric manner through existing SysML diagrams with only minimal extensions. After the requirements captured are derived into security and cryptographic mechanisms, security properties can be formally verified over this design. To perform the latter, model transformation techniques are implemented in the SysML-Sec toolchain in order to derive a ProVerif specification from the SysML models. An automotive firmware flashing procedure serves as a guiding example throughout our presentation.

  5. The Mean Failure Cost Cybersecurity Model toward Security Measures and Associated Mechanisms

    Directory of Open Access Journals (Sweden)

    Neila Rjaibi

    2015-05-01

    Full Text Available This paper presents results of the quantification of security threats of e-learning system using an economic measure abridged by MFC (Mean Failure Cost. We study means to optimize this measure and to make it more precise, more useful in practice. First we develop basic security requirements taxonomy adapted to all context and systems because security requirements lacks a clear basic taxonomy. Then our hierarchical model is used to enrich the first matrix (stake matrix of the MFC cyber security measure. The stake matrix defines the list of system’s stakeholders and the list of security requirements, it is used to express each cell in dollar monetary terms, it represents loss incurred and/or premium placed on requirement. Then we present a survey of known relationships among security sub-factors and measures as well as common mechanisms. Also we provide a control of the MFC using a classification of security measures. This information is useful in the design of decisions to requirements.

  6. Algebra model and security analysis for cryptographic protocols

    Institute of Scientific and Technical Information of China (English)

    HUAI Jinpeng; LI Xianxian

    2004-01-01

    More and more cryptographic protocols have been used to achieve various security requirements of distributed systems in the open network environment. However cryptographic protocols are very difficult to design and analyze due to the complexity of the cryptographic protocol execution, and a large number of problems are unsolved that range from the theory framework to the concrete analysis technique. In this paper, we build a new algebra called cryptographic protocol algebra (CPA) for describing the message operations with many cryptographic primitives, and proposed a new algebra model for cryptographic protocols based on the CPA. In the model, expanding processes of the participant's knowledge on the protocol runs are characterized with some algebraic notions such as subalgebra, free generator and polynomial algebra, and attack processes are modeled with a new notion similar to that of the exact sequence used in homological algebra. Then we develope a mathematical approach to the cryptographic protocol security analysis. By using algebraic techniques, we have shown that for those cryptographic protocols with some symmetric properties, the execution space generated by an arbitrary number of participants may boil down to a smaller space generated by several honest participants and attackers. Furthermore we discuss the composability problem of cryptographic protocols and give a sufficient condition under which the protocol composed of two correct cryptographic protocols is still correct, and we finally offer a counterexample to show that the statement may not be true when the condition is not met.

  7. 78 FR 54720 - Registration and Financial Security Requirements for Brokers of Property and Freight Forwarders

    Science.gov (United States)

    2013-09-05

    ... of Property and Freight Forwarders AGENCY: Federal Motor Carrier Safety Administration (FMCSA), DOT... or a freight forwarder. Section 32915 of MAP-21 requires anyone acting as a broker or a freight... freight forwarder authority from FMCSA. Section 32918 amended the financial security requirements...

  8. 78 FR 77606 - Security Requirements for Facilities Storing Spent Nuclear Fuel

    Science.gov (United States)

    2013-12-24

    ... COMMISSION 10 CFR Parts 72 and 73 RIN 3150-AI78 Security Requirements for Facilities Storing Spent Nuclear... requirements for storing spent nuclear fuel (SNF) in an independent spent fuel storage installation (ISFSI), and for storing SNF and/or high-level radioactive waste (HLW) in a monitored retrievable storage...

  9. 75 FR 65442 - Disclosure for Asset-Backed Securities Required by Section 943 of the Dodd-Frank Wall Street...

    Science.gov (United States)

    2010-10-25

    ...; ] SECURITIES AND EXCHANGE COMMISSION 17 CFR Parts 229, 240, and 249 RIN 3235-AK75 Disclosure for Asset-Backed Securities Required by Section 943 of the Dodd-Frank Wall Street Reform and Consumer Protection Act AGENCY...-Backed Securities Required by Section 943 of the Dodd-Frank Wall Street Reform and Consumer Protection...

  10. A model-driven approach to information security compliance

    Science.gov (United States)

    Correia, Anacleto; Gonçalves, António; Teodoro, M. Filomena

    2017-06-01

    The availability, integrity and confidentiality of information are fundamental to the long-term survival of any organization. Information security is a complex issue that must be holistically approached, combining assets that support corporate systems, in an extended network of business partners, vendors, customers and other stakeholders. This paper addresses the conception and implementation of information security systems, conform the ISO/IEC 27000 set of standards, using the model-driven approach. The process begins with the conception of a domain level model (computation independent model) based on information security vocabulary present in the ISO/IEC 27001 standard. Based on this model, after embedding in the model mandatory rules for attaining ISO/IEC 27001 conformance, a platform independent model is derived. Finally, a platform specific model serves the base for testing the compliance of information security systems with the ISO/IEC 27000 set of standards.

  11. A Collaborative Secure Localization Algorithm Based on Trust Model in Underwater Wireless Sensor Networks.

    Science.gov (United States)

    Han, Guangjie; Liu, Li; Jiang, Jinfang; Shu, Lei; Rodrigues, Joel J P C

    2016-02-16

    Localization is one of the hottest research topics in Underwater Wireless Sensor Networks (UWSNs), since many important applications of UWSNs, e.g., event sensing, target tracking and monitoring, require location information of sensor nodes. Nowadays, a large number of localization algorithms have been proposed for UWSNs. How to improve location accuracy are well studied. However, few of them take location reliability or security into consideration. In this paper, we propose a Collaborative Secure Localization algorithm based on Trust model (CSLT) for UWSNs to ensure location security. Based on the trust model, the secure localization process can be divided into the following five sub-processes: trust evaluation of anchor nodes, initial localization of unknown nodes, trust evaluation of reference nodes, selection of reference node, and secondary localization of unknown node. Simulation results demonstrate that the proposed CSLT algorithm performs better than the compared related works in terms of location security, average localization accuracy and localization ratio.

  12. A model to secure a stable iodine concentration in milk

    Directory of Open Access Journals (Sweden)

    Gisken Trøan

    2015-12-01

    Full Text Available Background: Dairy products account for approximately 60% of the iodine intake in the Norwegian population. The iodine concentration in cow's milk varies considerably, depending on feeding practices, season, and amount of iodine and rapeseed products in cow fodder. The variation in iodine in milk affects the risk of iodine deficiency or excess in the population. Objective: The first goal of this study was to develop a model to predict the iodine concentration in milk based on the concentration of iodine and rapeseed or glucosinolate in feed, as a tool to securing stable iodine concentration in milk. A second aim was to estimate the impact of different iodine levels in milk on iodine nutrition in the Norwegian population. Design: Two models were developed on the basis of results from eight published and two unpublished studies from the past 20 years. The models were based on different iodine concentrations in the fodder combined with either glucosinolate (Model 1 or rapeseed cake/meal (Model 2. To illustrate the impact of different iodine concentrations in milk on iodine intake, we simulated the iodine contribution from dairy products in different population groups based on food intake data in the most recent dietary surveys in Norway. Results: The models developed could predict iodine concentration in milk. Cross-validation showed good fit and confirmed the explanatory power of the models. Our calculations showed that dairy products with current iodine level in milk (200 µg/kg cover 68, 49, 108 and 56% of the daily iodine requirements for men, women, 2-year-old children, and pregnant women, respectively. Conclusions: Securing a stable level of iodine in milk by adjusting iodine concentration in different cow feeds is thus important for preventing excess intake in small children and iodine deficiency in pregnant and non-pregnant women.

  13. ONTOLOGICAL MODEL OF STRATEGIC ECONOMIC SECURITY OF ENTERPRISE

    Directory of Open Access Journals (Sweden)

    L. A. Zaporozhtseva

    2014-01-01

    Full Text Available Article explains the necessity the application of the ontological approach to modeling the strategic economic security in the formalization of the basic categories of domain company recognized its benefits. Among the advantages of the model distinguishes its versatility and ability to describe various aspects of strategic security - the system strategies and goals of the organization and business processes; possibility of its use at different levels of detail - from the top-level description of the basic categories of management, to design-level analytic applications; as well as the adaptability of the model, with depth on particular aspects determined by practical necessity and not regulated methodology. The model integrates various aspects of the concept of enterprise architecture and organizes conceptual apparatus. Ontological model easy to understand and adjust as business architects and specialists in designing systems of economic security and offers many categories of verbal representation of the domain of the enterprise. Proved the feasibility of using process-functional approach in providing strategic economic security, according to which the components of such a security company proposed as business processes, finance, staff and contractors. The article presents the author's ontological model of strategic economic security, including endangered sites, the presence of factors that threaten the security of the object and the subject of providing security. Further, it is proved that in the subjects of security impact on the object using the tools, measures and activities within the strategy formed the mechanism is implemented managerial decisions to strengthen the strategic economic security. The process of diagnosis, detection, identification of threats of economic security, and the development of enterprise development strategies, taking into account its level of economic security must be under the constant supervision of the process of

  14. A Novel Computer Virus Propagation Model under Security Classification

    Directory of Open Access Journals (Sweden)

    Qingyi Zhu

    2017-01-01

    Full Text Available In reality, some computers have specific security classification. For the sake of safety and cost, the security level of computers will be upgraded with increasing of threats in networks. Here we assume that there exists a threshold value which determines when countermeasures should be taken to level up the security of a fraction of computers with low security level. And in some specific realistic environments the propagation network can be regarded as fully interconnected. Inspired by these facts, this paper presents a novel computer virus dynamics model considering the impact brought by security classification in full interconnection network. By using the theory of dynamic stability, the existence of equilibria and stability conditions is analysed and proved. And the above optimal threshold value is given analytically. Then, some numerical experiments are made to justify the model. Besides, some discussions and antivirus measures are given.

  15. Security Requirements Metrics for Pattern-Lock Applications on Mobile Devices

    Directory of Open Access Journals (Sweden)

    Irfan Afifullah

    2016-11-01

    Full Text Available Pattern-Lock is one of graphical authentication schemes that shows high popularity today. Based on recent research, the security requirements metrics of Pattern-Lock applications have not proposed yet. The goal of this study is to define security requirements metrics for Pattern-Lock applications on mobile devices. Our study has identified 12 threat statements and 18 requirements statements by analyzing STRIDE (Spoofing the identity, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege and Extended Misuse Case diagram. To develop the metrics we have used Goal-Question-Metric (GQM paradigm. Based on these, we develop 3 Goals and 7 Questions and resulted in 20 metrics for security requirements. The metrics have been evaluated using 30 App Locker Android applications, and the results show that some metrics have higher values than others. Number of Pattern Characteristics that Successfully Detected, Ability to Relock, and Grid Size metrics have the three highest values. These metrics requires higher priorities to look into when developers need to build the App Locker applications. Moreover, developers should ensure that App Locker applications have values higher than average of security goals and metrics achievements.

  16. A Novel Reference Security Model with the Situation Based Access Policy for Accessing EPHR Data.

    Science.gov (United States)

    Gope, Prosanta; Amin, Ruhul

    2016-11-01

    Electronic Patient Health Record (EPHR) systems may facilitate a patient not only to share his/her health records securely with healthcare professional but also to control his/her health privacy, in a convenient and easy way even in case of emergency. In order to fulfill these requirements, it is greatly desirable to have the access control mechanism which can efficiently handle every circumstance without negotiating security. However, the existing access control mechanisms used in healthcare to regulate and restrict the disclosure of patient data are often bypassed in case of emergencies. In this article, we propose a way to securely share EPHR data under any situation including break-the-glass (BtG) without compromising its security. In this regard, we design a reference security model, which consists of a multi-level data flow hierarchy, and an efficient access control framework based on the conventional Role-Based Access Control (RBAC) and Mandatory Access Control (MAC) policies.

  17. Using a Prediction Model to Manage Cyber Security Threats

    National Research Council Canada - National Science Library

    Jaganathan, Venkatesh; Cherurveettil, Priyesh; Muthu Sivashanmugam, Premapriya

    2015-01-01

    .... The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security...

  18. Secure Certificateless Signature with Revocation in the Standard Model

    Directory of Open Access Journals (Sweden)

    Tung-Tso Tsai

    2014-01-01

    previously proposed certificateless signature schemes were insecure under a considerably strong security model in the sense that they suffered from outsiders’ key replacement attacks or the attacks from the key generation center (KGC. In this paper, we propose a certificateless signature scheme without random oracles. Moreover, our scheme is secure under the strong security model and provides a public revocation mechanism, called revocable certificateless signature (RCLS. Under the standard computational Diffie-Hellman assumption, we formally demonstrate that our scheme possesses existential unforgeability against adaptive chosen-message attacks.

  19. Secure Model for Virtualization Layer in Cloud Infrastructure

    Directory of Open Access Journals (Sweden)

    Sina Manavi

    2015-05-01

    Full Text Available cloud security is one of the buzz words in cloud computing. Since virtualization is the fundamental of the cloud computing, needs to study it more deeply to avoid attacks and system failure. In this research is focused on virtualization vulnerabilities. In addition it is attempted to propose a model to secure and proper mechanism to react reasonable against the detected attack by intrusion detection system. With the secured model (SVM, virtual machines will be resist more efficiency against the attacks in cloud computing.

  20. Optimizing ZigBee Security using Stochastic Model Checking

    DEFF Research Database (Denmark)

    Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

    ZigBee is a fairly new but promising wireless sensor network standard that offers the advantages of simple and low resource communication. Nevertheless, security is of great concern to ZigBee, and enhancements are prescribed in the latest ZigBee specication: ZigBee-2007. In this technical report......, we identify an important gap in the specification on key updates, and present a methodology for determining optimal key update policies and security parameters. We exploit the stochastic model checking approach using the probabilistic model checker PRISM, and assess the security needs for realistic...

  1. Optimizing ZigBee Security using Stochastic Model Checking

    CERN Document Server

    Yüksel, Ender; Nielson, Flemming; Fruth, Matthias; Kwiatkowska, Marta

    2012-01-01

    ZigBee is a fairly new but promising wireless sensor network standard that offers the advantages of simple and low resource communication. Nevertheless, security is of great concern to ZigBee, and enhancements are prescribed in the latest ZigBee specication: ZigBee-2007. In this technical report, we identify an important gap in the specification on key updates, and present a methodology for determining optimal key update policies and security parameters. We exploit the stochastic model checking approach using the probabilistic model checker PRISM, and assess the security needs for realistic application scenarios.

  2. Formal Specifications and Verification of a Secure Communication Protocol Model

    Institute of Scientific and Technical Information of China (English)

    夏阳; 陆余良; 蒋凡

    2003-01-01

    This paper presents a secure communication protocol model-EABM, by which network security communication can be realized easily and efficiently. First, the paper gives a thorough analysis of the protocol system, systematic construction and state transition of EABM. Then , it describes the channels and the process of state transition of EABM in terms of ESTELLE. At last, it offers a verification of the accuracy of the EABM model.

  3. How to Be a Better Consumer of Security Maturity Models

    Science.gov (United States)

    2014-10-21

    2014 Carnegie Mellon University How to Be a Better Consumer of Security Maturity Models October 21, 2014 Julia Allen & Dr. Nader Mehravari...A 3. DATES COVERED 4. TITLE AND SUBTITLE How to Be a Better Consumer of Security Maturity Models 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c...REACTIVE AND TAKEN UNAWARE BY SOCIAL MEDIA broadcasting • FACEBOOK AND TWITTER PRESENCE • BROADCAST STANDARD MARKETING VIA SOCIAL MEDIA • TARGETED

  4. Enhancing Information Systems Security in Educational Organizations in KSA through proposing security model

    Directory of Open Access Journals (Sweden)

    Hussain A.H. Awad

    2011-09-01

    Full Text Available It is well known that technology utilization is not restricted for one sector than the other anymore, Educational organizations share many parts of their information systems with commercial organizations. In this paper we will try to identify the main characteristics of information systems in educational organizations, then we will propose a model of two parts to enhance the information systems security, the first part of the model will handle the policy and laws of the information system, the second part will provide a technical approach on how to audit and subsequently maintain the security of information system.

  5. Security Optimization of VTP Model in an Enterprise VLAN

    Directory of Open Access Journals (Sweden)

    Rajiv O. Verma

    2013-05-01

    Full Text Available VLANs are extensively used in enterprise network to ease management of hosts to improve scalability and flexibility. Despite their wide usage in enterprise network, VLAN security is a greater concern for the network administrator due to very little attention has been paid on error prone, unsystematic, high risk of misconfiguration in the design and management of enterprise VLAN network. Our paper demonstrates the security optimization techniques in designing VLAN both for Inter-VLAN communication and addressing VTP issues. We proposed various security aspects like access-lists based layer 3 securities in Inter-VLAN routing, deactivating native VLAN 1 to secure Layer 2 traffic in VTP model, Application of authentication on VTP server and non-negotiating Dynamic Trunking Protocol mode to counter the effect of inserting a rogue switch/trunk with higher config revision number. Unless otherwise stated this paper is based upon configuration {&} hardware implementation in a Cisco environment

  6. 13 CFR 107.1410 - Requirement to redeem 4 percent Preferred Securities.

    Science.gov (United States)

    2010-01-01

    ... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Requirement to redeem 4 percent Preferred Securities. 107.1410 Section 107.1410 Business Credit and Assistance SMALL BUSINESS ADMINISTRATION SMALL BUSINESS INVESTMENT COMPANIES SBA Financial Assistance for Licensees (Leverage)...

  7. 13 CFR 107.1420 - Articles requirements for 4 percent Preferred Securities.

    Science.gov (United States)

    2010-01-01

    ... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Articles requirements for 4 percent Preferred Securities. 107.1420 Section 107.1420 Business Credit and Assistance SMALL BUSINESS ADMINISTRATION SMALL BUSINESS INVESTMENT COMPANIES SBA Financial Assistance for Licensees (Leverage)...

  8. 48 CFR 3052.204-70 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-10-01

    ... unclassified information technology resources. 3052.204-70 Section 3052.204-70 Federal Acquisition Regulations... for unclassified information technology resources. As prescribed in (HSAR) 48 CFR 3004.470-3, insert a clause substantially the same as follows: Security Requirements for Unclassified Information...

  9. 48 CFR 652.239-71 - Security Requirements for Unclassified Information Technology Resources.

    Science.gov (United States)

    2010-10-01

    ... Unclassified Information Technology Resources. 652.239-71 Section 652.239-71 Federal Acquisition Regulations... Provisions and Clauses 652.239-71 Security Requirements for Unclassified Information Technology Resources. As... Technology Resources (SEP 2007) (a) General. The Contractor shall be responsible for information...

  10. 48 CFR 1252.239-70 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-10-01

    ... unclassified information technology resources. 1252.239-70 Section 1252.239-70 Federal Acquisition Regulations... of Provisions and Clauses 1252.239-70 Security requirements for unclassified information technology... Unclassified Information Technology Resources (APR 2005) (a) The Contractor shall be responsible...

  11. 12 CFR 208.35 - Qualification requirements for transactions in certain securities. [Reserved

    Science.gov (United States)

    2010-01-01

    ... 12 Banks and Banking 2 2010-01-01 2010-01-01 false Qualification requirements for transactions in certain securities. 208.35 Section 208.35 Banks and Banking FEDERAL RESERVE SYSTEM BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM MEMBERSHIP OF STATE BANKING INSTITUTIONS IN THE FEDERAL RESERVE...

  12. 75 FR 31273 - Social Security Administration Implementation of OMB Guidance for Drug-Free Workplace Requirements

    Science.gov (United States)

    2010-06-03

    ... makes no substantive change to our policy or procedures for a drug-free workplace. DATES: This direct to... unintended changes this action makes in our policies and procedures for drug-free workplace. All comments on...-Free Workplace Requirements AGENCY: Social Security Administration. ACTION: Final rule with request for...

  13. 28 CFR 105.11 - Individuals not requiring a security risk assessment.

    Science.gov (United States)

    2010-07-01

    ... citizen or national of the United States prior to providing training in the operation of an aircraft with... BACKGROUND CHECKS Aviation Training for Aliens and Other Designated Individuals § 105.11 Individuals not requiring a security risk assessment. (a) Citizens and nationals of the United States. A citizen or...

  14. BC3I: towards requirements specification for preparing an information security budget

    CSIR Research Space (South Africa)

    Dlamini, MT

    2009-07-01

    Full Text Available with regulatory mandates. This calls for decision makers to become vigilant in their spending and move towards an optimised information security investment. The main aim of this paper is to provide decision makers with a set of requirements to be considered when...

  15. 76 FR 54374 - Disclosure for Asset-Backed Securities Required by Section 943 of the Dodd-Frank Wall Street...

    Science.gov (United States)

    2011-09-01

    ... From the Federal Register Online via the Government Publishing Office SECURITIES AND EXCHANGE COMMISSION 17 CFR PART 240 RIN 3235-AK75 Disclosure for Asset-Backed Securities Required by Section 943 of the Dodd-Frank Wall Street Reform and Consumer Protection Act AGENCY: Securities and Exchange...

  16. Secure proxy signature scheme with fast revocation in the standard model

    Institute of Scientific and Technical Information of China (English)

    LIU Zhen-hua; HU Yu-pu; ZHANG Xiang-song; MA Hua

    2009-01-01

    proposed scheme is provably secure based on the computational Diffie-Hellman (CDH) intractability assumption without relying on the random oracles, and satisfies all the security requirements for a secure proxy signature.

  17. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2005-09-01

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was

  18. Main control computer security model of closed network systems protection against cyber attacks

    Science.gov (United States)

    Seymen, Bilal

    2014-06-01

    The model that brings the data input/output under control in closed network systems, that maintains the system securely, and that controls the flow of information through the Main Control Computer which also brings the network traffic under control against cyber-attacks. The network, which can be controlled single-handedly thanks to the system designed to enable the network users to make data entry into the system or to extract data from the system securely, intends to minimize the security gaps. Moreover, data input/output record can be kept by means of the user account assigned for each user, and it is also possible to carry out retroactive tracking, if requested. Because the measures that need to be taken for each computer on the network regarding cyber security, do require high cost; it has been intended to provide a cost-effective working environment with this model, only if the Main Control Computer has the updated hardware.

  19. Architecting Secure Web Services using Model Driven Agile Modeling

    Directory of Open Access Journals (Sweden)

    Dr.B.Padmaja Rani,

    2010-09-01

    Full Text Available The importance of the software security has been profound, since most attacks to software systems are based on vulnerabilities caused by poorly designed and developed software. Design flaws account for fifty percent of security problems and risk analysis plays essential role in solid security problems. Service Web Services are an integral part of next generation Web applications. The development and use of these services is growing at an incredible rate, and so too security issues surrounding them. If the history of inter-application communication repeats itself, the ease with which web services architectures publish information about applications across thenetwork is only going to result in more application hacking. At the very least, it’s going to put an even greater burden on web architects and developers to design and write secure code. Developing specification like WS-Security should be leveraged as secure maturity happens over firewalls. In this paper, we want to discuss security architectures design patterns for Service Oriented Web Services. Finally, we validated this by implementing a case study of a Service Oriented Web Services application StockTrader Security using WS-Security and WS-Secure Conversation.

  20. POLICE OFFICE MODEL IMPROVEMENT FOR SECURITY OF SWARM ROBOTIC SYSTEMS

    Directory of Open Access Journals (Sweden)

    I. A. Zikratov

    2014-09-01

    Full Text Available This paper focuses on aspects of information security for group of mobile robotic systems with swarm intellect. The ways for hidden attacks realization by the opposing party on swarm algorithm are discussed. We have fulfilled numerical modeling of potentially destructive information influence on the ant shortest path algorithm. We have demonstrated the consequences of attacks on the ant algorithm with different concentration in a swarm of subversive robots. Approaches are suggested for information security mechanisms in swarm robotic systems, based on the principles of centralized security management for mobile agents. We have developed the method of forming a self-organizing information security management system for robotic agents in swarm groups implementing POM (Police Office Model – a security model based on police offices, to provide information security in multi-agent systems. The method is based on the usage of police station network in the graph nodes, which have functions of identification and authentication of agents, identifying subversive robots by both their formal characteristics and their behavior in the swarm. We have suggested a list of software and hardware components for police stations, consisting of: communication channels between the robots in police office, nodes register, a database of robotic agents, a database of encryption and decryption module. We have suggested the variants of logic for the mechanism of information security in swarm systems with different temporary diagrams of data communication between police stations. We present comparative analysis of implementation of protected swarm systems depending on the functioning logic of police offices, integrated in swarm system. It is shown that the security model saves the ability to operate in noisy environments, when the duration of the interference is comparable to the time necessary for the agent to overcome the path between police stations.

  1. Optimizing ZigBee Security using Stochastic Model Checking

    OpenAIRE

    Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming; Fruth, Matthias; Kwiatkowska, Marta

    2012-01-01

    ZigBee is a fairly new but promising wireless sensor network standard that offers the advantages of simple and low resource communication. Nevertheless, security is of great concern to ZigBee, and enhancements are prescribed in the latest ZigBee specication: ZigBee-2007. In this technical report, we identify an important gap in the specification on key updates, and present a methodology for determining optimal key update policies and security parameters. We exploit the stochastic model checki...

  2. DOE Integrated Safeguards and Security (DISS) historical document archival and retrieval analysis, requirements and recommendations

    Energy Technology Data Exchange (ETDEWEB)

    Guyer, H.B.; McChesney, C.A.

    1994-10-07

    The overall primary Objective of HDAR is to create a repository of historical personnel security documents and provide the functionality needed for archival and retrieval use by other software modules and application users of the DISS/ET system. The software product to be produced from this specification is the Historical Document Archival and Retrieval Subsystem The product will provide the functionality to capture, retrieve and manage documents currently contained in the personnel security folders in DOE Operations Offices vaults at various locations across the United States. The long-term plan for DISS/ET includes the requirement to allow for capture and storage of arbitrary, currently undefined, clearance-related documents that fall outside the scope of the ``cradle-to-grave`` electronic processing provided by DISS/ET. However, this requirement is not within the scope of the requirements specified in this document.

  3. A model for predicting food security status among households in developing countries

    Directory of Open Access Journals (Sweden)

    Mbukwa, J.

    2013-06-01

    Full Text Available Food security prediction has been challenging aspects in developing countries particularly in African countries such as Tanzania. Consequently, government lack proper stimulated information that is necessary in making decision on efforts required for stabilizing food situation and status in their countries. Scientifically it has been observed in research and practical that this is caused by lack of proper mechanisms, tools and approach suitable for modeling and predicting food status among households. This paper proposes a logistic regression based model for analysis and prediction of food security status. The proposed model is empirically test using practical data collected from one district in Tanzania.

  4. Modelling operations and security of cloud systems using Z-notation and Chinese Wall security policy

    Science.gov (United States)

    Basu, Srijita; Sengupta, Anirban; Mazumdar, Chandan

    2016-11-01

    Enterprises are increasingly using cloud computing for hosting their applications. Availability of fast Internet and cheap bandwidth are causing greater number of people to use cloud-based services. This has the advantage of lower cost and minimum maintenance. However, ensuring security of user data and proper management of cloud infrastructure remain major areas of concern. Existing techniques are either too complex, or fail to properly represent the actual cloud scenario. This article presents a formal cloud model using the constructs of Z-notation. Principles of the Chinese Wall security policy have been applied to design secure cloud-specific operations. The proposed methodology will enable users to safely host their services, as well as process sensitive data, on cloud.

  5. Theft of Virtual Property — Towards Security Requirements for Virtual Worlds

    Science.gov (United States)

    Beyer, Anja

    The article is focused to introduce the topic of information technology security for Virtual Worlds to a security experts’ audience. Virtual Worlds are Web 2.0 applications where the users cruise through the world with their individually shaped avatars to find either amusement, challenges or the next best business deal. People do invest a lot of time but beyond they invest in buying virtual assets like fantasy witcheries, wepaons, armour, houses, clothes,...etc with the power of real world money. Although it is called “virtual” (which is often put on the same level as “not existent”) there is a real value behind it. In November 2007 dutch police arrested a seventeen years old teenager who was suspicted to have stolen virtual items in a Virtual World called Habbo Hotel [Reuters07]. In order to successfully provide security mechanisms into Virtual Worlds it is necessarry to fully understand the domain for which the security mechansims are defined. As Virtual Worlds must be clasified into the domain of Social Software the article starts with an overview of how to understand Web 2.0 and gives a short introduction to Virtual Worlds. The article then provides a consideration of assets of Virtual Worlds participants, describes how these assets can be threatened and gives an overview of appopriate security requirements and completes with an outlook of possible countermeasures.

  6. An Integrative Behavioral Model of Information Security Policy Compliance

    Directory of Open Access Journals (Sweden)

    Sang Hoon Kim

    2014-01-01

    Full Text Available The authors found the behavioral factors that influence the organization members’ compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members’ attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1 the study is expected to play a role of the baseline for future research about organization members’ compliance with the information security policy, (2 the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3 the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training

  7. An integrative behavioral model of information security policy compliance.

    Science.gov (United States)

    Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

    2014-01-01

    The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing

  8. A Layered Decision Model for Cost-Effective System Security

    Energy Technology Data Exchange (ETDEWEB)

    Wei, Huaqiang; Alves-Foss, James; Soule, Terry; Pforsich, Hugh; Zhang, Du; Frincke, Deborah A.

