WorldWideScience

Sample records for software security rules

  1. Lecture 2: Software Security

    CERN Multimedia

    CERN. Geneva

    2013-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development, testing and deployment. Sebastian Lopienski is CERN’s deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and ...

  2. Addressing Software Security

    Science.gov (United States)

    Bailey, Brandon

    2015-01-01

    Historically security within organizations was thought of as an IT function (web sites/servers, email, workstation patching, etc.) Threat landscape has evolved (Script Kiddies, Hackers, Advanced Persistent Threat (APT), Nation States, etc.) Attack surface has expanded -Networks interconnected!! Some security posture factors Network Layer (Routers, Firewalls, etc.) Computer Network Defense (IPS/IDS, Sensors, Continuous Monitoring, etc.) Industrial Control Systems (ICS) Software Security (COTS, FOSS, Custom, etc.)

  3. Software Safety and Security

    CERN Document Server

    Nipkow, T; Hauptmann, B

    2012-01-01

    Recent decades have seen major advances in methods and tools for checking the safety and security of software systems. Automatic tools can now detect security flaws not only in programs of the order of a million lines of code, but also in high-level protocol descriptions. There has also been something of a breakthrough in the area of operating system verification. This book presents the lectures from the NATO Advanced Study Institute on Tools for Analysis and Verification of Software Safety and Security; a summer school held at Bayrischzell, Germany, in 2011. This Advanced Study Institute was

  4. Security System Software

    Science.gov (United States)

    1993-01-01

    C Language Integration Production System (CLIPS), a NASA-developed expert systems program, has enabled a security systems manufacturer to design a new generation of hardware. C.CURESystem 1 Plus, manufactured by Software House, is a software based system that is used with a variety of access control hardware at installations around the world. Users can manage large amounts of information, solve unique security problems and control entry and time scheduling. CLIPS acts as an information management tool when accessed by C.CURESystem 1 Plus. It asks questions about the hardware and when given the answer, recommends possible quick solutions by non-expert persons.

  5. Secure software development training course

    Directory of Open Access Journals (Sweden)

    Victor S. Gorbatov

    2017-06-01

    Full Text Available Information security is one of the most important criteria for the quality of developed software. To obtain a sufficient level of application security companies implement security process into software development life cycle. At this stage software companies encounter with deficit employees who able to solve problems of software design, implementation and application security. This article provides a description of the secure software development training course. Training course of application security is designed for co-education students of different IT-specializations.

  6. Core software security security at the source

    CERN Document Server

    Ransome, James

    2013-01-01

    First and foremost, Ransome and Misra have made an engaging book that will empower readers in both large and small software development and engineering organizations to build security into their products. This book clarifies to executives the decisions to be made on software security and then provides guidance to managers and developers on process and procedure. Readers are armed with firm solutions for the fight against cyber threats.-Dr. Dena Haritos Tsamitis. Carnegie Mellon UniversityIn the wake of cloud computing and mobile apps, the issue of software security has never been more importan

  7. Online Rule Generation Software Process Model

    OpenAIRE

    Sudeep Marwaha; Alka Aroa; Satma M C; Rajni Jain; R C Goyal

    2013-01-01

    For production systems like expert systems, a rule generation software can facilitate the faster deployment. The software process model for rule generation using decision tree classifier refers to the various steps required to be executed for the development of a web based software model for decision rule generation. The Royce’s final waterfall model has been used in this paper to explain the software development process. The paper presents the specific output of various steps of modified wat...

  8. Software Design Level Security Vulnerabilities

    OpenAIRE

    S. Rehman; K. Mustafa

    2011-01-01

    Several thousand software design vulnerabilities have been reported through established databases. But they need to be structured and classified to be optimally usable in the pursuit of minimal and effective mitigation mechanism. In order we developed a criterion set for a communicative description of the same to serve the purpose as a taxonomic description of security vulnerabilities, arising in the design phase of Software development lifecycle. This description is a part of an effort to id...

  9. Finding Security Patterns to Countermeasure Software Vulnerabilities

    OpenAIRE

    Borstad, Ole Gunnar

    2008-01-01

    Software security is an increasingly important part of software development as the risk from attackers is constantly evolving through increased exposure, threats and economic impact of security breaches. Emerging security literature describes expert knowledge such as secure development best practices. This knowledge is often not applied by software developers because they lack security awareness, security training and secure development methods and tools. Existing methods and tools require to...