    2008-10-01

    System security involves decisions in at least three areas: identification of well-defined security policies, selection of cost-effective defence strategies, and implementation of real-time defence tactics. Although choices made in each of these areas affect the others, existing decision models typically handle these three decision areas in isolation. There is no comprehensive tool that can integrate them to provide a single efficient model for safeguarding a network. In addition, there is no clear way to determine which particular combinations of defence decisions result in cost-effective solutions. To address these problems, this paper introduces a Layered Decision Model (LDM) for use in deciding how to address defence decisions based on their cost-effectiveness. To validate the LDM and illustrate how it is used, we used simulation to test model rationality and applied the LDM to the design of system security for an e-commercial business case.

  9. A Role- Based PMI Security Model for E- Government

    Institute of Scientific and Technical Information of China (English)

    WU Li-jun; SU Kai-le; YANG Zhi-hua

    2005-01-01

    We introduce the general AC( attribute certificate ), the role specification AC and the role assignment AC.We discuss the role-based PMI (Privilege Management Infrastructure) architecture. The role-based PMI(Public-Key Infrastructure) secure model for E-government is researched by combining the role-based PMI with PKI architecture (Public Key Infrastructure). The model has advantages of flexibility,convenience, less storage space and less network consumption etc. We are going to use the secure model in the E-government system.

  10. International Conference on Computational Intelligence, Cyber Security, and Computational Models

    CERN Document Server

    Ramasamy, Vijayalakshmi; Sheen, Shina; Veeramani, C; Bonato, Anthony; Batten, Lynn

    2016-01-01

    This book aims at promoting high-quality research by researchers and practitioners from academia and industry at the International Conference on Computational Intelligence, Cyber Security, and Computational Models ICC3 2015 organized by PSG College of Technology, Coimbatore, India during December 17 – 19, 2015. This book enriches with innovations in broad areas of research like computational modeling, computational intelligence and cyber security. These emerging inter disciplinary research areas have helped to solve multifaceted problems and gained lot of attention in recent years. This encompasses theory and applications, to provide design, analysis and modeling of the aforementioned key areas.

  11. A Novel Web-based Approach for Balancing Usability and Security Requirements of Text Passwords

    Directory of Open Access Journals (Sweden)

    Dhananjay Kulkarni

    2010-07-01

    Full Text Available Many Internet applications, for example e-commerce or email services require that users create a username and passwordwhich serves as an authentication mechanism. Though text passwords have been around for a while, not muchhas been done in helping naive Internet users in creating strong passwords. Generally users prefer easy-to-rememberpasswords, but service provides prefer that users use a strong, difficult-to-guess password policy to protect their ownresources. In this work we have explored how appropriate feedback on password strength can be useful in choosing astrong password. We first discuss the results of a security vs. usability study that we did, which shows the currenttrends in choosing passwords, and how a password cracking tools can easily guess a majority of weak passwords. Next,we propose a novel framework, which addresses our problem of enforcing password policies. Given a password policy,our framework is able to monitor password strength, and suggest passwords that are stronger. Moreover, since ourpasswords are pareto-efficient, and involve user participation in making a selection, we believe that our frameworkmakes appropriate tradeoffs between password strength and difficulty in remembering. We also propose novel ways tocompute the password reminder interval so that user-satisfaction remains within bounds. Experimental study showsthat our approach is much better that current password creation models, and serves as a practical tool that can beintegrated with Internet applications.

  12. Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production.

    Science.gov (United States)

    Coles, Graeme D; Wratten, Stephen D; Porter, John R

    2016-01-01

    Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively, requirements for high-quality protein are met more efficiently by animal production from such land. We present a model that can be used to assess dietary energy and quality-corrected protein production from various crop and crop/animal production systems, and demonstrate its utility. We extend our analysis with an accompanying economic analysis of commercially-available, pre-prepared or simply-cooked foods that can be produced from our case-study crop and animal products. We calculate the per-person, per-day cost of both quality-corrected protein and dietary energy as provided in the processed foods. We conclude that mixed dairy/cropping systems provide the greatest quantity of high-quality protein per unit price to the consumer, have the highest food energy production and can support the dietary requirements of the highest number of people, when assessed as all-year-round production systems. Global food and nutritional security will largely be an outcome of national or regional agroeconomies addressing their own food needs. We hope that our model will be used for similar analyses of food production systems in other countries, agroecological zones and economies.

  13. An intruder model for verifying liveness in security protocols

    NARCIS (Netherlands)

    Cederquist, J.G.; Dashti, Muhammad Torabi

    2006-01-01

    We present a process algebraic intruder model for verifying a class of liveness properties of security protocols. For this class, the proposed intruder model is proved to be equivalent to a Dolev-Yao intruder that does not delay indefinitely the delivery of messages. In order to prove the equivalenc

  14. Re-designing the PhEDEx security model

    CERN Document Server

    Wildish, Anthony

    2013-01-01

    PhEDEx. the data-placement tool used by the CMS experiment at the LHC, was conceived in a more trusting time. The security model was designed to provide a safe working environment for site agents and operators, but provided little more protection than that. CMS data was not sufficiently protected against accidental loss caused by operator error or software bugs or from loss of data caused by deliberate manipulation of the database. Operations staff were given high levels of access to the database, beyond what should have been needed to accomplish their tasks. This exposed them to the risk of suspicion should an incident occur. Multiple implementations of the security model led to difficulties maintaining code, which can lead to degredation of security over time.In order to meet the simultaneous goals of protecting CMS data, protecting the operators from undue exposure to risk, increasing monitoring capabilities and improving maintainability of the security model, the PhEDEx security model was redesigned and r...

  15. Analyzing the requirements for a robust security criteria and management of multi-level security in the clouds

    Science.gov (United States)

    Farroha, Bassam S.; Farroha, Deborah L.

    2011-06-01

    The new corporate approach to efficient processing and storage is migrating from in-house service-center services to the newly coined approach of Cloud Computing. This approach advocates thin clients and providing services by the service provider over time-shared resources. The concept is not new, however the implementation approach presents a strategic shift in the way organizations provision and manage their IT resources. The requirements on some of the data sets targeted to be run on the cloud vary depending on the data type, originator, user, and confidentiality level. Additionally, the systems that fuse such data would have to deal with the classifying the product and clearing the computing resources prior to allowing new application to be executed. This indicates that we could end up with a multi-level security system that needs to follow specific rules and can send the output to a protected network and systems in order not to have data spill or contaminated resources. The paper discusses these requirements and potential impact on the cloud architecture. Additionally, the paper discusses the unexpected advantages of the cloud framework providing a sophisticated environment for information sharing and data mining.

  16. A Hybrid Secure Scheme for Wireless Sensor Networks against Timing Attacks Using Continuous-Time Markov Chain and Queueing Model

    Directory of Open Access Journals (Sweden)

    Tianhui Meng

    2016-09-01

    Full Text Available Wireless sensor networks (WSNs have recently gained popularity for a wide spectrum of applications. Monitoring tasks can be performed in various environments. This may be beneficial in many scenarios, but it certainly exhibits new challenges in terms of security due to increased data transmission over the wireless channel with potentially unknown threats. Among possible security issues are timing attacks, which are not prevented by traditional cryptographic security. Moreover, the limited energy and memory resources prohibit the use of complex security mechanisms in such systems. Therefore, balancing between security and the associated energy consumption becomes a crucial challenge. This paper proposes a secure scheme for WSNs while maintaining the requirement of the security-performance tradeoff. In order to proceed to a quantitative treatment of this problem, a hybrid continuous-time Markov chain (CTMC and queueing model are put forward, and the tradeoff analysis of the security and performance attributes is carried out. By extending and transforming this model, the mean time to security attributes failure is evaluated. Through tradeoff analysis, we show that our scheme can enhance the security of WSNs, and the optimal rekeying rate of the performance and security tradeoff can be obtained.

  17. Simulation of the new MANET integration model of QoS and security as a one parameter in OPNET

    Directory of Open Access Journals (Sweden)

    PAPAJ Ján

    2010-10-01

    Full Text Available In mobile ad hoc network (MANET, theQoS and Security are essentials to satisfy thecommunication constraints and requirements. Currenttrends in the field of providing new services require theproviding of services with QoS and security together.In this article, the simulation studies of the newdesigned model, which is used to integration of QoSand security as a one parameter in MANET, isdiscussed. Main parts of our model are modifiedsecurity service vector and cross layer design model.These two elements are used to interaction betweenuser and system and also to provide interactionbetween system´s elements. The new model enables thecooperation between QoS and security mechanisms.The OPNET modeler simulator is used to simulation ofthe new designed model.

  18. Security

    Science.gov (United States)

    Technology & Learning, 2008

    2008-01-01

    Anytime, anywhere, learning provides opportunities to create digital learning environments for new teaching styles and personalized learning. As part of making sure the program is effective, the safety and security of students and assets are essential--and mandated by law. The Children's Internet Protection Act (CIPA) addresses Internet content…

  19. NERSC Cyber Security Challenges That Require DOE Development andSupport

    Energy Technology Data Exchange (ETDEWEB)

    Draney, Brent; Campbell, Scott; Walter, Howard

    2007-01-16

    Traditional security approaches do not adequately addressall the requirements of open, scientific computing facilities. Many ofthe methods used for more restricted environments, including almost allcorporate/commercial systems, do not meet the needs of today's science.Use of only the available "state of the practice" commercial methods willhave adverse impact on the ability of DOE to accomplish its sciencegoals, and impacts the productivity of the DOE Science community. Inparticular, NERSC and other high performance computing (HPC) centers havespecial security challenges that are unlikely to be met unless DOE fundsdevelopment and support of reliable and effective tools designed to meetthe cyber security needs of High Performance Science. The securitychallenges facing NERSC can be collected into three basic problem sets:network performance and dynamics, application complexity and diversity,and a complex user community that can have transient affiliations withactual institutions. To address these problems, NERSC proposes thefollowing four general solutions: auditing user and system activityacross sites; firewall port configuration in real time;cross-site/virtual organization identity management and access control;and detecting security issues in application middleware. Solutions arealsoproposed for three general long term issues: data volume,application complexity, and information integration.

  20. An analysis of Technical Security Control Requirements For Digital I and C Systems in Nuclear Power Plants

    Energy Technology Data Exchange (ETDEWEB)

    Song, Jaegu; Lee, Jungwoon; Park, Geeyong; Kwon, Keechoon; Lee, Dongyoung; Lee, Cheolkwon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2013-10-15

    Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

  1. Adaptable Authentication Model - for Exploring the Weaker Notions of Security

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    . The approach considers correct protocols, i.e., protocols that achieve their objectives when there exist no effective attacker. All correct protocols are assumed to be secure and the challenge we pose for a security analyst is to derive the least strongest attacker (LSA) model for which the, so...... of communication security. One potent argument often presented is we keep designing new protocols due the demand of new type of applications and due to the discovery of flaws in existing protocols. While designing new protocols for new type of applications, such as RFID, is definitely an important driving factor...... operational environment. In past, this often caused increasing the power of attacker model, for instance, now a days we also consider privacy concerns and side channel leakage beside the classic Dolev-Yao attacker. A protocol is labeled as insecure protocol once an effective attack or flaw is found in it...

  2. Portfolio Selection Model with Derivative Securities

    Institute of Scientific and Technical Information of China (English)

    王春峰; 杨建林; 蒋祥林

    2003-01-01

    Traditional portfolio theory assumes that the return rate of portfolio follows normality. However, this assumption is not true when derivative assets are incorporated. In this paper a portfolio selection model is developed based on utility function which can capture asymmetries in random variable distributions. Other realistic conditions are also considered, such as liabilities and integer decision variables. Since the resulting model is a complex mixed-integer nonlinear programming problem, simulated annealing algorithm is applied for its solution. A numerical example is given and sensitivity analysis is conducted for the model.

  3. Radiation Belt and Plasma Model Requirements

    Science.gov (United States)

    Barth, Janet L.

    2005-01-01

    Contents include the following: Radiation belt and plasma model environment. Environment hazards for systems and humans. Need for new models. How models are used. Model requirements. How can space weather community help?

  4. An Elliptic Curve Based Schnorr Cloud Security Model in Distributed Environment.

    Science.gov (United States)

    Muthurajan, Vinothkumar; Narayanasamy, Balaji

    2016-01-01

    Cloud computing requires the security upgrade in data transmission approaches. In general, key-based encryption/decryption (symmetric and asymmetric) mechanisms ensure the secure data transfer between the devices. The symmetric key mechanisms (pseudorandom function) provide minimum protection level compared to asymmetric key (RSA, AES, and ECC) schemes. The presence of expired content and the irrelevant resources cause unauthorized data access adversely. This paper investigates how the integrity and secure data transfer are improved based on the Elliptic Curve based Schnorr scheme. This paper proposes a virtual machine based cloud model with Hybrid Cloud Security Algorithm (HCSA) to remove the expired content. The HCSA-based auditing improves the malicious activity prediction during the data transfer. The duplication in the cloud server degrades the performance of EC-Schnorr based encryption schemes. This paper utilizes the blooming filter concept to avoid the cloud server duplication. The combination of EC-Schnorr and blooming filter efficiently improves the security performance. The comparative analysis between proposed HCSA and the existing Distributed Hash Table (DHT) regarding execution time, computational overhead, and auditing time with auditing requests and servers confirms the effectiveness of HCSA in the cloud security model creation.

  5. An Elliptic Curve Based Schnorr Cloud Security Model in Distributed Environment

    Science.gov (United States)

    Muthurajan, Vinothkumar; Narayanasamy, Balaji

    2016-01-01

    Cloud computing requires the security upgrade in data transmission approaches. In general, key-based encryption/decryption (symmetric and asymmetric) mechanisms ensure the secure data transfer between the devices. The symmetric key mechanisms (pseudorandom function) provide minimum protection level compared to asymmetric key (RSA, AES, and ECC) schemes. The presence of expired content and the irrelevant resources cause unauthorized data access adversely. This paper investigates how the integrity and secure data transfer are improved based on the Elliptic Curve based Schnorr scheme. This paper proposes a virtual machine based cloud model with Hybrid Cloud Security Algorithm (HCSA) to remove the expired content. The HCSA-based auditing improves the malicious activity prediction during the data transfer. The duplication in the cloud server degrades the performance of EC-Schnorr based encryption schemes. This paper utilizes the blooming filter concept to avoid the cloud server duplication. The combination of EC-Schnorr and blooming filter efficiently improves the security performance. The comparative analysis between proposed HCSA and the existing Distributed Hash Table (DHT) regarding execution time, computational overhead, and auditing time with auditing requests and servers confirms the effectiveness of HCSA in the cloud security model creation. PMID:26981584

  6. DESIGN MODELING OF A UNIVERSITY’S COMPREHENSIVE-INTEGRATED SECURITY SYSTEM

    Directory of Open Access Journals (Sweden)

    Marina V. Dulyasova

    2017-03-01

    Full Text Available Introduction: the safety of higher education institutions is considered to be of great importance nowadays. Security challenges need to be addressed through a comprehensive and integrative approach. This approach provides neutralisation of various threats systemically, risk prevention, minimisation of the tangible and moral harm. The project concept of “safe university” is proposed and substantiated for the above-mentioned purposes. Materials and Methods: the authors used a special literature survey on the issue, which is divided into three main groups of publications, where the complex security of educational institutions is considered in the context of the general theory of security, in the educational-methodical plan and within the framework of sociological, psychological and pedagogical approaches. The legislative and regulatory sources also indicated, legislative and regulatory legal acts reviews, “Safe City” concept, National standard “Information security technologies: complex and integrated ones. Standard requirements to architecture and technologies of intellectual systems of monitoring for safety of the companies and the territories” (State standard specification P 56875-2016, documents of higher education institutions, media reports. The analysis and generalisation of information was coupled with project modeling of the new comprehensive system of higher education institution security. Results: the authors introduce the concept, architecture and model of the comprehensive integrated higher education institution security, monitoring based on measures and indicators pertaining to implementation of standard requirements and level of satisfaction with safety, evaluation of the taken measures in terms of efficiency. Discussion and Conclusions: the main contours of the model for comprehensive integrated security system in a higher education institution and algorithm of interaction between the subjects are determined. These

  7. Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production

    DEFF Research Database (Denmark)

    Coles, Graeme D; Wratten, Stephen D; Porter, John Roy

    2016-01-01

    Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively......, requirements for high-quality protein are met more efficiently by animal production from such land. We present a model that can be used to assess dietary energy and quality-corrected protein production from various crop and crop/animal production systems, and demonstrate its utility. We extend our analysis...... with an accompanying economic analysis of commercially-available, pre-prepared or simply-cooked foods that can be produced from our case-study crop and animal products. We calculate the per-person, per-day cost of both quality-corrected protein and dietary energy as provided in the processed foods. We conclude...

  8. Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production

    DEFF Research Database (Denmark)

    Coles, Graeme D; Wratten, Stephen D; Porter, John Roy

    2016-01-01

    Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively......, requirements for high-quality protein are met more efficiently by animal production from such land. We present a model that can be used to assess dietary energy and quality-corrected protein production from various crop and crop/animal production systems, and demonstrate its utility. We extend our analysis...... with an accompanying economic analysis of commercially-available, pre-prepared or simply-cooked foods that can be produced from our case-study crop and animal products. We calculate the per-person, per-day cost of both quality-corrected protein and dietary energy as provided in the processed foods. We conclude...

  9. Organizational information assets classification model and security architecture methodology

    Directory of Open Access Journals (Sweden)

    Mostafa Tamtaji

    2015-12-01

    Full Text Available Today's, Organizations are exposed with huge and diversity of information and information assets that are produced in different systems shuch as KMS, financial and accounting systems, official and industrial automation sysytems and so on and protection of these information is necessary. Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released.several benefits of this model cuses that organization has a great trend to implementing Cloud computing. Maintaining and management of information security is the main challenges in developing and accepting of this model. In this paper, at first, according to "design science research methodology" and compatible with "design process at information systems research", a complete categorization of organizational assets, including 355 different types of information assets in 7 groups and 3 level, is presented to managers be able to plan corresponding security controls according to importance of each groups. Then, for directing of organization to architect it’s information security in cloud computing environment, appropriate methodology is presented. Presented cloud computing security architecture , resulted proposed methodology, and presented classification model according to Delphi method and expers comments discussed and verified.

  10. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2005-09-01

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was

  11. Immune-Inspired Self-Protection Model for Securing Grid

    Directory of Open Access Journals (Sweden)

    Inderpreet Chopra

    2016-03-01

    Full Text Available —The application of human immunology in solving security problems in Grid Computing seems to be a thought-provoking research area. Grid involves large number of dynamic heterogeneous resources. Manually managing the security for such dynamic system is always fault prone. This paper presents the simple immune based model for self-protection (SIMS of grid environment from various attacks like DoS, DDoS, Probing, etc. Like human body helps to identify and respond to harmful pathogens that it doesn't recognize as “self”, in the same manner SIMS incorporates the immunological concepts and principles for safeguarding the grid from various security breaches.

  12. Activity Modelling and Comparative Evaluation of WSN MAC Security Attacks

    DEFF Research Database (Denmark)

    Pawar, Pranav M.; Nielsen, Rasmus Hjorth; Prasad, Neeli R.

    2012-01-01

    and initiate security attacks that disturb the normal functioning of the network in a severe manner. Such attacks affect the performance of the network by increasing the energy consumption, by reducing throughput and by inducing long delays. Of all existing WSN attacks, MAC layer attacks are considered....... The second aim of the paper is to simulate these attacks on hybrid MAC mechanisms, which shows the performance degradation of aWSN under the considered attacks. The modelling and implementation of the security attacks give an actual view of the network which can be useful in further investigating secure......Applications of wireless sensor networks (WSNs) are growing tremendously in the domains of habitat, tele-health, industry monitoring, vehicular networks, home automation and agriculture. This trend is a strong motivation for malicious users to increase their focus on WSNs and to develop...

  13. UML BASED MODELING OF ECDSA FOR SECURED AND SMART E-GOVERNANCE SYSTEM

    Directory of Open Access Journals (Sweden)

    Abhishek Roy

    2013-02-01

    Full Text Available In comparison to the conventional form of administration, nowadays the E-Governance have become the smart way of deployment of administration by the authority under its jurisdiction. Since this technique requires the transmission of sensitive information between the Government and the Citizen through the Internet, information scientists take pain to provide utmost information security, which can also be further qualitatively enhanced by the incorporation of object oriented software engineering paradigm. Hence, the authors have proposed a multifaceted smart card based secured E-Governance mechanism using Multipurpose Electronic Card (MEC. In this proposed model the authentication of Citizen is achieved by the tactful implementation of digital signatures, which is the key field of digital certificate. Security of digital signature is further improved by wrapping Elliptic Curve Digital Signature Algorithm (ECDSA in different Object Oriented Analysis Design (OOAD tools of Unified Modeling Language (UML.

  14. C2 Link Security for UAS: Technical Literature Study and Preliminary Functional Requirements. Version 0.9 (Working Draft)

    Science.gov (United States)

    2005-01-01

    This document provides a study of the technical literature related to Command and Control (C2) link security for Unmanned Aircraft Systems (UAS) for operation in the National Airspace System (NAS). Included is a preliminary set of functional requirements for C2 link security.

  15. A Wireless Sensor Network for Hospital Security: From User Requirements to Pilot Deployment

    Directory of Open Access Journals (Sweden)

    Kaseva Ville

    2011-01-01

    Full Text Available Increasing amount of Wireless Sensor Network (WSN applications require low network delays. However, current research on WSNs has mainly concentrated on optimizing energy-efficiency omitting low network delays. This paper presents a novel WSN design targeted at applications requiring low data transfer delays and high reliability. We present the whole design flow from user requirements to an actual pilot deployment in a real hospital unit. The WSN includes multihop low-delay data transfer and energy-efficient mobile nodes reaching lifetime of years with small batteries. The nodes communicate using a low-cost low-power 2.4 GHz radio. The network is used in a security application with which personnel can send alarms in threatening situations. Also, a multitude of sensor measurements and actuator control is possible with the WSN. A full-scale pilot deployment is extensively experimented for performance results. Currently, the pilot network is in use at the hospital.

  16. An Overview of Information Security Model for IOT%物联网信息安全模型综述

    Institute of Scientific and Technical Information of China (English)

    邵华; 范红

    2014-01-01

    The internet of things is the extension of the internet, should not only to face the traditional security issues, but also deal with new and specific security problem, which made higher requirements for security model. This article from the security protection object and way to classify the information security model for IOT, summarizes the current popular information security model for IOT, analysis the advantages and disadvantages of the existing security model, and predicts the trend of the development of the IOT information security model.%物联网是互联网的延伸,不仅传统的安全问题继续困扰物联网,而且新的、特有的安全问题也不断呈现,这些均对物联网安全模型提出了更高的要求。本文从安全防护对象以及方式对物联网信息安全模型进行分类,综述了当前比较流行的物联网信息安全模型,分析了现有安全模型优势与劣势,展望了物联网信息安全模型发展的趋势。

  17. Formal Verification of a Secure Model for Building E-Learning Systems

    Directory of Open Access Journals (Sweden)

    Farhan M Al Obisat

    2016-06-01

    Full Text Available Internet is considered as common medium for E-learning to connect several parties with each other (instructors and students as they are supposed to be far away from each other. Both wired and wireless networks are used in this learning environment to facilitate mobile access to educational systems. This learning environment requires a secure connection and data exchange. An E-learning model was implemented and evaluated by conducting student’s experiments. Before the approach is deployed in the real world a formal verification for the model is completed which shows that unreachability case does not exist. The model in this paper which is concentrated on the security of e-content has successfully validated the model using SPIN Model Checker where no errors were found.

  18. Towards an Enhancement of Organizational Information Security through Threat Factor Profiling (TFP) Model

    Science.gov (United States)

    Sidi, Fatimah; Daud, Maslina; Ahmad, Sabariah; Zainuddin, Naqliyah; Anneisa Abdullah, Syafiqa; Jabar, Marzanah A.; Suriani Affendey, Lilly; Ishak, Iskandar; Sharef, Nurfadhlina Mohd; Zolkepli, Maslina; Nur Majdina Nordin, Fatin; Amat Sejani, Hashimah; Ramadzan Hairani, Saiful

    2017-09-01

    Information security has been identified by organizations as part of internal operations that need to be well implemented and protected. This is because each day the organizations face a high probability of increase of threats to their networks and services that will lead to information security issues. Thus, effective information security management is required in order to protect their information assets. Threat profiling is a method that can be used by an organization to address the security challenges. Threat profiling allows analysts to understand and organize intelligent information related to threat groups. This paper presents a comparative analysis that was conducted to study the existing threat profiling models. It was found that existing threat models were constructed based on specific objectives, thus each model is limited to only certain components or factors such as assets, threat sources, countermeasures, threat agents, threat outcomes and threat actors. It is suggested that threat profiling can be improved by the combination of components found in each existing threat profiling model/framework. The proposed model can be used by an organization in executing a proactive approach to incident management.

  19. Holistic Security Model for Mobile Database in Nigeria

    Directory of Open Access Journals (Sweden)

    Fidelis C. Obodoeze

    2016-07-01

    Full Text Available Due to proliferation on the usage of mobile computing devices such as mobile phones, smart phones, Tablet PCs and Portable Digital Assistant (PDA in Nigeria and world over, it is expected that these light-weight, powerful, low-cost computing devices will pave way for data-driven applications in mobile environments. These portal mobile devices can be connected to corporate database and application servers so that application processing can take place at any time and from anywhere. This can throw up a lot of security challenges. Hackers, malicious programs and rival firms can penetrate the corporate servers through various security holes or vulnerabilities. This paper examines these security holes that can emanate from three major windows- the mobile device, the mobile network and the corporate database server and critically x-rays various solutions that can ward them off in order to protect critical data from attack, eavesdropping, disruption, destruction and modification. This paper finally proposes a holistic security model to protect corporate mobile database in Nigeria

  20. Design of a Secure Smart Grid Architecture Model using Damgard Jurik Cryptosystem

    Directory of Open Access Journals (Sweden)

    K. Seethal

    2015-04-01

    Full Text Available Smart grid is a paradigm shift from the traditional Power grid which promises to make the electric grid both energy efficient and Fault tolerant. Trade-off between Energy savings and Security is a critical issue in Smart grid architecture. Smart grid architecture requires a high level secure data exchanges between sensors like Phasor Measurement Units and Advanced Metering Infrastructures like Smart Meters. In this study a Secure Smart grid Architecture model is proposed for the Smart grid network. Initially DamgardJurik encryption algorithm is applied on the data from the Phasor Measurement Units and a digital signature is then attached to the encrypted text to provide further authentication. The digitally signed data is collected in Data centre where it is decrypted. The proposed architecture has been implemented in both software and hardware. The effectiveness of the system is verified by introducing an intruder in hardware implementation.

  1. Domain Specific and Model Based Systems Engineering in the Smart Grid as Prerequesite for Security by Design

    Directory of Open Access Journals (Sweden)

    Christian Neureiter

    2016-05-01

    Full Text Available The development of Smart Grid systems has proven to be a challenging task. Besides the inherent technical complexity, the involvement of different stakeholders from different disciplines is a major challenge. In order to maintain the strict security requirements, holistic systems engineering concepts and reference architectures are required that enable the integration, maintenance and evaluation of Smart Grid security. In this paper, a conceptual approach is presented on how to enable the integration of security by design in the development of Smart Grid Systems. A major cornerstone of this approach is the development of a domain-specific and standards-based modelling language on basis of the M/490 Smart Grid Architecture Model (SGAM. Furthermore, this modelling approach is utilized to develop a reference architecture model on basis of the National Institute of Standards and Technology (NIST Logical Reference Model (LRM with its integrated security concepts. The availability of a standards-based reference architecture model enables the instantiation of particular solutions with a profound basis for security. Moreover, it is demonstrated how such architecture models can be utilized to gain insights into potential security implications and furthermore can serve as a basis for implementation.

  2. A Framework for Modelling Software Requirements

    Directory of Open Access Journals (Sweden)

    Dhirendra Pandey

    2011-05-01

    Full Text Available Requirement engineering plays an important role in producing quality software products. In recent past years, some approaches of requirement framework have been designed to provide an end-to-end solution for system development life cycle. Textual requirements specifications are difficult to learn, design, understand, review, and maintain whereas pictorial modelling is widely recognized as an effective requirement analysis tool. In this paper, we will present a requirement modelling framework with the analysis of modern requirements modelling techniques. Also, we will discuss various domains of requirement engineering with the help of modelling elements such as semantic map of business concepts, lifecycles of business objects, business processes, business rules, system context diagram, use cases and their scenarios, constraints, and user interface prototypes. The proposed framework will be illustrated with the case study of inventory management system.