  10. Graphs for information security control in software defined networks

    Science.gov (United States)

    Grusho, Alexander A.; Abaev, Pavel O.; Shorgin, Sergey Ya.; Timonina, Elena E.

    2017-07-01

    Information security control in software defined networks (SDN) is connected with execution of the security policy rules regulating information accesses and protection against distribution of the malicious code and harmful influences. The paper offers a representation of a security policy in the form of hierarchical structure which in case of distribution of resources for the solution of tasks defines graphs of admissible interactions in a networks. These graphs define commutation tables of switches via the SDN controller.

  11. Tools & training for more secure software

    CERN Multimedia

    CERN. Geneva

    2017-01-01

    Just by fate of nature, software today is shipped out as “beta”, coming with vulnerabilities and weaknesses, which should already have been fixed at the programming stage. This presentation will show the consequences of suboptimal software, why good programming, thorough software design, and a proper software development process is imperative for the overall security of the Organization, and how a few simple tools and training are supposed to make CERN software more secure.

  12. Security Risk Assessment in Software Development Projects

    OpenAIRE

    Svendsen, Heidi

    2017-01-01

    Software security is increasing in importance, linearly with vulnerabilities caused by software flaws. It is not possible to spend all the project s resources on software security. To spend the resources given to security in an effective way, one should know what is most important to protect. By performing a risk analysis the project know which vulnerabilities they face. A risk analysis will prioritise the vulnerabilities, and when the vulnerabilities are prioritised the project know where th...

  13. Software Security and the "Building Security in Maturity" Model

    CERN Document Server

    CERN. Geneva

    2011-01-01

    Using the framework described in my book "Software Security: Building Security In" I will discuss and describe the state of the practice in software security. This talk is peppered with real data from the field, based on my work with several large companies as a Cigital consultant. As a discipline, software security has made great progress over the last decade. Of the sixty large-scale software security initiatives we are aware of, thirty-two---all household names---are currently included in the BSIMM study. Those companies among the thirty-two who graciously agreed to be identified include: Adobe, Aon, Bank of America, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, Google, Intel, Intuit, McKesson, Microsoft, Nokia, QUALCOMM, Sallie Mae, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, VMware, and Wells Fargo. The BSIMM was created by observing and analyzing real-world data from thirty-two leading software security initiatives. The BSIMM can...

  14. Capturing security requirements for software systems.

    Science.gov (United States)

    El-Hadary, Hassan; El-Kassas, Sherif

    2014-07-01

    Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.

  15. Capturing security requirements for software systems

    Directory of Open Access Journals (Sweden)

    Hassan El-Hadary

    2014-07-01

    Full Text Available Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.

  16. Capturing security requirements for software systems

    Science.gov (United States)

    El-Hadary, Hassan; El-Kassas, Sherif

    2014-01-01

    Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way. PMID:25685514

  17. Security patterns in practice designing secure architectures using software patterns

    CERN Document Server

    Fernandez-Buglioni, Eduardo

    2013-01-01

    Learn to combine security theory and code to produce secure systems Security is clearly a crucial issue to consider during the design and implementation of any distributed software architecture. Security patterns are increasingly being used by developers who take security into serious consideration from the creation of their work. Written by the authority on security patterns, this unique book examines the structure and purpose of security patterns, illustrating their use with the help of detailed implementation advice, numerous code samples, and descriptions in UML. Provides

  18. Extending the agile development process to develop acceptably secure software

    NARCIS (Netherlands)

    Ben Othmane, L.; Angin, P.; Weffers, H.T.G.; Bhargava, B.

    2013-01-01

    The agile software development approach makes developing secure software challenging. Existing approaches for extending the agile development process, which enables incremental and iterative software development, fall short of providing a method for efficiently ensuring the security of the software

  19. 17 CFR 240.17a-1 - Recordkeeping rule for national securities exchanges, national securities associations...

    Science.gov (United States)

    2010-04-01

    ... national securities exchanges, national securities associations, registered clearing agencies and the... Certain Stabilizing Activities § 240.17a-1 Recordkeeping rule for national securities exchanges, national...) Every national securities exchange, national securities association, registered clearing agency and the...