  3. Adapting Rational Unified Process (RUP) approach in designing a secure e-Tendering model

    Science.gov (United States)

    Mohd, Haslina; Robie, Muhammad Afdhal Muhammad; Baharom, Fauziah; Darus, Norida Muhd; Saip, Mohamed Ali; Yasin, Azman

    2016-08-01

    e-Tendering is an electronic processing of the tender document via internet and allow tenderer to publish, communicate, access, receive and submit all tender related information and documentation via internet. This study aims to design the e-Tendering system using Rational Unified Process approach. RUP provides a disciplined approach on how to assign tasks and responsibilities within the software development process. RUP has four phases that can assist researchers to adjust the requirements of various projects with different scope, problem and the size of projects. RUP is characterized as a use case driven, architecture centered, iterative and incremental process model. However the scope of this study only focusing on Inception and Elaboration phases as step to develop the model and perform only three of nine workflows (business modeling, requirements, analysis and design). RUP has a strong focus on documents and the activities in the inception and elaboration phases mainly concern the creation of diagrams and writing of textual descriptions. The UML notation and the software program, Star UML are used to support the design of e-Tendering. The e-Tendering design based on the RUP approach can contribute to e-Tendering developers and researchers in e-Tendering domain. In addition, this study also shows that the RUP is one of the best system development methodology that can be used as one of the research methodology in Software Engineering domain related to secured design of any observed application. This methodology has been tested in various studies in certain domains, such as in Simulation-based Decision Support, Security Requirement Engineering, Business Modeling and Secure System Requirement, and so forth. As a conclusion, these studies showed that the RUP one of a good research methodology that can be adapted in any Software Engineering (SE) research domain that required a few artifacts to be generated such as use case modeling, misuse case modeling, activity

  4. Research on Eliciting Security Requirement Methods%软件安全需求获取方法的研究

    Institute of Scientific and Technical Information of China (English)

    金英; 刘鑫; 张晶

    2011-01-01

    Recently more and more attention has been paid to use active defense in software security because it provides a positive way to guarantee software security and effectively construct high-confidential software. Security requirements were critical to software security assurance. Eliciting security requirements was one of major and difficult tasks during the security assurance. Some typical methods about eliciting security requirements were studied, compared and analyzed with respect to their research methods, application, etc. The current status of different approaches to security requirements elicitation were summarized,and future trends were explored in the end. The above work will provide a valuable reference for carrying out research and application in security requirement engineering.%近年来,软件主动式防御思想在软件安全性保障中的地位越来越高,它是一种积极的保障软件安全性的思想,可有效地构建高可信性软件.安全需求的获取是软件安全性保障中最关键的部分,是主动式防御首要完成的任务并且也是最难完成的部分.针对典型的安全需求获取方法,从它们的研究途径、应用情况等方面进行比较和分析,总结并讨论了安全需求获取方法的状况及其未来的发展趋势.上述工作将对安全需求获取方法的研究和实践应用提供有益参考.

  5. 76 FR 10528 - Special Conditions: Gulfstream Model GVI Airplane; Electronic Systems Security Isolation or...

    Science.gov (United States)

    2011-02-25

    ... airplane models. This may allow the exploitation of network security vulnerabilities and increase ] risks... Federal Aviation Administration 14 CFR Part 25 Special Conditions: Gulfstream Model GVI Airplane; Electronic Systems Security Isolation or Protection From Unauthorized Passenger Systems Access AGENCY...

  6. 76 FR 36861 - Special Conditions: Gulfstream Model GVI Airplane; Electronic Systems Security Isolation or...

    Science.gov (United States)

    2011-06-23

    ... airplane models. This may allow the exploitation of network security vulnerabilities and increase risks... Federal Aviation Administration 14 CFR Part 25 Special Conditions: Gulfstream Model GVI Airplane; Electronic Systems Security Isolation or Protection From Unauthorized Passenger Systems Access AGENCY...

  7. Creation of a Homeland Security Jail Information Model

    Science.gov (United States)

    2012-03-01

    In contrast, law enforcement officers at a jail have a better gestalt understanding of homeland security threats and trends in the same...and my personal familiarity with each model. In his book Beyond the Two Disciplines of Scientific Psychology , Lee Cronbach claims that...muhajir.background/index.html Cronbach, L. J. (1975). Beyond the two disciplines of scientific psychology . Washington, D.C.: American Psychologist

  8. Physical security and vulnerability modeling for infrasturcture facilities.

    Energy Technology Data Exchange (ETDEWEB)

    Nozick, Linda Karen; Jones, Dean A.; Davis, Chad Edward; Turnquist, Mark Alan

    2006-07-01

    A model of malicious intrusions in infrastructure facilities is developed, using a network representation of the system structure together with Markov models of intruder progress and strategy. This structure provides an explicit mechanism to estimate the probability of successful breaches of physical security, and to evaluate potential improvements. Simulation is used to analyze varying levels of imperfect information on the part of the intruders in planning their attacks. An example of an intruder attempting to place an explosive device on an airplane at an airport gate illustrates the structure and potential application of the model.

  9. Application distribution model and related security attacks in VANET

    Science.gov (United States)

    Nikaein, Navid; Kanti Datta, Soumya; Marecar, Irshad; Bonnet, Christian

    2013-03-01

    In this paper, we present a model for application distribution and related security attacks in dense vehicular ad hoc networks (VANET) and sparse VANET which forms a delay tolerant network (DTN). We study the vulnerabilities of VANET to evaluate the attack scenarios and introduce a new attacker`s model as an extension to the work done in [6]. Then a VANET model has been proposed that supports the application distribution through proxy app stores on top of mobile platforms installed in vehicles. The steps of application distribution have been studied in detail. We have identified key attacks (e.g. malware, spamming and phishing, software attack and threat to location privacy) for dense VANET and two attack scenarios for sparse VANET. It has been shown that attacks can be launched by distributing malicious applications and injecting malicious codes to On Board Unit (OBU) by exploiting OBU software security holes. Consequences of such security attacks have been described. Finally, countermeasures including the concepts of sandbox have also been presented in depth.

  10. AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

    Directory of Open Access Journals (Sweden)

    JAE-GU SONG

    2013-10-01

    Full Text Available Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

  11. Modeling Requirements for Cohort and Register IT.

    Science.gov (United States)

    Stäubert, Sebastian; Weber, Ulrike; Michalik, Claudia; Dress, Jochen; Ngouongo, Sylvie; Stausberg, Jürgen; Winter, Alfred

    2016-01-01

    The project KoRegIT (funded by TMF e.V.) aimed to develop a generic catalog of requirements for research networks like cohort studies and registers (KoReg). The catalog supports such kind of research networks to build up and to manage their organizational and IT infrastructure. To make transparent the complex relationships between requirements, which are described in use cases from a given text catalog. By analyzing and modeling the requirements a better understanding and optimizations of the catalog are intended. There are two subgoals: a) to investigate one cohort study and two registers and to model the current state of their IT infrastructure; b) to analyze the current state models and to find simplifications within the generic catalog. Processing the generic catalog was performed by means of text extraction, conceptualization and concept mapping. Then methods of enterprise architecture planning (EAP) are used to model the extracted information. To work on objective a) questionnaires are developed by utilizing the model. They are used for semi-structured interviews, whose results are evaluated via qualitative content analysis. Afterwards the current state was modeled. Objective b) was done by model analysis. A given generic text catalog of requirements was transferred into a model. As result of objective a) current state models of one existing cohort study and two registers are created and analyzed. An optimized model called KoReg-reference-model is the result of objective b). It is possible to use methods of EAP to model requirements. This enables a better overview of the partly connected requirements by means of visualization. The model based approach also enables the analysis and comparison of the empirical data from the current state models. Information managers could reduce the effort of planning the IT infrastructure utilizing the KoReg-reference-model. Modeling the current state and the generation of reports from the model, which could be used as

  12. Future consumer mobile phone security: a case study using the data centric security model

    NARCIS (Netherlands)

    Cleeff, van Andre

    2008-01-01

    In the interconnected world that we live in, traditional security barriers are broken down. Developments such as outsourcing, increased usage of mobile devices and wireless networks each cause new security problems. To address the new security threats, a number of solutions have been suggested, most

  13. An Extended Analysis of Requirements Traceability Model

    Institute of Scientific and Technical Information of China (English)

    Jiang Dandong(蒋丹东); Zhang Shensheng; Chen Lu

    2004-01-01

    A new extended meta model of traceability is presented. Then, a formalized fine-grained model of traceability is described. Some major issues about this model, including trace units, requirements and relations within the model, are further analyzed. Finally, a case study that comes from a key project of 863 Program is given.

  14. Security Analysis and Security Model Research on IOT%物联网安全问题分析及安全模型研究

    Institute of Scientific and Technical Information of China (English)

    刘波; 陈晖; 王海涛; 付鹰

    2012-01-01

    As a new generation network model,the IOT is the integration and expansion of the traditional network,the traditional network security and technical security issues still exist in the IOT system. And the IOT also joins more private information as well as some involving confidential information, need a higher requirements for information security management, security protection, and other Security mechanisms. Firstly, the IOT concept,architecture and core technology is given a simple description and summary,and then have the security issues of IOT detailed analysis, on this basis, a IOT security model based on P2DR2 is proposed, and the core technology of the model are studied at the same time.%物联网作为新一代网络模式,是对传统网络和技术的融合和扩展,传统的网络安全和技术安全问题依然存在于物联网系统中,同时物联网中又加入了更多的私人信息以及一些涉密信息,对信息的安全管理、安全防护等安全问题提出了更高的要求.该文首先对物联网概念、体系架构以及核心技术进行简单的描述和总结,然后对物联网安全问题进行了详细的分析,在此基础上,提出了一种基于P2DR2的动态防御物联网安全模型,并对该模型的相关核心技术进行了研究.

  15. USign--a security enhanced electronic consent model.

    Science.gov (United States)

    Li, Yanyan; Xie, Mengjun; Bian, Jiang

    2014-01-01

    Electronic consent becomes increasingly popular in the healthcare sector given the many benefits it provides. However, security concerns, e.g., how to verify the identity of a person who is remotely accessing the electronic consent system in a secure and user-friendly manner, also arise along with the popularity of electronic consent. Unfortunately, existing electronic consent systems do not pay sufficient attention to those issues. They mainly rely on conventional password based authentication to verify the identity of an electronic consent user, which is far from being sufficient given that identity theft threat is real and significant in reality. In this paper, we present a security enhanced electronic consent model called USign. USign enhances the identity protection and authentication for electronic consent systems by leveraging handwritten signatures everyone is familiar with and mobile computing technologies that are becoming ubiquitous. We developed a prototype of USign and conducted preliminary evaluation on accuracy and usability of signature verification. Our experimental results show the feasibility of the proposed model.

  16. Privacy Enhanced Pervasive Computing Model with Dynamic Trust and Security

    Directory of Open Access Journals (Sweden)

    Geetha Mariappan

    2014-06-01

    Full Text Available The objective of the research work is to propose a policy aware privacy enhancement model using dynamic trust and security management techniques. The different polices of the stakeholders incorporating device manufacturer, service provider, Mobile agents and mobile users are considered to achieve an enhanced privacy for on-demand request. The entities involving direct and indirect trust establishment with all forms of uncertainties like DDoS attacks are considered along with multiple layers of security management operations across varying trusted entities. The focus is to enhance the existing privacy through an efficient, preventive, detective, response mechanisms for those attacks, which will address the problem of DDoS before, during and after an actual attack. The session time and access time are controlled by the privileges and rights for disclosure of information in pervasive environment.

  17. Long-term dynamics simulation: Modeling requirements

    Energy Technology Data Exchange (ETDEWEB)

    Morched, A.S.; Kar, P.K.; Rogers, G.J.; Morison, G.K. (Ontario Hydro, Toronto, ON (Canada))

    1989-12-01

    This report details the required performance and modelling capabilities of a computer program intended for the study of the long term dynamics of power systems. Following a general introduction which outlines the need for long term dynamic studies, the modelling requirements for the conduct of such studies is discussed in detail. Particular emphasis is placed on models for system elements not normally modelled in power system stability programs, which will have a significant impact in the long term time frame of minutes to hours following the initiating disturbance. The report concludes with a discussion of the special computational and programming requirements for a long term stability program. 43 refs., 36 figs.

  18. Modelling of Security Principles Within Car-to-Car Communications in Modern Cooperative Intelligent Transportation Systems

    Directory of Open Access Journals (Sweden)

    Jan Durech

    2016-01-01

    Full Text Available Intelligent transportation systems (ITS bring advanced applications that provide innovative services for various transportation modes in the area of traffic control, and enable better awareness for different users. Communication connections between intelligent vehicles with the use of wireless communication standards, so called Vehicular Ad Hoc Networks (VANETs, require ensuring verification of validity of provided services as well as services related to transmission confidentiality and integrity. The goal of this paper is to analyze secure mechanisms utilised in VANET communication within Cooperative Intelligent Transportation Systems (C-ITS with a focus on safety critical applications. The practical part of the contribution is dedicated to modelling of security properties of VANET networks via OPNET Modeler tool extended by the implementation of the OpenSSL library for authentication protocol realisation based on digital signature schemes. The designed models simulate a transmission of authorised alert messages in Car-to-Car communication for several traffic scenarios with recommended Elliptic Curve Integrated Encryption Scheme (ECIES. The obtained results of the throughput and delay in the simulated network are compared for secured and no-secured communications in dependence on the selected digital signature schemes and the number of mobile nodes. The OpenSSL library has also been utilised for the comparison of time demandingness of digital signature schemes based on RSA (Rivest Shamir Adleman, DSA (Digital Signature Algorithm and ECDSA (Elliptic Curve Digital Signature Algorithm for different key-lengths suitable for real time VANET communications for safety-critical applications of C-ITS.

  19. Constructing RBAC based security model in u-healthcare service platform.

    Science.gov (United States)

    Shin, Moon Sun; Jeon, Heung Seok; Ju, Yong Wan; Lee, Bum Ju; Jeong, Seon-Phil

    2015-01-01

    In today's era of aging society, people want to handle personal health care by themselves in everyday life. In particular, the evolution of medical and IT convergence technology and mobile smart devices has made it possible for people to gather information on their health status anytime and anywhere easily using biometric information acquisition devices. Healthcare information systems can contribute to the improvement of the nation's healthcare quality and the reduction of related cost. However, there are no perfect security models or mechanisms for healthcare service applications, and privacy information can therefore be leaked. In this paper, we examine security requirements related to privacy protection in u-healthcare service and propose an extended RBAC based security model. We propose and design u-healthcare service integration platform (u-HCSIP) applying RBAC security model. The proposed u-HCSIP performs four main functions: storing and exchanging personal health records (PHR), recommending meals and exercise, buying/selling private health information or experience, and managing personal health data using smart devices.

  20. Resilience to leaking--dynamic systems modeling of information security.

    Science.gov (United States)

    Hamacher, Kay

    2012-01-01

    Leaking of confidential material is a major threat to information security within organizations and to society as a whole. This insight has gained traction in the political realm since the activities of Wikileaks, which hopes to attack 'unjust' systems or 'conspiracies'. Eventually, such threats to information security rely on a biologistic argument on the benefits and drawbacks that uncontrolled leaking might pose for 'just' and 'unjust' entities. Such biological metaphors are almost exclusively based on the economic advantage of participants. Here, I introduce a mathematical model of the complex dynamics implied by leaking. The complex interactions of adversaries are modeled by coupled logistic equations including network effects of econo-communication networks. The modeling shows, that there might arise situations where the leaking envisioned and encouraged by Wikileaks and the like can strengthen the defending entity (the 'conspiracy'). In particular, the only severe impact leaking can have on an organization seems to originate in the exploitation of leaks by another entity the organization competes with. Therefore, the model suggests that leaks can be used as a `tactical mean' in direct adversary relations, but do not necessarily increase public benefit and societal immunization to 'conspiracies'. Furthermore, within the model the exploitation of the (open) competition between entities seems to be a more promising approach to control malicious organizations : divide-et-impera policies triumph here.

  1. Resilience to Leaking — Dynamic Systems Modeling of Information Security

    Science.gov (United States)

    Hamacher, Kay

    2012-01-01

    Leaking of confidential material is a major threat to information security within organizations and to society as a whole. This insight has gained traction in the political realm since the activities of Wikileaks, which hopes to attack ‘unjust’ systems or ‘conspiracies’. Eventually, such threats to information security rely on a biologistic argument on the benefits and drawbacks that uncontrolled leaking might pose for ‘just’ and ‘unjust’ entities. Such biological metaphors are almost exclusively based on the economic advantage of participants. Here, I introduce a mathematical model of the complex dynamics implied by leaking. The complex interactions of adversaries are modeled by coupled logistic equations including network effects of econo-communication networks. The modeling shows, that there might arise situations where the leaking envisioned and encouraged by Wikileaks and the like can strengthen the defending entity (the ‘conspiracy’). In particular, the only severe impact leaking can have on an organization seems to originate in the exploitation of leaks by another entity the organization competes with. Therefore, the model suggests that leaks can be used as a `tactical mean’ in direct adversary relations, but do not necessarily increase public benefit and societal immunization to ‘conspiracies’. Furthermore, within the model the exploitation of the (open) competition between entities seems to be a more promising approach to control malicious organizations : divide-et-impera policies triumph here. PMID:23227151

  2. Resilience to leaking--dynamic systems modeling of information security.

    Directory of Open Access Journals (Sweden)

    Kay Hamacher

    Full Text Available Leaking of confidential material is a major threat to information security within organizations and to society as a whole. This insight has gained traction in the political realm since the activities of Wikileaks, which hopes to attack 'unjust' systems or 'conspiracies'. Eventually, such threats to information security rely on a biologistic argument on the benefits and drawbacks that uncontrolled leaking might pose for 'just' and 'unjust' entities. Such biological metaphors are almost exclusively based on the economic advantage of participants. Here, I introduce a mathematical model of the complex dynamics implied by leaking. The complex interactions of adversaries are modeled by coupled logistic equations including network effects of econo-communication networks. The modeling shows, that there might arise situations where the leaking envisioned and encouraged by Wikileaks and the like can strengthen the defending entity (the 'conspiracy'. In particular, the only severe impact leaking can have on an organization seems to originate in the exploitation of leaks by another entity the organization competes with. Therefore, the model suggests that leaks can be used as a `tactical mean' in direct adversary relations, but do not necessarily increase public benefit and societal immunization to 'conspiracies'. Furthermore, within the model the exploitation of the (open competition between entities seems to be a more promising approach to control malicious organizations : divide-et-impera policies triumph here.

  3. Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey

    Directory of Open Access Journals (Sweden)

    Mohamed S. Abdalzaher

    2016-06-01

    Full Text Available We present a study of using game theory for protecting wireless sensor networks (WSNs from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs.

  4. Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey.

    Science.gov (United States)

    Abdalzaher, Mohamed S; Seddik, Karim; Elsabrouty, Maha; Muta, Osamu; Furukawa, Hiroshi; Abdel-Rahman, Adel

    2016-06-29

    We present a study of using game theory for protecting wireless sensor networks (WSNs) from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs.

  5. 17 CFR 402.2 - Capital requirements for registered government securities brokers and dealers.

    Science.gov (United States)

    2010-04-01

    ... and those mortgage-backed securities described in paragraph (e)(2) of this section; (ii) Zero-coupon...) “Treasury market risk instrument” does not include mortgage-backed securities that do not pass through to... All fixed rate mortgage-backed securities that are Treasury market risk instruments. AR All adjustable...

  6. 17 CFR 240.6h-1 - Settlement and regulatory halt requirements for security futures products.

    Science.gov (United States)

    2010-04-01

    ... purposes of this section: (1) Opening price means the price at which a security opened for trading, or a price that fairly reflects the price at which a security opened for trading, during the regular trading..., then opening price shall mean the price at which a security opened for trading, or a price that fairly...

  7. Providing a Security Model Based on Service Oriented Architecture in Electronic Banking

    Directory of Open Access Journals (Sweden)

    Sima Emadi

    2013-10-01

    Full Text Available With the increasing advances in IT world and the use of distributed systems, complexity and performance ofapplications have also changed. Banks require proper cooperation and integration among organizational systems toprovide effective and correct services. On the other hand, they contain diverse and heterogeneous infrastructures,applications and systems. Cooperation and integration among these systems require interactions and informationsharing among the users. The service-oriented architecture is the latest generation of information systems'architecture and has become quickly inclusive in recent years. One of the important features of this architecture isthe numerous users of different subsystems and their communication and cooperation in activities. In thisarchitecture, resources and services are often provided in sharing for different users. But, such features in serviceorientedarchitecture have brought about some challenges to the technology, one of which is 'the security'. Theneed for a security model in service-oriented architecture seems essential due to the distributed nature of thearchitecture, its reusability and accessibility. In this model, security requirements and standards for different layersare studied.

  8. A Secured Hybrid Architecture Model for Internet Banking (e - Banking

    Directory of Open Access Journals (Sweden)

    Ganesan R

    2009-05-01

    Full Text Available Internet banking has made it easy to carry out the personal or business financial trans action without going to bank and at any suitable time. This facility enables to transfer money to other accounts and checking current balance alongside the status of any financial transaction made in the account. However, in order to maintain privacy and t o avoid any misuse of transactions, it is necessary to follow a secured architecture model which ensures the privacy and integrity of the transactions and provides confidence on internet banking is stable. In this research paper, a secured hybrid architect ure model for the internet banking using Hyperelliptic curve cryptosystem and MD5 is described. This hybrid model is implemented with the hyperelliptic curve cryptosystem and it performs the encryption and decryption processes in an efficient way merely wi th an 80 - bit key size. The various screen shots given in this contribution shows that the hybrid model which encompasses HECC and MD5 can be considered in the internet banking environment to enrich the privacy and integrity of the sensitive data transmitte d between the clients and the application server

  9. Requirements for clinical information modelling tools.

    Science.gov (United States)

    Moreno-Conde, Alberto; Jódar-Sánchez, Francisco; Kalra, Dipak

    2015-07-01

    This study proposes consensus requirements for clinical information modelling tools that can support modelling tasks in medium/large scale institutions. Rather than identify which functionalities are currently available in existing tools, the study has focused on functionalities that should be covered in order to provide guidance about how to evolve the existing tools. After identifying a set of 56 requirements for clinical information modelling tools based on a literature review and interviews with experts, a classical Delphi study methodology was applied to conduct a two round survey in order to classify them as essential or recommended. Essential requirements are those that must be met by any tool that claims to be suitable for clinical information modelling, and if we one day have a certified tools list, any tool that does not meet essential criteria would be excluded. Recommended requirements are those more advanced requirements that may be met by tools offering a superior product or only needed in certain modelling situations. According to the answers provided by 57 experts from 14 different countries, we found a high level of agreement to enable the study to identify 20 essential and 21 recommended requirements for these tools. It is expected that this list of identified requirements will guide developers on the inclusion of new basic and advanced functionalities that have strong support by end users. This list could also guide regulators in order to identify requirements that could be demanded of tools adopted within their institutions. Copyright © 2015 Elsevier Ireland Ltd. All rights reserved.

  10. Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model.

    Science.gov (United States)

    Moghaddasi, Hamid; Sajjadi, Samad; Kamkarhaghighi, Mehran

    2016-01-01

    Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. The "data security models" presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the "needs and improvement" cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced.

  11. 76 FR 10529 - Special Conditions: Gulfstream Model GVI Airplane; Electronic Systems Security Protection From...

    Science.gov (United States)

    2011-02-25

    ... Federal Aviation Administration 14 CFR Part 25 Special Conditions: Gulfstream Model GVI Airplane; Electronic Systems Security Protection From Unauthorized External Access AGENCY: Federal Aviation... systems and networks may result in security vulnerabilities to the airplane's systems. The applicable...

  12. 76 FR 36863 - Special Conditions: Gulfstream Model GVI Airplane; Electronic Systems Security Protection From...

    Science.gov (United States)

    2011-06-23

    ... TRANSPORTATION Federal Aviation Administration 14 CFR Part 25 Special Conditions: Gulfstream Model GVI Airplane; Electronic Systems Security Protection From Unauthorized External Access AGENCY: Federal Aviation... result in security vulnerabilities to the airplane's systems. The applicable airworthiness regulations do...

  13. Cooperative Monitoring Center Occasional Paper/7: A Generic Model for Cooperative Border Security

    Energy Technology Data Exchange (ETDEWEB)

    Netzer, Colonel Gideon

    1999-03-01

    This paper presents a generic model for dealing with security problems along borders between countries. It presents descriptions and characteristics of various borders and identifies the threats to border security, while emphasizing cooperative monitoring solutions.

  14. Security-Based Mechanism for Proactive Routing Schema Using Game Theory Model

    Directory of Open Access Journals (Sweden)

    Hicham Amraoui

    2016-01-01

    Full Text Available Game theory may offer a useful mechanism to address many problems in mobile ad hoc networks (MANETs. One of the key concepts in the research field of such networks with Optimized Link State Routing Protocol (OLSR is the security problem. Relying on applying game theory to study this problem, we consider two strategies during this suggested model: cooperate and not-cooperate. However, in such networks, it is not easy to identify different actions of players. In this paper, we have essentially been inspired from recent advances provided in game theory to propose a new model for security in MANETs. Our proposal presents a powerful tool with a large number of players where interactions are played multiple times. Moreover, each node keeps a cooperation rate (CR record of other nodes to cope with the behaviors and mitigate aggregate effect of other malicious devices. Additionally, our suggested security mechanism does not only take into consideration security requirements, but also take into account system resources and network performances. The simulation results using Network Simulator 3 are presented to illustrate the effectiveness of the proposal.

  15. 77 FR 70213 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2012-11-23

    ... Swaps c. Risk Management d. Funding Liquidity Stress Test Requirement e. Other Rule 15c3-1 Provisions... Haircuts iii. Capital Charge in Lieu of Margin Collateral iv. Credit Risk Charge v. Funding Liquidity Stress Test Requirement vi. Risk Management Procedures b. Capital Requirements for MSBSPs c...

  16. Delegation Management Modeling in a Security Policy based Environment

    Directory of Open Access Journals (Sweden)

    Sihem Guemara El Fatmi

    2013-07-01

    Full Text Available Security Policies (SP constitute the core of communication networks protection infrastructures. It offers a set of rules allowing differentiating between legitimate actions and prohibited ones and consequently, associates each entity in the network with a set of permissions and privileges. Moreover, in today's technological society and to allow applications perpetuity, communication networks must support the collaboration between entities to face up any unavailability or flinching. This collaboration must be governed by security mechanisms according to the established permissions and privileges. Delegation is a common practice that is used to simplify the sharing of responsibilities and privileges. The delegation process in a SP environment can be implanted through the use of adequate formalisms and modeling. The main contribution of this paper is then, the proposition of a generic and formal modeling of delegation process. This modeling is based on three steps composing the delegation life cycle: negotiation used for delegation initiation, verification of the SP respect while delegating and revocation of an established delegation. Hence, we propose to deal with each step according to the main delegation characteristics and extend them by some new specificities.

  17. Strategic information security

    CERN Document Server

    Wylder, John

    2003-01-01

    Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

  18. Data security.

    Science.gov (United States)

    2016-09-01

    A government-commissioned review of data security across health and care has led to the proposal of new standards for security and options for a consent/opt-out model. Standards include that all staff complete appropriate annual data security training and pass a mandatory test provided through the revised Information Governance Toolkit, that personal confidential data is only accessible to staff who need it for their current role, and that access is removed as soon as it is no longer required. The consent/opt-out model is outlined under 8 statements, and includes certain circumstances where it will not apply, for example, where there is an overriding public interest, or mandatory legal requirement.

  19. Knowledge Base for an Intelligent System in order to Identify Security Requirements for Government Agencies Software Projects

    Directory of Open Access Journals (Sweden)

    Adán Beltrán G.

    2016-01-01

    Full Text Available It has been evidenced that one of the most common causes in the failure of software security is the lack of identification and specification of requirements for information security, it is an activity with an insufficient importance in the software development or software acquisition We propose the knowledge base of CIBERREQ. CIBERREQ is an intelligent knowledge-based system used for the identification and specification of security requirements in the software development cycle or in the software acquisition. CIBERREQ receives functional software requirements written in natural language and produces non-functional security requirements through a semi-automatic process of risk management. The knowledge base built is formed by an ontology developed collaboratively by experts in information security. In this process has been identified six types of assets: electronic data, physical data, hardware, software, person and service; as well as six types of risk: competitive disadvantage, loss of credibility, economic risks, strategic risks, operational risks and legal sanctions. In addition there are defined 95 vulnerabilities, 24 threats, 230 controls, and 515 associations between concepts. Additionally, automatic expansion was used with Wikipedia for the asset types Software and Hardware, obtaining 7125 and 5894 software and hardware subtypes respectively, achieving thereby an improvement of 10% in the identification of the information assets candidates, one of the most important phases of the proposed system.

  20. A cooperative model for IS security risk management in distributed environment.

    Science.gov (United States)

    Feng, Nan; Zheng, Chundong

    2014-01-01

    Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively.