  20. Effective software-oriented cryptosystem in complex PC security software

    Directory of Open Access Journals (Sweden)

    A. Moldovyan

    1995-02-01

    Full Text Available To ensure high encryption rate and good data security, an organization of an encipherement program in the form of two modules was proposed. The first module is used for customizing the second one, the latter being the resident of the program, which maintains all application calls about encryption procedures. This approach is shown to be perspective for the elaboration of the cryptosystems with indefinite cryptalgorithm. Several typical software-oriented cryptoschemes are considered. The developed cryptomodules have high encipherement rate (2-10 Mbps for Intel 386 and secure high information protection level Organization of a new computer security software complex COBRA is considered. High enciphering rate and good data protection are provided by the resident cryptomodule using less than 1 kbyte of the main memory and working in dynamic encryption mode.

  1. Designing Fuzzy Rule Based Expert System for Cyber Security

    OpenAIRE

    Goztepe, Kerim

    2016-01-01

    The state of cyber security has begun to attract more attention and interest outside the community of computer security experts. Cyber security is not a single problem, but rather a group of highly different problems involving different sets of threats. Fuzzy Rule based system for cyber security is a system consists of a rule depository and a mechanism for accessing and running the rules. The depository is usually constructed with a collection of related rule sets. The aim of this study is to...

  2. Software For Computer-Security Audits

    Science.gov (United States)

    Arndt, Kate; Lonsford, Emily

    1994-01-01

    Information relevant to potential breaches of security gathered efficiently. Automated Auditing Tools for VAX/VMS program includes following automated software tools performing noted tasks: Privileged ID Identification, program identifies users and their privileges to circumvent existing computer security measures; Critical File Protection, critical files not properly protected identified; Inactive ID Identification, identifications of users no longer in use found; Password Lifetime Review, maximum lifetimes of passwords of all identifications determined; and Password Length Review, minimum allowed length of passwords of all identifications determined. Written in DEC VAX DCL language.

  3. Framework for Securing Mobile Software Agents

    OpenAIRE

    Mwakalinga, G Jeffy; Yngström, Louise

    2006-01-01

    Information systems are growing in size and complexity making it infeasible for human administrators to manage them. The aim of this work is to study ways of securing and using mobile software agents to deter attackers, protect information systems, detect intrusions, automatically respond to the intrusions and attacks, and to produce recovery services to systems after attacks. Current systems provide intrusion detection, prevention, protection, response, and recovery services but most of thes...

  4. Interactive Synthesis of Code Level Security Rules

    Science.gov (United States)

    2017-04-01

    Proceedings of the 9th ACM conference on Computer and communications security, pages 235–244. ACM, 2002. [19] J. Davis. Hacking of government computers...Inductive programming meets the real world. Communications of the ACM, 58(11):90–99, 2015. [24] S. Hallem, B. Chelf, Y. Xie, and D. Engler. A system and...Software Engineering, pages 462–473. ACM, 2015. [37] S. H. Muggleton, D. Lin, and A. Tamaddoni-Nezhad. Meta-interpretive learning of higher- order dyadic

  5. A rule-based software test data generator

    Science.gov (United States)

    Deason, William H.; Brown, David B.; Chang, Kai-Hsiung; Cross, James H., II

    1991-01-01

    Rule-based software test data generation is proposed as an alternative to either path/predicate analysis or random data generation. A prototype rule-based test data generator for Ada programs is constructed and compared to a random test data generator. Four Ada procedures are used in the comparison. Approximately 2000 rule-based test cases and 100,000 randomly generated test cases are automatically generated and executed. The success of the two methods is compared using standard coverage metrics. Simple statistical tests showing that even the primitive rule-based test data generation prototype is significantly better than random data generation are performed. This result demonstrates that rule-based test data generation is feasible and shows great promise in assisting test engineers, especially when the rule base is developed further.