  1. A Requirements Analysis Model Based on QFD

    Institute of Scientific and Technical Information of China (English)

    TANG Zhi-wei; Nelson K.H.Tang

    2004-01-01

    The enterprise resource planning (ERP) system has emerged to offer an integrated IT solution and more and more enterprises are increasing by adopting this system and regarding it as an important innovation. However, there is already evidence of high failure risks in ERP project implementation, one major reason is poor analysis of the requirements for system implementation. In this paper, the importance of requirements analysis for ERP project implementation is highlighted, and a requirements analysis model by applying quality function deployment (QFD) is presented, which will support to conduct requirements analysis for ERP project.

  2. Security and functional requirements for the smart meter gateway; Sicherheitstechnische Vorgaben und funktionale Anforderungen an das Smart Meter Gateway

    Energy Technology Data Exchange (ETDEWEB)

    Bast, Holger; Vollmer, Stefan [Bundesamt fuer Sicherheit in der Informationstechnik, Bonn (Germany)

    2012-07-01

    The availability of smart metering for the majority of both private and corporate prosumers is an essential precondition to get smart grids into operation. However, several concerns about data protection and security issues of smart meters have been raised and discussed in German media. The German Federal Data Protection Commissioner argued that without any further precautions personal data processed in smart meters could be collected and misused by unauthorized third parties if there is no technical standard that specifies technical requirements for necessary data security functions combined with regulatory instruments to make them mandatory. The German Federal Office for Information Security develops a protection profile based on Common Criteria and Technical Guidelines that allow a comparable security certification of such devices. (orig.)

  3. Characterization and modeling of uncertainty intended for a secured MANET

    Directory of Open Access Journals (Sweden)

    Md. Amir Khusru Akhtar

    2013-08-01

    Full Text Available Mobile ad-hoc network is a chaos for decades due to its dynamic and heuristic base. It employs several forms of uncertainty such as vagueness and imprecision. Vagueness can be taken in terms of linguistic assumptions such as grading and classification for the acceptance. Imprecision on the other hand can be associated with countable or noncountable assumptions such as the weights of acceptance calculated by the members of the MANET. This paper presents “Certainty Intended Model (CIM” for a secured MANET by introducing one or more expert nodes together with the inclusion of various theories (such as monotone measure, belief, plausibility, evidence. These theories can be used for the characterization and modeling various forms of uncertainty. Further, these characterizations help in quantifying the uncertainty spectrum because, as much information about the problem is available we can transform from one theory to another. In this work we have shown how these theories and expert opinion helps to identify the setback associated with the MANET in respect of trust management and finally, enhances the security, reliability and performance of the MANET.

  4. Modeling and Testing Legacy Data Consistency Requirements

    DEFF Research Database (Denmark)

    Nytun, J. P.; Jensen, Christian Søndergaard

    2003-01-01

    An increasing number of data sources are available on the Internet, many of which offer semantically overlapping data, but based on different schemas, or models. While it is often of interest to integrate such data sources, the lack of consistency among them makes this integration difficult....... This paper addresses the need for new techniques that enable the modeling and consistency checking for legacy data sources. Specifically, the paper contributes to the development of a framework that enables consistency testing of data coming from different types of data sources. The vehicle is UML and its...... accompanying XMI. The paper presents techniques for modeling consistency requirements using OCL and other UML modeling elements: it studies how models that describe the required consistencies among instances of legacy models can be designed in standard UML tools that support XMI. The paper also considers...

  5. Business models and business model innovation in a “Secure and Distributed Cloud Clustering (DISC) Society”

    DEFF Research Database (Denmark)

    Lindgren, Peter; Taran, Yariv

    2011-01-01

    of secure business models and how business models can be operated and innovated in a secure context have intensified tremendously. The development of new mobile and wireless security technologies gives hopes to really realize a secure cloud clustering society where business models can act and be innovated......The development and innovation of business models to a secure distributed cloud clustering society (DISC)—is indeed still a complex venture and has not been widely researched yet. Numerous types of security technologies are in these years proposed and in the “slip stream” of these the study...... secure—but we still have some steps to go before we reach the final destination. The paper gives a conceptual futuristic outlook on behalf of the input from SW2010 and state of the art business model research to what we can expect of business Model and business model innovation in a future secure cloud...

  6. Open information security management maturity model (O-ISM3)

    CERN Document Server

    2011-01-01

    The O-ISM3 standard focuses on the common processes of information security. It is technology-neutral, very practical and considers the business aspect in depth. This means that practitioners can use O-ISM3 with a wide variety of protection techniques used in the marketplace. In addition it supports common frameworks such as ISO 9000, ISO 27000, COBIT and ITIL. Covers: risk management, security controls, security management and how to translate business drivers into security objectives and targets

  7. The Chain-Link Fence Model: A Framework for Creating Security Procedures

    Science.gov (United States)

    Houghton, Robert F.

    2013-01-01

    A long standing problem in information technology security is how to help reduce the security footprint. Many specific proposals exist to address specific problems in information technology security. Most information technology solutions need to be repeatable throughout the course of an information systems lifecycle. The Chain-Link Fence Model is…

  8. The Chain-Link Fence Model: A Framework for Creating Security Procedures

    Science.gov (United States)

    Houghton, Robert F.

    2013-01-01

    A long standing problem in information technology security is how to help reduce the security footprint. Many specific proposals exist to address specific problems in information technology security. Most information technology solutions need to be repeatable throughout the course of an information systems lifecycle. The Chain-Link Fence Model is…

  9. Security and privacy threats in RFID traceability network

    Institute of Scientific and Technical Information of China (English)

    Chu; Chao-Hsien

    2008-01-01

    To address security and privacy issues in radio frequency identification (RFID) traceability networks, a multi-layer privacy and security framework is proposed, which includes four facets: a security model, a communication protocol, access permission and privacy preservation. According to the security requirements that are needed in an RFID system, a security model that incorporates security requirements that include privacy of tag data, privacy of ownership, and availability of tag identity is introduced. ...

  10. Minimum Lateral Bone Coverage Required for Securing Fixation of Cementless Acetabular Components in Hip Dysplasia

    Directory of Open Access Journals (Sweden)

    Masanori Fujii

    2017-01-01

    Full Text Available Objectives. To determine the minimum lateral bone coverage required for securing stable fixation of the porous-coated acetabular components (cups in hip dysplasia. Methods. In total, 215 primary total hip arthroplasties in 199 patients were reviewed. The average follow-up period was 49 months (range: 24–77 months. The lateral bone coverage of the cups was assessed by determining the cup center-edge (cup-CE angle and the bone coverage index (BCI from anteroposterior pelvic radiographs. Further, cup fixation was determined using the modified DeLee and Charnley classification system. Results. All cups were judged to show stable fixation by bone ingrowth. The cup-CE angle was less than 0° in 7 hips (3.3% and the minimum cup-CE angle was −9.2° (BCI: 48.8%. Thin radiolucent lines were observed in 5 hips (2.3%, which were not associated with decreased lateral bone coverage. Loosening, osteolysis, dislocation, or revision was not observed in any of the cases during the follow-up period. Conclusion. A cup-CE angle greater than −10° (BCI > 50% was acceptable for stable bony fixation of the cup. Considering possible errors in manual implantation, we recommend that the cup position be planned such that the cup-CE angle is greater than 0° (BCI > 60%.

  11. 48 CFR 1852.204-76 - Security requirements for unclassified information technolocgy resources.

    Science.gov (United States)

    2010-10-01

    ... data. (4) The Contractor shall ensure that its employees, in performance of the contract, receive annual IT security training in NASA IT Security policies, procedures, computer ethics, and best practices... Contractor shall— (i) Submit requests for non-NASA provided external Internet connections to the Contracting...

  12. 76 FR 15874 - Beneficial Ownership Reporting Requirements and Security-Based Swaps

    Science.gov (United States)

    2011-03-22

    ... accumulation of securities, regardless of technique employed, which might represent a potential shift in... securities while in possession of material, non-public information. Upon becoming an insider, or upon Section... Deposit Insurance Corporation. Our staff also consulted with the CFTC. A person's possession of voting...

  13. 48 CFR 1352.239-72 - Security requirements for information technology resources.

    Science.gov (United States)

    2010-10-01

    ..., computer ethics, and best practices, in accordance with DOC IT Security Program Policy, chapter 15, section... term “Sensitive” is defined by the guidance set forth in the Computer Security Act of 1987 (Pub. L. 100... of computer systems, networks, and telecommunications systems. (c) The contractor shall...

  14. Effective Electronic Security: Process for the Development and Validation from Requirements to Testing

    Science.gov (United States)

    2013-06-01

    ALTERNATIVE DEVELOPMENT We will bankrupt ourselves in the vain search for absolute security. Dwight D. Eisenhower The method used to take an...The mysterious stranger and other stories (1st ed.). New York: Harper & Bros. United Kingdom Home Office. (2012). Security industry authority

  15. A Qualitative Study of Domain Specific Languages for Model Driven Security

    Directory of Open Access Journals (Sweden)

    Muhammad Qaiser Saleem

    2014-05-01

    Full Text Available In Model-Driven development, software system design is represented through models which are created using general purpose modeling languages e.g., UML. Later on system artifacts are automatically generated from these models. Model-Driven Security is a specialization of Model-Driven paradigm towards the domain of security, where security objectives are modeled along the system models and security infrastructures are directly generated from these models. Currently available general purpose modeling languages like UML do not have capability to model the security objectives along the system models. Over the past decade, many researchers are trying to address these limitations of the general purpose modeling languages and come up with several Domain Specific Modeling Languages for Model Driven Security. In this study, a comparative study is presented regarding the security Domain Specific Modeling Languages presented by the most prominent researchers for the development of secure system. A success criteria has been defined and these DSLs are critically analyzed based on it to obtain the qualitative results.

  16. A fuzzy model for exploiting customer requirements

    Directory of Open Access Journals (Sweden)

    Zahra Javadirad

    2016-09-01

    Full Text Available Nowadays, Quality function deployment (QFD is one of the total quality management tools, where customers’ views and requirements are perceived and using various techniques improves the production requirements and operations. The QFD department, after identification and analysis of the competitors, takes customers’ feedbacks to meet the customers’ demands for the products compared with the competitors. In this study, a comprehensive model for assessing the importance of the customer requirements in the products or services for an organization is proposed. The proposed study uses linguistic variables, as a more comprehensive approach, to increase the precision of the expression evaluations. The importance of these requirements specifies the strengths and weaknesses of the organization in meeting the requirements relative to competitors. The results of these experiments show that the proposed method performs better than the other methods.

  17. Identification of the Required Security Practices during e-Government Maturity

    Science.gov (United States)

    Shayan, Ali; Abdi, Behnam; Qeisari, Malihe

    In spite of the e-government benefits, there are some problems during its successful implementation. One of which is information security issues. In this paper, attempts will be made to illustrate the main practices of information security management in each stage of e-government maturity. This study is based on Delphi technique which carried out in two rounds. Based on the literature, a questionnaire was developed and distributed among 38 experts in the first round. In the second round, 12 experts participated. The IQR (Interquartile ranges) was calculated and it founds that the consensus is convenient. According to the results, trends can be depicted in the security practices which have implications for security vision, policies and practices during e-government maturity. The findings suggest that dealing with few aspects is not sufficient, and comprehensive integrated system of information security management should be regarded according to the specific circumstances of the organizations.

  18. 76 FR 10205 - Department of Homeland Security Implementation of OMB Guidance on Drug-Free Workplace Requirements

    Science.gov (United States)

    2011-02-24

    ... unintended changes this action makes in DHS policies and procedures for drug-free workplaces. All comments or.... Adopting the OMB guidance in place of the common rule will not substantively change the drug-free workplace... Implementation of OMB Guidance on Drug-Free Workplace Requirements AGENCY: Department of Homeland Security (DHS...

  19. Secure portal.

    Energy Technology Data Exchange (ETDEWEB)

    Nelson, Cynthia Lee

    2007-09-01

    There is a need in security systems to rapidly and accurately grant access of authorized personnel to a secure facility while denying access to unauthorized personnel. In many cases this role is filled by security personnel, which can be very costly. Systems that can perform this role autonomously without sacrificing accuracy or speed of throughput are very appealing. To address the issue of autonomous facility access through the use of technology, the idea of a ''secure portal'' is introduced. A secure portal is a defined zone where state-of-the-art technology can be implemented to grant secure area access or to allow special privileges for an individual. Biometric technologies are of interest because they are generally more difficult to defeat than technologies such as badge swipe and keypad entry. The biometric technologies selected for this concept were facial and gait recognition. They were chosen since they require less user cooperation than other biometrics such as fingerprint, iris, and hand geometry and because they have the most potential for flexibility in deployment. The secure portal concept could be implemented within the boundaries of an entry area to a facility. As a person is approaching a badge and/or PIN portal, face and gait information can be gathered and processed. The biometric information could be fused for verification against the information that is gathered from the badge. This paper discusses a facial recognition technology that was developed for the purposes of providing high verification probabilities with low false alarm rates, which would be required of an autonomous entry control system. In particular, a 3-D facial recognition approach using Fisher Linear Discriminant Analysis is described. Gait recognition technology, based on Hidden Markov Models has been explored, but those results are not included in this paper. Fusion approaches for combining the results of the biometrics would be the next step in realizing

  20. Performance Requirements Modeling andAssessment for Active Power Ancillary Services

    DEFF Research Database (Denmark)

    Bondy, Daniel Esteban Morales; Thavlov, Anders; Tougaard, Janus Bundsgaard Mosbæk

    2017-01-01

    New sources of ancillary services are expected in the power system. For large and conventional generation units the dynamic response is well understood and detailed individual measurement is feasible, which factors in to the straightforward performance requirements applied today. For secure power...... ancillary service sources. This paper develops a modeling method for ancillary services performance requirements, including performance and verification indices. The use of the modeling method and the indices is exemplified in two case studies.......New sources of ancillary services are expected in the power system. For large and conventional generation units the dynamic response is well understood and detailed individual measurement is feasible, which factors in to the straightforward performance requirements applied today. For secure power...... system operation, a reliable service delivery is required, yet it may not be appropriate to apply conventional performance requirements to new technologies and methods. The service performance requirements and assessment methods therefore need to be generalized and standardized in order to include future...

  1. The Chain-Link Fence Model: A Framework for Creating Security Procedures

    OpenAIRE

    Houghton, Robert F.

    2013-01-01

    A long standing problem in information technology security is how to help reduce the security footprint. Many specific proposals exist to address specific problems in information technology security. Most information technology solutions need to be repeatable throughout the course of an information systems lifecycle. The Chain-Link Fence Model is a new model for creating and implementing information technology procedures. This model was validated by two different methods: the first being int...

  2. Maritime supply chain security: Navigating through a sea of compliance requirements

    Directory of Open Access Journals (Sweden)

    Emma Maspero

    2008-11-01

    Full Text Available As a direct result of the 9-11 New York attack all modes of freight and passengertransportation were scrutinised for vulnerabilities. Over 90% of international trade takes place via sea transport for at least some part of the supply chain and as a result there has been a drive to better secure maritime transportation. This paper outlines the background to and the rationale behind the most important of the new security measures for maritime transportation and provides an overview of the likely implications for supply chain role-players. In addition the paper endeavours to create awareness of the importance of maritime supply chain security.

  3. Neural evidence for a multifaceted model of attachment security.

    Science.gov (United States)

    Canterberry, Melanie; Gillath, Omri

    2013-06-01

    The sense of attachment security has been linked with a host of beneficial outcomes related to personal and relational well-being. Moreover, research has demonstrated that the sense of attachment security can be enhanced via cognitive priming techniques. Studies using such techniques have shown that security priming results with similar outcomes as dispositional attachment security. The way security priming leads to these effects, however, is yet to be unveiled. Using fMRI we took one step in that direction and examined the neural mechanisms underlying enhanced attachment security. Participants were exposed to explicit and implicit security- and insecurity-related words. Security priming led to co-occurring activation in brain areas reflective of cognitive, affective, and behavioral processes (e.g., medial frontal cortex, parahippocampus, BA 6). There were activation differences based on attachment style. This research serves as an important step in mapping out the security process and supports a conceptualization of security as part of a behavioral system with multiple components. Copyright © 2012 Elsevier B.V. All rights reserved.

  4. Demarcation of Security in Authentication Protocols

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Security analysis of communication protocols is a slippery business; many “secure” protocols later turn out to be insecure. Among many, two complains are more frequent: inadequate definition of security and unstated assumptions in the security model. In our experience, one principal cause...... for such state of affairs is an apparent overlap of security and correctness, which may lead to many sloppy security definitions and security models. Although there is no inherent need to separate security and correctness requirements, practically, such separation is significant. It makes security analysis...... easier, and enables us to define security goals with a fine granularity. We present one such separation, by introducing the notion of binding sequence as a security primitive. A binding sequence, roughly speaking, is the only required security property of an authentication protocol. All other...

  5. User Requirements and Domain Model Engineering

    NARCIS (Netherlands)

    Specht, Marcus; Glahn, Christian

    2006-01-01

    Specht, M., & Glahn, C. (2006). User requirements and domain model engineering. Presentation at International Workshop in Learning Networks for Lifelong Competence Development. March, 30-31, 2006. Sofia, Bulgaria: TENCompetence Conference. Retrieved June 30th, 2006, from http://dspace.learningnetwor

  6. User Requirements and Domain Model Engineering

    NARCIS (Netherlands)

    Specht, Marcus; Glahn, Christian

    2006-01-01

    Specht, M., & Glahn, C. (2006). User requirements and domain model engineering. Presentation at International Workshop in Learning Networks for Lifelong Competence Development. March, 30-31, 2006. Sofia, Bulgaria: TENCompetence Conference. Retrieved June 30th, 2006, from http://dspace.learningnetwor

  7. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study

    Directory of Open Access Journals (Sweden)

    Weems William A

    2009-06-01

    security officers, directors of offices of research, information security officers and university legal counsel. Nineteen total interviews were conducted over a period of 16 weeks. Respondents provided answers for all four scenarios (a total of 87 questions. Results were grouped by broad themes, including among others: governance, legal and financial issues, partnership agreements, de-identification, institutional technical infrastructure for security and privacy protection, training, risk management, auditing, IRB issues, and patient/subject consent. Conclusion The findings suggest that with additional work, large scale federated sharing of data within a regulated environment is possible. A key challenge is developing suitable models for authentication and authorization practices within a federated environment. Authentication – the recognition and validation of a person's identity – is in fact a global property of such systems, while authorization – the permission to access data or resources – mimics data sharing agreements in being best served at a local level. Nine specific recommendations result from the work and are discussed in detail. These include: (1 the necessity to construct separate legal or corporate entities for governance of federated sharing initiatives on this scale; (2 consensus on the treatment of foreign and commercial partnerships; (3 the development of risk models and risk management processes; (4 development of technical infrastructure to support the credentialing process associated with research including human subjects; (5 exploring the feasibility of developing large-scale, federated honest broker approaches; (6 the development of suitable, federated identity provisioning processes to support federated authentication and authorization; (7 community development of requisite HIPAA and research ethics training modules by federation members; (8 the recognition of the need for central auditing requirements and authority, and; (9 use of two

  8. Assessing work disability for social security benefits: international models for the direct assessment of work capacity.

    Science.gov (United States)

    Geiger, Ben Baumberg; Garthwaite, Kayleigh; Warren, Jon; Bambra, Clare

    2017-08-25

    It has been argued that social security disability assessments should directly assess claimants' work capacity, rather than relying on proxies such as on functioning. However, there is little academic discussion of how such assessments could be conducted. The article presents an account of different models of direct disability assessments based on case studies of the Netherlands, Germany, Denmark, Norway, the United States of America, Canada, Australia, and New Zealand, utilising over 150 documents and 40 expert interviews. Three models of direct work disability assessments can be observed: (i) structured assessment, which measures the functional demands of jobs across the national economy and compares these to claimants' functional capacities; (ii) demonstrated assessment, which looks at claimants' actual experiences in the labour market and infers a lack of work capacity from the failure of a concerned rehabilitation attempt; and (iii) expert assessment, based on the judgement of skilled professionals. Direct disability assessment within social security is not just theoretically desirable, but can be implemented in practice. We have shown that there are three distinct ways that this can be done, each with different strengths and weaknesses. Further research is needed to clarify the costs, validity/legitimacy, and consequences of these different models. Implications for rehabilitation It has recently been argued that social security disability assessments should directly assess work capacity rather than simply assessing functioning - but we have no understanding about how this can be done in practice. Based on case studies of nine countries, we show that direct disability assessment can be implemented, and argue that there are three different ways of doing it. These are "demonstrated assessment" (using claimants' experiences in the labour market), "structured assessment" (matching functional requirements to workplace demands), and "expert assessment" (the

  9. Modeling requirements for in situ vitrification

    Energy Technology Data Exchange (ETDEWEB)

    MacKinnon, R.J.; Mecham, D.C.; Hagrman, D.L.; Johnson, R.W.; Murray, P.E.; Slater, C.E.; Marwil, E.S.; Weaver, R.A.; Argyle, M.D.

    1991-11-01

    This document outlines the requirements for the model being developed at the INEL which will provide analytical support for the ISV technology assessment program. The model includes representations of the electric potential field, thermal transport with melting, gas and particulate release, vapor migration, off-gas combustion and process chemistry. The modeling objectives are to (1) help determine the safety of the process by assessing the air and surrounding soil radionuclide and chemical pollution hazards, the nuclear criticality hazard, and the explosion and fire hazards, (2) help determine the suitability of the ISV process for stabilizing the buried wastes involved, and (3) help design laboratory and field tests and interpret results therefrom.

  10. Aspects and Class-based Security: A Survey of Interactions between Advice Weaving and the Java 2 Security Model.

    NARCIS (Netherlands)

    Sewe, Andreas; Bockisch, Christoph; Mezini, Mira

    2008-01-01

    Various aspect-oriented languages, e.g., AspectJ, Aspect-Werkz, and JAsCo, have been proposed as extensions to one particular object-oriented base language, namely Java. But these extensions do not fully take the interactions with the Java 2 security model into account. In particular, the implementa

  11. [Ecological security early-warning in Zhoushan Islands based on variable weight model].

    Science.gov (United States)

    Zhou, Bin; Zhong, Lin-sheng; Chen, Tian; Zhou, Rui

    2015-06-01

    Ecological security early warning, as an important content of ecological security research, is of indicating significance in maintaining regional ecological security. Based on driving force, pressure, state, impact and response (D-P-S-I-R) framework model, this paper took Zhoushan Islands in Zhejiang Province as an example to construct the ecological security early warning index system, test degrees of ecological security early warning of Zhoushan Islands from 2000 to 2012 by using the method of variable weight model, and forecast ecological security state of 2013-2018 by Markov prediction method. The results showed that the variable weight model could meet the study needs of ecological security early warning of Zhoushan Islands. There was a fluctuant rising ecological security early warning index from 0.286 to 0.484 in Zhoushan Islands between year 2000 and 2012, in which the security grade turned from "serious alert" into " medium alert" and the indicator light turned from "orange" to "yellow". The degree of ecological security warning was "medium alert" with the light of "yellow" for Zhoushan Islands from 2013 to 2018. These findings could provide a reference for ecological security maintenance of Zhoushan Islands.

  12. APPLICATION OF FUZZY OPTIMIZATION MODEL IN ECOLOGICAL SECURITY PRE-WARNING

    Institute of Scientific and Technical Information of China (English)

    WU Kai-ya; HU Shu-heng; SUN Shi-qun

    2005-01-01

    Ecological security is a vital problem that people all over the world today have to face and solve, and the situation of ecological security is getting more and more severe and has begun to impede heavily the sustainable development of social economy. Ecological environment pre-warning has become a hotspot for the modern environment science. This paper introduces the theories of ecological security pre-warning and tries to constitute a pre-warning model of ecological security. In terms of pressure-state-response model, the pre-warning guide line of ecological security is constructed while the pre-warning degree judging model of ecological security is established based on fuzzy optimization. As a case, the model is used to assess the present condition pre-warning of the ecological security of Anhui Province. The result is in correspondence with the real condition: the ecological security situations of 8 cities are dangerous and 9 cities are secure. The result shows that this model is scientific and effective for regional ecological security pre-warning.

  13. Reducing software security risk through an integrated approach research initiative model based verification of the Secure Socket Layer (SSL) Protocol

    Science.gov (United States)

    Powell, John D.

    2003-01-01

    This document discusses the verification of the Secure Socket Layer (SSL) communication protocol as a demonstration of the Model Based Verification (MBV) portion of the verification instrument set being developed under the Reducing Software Security Risk (RSSR) Trough an Integrated Approach research initiative. Code Q of the National Aeronautics and Space Administration (NASA) funds this project. The NASA Goddard Independent Verification and Validation (IV&V) facility manages this research program at the NASA agency level and the Assurance Technology Program Office (ATPO) manages the research locally at the Jet Propulsion Laboratory (California institute of Technology) where the research is being carried out.

  14. Reducing software security risk through an integrated approach research initiative model based verification of the Secure Socket Layer (SSL) Protocol

    Science.gov (United States)

    Powell, John D.

    2003-01-01

    This document discusses the verification of the Secure Socket Layer (SSL) communication protocol as a demonstration of the Model Based Verification (MBV) portion of the verification instrument set being developed under the Reducing Software Security Risk (RSSR) Trough an Integrated Approach research initiative. Code Q of the National Aeronautics and Space Administration (NASA) funds this project. The NASA Goddard Independent Verification and Validation (IV&V) facility manages this research program at the NASA agency level and the Assurance Technology Program Office (ATPO) manages the research locally at the Jet Propulsion Laboratory (California institute of Technology) where the research is being carried out.

  15. Application-Oriented Confidentiality and Integrity Dynamic Union Security Model Based on MLS Policy

    Science.gov (United States)

    Xue, Mingfu; Hu, Aiqun; He, Chunlong

    We propose a new security model based on MLS Policy to achieve a better security performance on confidentiality, integrity and availability. First, it realizes a combination of BLP model and Biba model through a two-dimensional independent adjustment of integrity and confidentiality. And, the subject's access range is adjusted dynamically according to the security label of related objects and the subject's access history. Second, the security level of the trusted subject is extended to writing and reading privilege range respectively, following the principle of least privilege. Third, it adjusts the objects' security levels after adding confidential information to prevent the information disclosure. Fourth, it uses application-oriented logic to protect specific applications to avoid the degradation of security levels. Thus, it can ensure certain applications operate smoothly. Lastly, examples are presented to show the effectiveness and usability of the proposed model.

  16. A Transport Model of Mobile Agent Based on Secure Hybrid Encryption

    Institute of Scientific and Technical Information of China (English)

    SUNZhixin; CHENZhixian; WANGRuchuan

    2005-01-01

    The solution of security problems of mobile agents is a key issue, which will decide whether mobile agents can be widely used. The paper analyzes main security problems, which currently are confronted with mobile agent systems and existing protection solutions. And then the paper presents a Security Transport model of mobile agents based on a hybrid encryption algorithm (TMSHE).Meanwhile, it expatiates on implementation of the algorithm. The algorithm of TMSHE model mainly consists of two parts, i.e., employing a hybrid encryption algorithm to encrypt mobile agents and using Transport layer security (TLS) to encrypt communication channel. Mobile agents by hybrid encryption move through communication channels, which are encrypted by TLS. The simulation results indicate that the model can protect mobile agents' security effectively, and consequently the security and steadiness of the whole mobile agent system are also improved. The model has succeeded in getting application in a prototypesystem- Intrusion detection system based on mobile agents.

  17. Design of secure operating systems with high security levels

    Institute of Scientific and Technical Information of China (English)

    QING SiHan; SHEN ChangXiang

    2007-01-01

    Numerous Internet security incidents have shown that support from secure operating systems is paramount to fighting threats posed by modern computing environments. Based on the requirements of the relevant national and international standards and criteria, in combination with our experience in the design and development of the ANSHENG v4.0 secure operating system with high security level (hereafter simply referred to as ANSHENG OS), this paper addresses the following key issues in the design of secure operating systems with high security levels: security architecture, security policy models, and covert channel analysis. The design principles of security architecture and three basic security models: confidentiality,integrity, and privilege control models are discussed, respectively. Three novel security models and new security architecture are proposed. The prominent features of these proposals, as well as their applications to the ANSHENG OS, are elaborated.Cover channel analysis (CCA) is a well-known hard problem in the design of secure operating systems with high security levels since to date it lacks a sound theoretical basis and systematic analysis approach. In order to resolve the fundamental difficulties of CCA, we have set up a sound theoretical basis for completeness of covert channel identification and have proposed a unified framework for covert channel identification and an efficient backward tracking search method. The successful application of our new proposals to the ANSHENG OS has shown that it can help ease and speedup the entire CCA process.

  18. Understanding requirements via natural language information modeling

    Energy Technology Data Exchange (ETDEWEB)

    Sharp, J.K.; Becker, S.D.