  6. COLLABORATIVE NETWORK SECURITY MANAGEMENT SYSTEM BASED ON ASSOCIATION MINING RULE

    Directory of Open Access Journals (Sweden)

    Nisha Mariam Varughese

    2014-07-01

    Full Text Available Security is one of the major challenges in open network. There are so many types of attacks which follow fixed patterns or frequently change their patterns. It is difficult to find the malicious attack which does not have any fixed patterns. The Distributed Denial of Service (DDoS attacks like Botnets are used to slow down the system performance. To address such problems Collaborative Network Security Management System (CNSMS is proposed along with the association mining rule. CNSMS system is consists of collaborative Unified Threat Management (UTM, cloud based security centre and traffic prober. The traffic prober captures the internet traffic and given to the collaborative UTM. Traffic is analysed by the Collaborative UTM, to determine whether it contains any malicious attack or not. If any security event occurs, it will reports to the cloud based security centre. The security centre generates security rules based on association mining rule and distributes to the network. The cloud based security centre is used to store the huge amount of tragic, their logs and the security rule generated. The feedback is evaluated and the invalid rules are eliminated to improve the system efficiency.

  7. Verifying Architectural Design Rules of the Flight Software Product Line

    Science.gov (United States)

    Ganesan, Dharmalingam; Lindvall, Mikael; Ackermann, Chris; McComas, David; Bartholomew, Maureen

    2009-01-01

    This paper presents experiences of verifying architectural design rules of the NASA Core Flight Software (CFS) product line implementation. The goal of the verification is to check whether the implementation is consistent with the CFS architectural rules derived from the developer's guide. The results indicate that consistency checking helps a) identifying architecturally significant deviations that were eluded during code reviews, b) clarifying the design rules to the team, and c) assessing the overall implementation quality. Furthermore, it helps connecting business goals to architectural principles, and to the implementation. This paper is the first step in the definition of a method for analyzing and evaluating product line implementations from an architecture-centric perspective.

  8. A Development Framework for Software Security in Nuclear Safety Systems: Integrating Secure Development and System Security Activities

    Energy Technology Data Exchange (ETDEWEB)

    Park, Jaekwan; Suh, Yongsuk [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2014-02-15

    The protection of nuclear safety software is essential in that a failure can result in significant economic loss and physical damage to the public. However, software security has often been ignored in nuclear safety software development. To enforce security considerations, nuclear regulator commission recently issued and revised the security regulations for nuclear computer-based systems. It is a great challenge for nuclear developers to comply with the security requirements. However, there is still no clear software development process regarding security activities. This paper proposes an integrated development process suitable for the secure development requirements and system security requirements described by various regulatory bodies. It provides a three-stage framework with eight security activities as the software development process. Detailed descriptions are useful for software developers and licensees to understand the regulatory requirements and to establish a detailed activity plan for software design and engineering.

  9. An Analysis of Open Source Security Software Products Downloads

    Science.gov (United States)

    Barta, Brian J.

    2014-01-01

    Despite the continued demand for open source security software, a gap in the identification of success factors related to the success of open source security software persists. There are no studies that accurately assess the extent of this persistent gap, particularly with respect to the strength of the relationships of open source software…

  10. Technology safeguards needed as security rule audits loom.

    Science.gov (United States)

    Gersh, Deborah; Hoey, Laura G; McCrystal, Timothy M; Tolley, David C

    2012-05-01

    The Department of Health and Human Services will conduct security rule audits that will involve on-site visits and include: Compliance-focused interviews with key organizational leaders. Scrutiny of physical operations controls, especially regarding storage, maintenance, and use of protected health information. Assessment of organizational policies and procedures to ensure compliance with privacy and security rules. Identification of regulatory compliance areas of concern.

  11. Addressing software security and mitigations in the life cycle

    Science.gov (United States)

    Gilliam, David; Powell, John; Haugh, Eric; Bishop, Matt

    2004-01-01

    Traditionally, security is viewed as an organizational and Information Technology (IT) systems function comprising of firewalls, intrusion detection systems (IDS), system security settings and patches to the operating system (OS) and applications running on it. Until recently, little thought has been given to the importance of security as a formal approach in the software life cycle. The Jet Propulsion Laboratory has approached the problem through the development of an integrated formal Software Security Assessment Instrument (SSAI) with six foci for the software life cycle.

  12. Security Risks: Management and Mitigation in the Software Life Cycle

    Science.gov (United States)

    Gilliam, David P.

    2004-01-01

    A formal approach to managing and mitigating security risks in the software life cycle is requisite to developing software that has a higher degree of assurance that it is free of security defects which pose risk to the computing environment and the organization. Due to its criticality, security should be integrated as a formal approach in the software life cycle. Both a software security checklist and assessment tools should be incorporated into this life cycle process and integrated with a security risk assessment and mitigation tool. The current research at JPL addresses these areas through the development of a Sotfware Security Assessment Instrument (SSAI) and integrating it with a Defect Detection and Prevention (DDP) risk management tool.