    1993-07-01

    Information system requirements that are expressed as simple English sentences provide a clear understanding of what is needed between system specifiers, administrators, users, and developers of information systems. The approach used to develop the requirements is the Natural-language Information Analysis Methodology (NIAM). NIAM allows the processes, events, and business rules to be modeled using natural language. The natural language presentation enables the people who deal with the business issues that are to be supported by the information system to describe exactly the system requirements that designers and developers will implement. Computer prattle is completely eliminated from the requirements discussion. An example is presented that is based upon a section of a DOE Order involving nuclear materials management. Where possible, the section is analyzed to specify the process(es) to be done, the event(s) that start the process, and the business rules that are to be followed during the process. Examples, including constraints, are developed. The presentation steps through the modeling process and shows where the section of the DOE Order needs clarification, extensions or interpretations that could provide a more complete and accurate specification.

  19. LTE security

    CERN Document Server

    Forsberg, Dan; Moeller, Wolf-Dietrich

    2010-01-01

    Addressing the security solutions for LTE, a cellular technology from Third Generation Partnership Project (3GPP), this book shows how LTE security substantially extends GSM and 3G security. It also encompasses the architectural aspects, known as SAE, to give a comprehensive resource on the topic. Although the security for SAE/LTE evolved from the security for GSM and 3G, due to different architectural and business requirements of fourth generation systems the SAE/LTE security architecture is substantially different from its predecessors. This book presents in detail the security mechanisms em

  20. Ensuring Data Security And Privacy In Cloud Computing Through Transparency as Service Model

    Directory of Open Access Journals (Sweden)

    Afzaal Ahmad

    2014-09-01

    Full Text Available Cloud Computing is hot technology in computer world today. Its getting popular because its inexpensive, provides on demand access when and where needed. It also removes technical staff requirements for maintaining the infrastructure because that is done on the provider side thus significantly reducing organizational costs. It also provides opportunity for scientists to use powerful computing resources for research purposes which are very expensive on rent bases which they normally would not have been able to use due to cost factors.But with these features it has certain problems that discredit the service one of major problems is Data Security and Privacy.Since the only party that has physical access to data storage is provider and to keep track of where data is stored for certain users the providers keep meta-data in their own databases it creates a security and data privacy issue.If meta-data is compromised than unauthorized access to user data is possible.This paper proposes a Transparency Service Model to insure security and privacy of the user data.

  1. Modelling multiple threats to water security in the Peruvian Amazon using the WaterWorld Policy Support System

    OpenAIRE

    A. J. J. van Soesbergen; Mulligan, M.

    2013-01-01

    This paper explores a multitude of threats to water security in the Peruvian Amazon using the WaterWorld policy support system. WaterWorld is a spatially explicit, physically-based globally-applicable model for baseline and scenario water balance that is particularly well suited to heterogeneous environments with little locally available data (e.g. ungauged basins) and which is delivered through a simple web interface, requiring little local capacity for use. The model is capable of pr...

  2. Toward a generic model of security in organizational context: exploring insider threats to information infrastructure.

    Energy Technology Data Exchange (ETDEWEB)

    Martinez-Moyano, I. J.; Samsa, M. E.; Burke, J. F.; Akcam, B. K.; Decision and Information Sciences; Rockefeller Coll. at the State Univ. of New York at Albany

    2008-01-01

    This paper presents a generic model for information security implementation in organizations. The model presented here is part of an ongoing research stream related to critical infrastructure protection and insider threat and attack analysis. This paper discusses the information security implementation case.

  3. 78 FR 73993 - Special Conditions: Cessna Model 680 Series Airplanes; Aircraft Electronic System Security...

    Science.gov (United States)

    2013-12-10

    ... part of the type certification basis for Cessna Model 680 Series airplanes. System Security Protection... Federal Aviation Administration 14 CFR Part 25 Special Conditions: Cessna Model 680 Series Airplanes; Aircraft Electronic System Security Protection From Unauthorized External Access AGENCY: Federal Aviation...

  4. Maritime supply chain security: navigating through a sea of compliance requirements

    CSIR Research Space (South Africa)

    Maspero, EL

    2008-11-01

    Full Text Available the exact whereabouts of cargo and who has had direct physical contact with that cargo. To this end, “by and large, corporate customers want supply chain security technology that will let them comply with government requests for information sharing, while... challenges has been to formulate and introduce measures that provide for increased security without hampering or interrupting the smooth flow of goods. As so much freight is transported by ocean, any large-scale attack on a seaport (or even major...

  5. A developmental approach to learning causal models for cyber security

    Science.gov (United States)

    Mugan, Jonathan

    2013-05-01

    To keep pace with our adversaries, we must expand the scope of machine learning and reasoning to address the breadth of possible attacks. One approach is to employ an algorithm to learn a set of causal models that describes the entire cyber network and each host end node. Such a learning algorithm would run continuously on the system and monitor activity in real time. With a set of causal models, the algorithm could anticipate novel attacks, take actions to thwart them, and predict the second-order effects flood of information, and the algorithm would have to determine which streams of that flood were relevant in which situations. This paper will present the results of efforts toward the application of a developmental learning algorithm to the problem of cyber security. The algorithm is modeled on the principles of human developmental learning and is designed to allow an agent to learn about the computer system in which it resides through active exploration. Children are flexible learners who acquire knowledge by actively exploring their environment and making predictions about what they will find,1, 2 and our algorithm is inspired by the work of the developmental psychologist Jean Piaget.3 Piaget described how children construct knowledge in stages and learn new concepts on top of those they already know. Developmental learning allows our algorithm to focus on subsets of the environment that are most helpful for learning given its current knowledge. In experiments, the algorithm was able to learn the conditions for file exfiltration and use that knowledge to protect sensitive files.

  6. Revising Working Models Across Time: Relationship Situations That Enhance Attachment Security.

    Science.gov (United States)

    Arriaga, Ximena B; Kumashiro, Madoka; Simpson, Jeffry A; Overall, Nickola C

    2017-06-01

    We propose the Attachment Security Enhancement Model (ASEM) to suggest how romantic relationships can promote chronic attachment security. One part of the ASEM examines partner responses that protect relationships from the erosive effects of immediate insecurity, but such responses may not necessarily address underlying insecurities in a person's mental models. Therefore, a second part of the ASEM examines relationship situations that foster more secure mental models. Both parts may work in tandem. We posit that attachment anxiety should decline most in situations that foster greater personal confidence and more secure mental models of the self. In contrast, attachment avoidance should decline most in situations that involve positive dependence and foster more secure models of close others. The ASEM integrates research and theory, suggests novel directions for future research, and has practical implications, all of which center on the idea that adult attachment orientations are an emergent property of close relationships.

  7. Formal Models and Techniques for Analyzing Security Protocols

    CERN Document Server

    Cortier, V

    2011-01-01

    Security protocols are the small distributed programs which are omnipresent in our daily lives in areas such as online banking and commerce and mobile phones. Their purpose is to keep our transactions and personal data secure. Because these protocols are generally implemented on potentially insecure networks like the internet, they are notoriously difficult to devise. The field of symbolic analysis of security protocols has seen significant advances during the last few years. There is now a better understanding of decidability and complexity questions and successful automated tools for the pro

  8. 76 FR 30204 - Exelon Nuclear, Dresden Nuclear Power Station, Unit 1; Exemption From Certain Security Requirements

    Science.gov (United States)

    2011-05-24

    ... the actions and decisions contained in the Responsibility Matrix of the safeguards contingency plan... program, to include a security organization, which will have as its objective to provide high assurance...., reactor vessel, piping systems, and building structures) for DNPS Unit 1 is in a form that does not pose a...

  9. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. In this paper, we present a Risk-Based

  10. 77 FR 35259 - Guidance on Due Diligence Requirements in Determining Whether Securities Are Eligible for Investment

    Science.gov (United States)

    2012-06-13

    ... Policy Statement emphasizes the importance of establishing and maintaining risk processes to manage the... adequate capacity to meet the financial commitments under the security for the projected life of the investment. An issuer has an adequate capacity to meet financial commitments if the risk of default by...

  11. 76 FR 73777 - Guidance on Due Diligence Requirements in Determining Whether Investment Securities Are Eligible...

    Science.gov (United States)

    2011-11-29

    ...-standing expectation that national banks implement a risk management process to ensure credit risk... credit quality is perceived to be very high. Bank management should ensure they understand the security's... credit quality standards under 12 U.S.C. 1831e. These standards determine whether national banks...

  12. Technology transfer of dynamic IT outsourcing requires security measures in SLAs

    NARCIS (Netherlands)

    F. Dickmann (Frank); M. Brodhun (Maximilian); J. Falkner (Jürgen); T.A. Knoch (Tobias); U. Sax (Ulrich)

    2010-01-01

    textabstractFor the present efforts in dynamic IT outsourcing environments like Grid or Cloud computing security and trust are ongoing issues. SLAs are a proved remedy to build up trust in outsourcing relations. Therefore, it is necessary to determine whether SLAs can improve trust from the perspect

  13. 26 CFR 301.7101-1 - Form of bond and security required.

    Science.gov (United States)

    2010-04-01

    ... responsible financial institution acting as escrow agent. (3) Conditions to be met by individual sureties. If..., bank, express or telegraph money order; (v) Secured by corporate bonds or stocks, or by bonds issued by... current market value, above all encumbrances, equal to at least the penalty of the bond; (iii) All real...

  14. Preventing infant abductions: an infant security program transitioned into an interdisciplinary model.

    Science.gov (United States)

    Hiner, Jacqueline; Pyka, Jeanine; Burks, Colleen; Pisegna, Lily; Gador, Rachel Ann

    2012-01-01

    Ensuring the safety of infants born in a hospital is a top priority and, therefore, requires a solid infant security plan. Using an interdisciplinary approach and a systematic change process, nursing leadership in collaboration with clinical nurses and security personnel analyzed the infant security program at this community hospital to identify vulnerabilities. By establishing an interdisciplinary approach to infant security, participants were able to unravel a complicated concept, systematically analyze the gaps, and agree to a plan of action. This resulted in improved communication and clarification of roles between the nursing and security divisions. Supply costs decreased by 17.4% after the first year of implementation. Most importantly, this project enhanced and strengthened the existing infant abduction prevention measures, hard wired the importance of infant security, and minimized vulnerabilities.

  15. An approach to secure weather and climate models against hardware faults

    Science.gov (United States)

    Düben, Peter; Dawson, Andrew

    2017-04-01

    Enabling Earth System models to run efficiently on future supercomputers is a serious challenge for model development. Many publications study efficient parallelisation to allow better scaling of performance on an increasing number of computing cores. However, one of the most alarming threats for weather and climate predictions on future high performance computing architectures is widely ignored: the presence of hardware faults that will frequently hit large applications as we approach exascale supercomputing. Changes in the structure of weather and climate models that would allow them to be resilient against hardware faults are hardly discussed in the model development community. We present an approach to secure the dynamical core of weather and climate models against hardware faults using a backup system that stores coarse resolution copies of prognostic variables. Frequent checks of the model fields on the backup grid allow the detection of severe hardware faults, and prognostic variables that are changed by hardware faults on the model grid can be restored from the backup grid to continue model simulations with no significant delay. To justify the approach, we perform simulations with a C-grid shallow water model in the presence of frequent hardware faults. As long as the backup system is used, simulations do not crash and a high level of model quality can be maintained. The overhead due to the backup system is reasonable and additional storage requirements are small. Runtime is increased by only 13% for the shallow water model.

  16. Improved Security Models & Protocols in Online Mobile Business Financial Transactions

    OpenAIRE

    Sreeramana Aithal

    2017-01-01

    Chapter I : Introduction to Mobile Business and Mobile Banking Chapter II : Review of Literature on Mobile Business Technology, Mobile Banking Services & Security Chapter III : Research Objectives and Methodology Chapter IV : Results and Discussion Chapter V : Summary and Conclusions Bibliography

  17. Modeling and simulation for cyber-physical system security research, development and applications.

    Energy Technology Data Exchange (ETDEWEB)

    Pollock, Guylaine M.; Atkins, William Dee; Schwartz, Moses Daniel; Chavez, Adrian R.; Urrea, Jorge Mario; Pattengale, Nicholas; McDonald, Michael James; Cassidy, Regis H.; Halbgewachs, Ronald D.; Richardson, Bryan T.; Mulder, John C.

    2010-02-01

    This paper describes a new hybrid modeling and simulation architecture developed at Sandia for understanding and developing protections against and mitigations for cyber threats upon control systems. It first outlines the challenges to PCS security that can be addressed using these technologies. The paper then describes Virtual Control System Environments (VCSE) that use this approach and briefly discusses security research that Sandia has performed using VCSE. It closes with recommendations to the control systems security community for applying this valuable technology.

  18. Modelling Efficient Process Oriented Architecture for Secure Mobile Commerce Using Hybrid Routing Protocol in Mobile Adhoc Network

    Directory of Open Access Journals (Sweden)

    Chitra Kiran N

    2012-01-01

    Full Text Available The proposed research work presents a novel approach of process oriented architecture for secure mobile commerce framework using uniquely designed hybrid mobile adhoc routing protocols using reactive and proactive type in real time test-bed. The research work discusses about deployment of mobile commerce which is one of the emerging trend in mobile applications with huge demands. Majority of the existing system lacks either QoS or efficient security protocol when it relates to secure mobile transaction due to the reason that development in wireless technology involved in m-commerce is still in its nascent stage. The real time test bed has been implemented with 20 Intel Atom processor with 32 bit OS establishing an adhoc network and by providing a random mobility to achieve any file type transfer from node to node. For the real-time set up purpose, the experiment is conducted in wireless infrastructure with mobility using G-based Linksys wireless router. Iteration of experiments conducted shows a satisfactory results. This research journal will provide insights with various parameters, security requirements, and concepts which is required in creating a robust model for secure m-commerce system.

  19. Information Governance: A Model for Security in Medical Practice

    OpenAIRE

    Patricia A.H. Williams

    2007-01-01

    Information governance is becoming an important aspect of organisational accountability. In consideration that information is an integral asset of most organisations, the protection of this asset will increasingly rely on organisational capabilities in security.  In the medical arena this information is primarily sensitive patient-based information. Previous research has shown that application of security measures is a low priority for primary care medical practice and that awareness of the r...

  20. Increasing security through public health: a practical model.

    Science.gov (United States)

    Parker, R David

    2011-01-01

    As political and social changes sweep the globe, there are opportunities to increase national security through innovative approaches. While traditional security methods such as defense forces and homeland security provide both pre-emptive and defensive protection, new methods could meet emerging challenges by responding to the political, financial, and social trends. One method is the integration of defense, medicine and public health. By assisting a nation by providing basic services, such as healthcare, collaborative efforts can increase stabilization in areas of unrest. Improved health outcomes leads to increased domestic security, which can create a ripple effect across a region. Assessment, uptake and sustainability by the host nation are critical for program success. The proposed methodology focuses on the use of primarily extant resources, such as programs used by Special Operations Forces and other health and defense programs. Additional components include evaluation, set objectives and mission collaborations. As the nexus between foreign affairs, security, and public health is increasingly validated through research and practice, standardized interventions should be developed to minimize overlapping expenditures, promote security and strengthen international relations.

  1. [Ecological security evaluation of Heilongjiang Province with pressure-state-response model].

    Science.gov (United States)

    Qiu, Wei; Zhao, Qing-liang; Li, Song; Chang, Chein-chi

    2008-04-01

    The ecological security index (ESI) system including 27 indices for Heilongjiang Province was built up with the pressure-state-response (P-S-R) model. The weights of the indices were determined by analytical hierarchy process (AHP) and the ecological security status classification was evaluated by the ESI model for the years of 2000-2005. Then the development trend of ecological security from 2006 to 2010 was forecasted with the grey dynamic model. The results showed that the ecological security ranked the V grade in 2000 and the III grade in 2005, indicating the increase of ecological security. The forecasting results show that the ecological security will be the III grade for 2006, the II grade for 2007-2009, and the I grade for 2010 (ideal security). Thus it can be seen that the ecological security is ascending year by year, and the ecological environment quality is obviously improved with the implementation of eco-province construction since 2000. Through the effective facilitation of eco-province construction etc., the sustainable and healthy development of ecological security will be finally realized in Heilongjiang Province.

  2. Security extension for the Canetti-Krawczyk model in identity-based systems

    Institute of Scientific and Technical Information of China (English)

    LI Xinghua; MA Jianfeng; SangJae Moon

    2005-01-01

    The Canetti-Krawczyk (CK) model is a formalism for the analysis of keyexchange protocols, which can guarantee many security properties for the protocols proved secure by this model. But we find this model lacks the ability to guarantee key generation center (KGC) forward secrecy, which is an important security property for key-agreement protocols based on Identity. The essential reason leading to this weakness is that it does not fully consider the attacker's capabilities. In this paper, the CK model is accordingly extended with a new additional attacker's capability of the KGC corruption in Identity-based systems, which enables it to support KGC forward secrecy.

  3. What Are the Security Requirements for a Two-State Solution between Israel and Palestine?

    Science.gov (United States)

    2011-03-01

    Unified Security Agency, directed primarily by Colonel aI- Hindi was merged with the Central Intelligence, headed by Hakam Bal’awi, a wealthy...Amin al- Hindi , Tariq Abu Rajab and Fakhri Shaffurah, ran the new GIS. “In September 2009, Major General Majid Faraj was appointed head of the service...of vehicles that were destroyed attempting to run the blockade as a memorial and a reminder of the lessons learned from their experience. Israel

  4. Analysis of Marine Corps Renewable Energy Planning to Meet Installation Energy Security Requirements

    OpenAIRE

    Chisom, Christopher M.; Templeton, Jack C.

    2013-01-01

    Approved for public release; distribution is unlimited. The purpose of this thesis is to analyze Marine Corps installation energy consumption and the pursuit of increased renewable energy generation goals across Marine Corps installations. The main objective of this report is to determine the cost of interruption and the net present value (NPV) of renewable energy generation needed to meet the Marine Corps energy security objectives. First, we determine installation-specific energy consump...

  5. 基于IIFA算法的SOA安全模型%SOA Security Model Design Based on IIFA Algorithm

    Institute of Scientific and Technical Information of China (English)

    蔡亮; 王兵; 李辉

    2011-01-01

    针对SOAP消息传输过程中可能引发安全威胁,运用关联规则对SOAP消息进行挖掘,建立IIFA-SOA安全模型.基于系统实时性要求,采用索引生成频繁集算法(IIFA)进行关联规则的挖掘.实例表明,所建立的IIFA-SOA安全模型,可以进行安全威胁的预测与销毁,提高了系统的安全性.%For the SOAP message transmission process may lead to security threats. In this paper we address to mine SOAP messages using association rules, and establish IIFA-SOA security model. Based on the requirements of system real-time, we introduce Index Induce Frequent algorithm for frequent itemsets mining association rules. Experimental results show that the IIFA-SOA security model can make the prediction and elimination of security threats, accordingly improve system security.

  6. A Secure Trust Model for P2P Systems Based on Trusted Computing

    Institute of Scientific and Technical Information of China (English)

    HAO Li-ming; YANG Shu-tang; LU Song-nian; CHEN Gong-liang

    2008-01-01

    Trust is one of the most important security requirements in the design and implementation of peer-to-peer (P2P) systems. In an environment where peers' identity privacy is important, it may conflictwith trustworthiness that is based on the knowledge related to the peer's identity, while identity privacy is usually achieved by hiding such knowledge. A trust model based on trusted computing (TC) technology was proposed to enhance the identity privacy of peers during the trustworthiness evaluation process between peers from different groups. The simulation results show that, the model can be implemented in an efficient way, and when the degree of anonymity within group (DAWG) is up to 0.6 and the percentage of malicious peers is up to 70%, the service selection failure rate is less than 0.15.

  7. Application of the JDL data fusion process model for cyber security

    Science.gov (United States)

    Giacobe, Nicklaus A.

    2010-04-01

    A number of cyber security technologies have proposed the use of data fusion to enhance the defensive capabilities of the network and aid in the development of situational awareness for the security analyst. While there have been advances in fusion technologies and the application of fusion in intrusion detection systems (IDSs), in particular, additional progress can be made by gaining a better understanding of a variety of data fusion processes and applying them to the cyber security application domain. This research explores the underlying processes identified in the Joint Directors of Laboratories (JDL) data fusion process model and further describes them in a cyber security context.

  8. Evaluation of Land Ecological Security in Shandong Province Based on PSR-TOPSIS Model

    Directory of Open Access Journals (Sweden)

    ZHOU Ying-xue

    2016-07-01

    Full Text Available To research the evaluation of land ecological security in Shandong Province, and provide reference for the protection of land ecological security in Shandong, this paper, based on the PSR model, built a land ecological security assessment index system of Shandong Province from three aspects:pressure, state and response. The entropy weight method and improved TOPSIS were employed in the study on the spatial difference of land ecological security among cities in Shandong in 2013. The results showed that:(1The grade of the land ecological security evaluation in Shandong Province included "relatively safety", "critical safety" and "less safety". The spatial differences were obviously, with the grade gradually decreased from the east coast to the west inland;(2The main factors influencing the spatial difference of land ecological security in Shandong were the per capita cultivated land, per capita water resources, land output rate, grain yield per unit area, economic density, environmental investment accounted for GDP, agricultural mechanization level. These were the focus of land ecological security regulation in the future. The evaluation index system based on PSR model can reflect the relationship among the factors of land ecological system, and the TOPSIS can reveal the gap between the land ecological security and it's ideal state. So, the results reflect the land ecological security situation of the study area comparatively accurate.

  9. Model-based security analysis of the German health card architecture.

    Science.gov (United States)

    Jürjens, J; Rumm, R

    2008-01-01

    Health-care information systems are particularly security-critical. In order to make these applications secure, the security analysis has to be an integral part of the system design and IT management process for such systems. This work presents the experiences and results from the security analysis of the system architecture of the German Health Card, by making use of an approach to model-based security engineering that is based on the UML extension UMLsec. The focus lies on the security mechanisms and security policies of the smart-card-based architecture which were analyzed using the UMLsec method and tools. Main results of the paper include a report on the employment of the UMLsec method in an industrial health information systems context as well as indications of its benefits and limitations. In particular, two potential security weaknesses were detected and countermeasures discussed. The results indicate that it can be feasible to apply a model-based security analysis using UMLsec to an industrial health information system like the German Health Card architecture, and that doing so can have concrete benefits (such as discovering potential weaknesses, and an increased confidence that no further vulnerabilities of the kind that were considered are present).

  10. Beyond Boundaries: A Promising New Model for Security and Global Development. Carnegie Results

    Science.gov (United States)

    Theroux, Karen

    2013-01-01

    In 2007, a team of international security experts and researchers at the Henry L. Stimson Center launched an initiative to build an effective model for sustainable nonproliferation of biological, chemical, and nuclear weapons. The project represented an exciting and innovative way of thinking about security: a dual-use approach that operated at…

  11. A threat-vulnerability based risk analysis model for cyber physical system security

    CSIR Research Space (South Africa)

    Ledwaba, Lehlogonolo

    2017-01-01

    Full Text Available processes leaves CPSs vulnerable to security attacks. A threat-vulnerability based risk model is developed through a detailed analysis of CPS security attack structures and threats. The Stuxnet malware attack is used to test the viability of the proposed...

  12. A novel water poverty index model for evaluation of Chinese regional water security

    Science.gov (United States)

    Gong, L.; Jin, C. L.; Li, Y. X.; Zhou, Z. L.

    2017-08-01

    This study proposed an improved Water Poverty Index (WPI) model employed in evaluating Chinese regional water security. Firstly, the Chinese WPI index system was constructed, in which the indicators were obtained according to China River reality. A new mathematical model was then established for WPI values calculation on the basis of Center for Ecology and Hydrology (CEH) model. Furthermore, this new model was applied in Shiyanghe River (located in western China). It turned out that the Chinese index system could clearly reflect the indicators threatening security of river water and the Chinese WPI model is feasible. This work has also developed a Water Security Degree (WSD) standard which is able to be regarded as a scientific basis for further water resources utilization and water security warning mechanism formulation.

  13. Node security

    CERN Document Server

    Barnes, Dominic

    2013-01-01

    A practical and fast-paced guide that will give you all the information you need to secure your Node applications.If you are a developer who wishes to secure your Node applications, whether you are already using Node Security in production, or are considering using it for your next project, then this book will enable you to ensure security of your applications. An understanding of JavaScript is a prerequisite, and some experience with Node is recommended, though not required.

  14. Building a world class information security governance model

    CSIR Research Space (South Africa)

    Lessing, M

    2008-05-01

    Full Text Available The lack of a fully inclusive guideline document to assist the functioning of sufficient Information Security Governance is common in the business environment. This article focuses on developing such a guideline document, based on a number of best...

  15. Job guarantee as model for diminishing social security costs

    NARCIS (Netherlands)

    Dr. Louis Polstra; Kees Mosselman

    2016-01-01

    After the second world war the western European states have built up a socalled welfare state with decent and civilized social security arrangements never shown in history. Since the eighties and especially since the worldwide financial crisis these welfare states are struggling with unexpected high

  16. Enterprise Architecture-Based Risk and Security Modelling and Analysis

    NARCIS (Netherlands)

    Jonkers, Henk; Quartel, Dick A.C.; Kordy, Barbara; Ekstedt, Mathias; Seong Kim, Deng

    2016-01-01

    The growing complexity of organizations and the increasing number of sophisticated cyber attacks asks for a systematic and integral approach to Enterprise Risk and Security Management (ERSM). As enterprise architecture offers the necessary integral perspective, including the business and IT aspects

  17. Social security as Markov equilibrium in OLG models: A note

    DEFF Research Database (Denmark)

    Gonzalez Eiras, Martin

    2011-01-01

    I refine and extend the Markov perfect equilibrium of the social security policy game in Forni (2005) for the special case of logarithmic utility. Under the restriction that the policy function be continuous, instead of differentiable, the equilibrium is globally well defined and its dynamics...

  18. Job guarantee as model for diminishing social security costs

    NARCIS (Netherlands)

    Mosselman, Kees; Polstra, Louis

    2016-01-01

    After the second world war the western European states have built up a socalled welfare state with decent and civilized social security arrangements never shown in history. Since the eighties and especially since the worldwide financial crisis these welfare states are struggling with unexpected high

  19. Hidden Page WebCrawler Model for Secure Web Pages

    Directory of Open Access Journals (Sweden)

    K. F. Bharati

    2013-03-01

    Full Text Available The traditional search engines available over the internet are dynamic in searching the relevant content over the web. The search engine has got some constraints like getting the data asked from a varied source, where the data relevancy is exceptional. The web crawlers are designed only to more towards a specific path of the web and are restricted in moving towards a different path as they are secured or at times restricted due to the apprehension of threats. It is possible to design a web crawler that will have the capability of penetrating through the paths of the web, not reachable by the traditional web crawlers, in order to get a better solution in terms of data, time and relevancy for the given search query. The paper makes use of a newer parser and indexer for coming out with a novel idea of web crawler and a framework to support it. The proposed web crawler is designed to attend Hyper Text Transfer Protocol Secure (HTTPS based websites and web pages that needs authentication to view and index. User has to fill a search form and his/her creditionals will be used by the web crawler to attend secure web server for authentication. Once it is indexed the secure web server will be inside the web crawler’s accessible zone

  20. Modeling Homeland Security: A Value Focused Thinking Approach

    Science.gov (United States)

    2013-02-21

    BIB -1 viii List of Figures Page Figure 2-1: Organization of the Department of Homeland Security...richard.deckro@afit.edu. BIB -1 Bibliography 1. Advisory Panel to Assess Domestic Response Capabilities For Terrorism Involving Weapons of...House, 2002. BIB -2 13. CERN: European Organization for Nuclear Resources. “Affinity Diagram.” Technical Support Division. November 2002

  1. A Brief History of Security Models for Confidentiality

    Science.gov (United States)

    Dent, Alexander W.

    Despite the fact that industry continues to rate confidentiality protection as the least important security goal for a commercial organisation, the cryptographic community has a fascination with developing new encryption technologies. It often seems that the majority of advances in general cryptologic theory are a result of research designed to improve our ability to transmit messages confidentially.

  2. Vague Sets Security Measure for Steganographic System Based on High-Order Markov Model

    Directory of Open Access Journals (Sweden)

    Chun-Juan Ouyang

    2017-01-01

    Full Text Available Security measure is of great importance in both steganography and steganalysis. Considering that statistical feature perturbations caused by steganography in an image are always nondeterministic and that an image is considered nonstationary, in this paper, the steganography is regarded as a fuzzy process. Here a steganographic security measure is proposed. This security measure evaluates the similarity between two vague sets of cover images and stego images in terms of n-order Markov chain to capture the interpixel correlation. The new security measure has proven to have the properties of boundedness, commutativity, and unity. Furthermore, the security measures of zero order, first order, second order, third order, and so forth are obtained by adjusting the order value of n-order Markov chain. Experimental results indicate that the larger n is, the better the measuring ability of the proposed security measure will be. The proposed security measure is more sensitive than other security measures defined under a deterministic distribution model, when the embedding is low. It is expected to provide a helpful guidance for designing secure steganographic algorithms or reliable steganalytic methods.

  3. Integrated modelling requires mass collaboration (Invited)

    Science.gov (United States)

    Moore, R. V.