  13. A Novel Rules Based Approach for Estimating Software Birthmark

    Science.gov (United States)

    Binti Alias, Norma; Anwar, Sajid

    2015-01-01

    Software birthmark is a unique quality of software to detect software theft. Comparing birthmarks of software can tell us whether a program or software is a copy of another. Software theft and piracy are rapidly increasing problems of copying, stealing, and misusing the software without proper permission, as mentioned in the desired license agreement. The estimation of birthmark can play a key role in understanding the effectiveness of a birthmark. In this paper, a new technique is presented to evaluate and estimate software birthmark based on the two most sought-after properties of birthmarks, that is, credibility and resilience. For this purpose, the concept of soft computing such as probabilistic and fuzzy computing has been taken into account and fuzzy logic is used to estimate properties of birthmark. The proposed fuzzy rule based technique is validated through a case study and the results show that the technique is successful in assessing the specified properties of the birthmark, its resilience and credibility. This, in turn, shows how much effort will be required to detect the originality of the software based on its birthmark. PMID:25945363

  14. Recent Developments in Low-Level Software Security

    OpenAIRE

    Agten , Pieter; Nikiforakis , Nick; Strackx , Raoul; Groef , Willem ,; Piessens , Frank

    2012-01-01

    Part 1: Keynotes; International audience; An important objective for low-level software security research is to develop techniques that make it harder to launch attacks that exploit implementation details of the system under attack. Baltopoulos and Gordon have summarized this as the principle of source-based reasoning for security: security properties of a software system should follow from review of the source code and its source-level semantics, and should not depend on details of the compi...

  15. The HIPAA Security Rule: implications for biomedical devices.

    Science.gov (United States)

    2004-11-01

    The HIPAA Security Rule, with which hospitals must become compliant by April 2005, is broad in scope. Some aspect of this rule will affect virtually every function and department within a healthcare organization. The functions and departments that deal with biomedical technologies face special challenges due to the great diversity of technologies, the variety of data maintained and transmitted, and the risks associated with compromises to data security--combined with the presence of older technology and the absence of integrated expertise. It is essential that hospitals recognize this challenge and initiate steps now to implement appropriate information security management.

  16. 76 FR 68243 - Social Security Rulings, SSR 91-1c and SSR 66-18c; Rescission of Social Security Rulings (SSR) 66...

    Science.gov (United States)

    2011-11-03

    ..., Social Security Online, at http://www.socialsecurity.gov . SUPPLEMENTARY INFORMATION: SSRs make available... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2011-0068] Social Security Rulings, SSR 91-1c and SSR 66-18c; Rescission of Social Security Rulings (SSR) 66-18c and SSR 91-1c AGENCY: Social Security...

  17. Dynamic Construction Scheme for Virtualization Security Service in Software-Defined Networks.

    Science.gov (United States)

    Lin, Zhaowen; Tao, Dan; Wang, Zhenji

    2017-04-21

    For a Software Defined Network (SDN), security is an important factor affecting its large-scale deployment. The existing security solutions for SDN mainly focus on the controller itself, which has to handle all the security protection tasks by using the programmability of the network. This will undoubtedly involve a heavy burden for the controller. More devastatingly, once the controller itself is attacked, the entire network will be paralyzed. Motivated by this, this paper proposes a novel security protection architecture for SDN. We design a security service orchestration center in the control plane of SDN, and this center physically decouples from the SDN controller and constructs SDN security services. We adopt virtualization technology to construct a security meta-function library, and propose a dynamic security service composition construction algorithm based on web service composition technology. The rule-combining method is used to combine security meta-functions to construct security services which meet the requirements of users. Moreover, the RETE algorithm is introduced to improve the efficiency of the rule-combining method. We evaluate our solutions in a realistic scenario based on OpenStack. Substantial experimental results demonstrate the effectiveness of our solutions that contribute to achieve the effective security protection with a small burden of the SDN controller.

  18. Software To Secure Distributed Propulsion Simulations

    Science.gov (United States)

    Blaser, Tammy M.

    2003-01-01

    Distributed-object computing systems are presented with many security threats, including network eavesdropping, message tampering, and communications middleware masquerading. NASA Glenn Research Center, and its industry partners, has taken an active role in mitigating the security threats associated with developing and operating their proprietary aerospace propulsion simulations. In particular, they are developing a collaborative Common Object Request Broker Architecture (CORBA) Security (CORBASec) test bed to secure their distributed aerospace propulsion simulations. Glenn has been working with its aerospace propulsion industry partners to deploy the Numerical Propulsion System Simulation (NPSS) object-based technology. NPSS is a program focused on reducing the cost and time in developing aerospace propulsion engines

  19. Signing and security of Hue software

    NARCIS (Netherlands)

    Anastasov, I.

    2017-01-01

    Developing software for the Hue devices poses plenty of challenges among the engineers at Philips Lighting. These challenges arise at each stage of the Software Development Life-Cycle (SDLC). Improvement of it is of immense importance to the Philips Lighting. This report describes a project which

  20. Cyber Security: Rule of Use Internet Safely?

    OpenAIRE

    -, Maskun

    2013-01-01

    International Journal Cyber security plays on important role to guarantee and protect people who use internet in their daily life. Some cases take place around the world that people get inconvenience condition when they access and use internet. Misuse of internet becomes a current issue which some cases take place including a university. Advantages of using internet in the university of course assist the student to get some information in internet. However, they have to be protected in ord...

  1. Secure Software Configuration Management Processes for nuclear safety software development environment

    International Nuclear Information System (INIS)

    Chou, I.-Hsin

    2011-01-01

    Highlights: → The proposed method emphasizes platform-independent security processes. → A hybrid process based on the nuclear SCM and security regulations is proposed. → Detailed descriptions and Process Flow Diagram are useful for software developers. - Abstract: The main difference between nuclear and generic software is that the risk factor is infinitely greater in nuclear software - if there is a malfunction in the safety system, it can result in significant economic loss, physical damage or threat to human life. However, secure software development environment have often been ignored in the nuclear industry. In response to the terrorist attacks on September 11, 2001, the US Nuclear Regulatory Commission (USNRC) revised the Regulatory Guide (RG 1.152-2006) 'Criteria for use of computers in safety systems of nuclear power plants' to provide specific security guidance throughout the software development life cycle. Software Configuration Management (SCM) is an essential discipline in the software development environment. SCM involves identifying configuration items, controlling changes to those items, and maintaining integrity and traceability of them. For securing the nuclear safety software, this paper proposes a Secure SCM Processes (S 2 CMP) which infuses regulatory security requirements into proposed SCM processes. Furthermore, a Process Flow Diagram (PFD) is adopted to describe S 2 CMP, which is intended to enhance the communication between regulators and developers.

  2. FAS: Using FPGA to Accelerate and Secure SDN Software Switches

    Directory of Open Access Journals (Sweden)

    Wenwen Fu

    2018-01-01

    Full Text Available Software-Defined Networking (SDN promises the vision of more flexible and manageable networks but requires certain level of programmability in the data plane to accommodate different forwarding abstractions. SDN software switches running on commodity multicore platforms are programmable and are with low deployment cost. However, the performance of SDN software switches is not satisfactory due to the complex forwarding operations on packets. Moreover, this may hinder the performance of real-time security on software switch. In this paper, we analyze the forwarding procedure and identify the performance bottleneck of SDN software switches. An FPGA-based mechanism for accelerating and securing SDN switches, named FAS (FPGA-Accelerated SDN software switch, is proposed to take advantage of the reconfigurability and high-performance advantages of FPGA. FAS improves the performance as well as the capacity against malicious traffic attacks of SDN software switches by offloading some functional modules. We validate FAS on an FPGA-based network processing platform. Experiment results demonstrate that the forwarding rate of FAS can be 44% higher than the original SDN software switch. In addition, FAS provides new opportunity to enhance the security of SDN software switches by allowing the deployment of bump-in-the-wire security modules (such as packet detectors and filters in FPGA.

  3. Foundations for Security Aware Software Development Education

    National Research Council Canada - National Science Library

    McDonald, Jeffrey T

    2005-01-01

    .... In this paper, we show how rigorous coding techniques should be woven into the fabric of computer science curriculum and ultimately should be distinguished from requirements-driven security techniques...