    2009-12-01

    The need for sustainable solutions to the world’s problems is self evident; the challenge is to anticipate where, in the environment, economy or society, the proposed solution will have negative consequences. If we failed to realise that the switch to biofuels would have the seemingly obvious result of reduced food production, how much harder will it be to predict the likely impact of policies whose impacts may be more subtle? It has been clear for a long time that models and data will be important tools for assessing the impact of events and the measures for their mitigation. They are an effective way of encapsulating knowledge of a process and using it for prediction. However, most models represent a single or small group of processes. The sustainability challenges that face us now require not just the prediction of a single process but the prediction of how many interacting processes will respond in given circumstances. These processes will not be confined to a single discipline but will often straddle many. For example, the question, “What will be the impact on river water quality of the medical plans for managing a ‘flu pandemic and could they cause a further health hazard?” spans medical planning, the absorption of drugs by the body, the spread of disease, the hydraulic and chemical processes in sewers and sewage treatment works and river water quality. This question nicely reflects the present state of the art. We have models of the processes and standards, such as the Open Modelling Interface (the OpenMI), allow them to be linked together and to datasets. We can therefore answer the question but with the important proviso that we thought to ask it. The next and greater challenge is to deal with the open question, “What are the implications of the medical plans for managing a ‘flu pandemic?”. This implies a system that can make connections that may well not have occurred to us and then evaluate their probable impact. The final touch will be to

  4. Research on Network Security Risk Model Based on the Information Security Level Protection Standards%基于信息安全等保标准的网络安全风险模型研究

    Institute of Scientific and Technical Information of China (English)

    李涛; 张驰

    2016-01-01

    信息安全等级保护是信息系统必不可少的安全保障,其要求不同安全等级的系统应具有不同的安全保护能力,通过在安全技术和安全管理上选用与安全等级相适应的安全控制来实现。文章着眼于三级信息系统安全等保测评的一个重要方面——网络安全,通过建立反映其安全状况和风险威胁的风险评估模型,对三级系统等保网络安全层面的安全控制模块进行风险评估分析研究,对不同安全侧重点的系统进行安全评价,反映系统的总体网络架构和各关键网络设备的安全保护情况,进而更精确地得到不同风险对系统的影响,可更有效地对安全风险进行控制和预防,为系统的安全决策提供有力支持和安全保障。%Information security level protection is an important guarantee of information system. It requires that different level information system should have the different security proctection which is realized by using suitable security control on security technology and system management. The paper focuses on an important aspect of the three information system security assessment of the level of protection assessment model, the three-tier grading system information network security level to protect the safety control module for risk assessment analysis to accurately focus on different security information systems security evaluation accurately reflects the overall network architecture and all critical information systems security of the network devices. Based on the assessment model, the most common major information systems - three information systems, "Network security risk assessment based on the information system security protection standards."Derived by analyzing three information systems risk assignment, and then get a more precise impact of different risk levels for each system can more effectively control security risks and prevention, provide strong support for the

  5. DEVELOPMENT PROBABILITY-LINGUISTIC MODELS VULNERABILITY ASSESSMENT OF AVIATION SECURITY IMPORTANT TECHNICAL FACILITIES

    National Research Council Canada - National Science Library

    2016-01-01

    ... are justified, and the assessment problem of the protected object vulnerability is formulated. The main advantage of the developed model is the extensive opportunities of formalization of diverse information on the security status of the object...

  6. Representing humans in system security models: An actor-network approach

    NARCIS (Netherlands)

    Pieters, Wolter

    2011-01-01

    System models to assess the vulnerability of information systems to security threats typically represent a physical infrastructure (buildings) and a digital infrastructure (computers and networks), in combination with an attacker traversing the system while acquiring credentials. Other humans are ge

  7. Representing humans in system security models: An actor-network approach

    NARCIS (Netherlands)

    Pieters, Wolter

    2011-01-01

    System models to assess the vulnerability of information systems to security threats typically represent a physical infrastructure (buildings) and a digital infrastructure (computers and networks), in combination with an attacker traversing the system while acquiring credentials. Other humans are ge

  8. CCMP-AES Model with DSR routing protocol to secure Link layer and Network layer in Mobile Adhoc Networks

    Directory of Open Access Journals (Sweden)

    Dr.G.Padmavathi

    2010-08-01

    Full Text Available Mobile Adhoc network is a special kind of wireless networks. It is a collection of mobile nodes without having aid of established infrastructure. Mobile Adhoc network are vulnerable to attacks compared to wired networks due to limited physical security, volatilenetwork topologies, power-constrained operations, intrinsic requirement of mutual trust among all nodes. During deployment, security emerges as a central requirement due to many attacks that affects the performance of the ad hoc networks. Particularly Blackhole attack is one such severe attack against ad hoc routing protocols which is a challenging one to defend against. The proposed model combines the On demand routing protocol DSR with CCMP-AES mode to defend against black hole attack and it also provides confidentiality and authentication of packets in both routing and link layers of MANET. The primary focus of this work is to provide security mechanisms while transmitting data frames in a node to node manner. The security protocol CCMP-AES working in data link layerkeeps data frame from eavesdropping, interception, alteration, or dropping from unauthorized party along the route from the source to the destination. The simulation is done for different number of mobile nodes using network simulator qualnet 5.0. The proposedmodel has shown better results in terms of Total bytes received, packet delivery ratio, throughput, End to End delay and Average jitter.

  9. Modelling Socio-Technical Aspects of Organisational Security

    DEFF Research Database (Denmark)

    Ivanova, Marieta Georgieva

    Identification of threats to organisations and risk assessment often take into consideration the pure technical aspects, overlooking the vulnerabilities originating from attacks on a social level, for example social engineering, and abstracting away the physical infrastructure. However, attacks o...... it. We validate our approach using scenarios from IPTV and Cloud Infrastructure case studies....... on organisations are far from being purely technical. After all, organisations consist of employees. Often the human factor appears to be the weakest point in the security of organisations. It may be easier to break through a system using a social engineering attack rather than a pure technological one. The Stux......Net attack is only one of the many examples showing that vulnerabilities of organisations are increasingly exploited on different levels including the human factor. There is an urgent need for integration between the technical and social aspects of systems in assessing their security. Such an integration...

  10. Cloud Security--A New Social Security Model of Service Oriented%云保障--面向服务的社会保障新模式

    Institute of Scientific and Technical Information of China (English)

    林涛; 林毓铭

    2014-01-01

    结合当前我国社会保障事业面临的挑战和问题,根据云计算、物联网、云安全等技术发展趋势,提出云保障是面向服务的社会保障新模式。分析了云保障的定义和功能,描绘了云保障系统、模式框架和关键技术。%Combining the challenge and issues of our country’s social security nowadays, and on the basis of technological trends of cloud computing, internet of things, cloud security. etc., this article raises cloud security, which is a new social security model of service oriented, analyzes the definition and function of cloud security, and describes the system, pattern framework, and key technologies of cloud security.

  11. Gamified Requirements Engineering: Model and Experimentation

    NARCIS (Netherlands)

    Lombriser, Philipp; Dalpiaz, Fabiano; Lucassen, Garm; Brinkkemper, Sjaak

    2016-01-01

    [Context & Motivation] Engaging stakeholders in requirements engineering (RE) influences the quality of the requirements and ultimately of the system to-be. Unfortunately, stakeholder engagement is often insufficient, leading to too few, low-quality requirements. [Question/problem] We aim to

  12. Gamified Requirements Engineering: Model and Experimentation

    NARCIS (Netherlands)

    Lombriser, Philipp; Dalpiaz, Fabiano; Lucassen, Garm; Brinkkemper, Sjaak

    2016-01-01

    [Context & Motivation] Engaging stakeholders in requirements engineering (RE) influences the quality of the requirements and ultimately of the system to-be. Unfortunately, stakeholder engagement is often insufficient, leading to too few, low-quality requirements. [Question/problem] We aim to evaluat

  13. Gamified Requirements Engineering: Model and Experimentation

    NARCIS (Netherlands)

    Lombriser, Philipp; Dalpiaz, Fabiano|info:eu-repo/dai/nl/369508394; Lucassen, Garm; Brinkkemper, Sjaak|info:eu-repo/dai/nl/07500707X

    2016-01-01

    [Context & Motivation] Engaging stakeholders in requirements engineering (RE) influences the quality of the requirements and ultimately of the system to-be. Unfortunately, stakeholder engagement is often insufficient, leading to too few, low-quality requirements. [Question/problem] We aim to evaluat

  14. Security analysis of chaotic communication systems based on Volterra-Wiener-Korenberg model

    Energy Technology Data Exchange (ETDEWEB)

    Lei Min [State Key Lab of Vibration, Shock and Noise, Shanghai Jiao Tong University, Shanghai 200030 (China)] e-mail: leimin@sjtu.edu.cn; Meng Guang [State Key Lab of Vibration, Shock and Noise, Shanghai Jiao Tong University, Shanghai 200030 (China); Feng Zhengjin [Institute of Mechatronic Control System, Shanghai Jiao Tong University, Shanghai 200030 (China)

    2006-04-01

    Pseudo-randomicity is an important cryptological characteristic for proof of encryption algorithms. This paper proposes a nonlinear detecting method based on Volterra-Wiener-Korenberg model and suggests an autocorrelation function to analyze the pseudo-randomicity of chaotic secure systems under different sampling interval. The results show that: (1) the increase of the order of the chaotic transmitter will not necessarily result in a high degree of security; (2) chaotic secure systems have higher and stronger pseudo-randomicity at sparse sampling interval due to the similarity of chaotic time series to the noise; (3) Volterra-Wiener-Korenberg method can also give a further appropriate sparse sampling interval for improving the security of chaotic secure communication systems. For unmasking chaotic communication systems, the Volterra-Wiener-Korenberg technique can be applied to analyze the chaotic time series with surrogate data.

  15. The Informatics Security Cost of Distributed Applications

    Directory of Open Access Journals (Sweden)

    Ion IVAN

    2010-01-01

    Full Text Available The objective, necessity, means and estimated efficiency of information security cost modeling are presented. The security requirements of distributed informatics applications are determined. Aspects regarding design, development and implementation are established. Influence factors for informatics security are presented and their correlation is analyzed. The costs associated to security processes are studied. Optimal criteria for informatics security are established. The security cost of the informatics application for validating organizational identifiers is determined using theoretical assumptions made for cost models. The conclusions highlight the validity of research results and offer perspectives for future research.

  16. Leadership in organizations with high security and reliability requirements; Liderazgo en organizaciones con altos requisitos de seguridad y fiabilidad

    Energy Technology Data Exchange (ETDEWEB)

    Gonzalez, F.

    2013-07-01

    Developing leadership skills in organizations is the key to ensure the sustain ability of excellent results in industries with high requirements safety and reliability. In order to have a model of leadership development specific to this type of organizations, Tecnatom in 2011, we initiated a project internal, to find and adapt a competency model to these requirements.

  17. Earnings sharing in Social Security: projected impacts of alternative proposals using the MINT model.

    Science.gov (United States)

    Iams, Howard M; Reznik, Gayle L; Tamborini, Christopher R

    2009-01-01

    Changes in American family and work patterns over the past decades have prompted various policy proposals for changing the structure of Social Security benefits. In this article, we use the Social Security Administration's Modeling Income in the Near Term (MINT) microsimulation model to project how Social Security benefit amounts would change in response to incorporating earnings sharing into benefit calculations for the population aged 62 or older in 2030 under three hypothetical policy scenarios. The earnings sharing scenarios modeled in the article would reduce benefits for the majority of individuals, although there are important differences among married, divorced, and widowed individuals. Some groups of men and women would experience increases in Social Security benefits, while some would receive reduced benefits in comparison to current law, particularly widowed individuals. Allowing widows to inherit the earnings records of their deceased husbands would improve their outcomes.

  18. 48 CFR 352.239-72 - Security requirements for Federal information technology resources.

    Science.gov (United States)

    2010-10-01

    ... in “HHS-Controlled Facilities and Information Systems Security” requirements specified in the SOW/PWS... access to the Contractor's and subcontractors' facilities, installations, operations, documentation... of IT inspection (to include vulnerability testing), investigation, and audit to safeguard against...

  19. 78 FR 76251 - Special Conditions: Airbus, Model A350-900 Series Airplane; Electronic System Security Protection...

    Science.gov (United States)

    2013-12-17

    ...; Electronic System Security Protection From Unauthorized External Access AGENCY: Federal Aviation... conditions for Airbus Model A350- 900 series airplanes. These airplanes will have a novel or unusual design feature associated with electronic system security protection from unauthorized external access....

  20. From requirements to Java in a snap model-driven requirements engineering in practice

    CERN Document Server

    Smialek, Michal

    2015-01-01

    This book provides a coherent methodology for Model-Driven Requirements Engineering which stresses the systematic treatment of requirements within the realm of modelling and model transformations. The underlying basic assumption is that detailed requirements models are used as first-class artefacts playing a direct role in constructing software. To this end, the book presents the Requirements Specification Language (RSL) that allows precision and formality, which eventually permits automation of the process of turning requirements into a working system by applying model transformations and co

  1. A Smart and Generic Secured Storage Model for Web based Systems

    Directory of Open Access Journals (Sweden)

    P.Iyappan

    2014-09-01

    Full Text Available Nowadays, Recent developments shows that, Cloud computing is a milestone in delivering IT services based on the Internet. Storage as a Service is a type of business model which rents storage space for smaller companies or even for individuals. The vendors are targeting secondary storage by promoting this service which allows a convenient way of managing backups instead of maintaining a large tape library. The key advantage of using Storage service is cost savings of hardware and physical storage spaces. In securing Storage as a Service model, there is a need for a middleware to monitor the data transmission among cloud storage and various clients. The objective of the system aims at developing a smart and integrated dynamic secured storage model which acts as a middleware in supporting all the primary security goals such as confidentiality, data integrity, and accountability. This proposed model will provide secured data dynamics, access controls and auditability. The secured data dynamics is done by Boneh Franklin-Identity Based Cryptography. This model enhances the accounting model in adding indexing policies and provides security in the audit logs through password based cryptography along with AES. This is a generic middleware assisting the basic security features for any cloud environment, so that it can be equipped for any type of system. The main advantage of the proposed system is to reduce the time complexity in encryption and decryption process and also to provide higher degree of security. We also leveraged the implementation of this middleware in a mail server environment with drive option which poses file storage and enables file sharing among the drive users.

  2. Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation.

    Science.gov (United States)

    Bernik, Igor; Prislan, Kaja

    Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model-ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it's recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.

  3. Modeling uncertainty in requirements engineering decision support

    Science.gov (United States)

    Feather, Martin S.; Maynard-Zhang, Pedrito; Kiper, James D.

    2005-01-01

    One inherent characteristic of requrements engineering is a lack of certainty during this early phase of a project. Nevertheless, decisions about requirements must be made in spite of this uncertainty. Here we describe the context in which we are exploring this, and some initial work to support elicitation of uncertain requirements, and to deal with the combination of such information from multiple stakeholders.

  4. Modeling uncertainty in requirements engineering decision support

    Science.gov (United States)

    Feather, Martin S.; Maynard-Zhang, Pedrito; Kiper, James D.

    2005-01-01

    One inherent characteristic of requrements engineering is a lack of certainty during this early phase of a project. Nevertheless, decisions about requirements must be made in spite of this uncertainty. Here we describe the context in which we are exploring this, and some initial work to support elicitation of uncertain requirements, and to deal with the combination of such information from multiple stakeholders.

  5. Modeling Local vs. Global Dimensions of Food Security in Sub-Saharan Africa

    Science.gov (United States)

    Evans, T. P.; Caylor, K. K.; Estes, L. D.; McCord, P. F.; Attari, S.; Sheffield, J.

    2015-12-01

    Food security remains a daunting challenge in Sub-Saharan Africa despite dramatic efforts to foster innovation in the agricultural sector. Food security is complicated by a diversity of factors whose relative influence varies across scales, such as the nature of transportation infrastructure, the variety of agricultural practices, and the relative importance of food production versus food access. Efforts to model food security often focus on local-level dynamics (agricultural decision-making) or regional/coarse scale dynamics (e.g. GCM output + generalized equilibrium models of food trade) - both scales are of paramount importance to food security. Yet models of food security rarely span this scale divide. We present work linking agent-based models of agricultural decision-making to regional and global dynamics of environmental change, food movement and virtual water trade in sub-Saharan Africa. Specifically we investigate the heterogeneity of environmental factors and agricultural decisions within the context of droughts of different duration and spatial extent. Drivers of meteorological drought manifest in agricultural drought through the complexity inherent in agricultural management. But efforts to model food security are often challenged by a lack of local-level empirical data to characterize the relationship between meteorological drought and agricultural drought. Our agent-based model is built using detailed information on household farm assets and individual farmer decisions, combined with crop yield estimated developed using the DSSAT cropping system model run with bias-corrected meteorological data. We then address food access through a analysis of food trade data given the increasing relevance of food movement to mitigate local and regional drought. We discuss the analytical challenges and opportunities in linking these cross-scale dynamics in food security modeling.

  6. Regional, national and international security requirements for the transport of nuclear cargo by sea

    Energy Technology Data Exchange (ETDEWEB)

    Booker, P.A.; Barnwell, I. [Marine Operations, BNFL International Transport and British Nuclear Group Security (United Kingdom)

    2004-07-01

    Since the beginning of the nuclear age in the 1940's, the world has focused on the immense possibilities of nuclear power with both its destructive and productive capabilities. The civil nuclear industry in the UK, as in most nuclear weapons states, grew from the military facilities built in the post war years under the political climate of the Cold War. In the early years of the industry, civil and defence nuclear facilities were inextricably linked both in public perceptions and the regulatory infrastructure under which they operated. The nuclear arms race and the spread of communism overshadowed people's perceptions of there being two separate uses of nuclear material. This was a double edged sword which initially allowed the industry to develop largely unhindered by public concerns but latterly meant the industry could not break away from its roots and to many is still perceived as a dangerous and destructive force. Regulatory frameworks governing all aspects of the industry have developed both nationally and internationally driven by valid public concerns, political agendas and an international consensus that the unregulated use of nuclear material has catastrophic possibilities on an international scale. With the internationalisation of the civil nuclear industry and the costs associated with developing facilities to fully support each stage of the fuel cycle, from enrichment, fuel manufacturing, reprocessing and waste remediation, it became inevitable that a transport infrastructure would develop to make best use of the facilities. Regulations, both national and international are implicit in ensuring the security of nuclear material in transit. Due to the physical size of many of the irradiated fuel packages and implications of the changes to transport safety regulations, international transports of nuclear material, other than within mainland Europe, is predominantly carried out by sea.

  7. A goal-oriented requirements modelling language for enterprise architecture

    NARCIS (Netherlands)

    Quartel, Dick; Engelsman, Wilco; Jonkers, Henk; Sinderen, van Marten

    2009-01-01

    Methods for enterprise architecture, such as TOGAF, acknowledge the importance of requirements engineering in the development of enterprise architectures. Modelling support is needed to specify, document, communicate and reason about goals and requirements. Current modelling techniques for enterpris

  8. A goal-oriented requirements modelling language for enterprise architecture

    NARCIS (Netherlands)

    Quartel, Dick; Engelsman, W.; Jonkers, Henk; van Sinderen, Marten J.

    2009-01-01

    Methods for enterprise architecture, such as TOGAF, acknowledge the importance of requirements engineering in the development of enterprise architectures. Modelling support is needed to specify, document, communicate and reason about goals and requirements. Current modelling techniques for

  9. Security Solutions for Networked Control Systems Based on DES Algorithm and Improved Grey Prediction Model

    Directory of Open Access Journals (Sweden)

    Liying Zhang

    2013-11-01

    Full Text Available Compared with the conventional control systems, networked control systems (NCSs are more open to the external network. As a result, they are more vulnerable to attacks from disgruntled insiders or malicious cyber-terrorist organizations. Therefore, the security issues of NCSs have been receiving a lot of attention recently. In this brief, we review the existing literature on security issues of NCSs and propose some security solutions for the DC motor networked control system. The typical Data Encryption Standard (DES algorithm is adopted to implement data encryption and decryption. Furthermore, we design a Detection and Reaction Mechanism (DARM on the basis of DES algorithm and the improved grey prediction model. Finally, our proposed security solutions are tested with the established models of deception and DOS attacks. According to the results of numerical experiments, it's clear to see the great feasibility and effectiveness of the proposed solutions above.

  10. Integrating a flexible modeling framework (FMF) with the network security assessment instrument to reduce software security risk

    Science.gov (United States)

    Gilliam, D. P.; Powell, J. D.

    2002-01-01

    This paper presents a portion of an overall research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

  11. Integrating a flexible modeling framework (FMF) with the network security assessment instrument to reduce software security risk

    Science.gov (United States)

    Gilliam, D. P.; Powell, J. D.

    2002-01-01

    This paper presents a portion of an overall research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

  12. 49 CFR 1572.9 - Applicant information required for HME security threat assessment.

    Science.gov (United States)

    2010-10-01

    ... notification via e-mail, the applicant should so state. (3) Date of birth. (4) Gender. (5) Height, weight, hair... work for the employer(s) requires an HME. If the applicant's current employer is the U.S. military... maritime facility or vessel, TSA may provide limited information necessary to reduce the risk of injury...

  13. 78 FR 48218 - Emergency Order Establishing Additional Requirements for Attendance and Securement of Certain...

    Science.gov (United States)

    2013-08-07

    ... operating crew requirements considering technology, length of train, speeds, classification of dangerous... gases. Chlorine gas and anhydrous ammonia are two examples of PIH materials (Division 2.3) that are... Dakota, as the Bakken formation in the Williston Basin has become a major source for oil production in...

  14. 78 FR 65153 - Special Conditions: Learjet Model 45 Series Airplanes; Aircraft Electronic System Security...

    Science.gov (United States)

    2013-10-31

    ... Learjet Model 45 series airplanes. The Model 45 series airplanes are swept-wing aircraft equipped with two... type certification basis for Learjet Model 45 series airplanes. System Security Protection for Aircraft... ensure that continued airworthiness of the aircraft is maintained, including all...

  15. Generating unique IDs from patient identification data using security models

    Directory of Open Access Journals (Sweden)

    Emad A Mohammed

    2016-01-01

    Full Text Available Background: The use of electronic health records (EHRs has continued to increase within healthcare systems in the developed and developing nations. EHRs allow for increased patient safety, grant patients easier access to their medical records, and offer a wealth of data to researchers. However, various bioethical, financial, logistical, and information security considerations must be addressed while transitioning to an EHR system. The need to encrypt private patient information for data sharing is one of the foremost challenges faced by health information technology. Method: We describe the usage of the message digest-5 (MD5 and secure hashing algorithm (SHA as methods for encrypting electronic medical data. In particular, we present an application of the MD5 and SHA-1 algorithms in encrypting a composite message from private patient information. Results: The results show that the composite message can be used to create a unique one-way encrypted ID per patient record that can be used for data sharing. Conclusion: The described software tool can be used to share patient EMRs between practitioners without revealing patients identifiable data.

  16. A Framework for Evaluating Computer Architectures to Support Systems with Security Requirements, with Applications.

    Science.gov (United States)

    1987-11-05

    develops a set of criteria for evaluating computer architectures that are to support sy’stemns v% ith securit % requirements. Central to these criteria is the...M.. u Fu ’VMR Appendix B DEC VAX-11/780 OVERVIEW The VAX-I1/780 is a 32-bit computer with a virtual memory space of up to 4G -bytes IBI]. The

  17. The Application of AHP Model to Guide Decision Makers: A Case Study of E-banking Security

    CERN Document Server

    Syamsuddin, Irfan; 10.1109/ICCIT.2009.251

    2010-01-01

    Changes in technology have resulted in new ways for bankers to deliver their services to costumers. Electronic banking systems in various forms are the evidence of such advancement. However, information security threats also evolving along this trend. This paper proposes the application of Analytic Hierarchy Process (AHP) methodology to guide decision makers in banking industries to deal with information security policy. The model is structured according aspects of information security policy in conjunction with information security elements. We found that cultural aspect is valued on the top priority among other security aspects, while confidentiality is considered as the most important factor in terms of information security elements.

  18. Model for the evaluation of the energy and environemntal security in Japan. Nippon no energy to kankyo no security hyoka model

    Energy Technology Data Exchange (ETDEWEB)

    Mori, S. (Science University of Tokyo, Tokyo (Japan)); Arakawa, F. (Electric Power Development Co. Ltd., Tokyo (Japan))

    1992-12-20

    This paper introduces an energy security model intended to achieve consistency in demand and supply of energies in Japan and assure stability as a system. The model divides an energy system into segments from supply to consumption and expresses each segment in demand functions. A cross impact method is used to analyze the function. The considered structural equations involve final energy demand functions, logit share function models for fuel substitution, electric power supply blocks, interrelations among prices for fossil fuels, economic activity blocks, and cogeneration systems. Examples of evaluating the future uncertainties include interruption of oil supply, implementation of a fossil fuel consumption tax system, strengthening of regulations on nuclear power generation, and introduction of cogeneration systems. These cases were applied to the above structural equations to perform a simulation. Suggestions were given on contribution of oil substituting energies to the security, and large effect of CO2 emission tax. 18 refs., 9 figs., 7 tabs.

  19. AST: Activity-Security-Trust driven modeling of time varying networks.

    Science.gov (United States)

    Wang, Jian; Xu, Jiake; Liu, Yanheng; Deng, Weiwen

    2016-02-18

    Network modeling is a flexible mathematical structure that enables to identify statistical regularities and structural principles hidden in complex systems. The majority of recent driving forces in modeling complex networks are originated from activity, in which an activity potential of a time invariant function is introduced to identify agents' interactions and to construct an activity-driven model. However, the new-emerging network evolutions are already deeply coupled with not only the explicit factors (e.g. activity) but also the implicit considerations (e.g. security and trust), so more intrinsic driving forces behind should be integrated into the modeling of time varying networks. The agents undoubtedly seek to build a time-dependent trade-off among activity, security, and trust in generating a new connection to another. Thus, we reasonably propose the Activity-Security-Trust (AST) driven model through synthetically considering the explicit and implicit driving forces (e.g. activity, security, and trust) underlying the decision process. AST-driven model facilitates to more accurately capture highly dynamical network behaviors and figure out the complex evolution process, allowing a profound understanding of the effects of security and trust in driving network evolution, and improving the biases induced by only involving activity representations in analyzing the dynamical processes.

  20. Mobile intelligent terminal security technology requirements standard interpretation%移动智能终端安全能力技术要求标准解读

    Institute of Scientific and Technical Information of China (English)

    谢利涛

    2013-01-01

    主要介绍了YD/T2407-2013《移动智能终端安全能力技术要求》标准的范围、安全能力框架及目标、主要技术要求、功能限制要求、安全能力分级和贯彻实施的相关建议。重点针对硬件安全能力、操作系统安全能力、外围接口安全能力、应用层安全要求和用户数据保护安全能力等方面进行了说明。%Mainly introduces YD/T2407-2013“intelligent mobile terminal security technical requirements”standard range,security framework and target,main technical requirements,functional limitations,safety re-quirements Ability Classification and implementation suggestions.Focusing on ability,hardware security op-erating system security capacity,peripheral interface security ability,application layer security require-ments and user data safety protection ability and other aspects are described.

  1. Routing in Vehicular Networks: Feasibility, Modeling, and Security

    Directory of Open Access Journals (Sweden)

    Ioannis Broustis

    2008-01-01

    Full Text Available Vehicular networks are sets of surface transportation systems that have the ability to communicate with each other. There are several possible network architectures to organize their in-vehicle computing systems. Potential schemes may include vehicle-to-vehicle ad hoc networks, wired backbone with wireless last hops, or hybrid architectures using vehicle-to-vehicle communications to augment roadside communication infrastructures. Some special properties of these networks, such as high mobility, network partitioning, and constrained topology, differentiate them from other types of wireless networks. We provide an in-depth discussion on the important studies related to architectural design and routing for such networks. Moreover, we discuss the major security concerns appearing in vehicular networks.

  2. Model Based Cyber Security Analysis for Research Reactor Protection System

    Energy Technology Data Exchange (ETDEWEB)

    Sho, Jinsoo; Rahman, Khalil Ur; Heo, Gyunyoung [Kyung Hee Univ., Yongin (Korea, Republic of); Son, Hanseong [Joongbu Univ., Geumsan (Korea, Republic of)

    2013-07-01

    The study on the qualitative risk due to cyber-attacks into research reactors was performed using bayesian Network (BN). This was motivated to solve the issues of cyber security raised due to digitalization of instrumentation and control (I and C) system. As a demonstrative example, we chose the reactor protection system (RPS) of research reactors. Two scenarios of cyber-attacks on RPS were analyzed to develop mitigation measures against vulnerabilities. The one is the 'insertion of reactor trip' and the other is the 'scram halt'. The six mitigation measures are developed for five vulnerability for these scenarios by getting the risk information from BN.

  3. Improved E-Banking System With Advanced Encryption Standards And Security Models

    Directory of Open Access Journals (Sweden)

    Sharaaf N. A.

    2015-08-01

    Full Text Available Emerging new Technologies and large scale businesses have made this world a global village. Many business organizations provide online services targeting global consumer bases. Transaction in international scale has been enabled by banks all around the world through E-banking in order to supply the needs of above business organizations. E-banking serves lots of benefits to both customers of banks and banks itself. It adds value to customers satisfaction with better service quality and enables banks to gain a competitive advantage over other competitors. Online banking need to possess high level security in order to provide safe consistent and robust online environment which guarantees secure data transmission and identity of both bank and customer. Lack of security may lead to less trust or hard to trust attitude towards online banking. Although customers are attracted by online banking convenience they seem largely in concern about identity theft and phishing. Analysis of many research papers on e-banking security models and their respective advantages and disadvantages have been discussed in literature review. Username password E-banking dongles fractal images biometric scans and advanced encryption standards are some of the suggested solutions for E-banking security. This study focuses on the security beyond above mechanisms. This paper ensures security of online banking at three levels. At client side using internet dongle integrated with finger print scanning technology at banking sever side and data transmission level. This model also includes username password and advanced encryption for further security. Complete description on the model has been discussed in methodology section. Future works on this topic and Conclusion are covered in separate sections.

  4. Password-only authenticated three-party key exchange with provable security in the standard model.

    Science.gov (United States)

    Nam, Junghyun; Choo, Kim-Kwang Raymond; Kim, Junghwan; Kang, Hyun-Kyu; Kim, Jinsoo; Paik, Juryon; Won, Dongho

    2014-01-01

    Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

  5. Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model

    Directory of Open Access Journals (Sweden)

    Junghyun Nam

    2014-01-01

    Full Text Available Protocols for password-only authenticated key exchange (PAKE in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000, which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

  6. Research of Campus Security Awareness Diffusion Based on Lotka -Volterra Model

    Science.gov (United States)

    Wu, Ting; Chen, Xuebo

    This paper applies Lotka-Volterra model to campus security awareness issue. The campus population is divided into two, the population with correct security awareness and the population with wrong security awareness. Then the deterministic model and the disturbed model were simulated separately. It is convenient to discuss the situation of two competitive populations' awareness. The deterministic model is a situation without considering any other factors. The disturbed model is a situation with considering robot technology as a positive disturbed factor. Under the circumstances, robot technology is taken as a technical means to assist campus security management. The paper discusses the effect from the positive disturbed factor to a and b which stands for alternative variables, and then to the number of each population. The conclusion is that alternative variables a and b are closely related to the equilibrium state of two populations and total number of equilibrium state, but have nothing to do with used time reaching equilibrium state. The influence of the positive disturbed factor must be controlled in the appropriate range. Finally, the paper puts forward relevant suggestions on work of campus security awareness.

  7. A Survey of Formal Models for Computer Security.

    Science.gov (United States)

    1981-09-30

    presenting the individual models. 6.1 Basic Concepts and Trends The finite state machine model for computation views a computer system as a finite...top-level specification. The simplest description of the top-level model for DSU is given by Walker, et al. [36]. It is a finite state machine model , with

  8. Demarcation of Security in Authentication Protocols

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Security analysis of communication protocols is a slippery business; many “secure” protocols later turn out to be insecure. Among many, two complains are more frequent: inadequate definition of security and unstated assumptions in the security model. In our experience, one principal cause...... easier, and enables us to define security goals with a fine granularity. We present one such separation, by introducing the notion of binding sequence as a security primitive. A binding sequence, roughly speaking, is the only required security property of an authentication protocol. All other...

  9. An Econometric Model for SINOPEC Stock Price Tendency on Domestic Securities Market

    Institute of Scientific and Technical Information of China (English)

    2006-01-01

    A time series analysis method was used to establish an econometric model for SINOPEC'S stock price tendency on the domestic securities market under the background of sharp oil price rises in recent years. The model was proven to be a non-stationary time series and unit root process, as tested with the Dickey-Fuller method, and the result of a practical case showed that this model could well reflect SINOPEC stock price tendency on the securities market of China. It would be a guide for research and prediction of stock price tendency.

  10. Simulation modelling as a tool to diagnose the complex networks of security systems

    Science.gov (United States)

    Iskhakov, S. Y.; Shelupanov, A. A.; Meshcheryakov, R. V.

    2017-01-01

    In the article, the questions of modelling of complex security system networks are considered. The simulation model of operation of similar complexes and approbation of the offered approach to identification of the incidents are presented. The approach is based on detection of uncharacteristic alterations of the network operation mode. The results of the experiment allow one to draw a conclusion on possibility of the offered model application to analyse the current status of heterogeneous security systems. Also, it is confirmed that the application of short-term forecasting methods for the analysis of monitoring system data allows one to automate the process of formation the criteria to reveal the incidents.

  11. A Trust-Based Model for Security Cooperating in Vehicular Cloud Computing

    Directory of Open Access Journals (Sweden)

    Zhipeng Tang

    2016-01-01

    Full Text Available VCC is a computing paradigm which consists of vehicles cooperating with each other to realize a lot of practical applications, such as delivering packages. Security cooperation is a fundamental research topic in Vehicular Cloud Computing (VCC. Because of the existence of malicious vehicles, the security cooperation has become a challenging issue in VCC. In this paper, a trust-based model for security cooperating, named DBTEC, is proposed to promote vehicles’ security cooperation in VCC. DBTEC combines the indirect trust estimation in Public board and the direct trust estimation in Private board to compute the trust value of vehicles when choosing cooperative partners; a trustworthy cooperation path generating scheme is proposed to ensure the safety of cooperation and increase the cooperation completion rates in VCC. Extensive experiments show that our scheme improves the overall cooperation completion rates by 6~7%.

  12. Secure and Robust IPV6 Autoconfiguration Protocol For Mobile Adhoc Networks Under Strong Adversarial Model

    CERN Document Server

    Slimane, Zohra; Feham, Mohamed; Taleb-Ahmed, Abdelmalik

    2011-01-01

    Automatic IP address assignment in Mobile Ad hoc Networks (MANETs) enables nodes to obtain routable addresses without any infrastructure. Different protocols have been developed throughout the last years to achieve this service. However, research primarily focused on correctness, efficiency and scalability; much less attention has been given to the security issues. The lack of security in the design of such protocols opens the possibility of many real threats leading to serious attacks in potentially hostile environments. Recently, few schemes have been proposed to solve this problem, but none of them has brought satisfactory solutions. Auto-configuration security issues are still an open problem. In this paper, a robust and secure stateful IP address allocation protocol for standalone MANETs is specified and evaluated within NS2. Our solution is based on mutual authentication, and a fully distributed Autoconfiguration and CA model, in conjunction with threshold cryptography. By deploying a new concept of joi...

  13. Privacy and security in teleradiology.

    Science.gov (United States)

    Ruotsalainen, Pekka

    2010-01-01

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.

  14. Security in Cloud Computing For Service Delivery Models: Challenges and Solutions

    Directory of Open Access Journals (Sweden)

    Preeti Barrow

    2016-04-01

    Full Text Available Cloud computing, undoubtedly, is a path to expand the limits or add powerful capabilities on-demand with almost no investment in new framework, training new staff, or authorizing new software. Though today everyone is talking about cloud but, organizations are still in dilemma whether it’s safe to deploy their business on cloud. The reason behind it; is nothing but Security. No cloud service provider provides 100% security assurance to its customers and therefore, businesses are hesitant to accept cloud and the vast benefits that come along with it. The absence of proper security controls delimits the benefits of cloud. In this paper, a review on different cloud service models and a survey of the different security challenges and issues while providing services in cloud is presented .The paper focuses on the security issues specific to service delivery model (SaaS, IaaS and PaaS of cloud environment. This paper also explores the various security solutions currently being applied to protect cloud from various kinds of intruders

  15. Managing security risks for inter-organisational information systems: a multiagent collaborative model

    Science.gov (United States)

    Feng, Nan; Wu, Harris; Li, Minqiang; Wu, Desheng; Chen, Fuzan; Tian, Jin

    2016-09-01

    Information sharing across organisations is critical to effectively managing the security risks of inter-organisational information systems. Nevertheless, few previous studies on information systems security have focused on inter-organisational information sharing, and none have studied the sharing of inferred beliefs versus factual observations. In this article, a multiagent collaborative model (MACM) is proposed as a practical solution to assess the risk level of each allied organisation's information system and support proactive security treatment by sharing beliefs on event probabilities as well as factual observations. In MACM, for each allied organisation's information system, we design four types of agents: inspection agent, analysis agent, control agent, and communication agent. By sharing soft findings (beliefs) in addition to hard findings (factual observations) among the organisations, each organisation's analysis agent is capable of dynamically predicting its security risk level using a Bayesian network. A real-world implementation illustrates how our model can be used to manage security risks in distributed information systems and that sharing soft findings leads to lower expected loss from security risks.

  16. How to Compare the Security Quality Requirements Engineering (SQUARE) Method with Other Methods

    Science.gov (United States)

    2007-08-01

    model intrusions , they can also be used to help identify re- quirements for intrusion detection systems, as described by Ellison and Moore. Alternatively...harm • UML -based use case diagrams • Typically described using natural language. A tree/DAG diagram may also be used. • Potentially one family member...ENGINEERING INSTITUTE | i ii | CMU/SEI-2007-TN-021 List of Figures Figure 1: Attack Tree Example 10 Figure 2: Abuse Case Diagram for an Internet

  17. An Effective Security Mechanism for M-Commerce Applications Exploiting Ontology Based Access Control Model for Healthcare System

    Directory of Open Access Journals (Sweden)

    S.M. Roychoudri

    2016-09-01

    Full Text Available Health organizations are beginning to move mobile commerce services in recent years to enhance services and quality without spending much investment for IT infrastructure. Medical records are very sensitive and private to any individuals. Hence effective security mechanism is required. The challenges of our research work are to maintain privacy for the users and provide smart and secure environment for accessing the application. It is achieved with the help of personalization. Internet has provided the way for personalization. Personalization is a term which refers to the delivery of information that is relevant to individual or group of individuals in the format, layout specified and in time interval. In this paper we propose an Ontology Based Access Control (OBAC Model that can address the permitted access control among the service providers and users. Personal Health Records sharing is highly expected by the users for the acceptance in mobile commerce applications in health care systems.

  18. A reduced modelling approach to the pricing of mortgage backed securities

    Directory of Open Access Journals (Sweden)

    Rana D. Parshad

    2010-09-01

    Full Text Available We consider a pricing model for mortgage backed securities formulated as a non-linear partial differential equation. We show that under certain feasible assumptions this model can be greatly simplified. We prove the well posedness of the simplified PDE.

  19. Secure and Resilient Functional Modeling for Navy Cyber-Physical Systems

    Science.gov (United States)

    2017-05-24

    release; distribution is unlimited. Page 1 of 4 Secure & Resilient Functional Modeling for Navy Cyber -Physical Systems FY17 Quarter 2 Technical Progress...team defined the following attack models for cyber -physical systems: - 6 basic attacks targeting signals. - 1 basic attack targeting control... Cyber -Physical Systems” and submitted for publication to IEEE Conference on Automation Science and Engineering (CASE) 2017. Functional Editor (SCCT

  20. Quantitative Analysis of the Security of Software-Defined Network Controller Using Threat/Effort Model

    Directory of Open Access Journals (Sweden)

    Zehui Wu

    2017-01-01

    Full Text Available SDN-based controller, which is responsible for the configuration and management of the network, is the core of Software-Defined Networks. Current methods, which focus on the secure mechanism, use qualitative analysis to estimate the security of controllers, leading to inaccurate results frequently. In this paper, we employ a quantitative approach to overcome the above shortage. Under the analysis of the controller threat model we give the formal model results of the APIs, the protocol interfaces, and the data items of controller and further provide our Threat/Effort quantitative calculation model. With the help of Threat/Effort model, we are able to compare not only the security of different versions of the same kind controller but also different kinds of controllers and provide a basis for controller selection and secure development. We evaluated our approach in four widely used SDN-based controllers which are POX, OpenDaylight, Floodlight, and Ryu. The test, which shows the similarity outcomes with the traditional qualitative analysis, demonstrates that with our approach we are able to get the specific security values of different controllers and presents more accurate results.

  1. DECISION MAKING MODELING OF CONCRETE REQUIREMENTS

    Directory of Open Access Journals (Sweden)

    Suhartono Irawan

    2001-01-01

    Full Text Available This paper presents the results of an experimental evaluation between predicted and practice concrete strength. The scope of the evaluation is the optimisation of the cement content for different concrete grades as a result of bringing the target mean value of tests cubes closer to the required characteristic strength value by reducing the standard deviation. Abstract in Bahasa Indonesia : concrete+mix+design%2C+acceptance+control%2C+optimisation%2C+cement+content.

  2. A MODEL FOR ALIGNING SOFTWARE PROJECTS REQUIREMENTS WITH PROJECT TEAM MEMBERS REQUIREMENTS

    Directory of Open Access Journals (Sweden)

    Robert Hans

    2013-02-01

    Full Text Available The fast-paced, dynamic environment within which information and communication technology (ICT projects are run as well as ICT professionals’ constant changing requirements present a challenge for project managers in terms of aligning projects’ requirements with project team members’ requirements. This research paper purports that if projects’ requirements are properly aligned with team members’ requirements, then this will result in a balanced decision approach. Moreover, such an alignment will result in the realization of employee’s needs as well as meeting project’s needs. This paper presents a Project’s requirements and project Team members’ requirements (PrTr alignment model and argues that a balanced decision which meets both software project’s requirements and team members’ requirements can be achieved through the application of the PrTr alignment model.

  3. Supporting requirements model evolution throughout the system life-cycle

    OpenAIRE

    Ernst, Neil; Mylopoulos, John; Yu, Yijun; Ngyuen, Tien T.

    2008-01-01

    Requirements models are essential not just during system implementation, but also to manage system changes post-implementation. Such models should be supported by a requirements model management framework that allows users to create, manage and evolve models of domains, requirements, code and other design-time artifacts along with traceability links between their elements. We propose a comprehensive framework which delineates the operations and elements necessary, and then describe a tool imp...

  4. Information security fundamentals

    CERN Document Server

    Peltier, Thomas R

    2013-01-01

    Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise's effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.The book examines the elements of computer security, employee roles and r

  5. NFC mobile coupon protocols : developing, formal security modelling and analysis, and addressing relay attack.

    OpenAIRE

    Alshehri, Ali A.

    2015-01-01

    Near Field Communication} (NFC) is a Radio Frequency (RF) technology that allows data to be exchanged between devices that are in close proximity. An NFC-based mobile coupon (M-coupon) is a coupon that is retrieved by the user from a source such as a newspaper or a smart poster and redeemed afterwards. The NFC-based mobile coupon (M-coupon) is a cryptographically secured electronic message with some value stored at user's mobile. The M-coupon requires secure issuing and cashing (redeeming). ...

  6. Usable Security For Named Data Networking

    OpenAIRE

    Yu, Yingdi

    2016-01-01

    Named Data Networking (NDN) is a proposed Internet architecture, which changes the network communication model from “speaking to a host” to “retrieving data from network”. Such data-centric communication model requires a data-centric security model, which secures data directly rather than authenticating the host where data is retrieved from and securing the channel through which data is delivered, so that data can be safely distributed into arbitrary untrusted storage and retrieved over untru...

  7. Research on Security Model of Multi-dimensional Campus Network%多维校园网安全模型研究

    Institute of Scientific and Technical Information of China (English)

    孙晓乐; 高东怀; 靳豪杰

    2011-01-01

    介绍了生物免疫原理,简要分析了生物免疫系统为构建健壮的计算机安全系统提供的线索,并将其思想融合在多维校园网安全模型的研究设计中.在网络安全层面分析了安全产品互操作和联动管理的需求,介绍了开放式管理框架OPSEC的相关技术,研究了网络安全监控系统与其他安全产品(如防火墙、入侵检测系统)之间联动管理的实现方式及对整体网络安全性能的影响.%The basic principle of biological immunology is introduced, which was used in the design of multidimensional campus network security model. Several important clues for constructing a robust network security system by biological immunology system are analyzed. Moreover, the inter-operation and interaction management requirements of network security products (belongs to the network security layer) are analyzed. The related technologies of open system management framework OPSEC are introduced. The implementation of interaction management between network security monitoring system and other security products is studied, such as firewall and IDS. All of these make campus network more secure.

  8. Security for grids

    Energy Technology Data Exchange (ETDEWEB)

    Humphrey, Marty; Thompson, Mary R.; Jackson, Keith R.

    2005-08-14

    Securing a Grid environment presents a distinctive set of challenges. This paper groups the activities that need to be secured into four categories: naming and authentication; secure communication; trust, policy, and authorization; and enforcement of access control. It examines the current state of the art in securing these processes and introduces new technologies that promise to meet the security requirements of Grids more completely.

  9. GSM Security Using Identity-based Cryptography

    CERN Document Server

    Agarwal, Animesh; Das, Manik Lal

    2009-01-01

    Current security model in Global System for Mobile Communications (GSM) predominantly use symmetric key cryptography. The rapid advancement of Internet technology facilitates online trading, banking, downloading, emailing using resource-constrained handheld devices such as personal digital assistants and cell phones. However, these applications require more security than the present GSM supports. Consequently, a careful design of GSM security using both symmetric and asymmetric key cryptography would make GSM security more adaptable in security intensive applications. This paper presents a secure and efficient protocol for GSM security using identity based cryptography. The salient features of the proposed protocol are (i) authenticated key exchange; (ii) mutual authentication amongst communicating entities; and (iii) user anonymity. The security analysis of the protocol shows its strength against some known threats observed in conventional GSM security.

  10. Bitfrost: The One Laptop per Child Security Model

    Science.gov (United States)

    2007-07-01

    spyware agents, or anti- phishing browsers and tool bars). This reactive approach to secu- rity cannot work for OLPC, since we cannot be assured that...as requiring those privileges (for example, a videoconferencing app ) can instruct the system to ask the user for permission to enable the camera and

  11. Requirements model for an e-Health awareness portal

    Science.gov (United States)

    Hussain, Azham; Mkpojiogu, Emmanuel O. C.; Nawi, Mohd Nasrun M.

    2016-08-01

    Requirements engineering is at the heart and foundation of software engineering process. Poor quality requirements inevitably lead to poor quality software solutions. Also, poor requirement modeling is tantamount to designing a poor quality product. So, quality assured requirements development collaborates fine with usable products in giving the software product the needed quality it demands. In the light of the foregoing, the requirements for an e-Ebola Awareness Portal were modeled with a good attention given to these software engineering concerns. The requirements for the e-Health Awareness Portal are modeled as a contribution to the fight against Ebola and helps in the fulfillment of the United Nation's Millennium Development Goal No. 6. In this study requirements were modeled using UML 2.0 modeling technique.

  12. A Multi-Agent Immunology Model for Security Computer

    Institute of Scientific and Technical Information of China (English)

    2001-01-01

    This paper presents a computer immunology model for computersecurity , whose main components are defined as idea of Multi-Agent. It introduces the n at ural immune system on the principle, discusses the idea and characteristics of Mu lti-Agent. It gives a system model, and describes the structure and function of each agent. Also, the communication method between agents is described.

  13. Extending enterprise architecture modelling with business goals and requirements

    NARCIS (Netherlands)

    Engelsman, Wilco; Quartel, Dick; Jonkers, Henk; Sinderen, van Marten

    2011-01-01

    The methods for enterprise architecture (EA), such as The Open Group Architecture Framework, acknowledge the importance of requirements modelling in the development of EAs. Modelling support is needed to specify, document, communicate and reason about goals and requirements. The current modelling te

  14. Indoor environment modeling for interactive robot security application

    Science.gov (United States)

    Jo, Sangwoo; Shahab, Qonita M.; Kwon, Yong-Moo; Ahn, Sang Chul

    2006-10-01

    This paper presents our simple and easy to use method to obtain a 3D textured model. For expression of reality, we need to integrate the 3D models and real scenes. Most of other cases of 3D modeling method consist of two data acquisition devices. One is for getting a 3D model and another for obtaining realistic textures. In this case, the former device would be 2D laser range-finder and the latter device would be common camera. Our algorithm consists of building a measurement-based 2D metric map which is acquired by laser range-finder, texture acquisition/stitching and texture-mapping to corresponding 3D model. The algorithm is implemented with laser sensor for obtaining 2D/3D metric map and two cameras for gathering texture. Our geometric 3D model consists of planes that model the floor and walls. The geometry of the planes is extracted from the 2D metric map data. Textures for the floor and walls are generated from the images captured by two 1394 cameras which have wide Field of View angle. Image stitching and image cutting process is used to generate textured images for corresponding with a 3D model. The algorithm is applied to 2 cases which are corridor and space that has the four walls like room of building. The generated 3D map model of indoor environment is shown with VRML format and can be viewed in a web browser with a VRML plug-in. The proposed algorithm can be applied to 3D model-based remote surveillance system through WWW.

  15. Assessment of ecological security in Changbai Mountain Area, China based on MODIS data and PSR model

    Science.gov (United States)

    Huang, Fang; Wang, Ping; Qi, Xin

    2014-11-01

    The assessment of ecological security is to identify the stability of the ecosystem, and to distinguish the capacity of sustainable health and integrity under different kinds of risks. Using MODIS time series images from 2000 to 2008 as the main data source, the derived parameters including NDVI, the ratio of NPP and GPP, forest coverage, landscape diversity and ecological flexibility etc. are integrated to depict the properties of the ecological system. The pressure and response indicators such as population density, industrial production intensity, arable land per capita, fertilizer consumption, highway density, agricultural mechanization level and GDP per capita are also collected and managed by ArcGIS. The `pressure-state-response' (PSR) conceptual model and a hierarchical weighted model are applied to construct an evaluation framework and determine the state of ecological security in Changbai Mountain area. The results show that the ecological security index (ESI) values in 2000 and 2008 were 5.75 and 5.59 respectively, indicating the ecological security state in Changbai Mountain area degraded. In 2000, the area of in good state of ecological security was 21901km2, occupying 28.96% of the study region. 48201 km2 of the land were with moderate level. The grades of ESI in Dunhua, Longjing and Antu decreased from moderate to poor. Though the ESI value of Meihekou increased by 0.12 during 2000-2008, it was still in a very poor state of ecological security induced by intensive human activities. The ecological security situation of Changbai Mountain region was not optimistic on the whole.

  16. SECURITY MODELING FOR MARITIME PORT DEFENSE RESOURCE ALLOCATION

    Energy Technology Data Exchange (ETDEWEB)

    Harris, S.; Dunn, D.

    2010-09-07

    Redeployment of existing law enforcement resources and optimal use of geographic terrain are examined for countering the threat of a maritime based small-vessel radiological or nuclear attack. The evaluation was based on modeling conducted by the Savannah River National Laboratory that involved the development of options for defensive resource allocation that can reduce the risk of a maritime based radiological or nuclear threat. A diverse range of potential attack scenarios has been assessed. As a result of identifying vulnerable pathways, effective countermeasures can be deployed using current resources. The modeling involved the use of the Automated Vulnerability Evaluation for Risks of Terrorism (AVERT{reg_sign}) software to conduct computer based simulation modeling. The models provided estimates for the probability of encountering an adversary based on allocated resources including response boats, patrol boats and helicopters over various environmental conditions including day, night, rough seas and various traffic flow rates.

  17. TRUST MODEL FOR INFORMATION SECURITY OF MULTI-AGENT ROBOTIC SYSTEMS WITH A DECENTRALIZED MANAGEMENT

    Directory of Open Access Journals (Sweden)

    I. A. Zikratov

    2014-03-01

    Full Text Available The paper deals with the issues on protection of multi-agent robotic systems against attacks by robots-saboteurs. The operation analysis of such systems with decentralized control is carried out. Concept of harmful information impact (attack from a robot-saboteur to the multi-agent robotic system is given. The class of attacks is considered using interception of messages, formation and transfer of misinformation to group of robots, and also carrying out other actions with vulnerabilities of multiagent algorithms without obviously identified signs of invasion of robots-saboteurs. The model of information security is developed, in which robots-agents work out trust levels to each other analyzing the events occurring in the system. The idea of trust model consists in the analysis of transferred information by each robot and the executed actions of other members in a group, comparison of chosen decision on iteration step k with objective function of the group. Distinctive feature of the trust model in comparison with the closest analogue - Buddy Security Model in which the exchange between the agents security tokens is done — is involvement of the time factor during which agents have to "prove" by their actions the usefulness in achievement of a common goal to members of the group. Variants of this model realization and ways of an assessment of trust levels for agents in view of the security policy accepted in the group are proposed.

  18. Extending enterprise architecture modelling with business goals and requirements

    Science.gov (United States)

    Engelsman, Wilco; Quartel, Dick; Jonkers, Henk; van Sinderen, Marten

    2011-02-01

    The methods for enterprise architecture (EA), such as The Open Group Architecture Framework, acknowledge the importance of requirements modelling in the development of EAs. Modelling support is needed to specify, document, communicate and reason about goals and requirements. The current modelling techniques for EA focus on the products, services, processes and applications of an enterprise. In addition, techniques may be provided to describe structured requirements lists and use cases. Little support is available however for modelling the underlying motivation of EAs in terms of stakeholder concerns and the high-level goals that address these concerns. This article describes a language that supports the modelling of this motivation. The definition of the language is based on existing work on high-level goal and requirements modelling and is aligned with an existing standard for enterprise modelling: the ArchiMate language. Furthermore, the article illustrates how EA can benefit from analysis techniques from the requirements engineering domain.

  19. Mixing Formal and Informal Model Elements for Tracing Requirements

    DEFF Research Database (Denmark)

    Jastram, Michael; Hallerstede, Stefan; Ladenberger, Lukas

    2011-01-01

    a system for traceability with a state-based formal method that supports refinement. We do not require all specification elements to be modelled formally and support incremental incorporation of new specification elements into the formal model. Refinement is used to deal with larger amounts of requirements......Tracing between informal requirements and formal models is challenging. A method for such tracing should permit to deal efficiently with changes to both the requirements and the model. A particular challenge is posed by the persisting interplay of formal and informal elements. In this paper, we...

  20. Evaluating Damage Potential in Security Risk Scoring Models

    Directory of Open Access Journals (Sweden)

    Eli Weintraub

    2016-05-01

    Full Text Available A Continuous Monitoring System (CMS model is presented, having new improved capabilities. The system is based on the actual real-time configuration of the system. Existing risk scoring models assume damage potential is estimated by systems' owner, thus rejecting the information relying in the technological configuration. The assumption underlying this research is based on users' ability to estimate business impacts relating to systems' external interfaces which they use regularly in their business activities, but are unable to assess business impacts relating to internal technological components. According to the proposed model systems' damage potential is calculated using technical information on systems' components using a directed graph. The graph is incorporated into the Common Vulnerability Scoring Systems' (CVSS algorithm to produce risk scoring measures. Framework presentation includes system design, damage potential scoring algorithm design and an illustration of scoring computations.

  1. Modeling the Environment of a Mobile Security Robot

    Science.gov (United States)

    1990-06-01

    1982), which simply observes that for purposes of modeling a robot’s TRANSDUCER AR . Av T UC ’ R surrounding environment, the taller an observed ARA1...whereupon the Scheduler dkea ;’ppropri- for operator assistance is made, and the system ate action, after which the corA . -% of the X shuts down. This

  2. Using cognitive modeling for requirements engineering in anesthesiology

    NARCIS (Netherlands)

    Pott, C; le Feber, J

    2005-01-01

    Cognitive modeling is a complexity reducing method to describe significant cognitive processes under a specified research focus. Here, a cognitive process model for decision making in anesthesiology is presented and applied in requirements engineering. Three decision making situations of

  3. Formal Analysis of Security Models for Mobile Devices, Virtualization Platforms, and Domain Name Systems

    Directory of Open Access Journals (Sweden)

    Gustavo Betarte

    2015-12-01

    Full Text Available In this work we investigate the security of security-critical applications, i.e. applications in which a failure may produce consequences that are unacceptable. We consider three areas: mobile devices, virtualization platforms, and domain name systems. The Java Micro Edition platform defines the Mobile Information Device Profile (MIDP to facilitate the development of applications for mobile devices, like cell phones and PDAs. We first study and compare formally several variants of the security model specified by MIDP to access sensitive resources of a mobile device. Hypervisors allow multiple guest operating systems to run on shared hardware, and offer a compelling means of improving the security and the flexibility of software systems. In this work we present a formalization of an idealized model of a hypervisor. We establish (formally that the hypervisor ensures strong isolation properties between the different operating systems, and guarantees that requests from guest operating systems are eventually attended. We show also that virtualized platforms are transparent, i.e. a guest operating system cannot distinguish whether it executes alone or together with other guest operating systems on the platform. The Domain Name System Security Extensions (DNSSEC is a suite of specifications that provides origin authentication and integrity assurance services for DNS data. We finally introduce a minimalistic specification of a DNSSEC model which provides the grounds needed to formally state and verify security properties concerning the chain of trust of the DNSSEC tree. We develop all our formalizations in the Calculus of Inductive Constructions --formal language that combines a higher-order logic and a richly-typed functional programming language-- using the Coq proof assistant.

  4. Replication of a Crisis Shelter Model of Care in Staff Secure Detention Programs.

    Science.gov (United States)

    Teare, John F.; Castrianno, Lynn M.; Novicoff, Carolyn D.; Peterson, Roger; Authier, Karen; Daly, Daniel

    This paper presents preliminary evidence for the effectiveness of a model of care designed to provide safe and effective services in both short-term shelter and short-term staff secure detention programs. Boys Town short-term crisis shelter programs were designed to provide a safe and therapeutic environment for homeless and runaway youth in need…

  5. A generalized one-factor term structure model and pricing of interest rate derivative securities

    NARCIS (Netherlands)

    Jiang, George J.

    1997-01-01

    The purpose of this paper is to propose a nonparametric interest rate term structure model and investigate its implications on term structure dynamics and prices of interest rate derivative securities. The nonparametric spot interest rate process is estimated from the observed short-term interest

  6. A two-factor, stochastic programming model of Danish mortgage-backed securities

    DEFF Research Database (Denmark)

    Nielsen, Søren S.; Poulsen, Rolf

    2004-01-01

    -trivial, both in terms of deciding on an initial mortgage, and in terms of managing (rebalancing) it optimally.We propose a two-factor, arbitrage-free interest-rate model, calibrated to observable security prices, and implement on top of it a multi-stage, stochastic optimization program with the purpose...

  7. Predicting Preschoolers' Attachment Security from Fathers' Involvement, Internal Working Models, and Use of Social Support

    Science.gov (United States)

    Newland, Lisa A.; Coyl, Diana D.; Freeman, Harry

    2008-01-01

    Associations between preschoolers' attachment security, fathers' involvement (i.e. parenting behaviors and consistency) and fathering context (i.e. fathers' internal working models (IWMs) and use of social support) were examined in a subsample of 102 fathers, taken from a larger sample of 235 culturally diverse US families. The authors predicted…

  8. TMR-MCDB: Enhancing Security in a Multi-cloud Model through Improvement of Service Dependability

    Directory of Open Access Journals (Sweden)

    Mohammed Alzain

    2014-06-01

    Full Text Available In IT enterprises, different computing needs are provided as a service. The service providers take care of the customers’ needs by, for example, maintaining software or purchasing expensive hardware. In addition, there are many benefits of using the technology available from cloud service providers, such as access to large-scale, on-demand, flexible computing infrastructures. However, increasing the dependability of cloud computing is important in order for its potential to be realized. Data security is one of the most critical aspects in a cloud computing environment due to the sensitivity and importance of the information stored in the cloud, as is the trustworthiness of the cloud service provider. The risk of malicious insiders in the cloud and the failure of cloud services have received intense attention by cloud users. This paper focuses on issues related to service dependability in order to enhance the data security of multi-cloud computing. Service dependability, which encompasses data output trustworthiness, is one of the important factors in enhancing data security in a multi-cloud computing environment. We apply triple modular redundancy (TMR techniques with the sequential method into our previously proposed Multi-Cloud Database (MCDB model to improve the data output trustworthiness of our newly proposed TMR-MCDB model. In addition, the improvement in data trustworthiness enhances data security in our TMR-MCDB model. This paper analyzes the impact of data trustworthiness implementation using the voting technique to evaluate the model performance.

  9. A systems science perspective and transdisciplinary models for food and nutrition security

    Science.gov (United States)

    Hammond, Ross A.; Dubé, Laurette

    2012-01-01

    We argue that food and nutrition security is driven by complex underlying systems and that both research and policy in this area would benefit from a systems approach. We present a framework for such an approach, examine key underlying systems, and identify transdisciplinary modeling tools that may prove especially useful. PMID:22826247

  10. The Model-Driven openETCS Paradigm for Secure, Safe and Certifiable Train Control Systems

    DEFF Research Database (Denmark)

    Peleska, Jan; Feuser, Johannes; Haxthausen, Anne Elisabeth

    2012-01-01

    A novel approach to managing development, verification, and validation artifacts for the European Train Control System as open, publicly available items is analyzed and discussed with respect to its implications on system safety, security, and certifiability. After introducing this so-called model...

  11. Civil Defence and National Security: Composition and Implementation Model in National Defence

    Directory of Open Access Journals (Sweden)

    Mr. Muradi

    2017-01-01

    Full Text Available Civil Defense is inherent part of every citizen in many countries anywhere in the world, which differ only in the implementation of the program. The difference depends on the threat level and needs of each country in mobilizing citizens. However, the Civil Defense’s Governance which involvement of citizens is already regulated in a number of regulations and legislation, but as one part of an integrated program linked to the involvement of citizens in the framework of national defense, civil defense program is not enough to have its own laws. So that when applied in the form of operational, interpretation of these programs tend to be not in tune and even have precisely the opposite perspective between the state and citizens. This paper argued that the Civil Defense program is part of an integrated governance program of national security. Therefore, the state should be required to ensure that the program of Civil Defense goes well. This paper is also offer the composition and program models associated with the Civil Defense, Conscription Program (draftee and Reserve Component. The argument of this paper is that the Civil Defense Program is a linear and continuous with Conscription and Reserves Programs.

  12. COORDINATION IN MULTILEVEL NETWORK-CENTRIC CONTROL SYSTEMS OF REGIONAL SECURITY: APPROACH AND FORMAL MODEL

    Directory of Open Access Journals (Sweden)

    A. V. Masloboev

    2015-01-01

    Full Text Available The paper deals with development of methods and tools for mathematical and computer modeling of the multilevel network-centric control systems of regional security. This research is carried out under development strategy implementation of the Arctic zone of the Russian Federation and national safeguarding for the period before 2020 in the Murmansk region territory. Creation of unified interdepartmental multilevel computer-aided system is proposed intended for decision-making information support and socio-economic security monitoring of the Arctic regions of Russia. The distinctive features of the investigated system class are openness, self-organization, decentralization of management functions and decision-making, weak hierarchy in the decision-making circuit and goal generation capability inside itself. Research techniques include functional-target approach, mathematical apparatus of multilevel hierarchical system theory and principles of network-centric control of distributed systems with pro-active components and variable structure. The work considers network-centric management local decisions coordination problem-solving within the multilevel distributed systems intended for information support of regional security. The coordination problem-solving approach and problem formalization in the multilevel network-centric control systems of regional security have been proposed based on developed multilevel recurrent hierarchical model of regional socio-economic system complex security. The model provides coordination of regional security indexes, optimized by the different elements of multilevel control systems, subject to decentralized decision-making. The model specificity consists in application of functional-target technology and mathematical apparatus of multilevel hierarchical system theory for coordination procedures implementation of the network-centric management local decisions. The work-out and research results can find further

  13. A PROFICIENT MODEL FOR HIGH END SECURITY IN CLOUD COMPUTING

    Directory of Open Access Journals (Sweden)

    R. Bala Chandar

    2014-01-01

    Full Text Available Cloud computing is an inspiring technology due to its abilities like ensuring scalable services, reducing the anxiety of local hardware and software management associated with computing while increasing flexibility and scalability. A key trait of the cloud services is remotely processing of data. Even though this technology had offered a lot of services, there are a few concerns such as misbehavior of server side stored data , out of control of data owner's data and cloud computing does not control the access of outsourced data desired by the data owner. To handle these issues, we propose a new model to ensure the data correctness for assurance of stored data, distributed accountability for authentication and efficient access control of outsourced data for authorization. This model strengthens the correctness of data and helps to achieve the cloud data integrity, supports data owner to have control on their own data through tracking and improves the access control of outsourced data.

  14. A Novel Adaptive Grey Verhulst Model for Network Security Situation Prediction

    Directory of Open Access Journals (Sweden)

    Yu-Beng Leau

    2016-01-01

    Full Text Available Recently, researchers have shown an increased interest in predicting the situation of incoming security situation for organization’s network. Many prediction models have been produced for this purpose, but many of these models have various limitations in practical applications. In addition, literature shows that far too little attention has been paid in utilizing the grey Verhulst model predicting network security situation although it has demonstrated satisfactory results in other fields. By considering the nature of intrusion attacks and shortcomings of traditional grey Verhulst model, this paper puts forward an adaptive grey Verhust model with adjustable generation sequence to improve the prediction accuracy. The proposed model employs the combination methods of Trapezoidal rule and Simpson’s 1/3rd rule to obtain the background value in grey differential equation which will directly influence the forecast result. In order to verify the performance of the proposed model, benchmarked datasets, DARPA 1999 and 2000 have been used to highlight the efficacy of the proposed model. The results show that the proposed adaptive grey Verhulst surpassed GM(1,1 and traditional grey Verhulst in forecasting incoming security situation in a network.

  15. Social impact theory based modeling for security analysis in the nuclear fuel cycle

    Energy Technology Data Exchange (ETDEWEB)

    Woo, Tae Ho [Systemix Global Co. Ltd., Seoul (Korea, Republic of)

    2015-03-15

    The nuclear fuel cycle is investigated for the perspective of the nuclear non-proliferation. The random number generation of the Monte-Carlo method is utilized for the analysis. Five cases are quantified by the random number generations. These values are summed by the described equations. The higher values are shown in 52{sup nd} and 73{sup rd} months. This way could be a useful obligation in the license of the plant construction. The security of the nuclear fuel cycle incorporated with nuclear power plants (NPPs) is investigated using social impact theory. The dynamic quantification of the theory shows the non-secured time for act of terrorism which is considered for the non-secured condition against the risk of theft in nuclear material. For a realistic consideration, the meta-theoretical framework for modeling is performed for situations where beliefs, attributes or behaviors of an individual are influenced by those of others.

  16. Evaluation of regional energy security in eastern coastal China based on the DPSIR model

    Institute of Scientific and Technical Information of China (English)

    ZHANG Yan; SHEN Lei

    2012-01-01

    The DPSIR assessment method,which implies the relationships among driving force (D),pressure (P),status (S),impact (I),and response (R),is widely applied by scholars.This paper aims to establish a comprehensive assessment system for regional energy security in eastern coastal China based on the above model using different indicators.Factor analysis and the SPSS statistical analysis software were used to carry out scientific and quantitative assessments.The results indicated that contradictions of energy supply and demand as well as environmental pollution are the critical factors that present great challenges to regional energy security in this area.The authors argued that a sustainable,stable,and safe supply energy supply is crucial in solving the aforesaid dilemma,and improving the energy use efficiency is one of the best choices.Some countermeasures and suggestions regarding regional energy supply stability and utilization security were pointed out.

  17. Software Requirements Specification Verifiable Fuel Cycle Simulation (VISION) Model

    Energy Technology Data Exchange (ETDEWEB)

    D. E. Shropshire; W. H. West

    2005-11-01

    The purpose of this Software Requirements Specification (SRS) is to define the top-level requirements for a Verifiable Fuel Cycle Simulation Model (VISION) of the Advanced Fuel Cycle (AFC). This simulation model is intended to serve a broad systems analysis and study tool applicable to work conducted as part of the AFCI (including costs estimates) and Generation IV reactor development studies.

  18. Requirements Validation: Execution of UML Models with CPN Tools

    DEFF Research Database (Denmark)

    Machado, Ricardo J.; Lassen, Kristian Bisgaard; Oliveira, Sérgio

    2007-01-01

    with simple unified modelling language (UML) requirements models, it is not easy for the development team to get confidence on the stakeholders' requirements validation. This paper describes an approach, based on the construction of executable interactive prototypes, to support the validation of workflow...

  19. A network security situation prediction model based on wavelet neural network with optimized parameters

    Directory of Open Access Journals (Sweden)

    Haibo Zhang

    2016-08-01

    Full Text Available The security incidents ion networks are sudden and uncertain, it is very hard to precisely predict the network security situation by traditional methods. In order to improve the prediction accuracy of the network security situation, we build a network security situation prediction model based on Wavelet Neural Network (WNN with optimized parameters by the Improved Niche Genetic Algorithm (INGA. The proposed model adopts WNN which has strong nonlinear ability and fault-tolerance performance. Also, the parameters for WNN are optimized through the adaptive genetic algorithm (GA so that WNN searches more effectively. Considering the problem that the adaptive GA converges slowly and easily turns to the premature problem, we introduce a novel niche technology with a dynamic fuzzy clustering and elimination mechanism to solve the premature convergence of the GA. Our final simulation results show that the proposed INGA-WNN prediction model is more reliable and effective, and it achieves faster convergence-speed and higher prediction accuracy than the Genetic Algorithm-Wavelet Neural Network (GA-WNN, Genetic Algorithm-Back Propagation Neural Network (GA-BPNN and WNN.

  20. Security giving in surrogacy motherhood process as a caring model for commissioning mothers: A theory synthesis.

    Science.gov (United States)

    Zandi, Mitra; Vanaki, Zohreh; Shiva, Marziyeh; Mohammadi, Eesa; Bagheri-Lankarani, Narges

    2016-07-01

    Despite the increasing use of surrogacy, there are no caring theories/models that serve as the basis for nursing care to surrogacy commissioning mothers. This study has designed a model for caring of surrogacy commissioning mothers in 2013. The theory synthesis of Walker and Avant's strategies of theory construction (2011) was used to design a caring model/theory. The theory synthesis includes three stages: (i) selection of focal concept (the concept of "security giving in motherhood" was selected); (ii) review of studies in order to identify factors related to focal concept relevant studies (42 articles and 13 books) were reviewed, statements and concepts related to focal concept were then extracted and classified, and their relations were specified; and (iii) organization of concepts and statements within a relevant general and effective manifestation of the phenomenon under study which led to developing of a model. In this caring model/theory, entitled "security giving in surrogacy motherhood", nurses roles were conceptualized within the conceptual framework that includes three main roles: (i) coordination; (ii) participation; and (iii) security giving (physical, emotional, and legal support; empowerment; presence; relationship management between both parties and advocacy). Training surrogacy specialist nurses and establishment of surrogacy care centers are important factors for implementation of the model. This model could help to provided better caring for surrogacy clients, especially for commissioning mothers. © 2016 Japan Academy of Nursing Science.

  1. 输电网安全性需求评估指标集的构建%Evaluation Indices Set Construction of Security Requirement for Transmission Network

    Institute of Scientific and Technical Information of China (English)

    黄文英; 邓兆云; 邓勇; 何光宇; 陈睿; 刘铠诚

    2014-01-01

    The core requirement of transmission network enterprise lies in the safe operation of transmission network. Failure in satisfying this requirement will result in disastrous loss on economic and social benefits.Hence,transmission network is expected to possess the capability of enduring possible disturbances in order to ensure the normal operation of grid and equipment,as well as avoid the power transmission interruptions.Through the analysis on the requirement satisfaction of transmission system stakeholders,the overall status of transmission network operation can be evaluated.Based on the stochastic characteristics of transmission network operation,this paper used a risk assessment method to construct evaluation indices set for the security requirement,and proposed the calculation model and method of security risk assessment indicators.Compared with the traditional researches on grid security,a scenario analysis approach was introduced.In detail, breakdown or normal operation of certain components under certain specific operating modes was modeled as a scenario,and a probabilistic model for the scenario was constructed with taking into consideration a variety of random factors.All kinds of security problems were studied in the specific scenarios.The security of the situations could be evaluated comprehensively according to the safety criterion indices;therefore a minimum expense of control could be adopted to measure the consequence of the disturbance on the transmission network operation.Through sampling method,the probability and consequence of each situation occurrence could be acquired;and with the assistance of calculating value at risk and conditional value-at-risk,the security risk of transmission network could be evaluated properly.%输电网的安全运行是输电网企业的主要需求,输电网运行的安全性事故将造成输电网企业经济和社会效益的严重损失。输电网企业期望输电网运行中能够经受可能的

  2. A Formal Model of Trust Chain based on Multi-level Security Policy

    Directory of Open Access Journals (Sweden)

    Kong Xiangying

    2013-07-01

    Full Text Available Trust chain is the core technology of trusted computing. A formal model of trust chain based on finite state automata theory is proposed. We use communicating sequential processes to describe the system state transition in trust chain and by combining with multi-level security strategy give the definition of trust system and trust decision theorem of trust chain transfer which is proved meantime. Finally, a prototype system is given to show the efficiency of the model.

  3. Information Systems Security Audit

    Directory of Open Access Journals (Sweden)

    Gheorghe Popescu

    2007-12-01

    Full Text Available The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  4. Information Systems Security Audit

    OpenAIRE

    Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

    2007-01-01

    The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  5. Process Model for Defining Space Sensing and Situational Awareness Requirements

    Science.gov (United States)

    2006-04-01

    process model for defining systems for space sensing and space situational awareness is presented. The paper concentrates on eight steps for determining the requirements to include: decision maker needs, system requirements, exploitation methods and vulnerabilities, critical capabilities, and identify attack scenarios. Utilization of the USAF anti-tamper (AT) implementation process as a process model departure point for the space sensing and situational awareness (SSSA...is presented. The AT implementation process model , as an

  6. Model Based User's Access Requirement Analysis of E-Governance Systems

    Science.gov (United States)

    Saha, Shilpi; Jeon, Seung-Hwan; Robles, Rosslin John; Kim, Tai-Hoon; Bandyopadhyay, Samir Kumar

    The strategic and contemporary importance of e-governance has been recognized across the world. In India too, various ministries of Govt. of India and State Governments have taken e-governance initiatives to provide e-services to citizens and the business they serve. To achieve the mission objectives, and make such e-governance initiatives successful it would be necessary to improve the trust and confidence of the stakeholders. It is assumed that the delivery of government services will share the same public network information that is being used in the community at large. In particular, the Internet will be the principal means by which public access to government and government services will be achieved. To provide the security measures main aim is to identify user's access requirement for the stakeholders and then according to the models of Nath's approach. Based on this analysis, the Govt. can also make standards of security based on the e-governance models. Thus there will be less human errors and bias. This analysis leads to the security architecture of the specific G2C application.

  7. Model of Information Security Risk Assessment based on Improved Wavelet Neural Network

    Directory of Open Access Journals (Sweden)

    Gang Chen

    2013-09-01

    Full Text Available This paper concentrates on the information security risk assessment model utilizing the improved wavelet neural network. The structure of wavelet neural network is similar to the multi-layer neural network, which is a feed-forward neural network with one or more inputs. Afterwards, we point out that the training process of wavelet neural networks is made up of four steps until the value of error function can satisfy a pre-defined error criteria. In order to enhance the quality of information security risk assessment, we proposed a modified version of wavelet neural network which can effectively combine all influencing factors in assessing information security risk by linear integrating several weights. Furthermore, the proposed wavelet neural network is trained by the BP algorithm with batch mode, and the weight coefficients of the wavelet are modified with the adopting mode. Finally, a series of experiments are conduct to make performance evaluation. From the experimental results, we can see that the proposed model can assess information security risk accurately and rapidly

  8. On the Modelling of Context-Aware Security for Mobile Devices

    Directory of Open Access Journals (Sweden)

    Tomasz Zurek

    2016-01-01

    Full Text Available Security management in wireless networks has to deal with the changing character of the environment, which can further lead to decision making problem for unexpected events. Among a huge list of devices, the mobile ones are especially vulnerable to this situation. The solution for adapting systems and applications to dynamic environments can be context-aware description of the user actions, which gives a possibility to take into account the factors that influence these actions. In the article, we propose a context-aware security adjusting model, which is based on proposition logic and incorporates mechanisms that assist in the reasoning process. The main benefits that differentiate our approach from similar ones are a formal representation of the model, the usage of the whole spectrum of context attributes, the detection and analysis of contextual data integrity, and conflicting rules’ eradication capability. All these traits transcribe into a more effective way of adjusting security measures in accordance with existing circumstances. To illustrate the proposed approach, we present the case study of context-aware security management for mobile devices.

  9. A security architecture for health information networks.

    Science.gov (United States)

    Kailar, Rajashekar; Muralidhar, Vinod

    2007-10-11

    Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today's healthcare enterprise. Recent work on 'nationwide health information network' architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately.

  10. Cloud Computing Security: A Survey

    Directory of Open Access Journals (Sweden)

    Issa M. Khalil

    2014-02-01

    Full Text Available Cloud computing is an emerging technology paradigm that migrates current technological and computing concepts into utility-like solutions similar to electricity and water systems. Clouds bring out a wide range of benefits including configurable computing resources, economic savings, and service flexibility. However, security and privacy concerns are shown to be the primary obstacles to a wide adoption of clouds. The new concepts that clouds introduce, such as multi-tenancy, resource sharing and outsourcing, create new challenges to the security community. Addressing these challenges requires, in addition to the ability to cultivate and tune the security measures developed for traditional computing systems, proposing new security policies, models, and protocols to address the unique cloud security challenges. In this work, we provide a comprehensive study of cloud computing security and privacy concerns. We identify cloud vulnerabilities, classify known security threats and attacks, and present the state-of-the-art practices to control the vulnerabilities, neutralize the threats, and calibrate the attacks. Additionally, we investigate and identify the limitations of the current solutions and provide insights of the future security perspectives. Finally, we provide a cloud security framework in which we present the various lines of defense and identify the dependency levels among them. We identify 28 cloud security threats which we classify into five categories. We also present nine general cloud attacks along with various attack incidents, and provide effectiveness analysis of the proposed countermeasures.

  11. Security Model for Microsoft Based Mobile Sales Management Application in Private Cloud Computing

    Directory of Open Access Journals (Sweden)

    Kuan Chee Houng

    2013-05-01

    Full Text Available The Microsoft-based mobile sales management application is a sales force management application that currently running on Windows Mobile 6.5. It handles sales-related activity and cuts down the administrative task of sales representative. Then, Windows launch a new mobile operating system, Windows Phone and stop providing support to Windows Mobile. This has become an obstacle for Windows Mobile development. From time to time, Windows Mobile will be eliminated from the market due to no support provided by Microsoft. Besides that, Windows Mobile application cannot run on Windows Phone mobile operating system due to lack of compatibility. Therefore, applications those run on Windows Mobile need to find a solution addressing this problem. The rise of cloud computing technology in delivering software as a service becomes a solution. The Microsoft-based mobile sales management application delivers a service to run in a web browser, rather than limited by certain type of mobile that run the Windows Mobile operating system. However, there are some security issues need to concern in order to deliver the Microsoft-based mobile application as a service in private cloud computing. Therefore, security model is needed to answer the security issues in private cloud computing. This research is to propose a security model for the Microsoft-based mobile sales management application in private cloud computing. Lastly, a User Acceptance Test (UAT is carried out to test the compatibility between proposed security model of Microsoft-based mobile sales management application in a private cloud and tablet computers.

  12. Requirements for Logical Models for Value-Added Tax Legislation

    DEFF Research Database (Denmark)

    Nielsen, Morten Ib; Simonsen, Jakob Grue; Larsen, Ken Friis

    -specific needs. Currently, these difficulties are handled in most major ERP systems by customising and localising the native code of the ERP systems for each specific country and industry. We propose an alternative that uses logical modeling of VAT legislation. The potential benefit is to eventually transform...... such a model automatically into programs that essentially will replace customisation and localisation by con¿guration by changing parameters in the model. In particular, we: (1) identify a number of requirements for such modeling, including requirements for the underlying logic; (2) model salient parts...

  13. Realization and Application of Customer Attrition Early Warning Model in Security Company

    Directory of Open Access Journals (Sweden)

    Shen Yizhen

    2012-09-01

    Full Text Available In this paper, we propose the customer attrition early warning model based on data warehouse and data mining technologies, which is achieved and applied in our security company. The modeling variables can be selected by means of the combination with decision tree and the gradual regression in Logistic regression. Then customer attrition early warning model can be constructed based on Logistic regression. The results show that the model can strongly promote the customer attrition capturing rate, push on the building of the company customer marketing management and customer service management organization, and economize the marketing cost. The company profits promotion and trade competitive power can be promised.

  14. A DPSIR model for ecological security assessment through indicator screening: a case study at Dianchi Lake in China.

    Science.gov (United States)

    Wang, Zhen; Zhou, Jingqing; Loaiciga, Hugo; Guo, Huaicheng; Hong, Song

    2015-01-01

    Given the important role of lake ecosystems in social and economic development, and the current severe environmental degradation in China, a systematic diagnosis of the ecological security of lakes is essential for sustainable development. A Driving-force, Pressure, Status, Impact, and Risk (DPSIR) model, combined with data screening for lake ecological security assessment was developed to overcome the disadvantages of data selection in existing assessment methods. Correlation and principal component analysis were used to select independent and representative data. The DPSIR model was then applied to evaluate the ecological security of Dianchi Lake in China during 1988-2007 using an ecological security index. The results revealed a V-shaped trend. The application of the DPSIR model with data screening provided useful information regarding the status of the lake's ecosystem, while ensuring information efficiency and eliminating multicollinearity. The modeling approach described here is practical and operationally efficient, and provides an attractive alternative approach to assess the ecological security of lakes.

  15. Digital Avionics Information System (DAIS): Training Requirements Analysis Model (TRAMOD).

    Science.gov (United States)

    Czuchry, Andrew J.; And Others

    The training requirements analysis model (TRAMOD) described in this report represents an important portion of the larger effort called the Digital Avionics Information System (DAIS) Life Cycle Cost (LCC) Study. TRAMOD is the second of three models that comprise an LCC impact modeling system for use in the early stages of system development. As…

  16. Security during the Construction of New Nuclear Power Plants: Technical Basis for Access Authorization and Fitness-For-Duty Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Branch, Kristi M.; Baker, Kathryn A.

    2009-09-01

    A technical letter report to the NRC summarizing the findings of a benchmarking study, literature review, and workshop with experts on current industry standards and expert judgments about needs for security during the construction phase of critical infrastructure facilities in the post-September 11 U.S. context, with a special focus on the construction phase of nuclear power plants and personnel security measures.

  17. Requirements Validation: Execution of UML Models with CPN Tools

    DEFF Research Database (Denmark)

    Machado, Ricardo J.; Lassen, Kristian Bisgaard; Oliveira, Sérgio

    2007-01-01

    Requirements validation is a critical task in any engineering project. The confrontation of stakeholders with static requirements models is not enough, since stakeholders with non-computer science education are not able to discover all the inter-dependencies between the elicited requirements. Eve...... requirements, where the system to be built must explicitly support the interaction between people within a pervasive cooperative workflow execution. A case study from a real project is used to illustrate the proposed approach.......Requirements validation is a critical task in any engineering project. The confrontation of stakeholders with static requirements models is not enough, since stakeholders with non-computer science education are not able to discover all the inter-dependencies between the elicited requirements. Even...... with simple unified modelling language (UML) requirements models, it is not easy for the development team to get confidence on the stakeholders' requirements validation. This paper describes an approach, based on the construction of executable interactive prototypes, to support the validation of workflow...

  18. 主动网络安全结构模型设计%Design of Secure System Architecture Model for Active Network

    Institute of Scientific and Technical Information of China (English)

    夏正友; 张世永

    2002-01-01

    介绍了主动网络安全系统的假设模型和威胁模型.基于上述模型和主动网络的安全需要提出了一种安全系统结构模型.该安全模型包括授权、认证、完整性检查和加密等.使用加密和数字签名方法来保护主动网络报文的完整性,使用授权和政策来阻止非法访问以及主动节点的资源请求和行为.%In this paper, the assumption model and the threat model of active network security system are introduced. A secure system architecture model based on these models and security requirement is presented. Definition of secure system architecture model includes authentication, authorization, integrity and encryption. To protect the integrity of the contents of active packet, the encryption and the digital signatures can be employed and the authorization mechanisms or policies are defined and enforced to provide controlled access to the active node resources.

  19. GENERAL REQUIREMENTS FOR SIMULATION MODELS IN WASTE MANAGEMENT

    Energy Technology Data Exchange (ETDEWEB)

    Miller, Ian; Kossik, Rick; Voss, Charlie

    2003-02-27

    Most waste management activities are decided upon and carried out in a public or semi-public arena, typically involving the waste management organization, one or more regulators, and often other stakeholders and members of the public. In these environments, simulation modeling can be a powerful tool in reaching a consensus on the best path forward, but only if the models that are developed are understood and accepted by all of the parties involved. These requirements for understanding and acceptance of the models constrain the appropriate software and model development procedures that are employed. This paper discusses requirements for both simulation software and for the models that are developed using the software. Requirements for the software include transparency, accessibility, flexibility, extensibility, quality assurance, ability to do discrete and/or continuous simulation, and efficiency. Requirements for the models that are developed include traceability, transparency, credibility/validity, and quality control. The paper discusses these requirements with specific reference to the requirements for performance assessment models that are used for predicting the long-term safety of waste disposal facilities, such as the proposed Yucca Mountain repository.

  20. Junos Security

    CERN Document Server

    Cameron, Rob; Giecco, Patricio; Eberhard, Timothy; Quinn, James

    2010-01-01

    Junos® Security is the complete and authorized introduction to the new Juniper Networks SRX hardware series. This book not only provides a practical, hands-on field guide to deploying, configuring, and operating SRX, it also serves as a reference to help you prepare for any of the Junos Security Certification examinations offered by Juniper Networks. Network administrators and security professionals will learn how to use SRX Junos services gateways to address an array of enterprise data network requirements -- including IP routing, intrusion detection, attack mitigation, unified threat manag