  4. Integrating semantic web and software agents : Exchanging RIF and BDI rules

    NARCIS (Netherlands)

    Gong, Y.; Overbeek, S.J.

    2011-01-01

    Software agents and rules are both used for creating flexibility. Exchanging rules between Semantic Web and agents can ensure consistency in rules and support easy updating and changing of rules. The Rule Interchange Format (RIF) is a new W3C recommendation Semantic Web standard for exchanging rules

  5. Foundations for Security Aware Software Development Education

    National Research Council Canada - National Science Library

    McDonald, Jeffrey T

    2005-01-01

    Software vulnerability is part and parcel of modern information systems. Even though eliminating all vulnerability is not possible, reducing exploitable code can be accomplished long term by laying the right programming foundations...

  6. Ensuring system security through formal software evaluation

    Energy Technology Data Exchange (ETDEWEB)

    Howell, J A; Fuyat, C [Los Alamos National Lab., NM (United States); Elvy, M [Marble Associates, Boston, MA (United States)

    1992-01-01

    With the increasing use of computer systems and networks to process safeguards information in nuclear facilities, the issue of system and data integrity is receiving worldwide attention. Among the many considerations are validation that the software performs as intended and that the information is adequately protected. Such validations are often requested of the Safeguards Systems Group of the Los Alamos National Laboratory. This paper describes our methodology for performing these software evaluations.

  7. METHOD FOR SECURITY SPECIFICATION SOFTWARE REQUIREMENTS AS A MEANS FOR IMPLEMENTING A SOFTWARE DEVELOPMENT PROCESS SECURE - MERSEC

    Directory of Open Access Journals (Sweden)

    Castro Mecías, L.T.

    2015-06-01

    Full Text Available Often security incidents that have the object or use the software as a means of causing serious damage and legal, economic consequences, etc. Results of a survey by Kaspersky Lab reflectvulnerabilities in software are the main cause of security incidents in enterprises, the report shows that 85% of them have reported security incidents and vulnerabilities in software are the main reason is further estimated that incidents can cause significant losses estimated from 50,000 to $ 649.000. (1 In this regard academic and industry research focuses on proposals based on reducing vulnerabilities and failures of technology, with a positive influence on how the software is developed. A development process for improved safety practices and should include activities from the initial phases of the software; so that security needs are identified, manage risk and appropriate measures are implemented. This article discusses a method of analysis, acquisition and requirements specification of the software safety analysis on the basis of various proposals and deficiencies identified from participant observation in software development teams. Experiments performed using the proposed yields positive results regarding the reduction of security vulnerabilities and compliance with the safety objectives of the software.

  8. Software Security Assurance: A State-of-Art Report (SAR)

    Science.gov (United States)

    2007-07-31

    analysis of security management processes: includes organizational assessment, asset valuation , threat identification, vulnerability assessment...Available from: http://www.cigital.com/papers/download/bsi2-misuse.pdf 200 Meledath Damodaran , “Secure Software Development Using Use Cases and Misuse

  9. Computer Security: improve software, avoid blunder

    CERN Multimedia

    Computer Security Team

    2014-01-01

    Recently, a severe vulnerability has been made public about how Apple devices are wrongly handling encryption. This vulnerability rendered SSL/TLS protection useless, and permitted attackers checking out a wireless network to capture or modify data in encrypted sessions.   In other words, all confidential data like passwords, banking information, etc. could have been siphoned off by a targeted attack. While Apple has been quick in providing adequate security patches for iOS devices and Macs, it is an excellent example of how small mistakes can lead to big security holes. Here is the corresponding code from Apple’s Open Source repository. Can you spot the issue? 1 static OSStatus 2 SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams, uint8_t *signature, UInt16 signatureLen) 3 { 4              OSStatus &nb...

  10. Rules of thumb to increase the software quality through testing

    Science.gov (United States)

    Buttu, M.; Bartolini, M.; Migoni, C.; Orlati, A.; Poppi, S.; Righini, S.

    2016-07-01

    The software maintenance typically requires 40-80% of the overall project costs, and this considerable variability mostly depends on the software internal quality: the more the software is designed and implemented to constantly welcome new changes, the lower will be the maintenance costs. The internal quality is typically enforced through testing, which in turn also affects the development and maintenance costs. This is the reason why testing methodologies have become a major concern for any company that builds - or is involved in building - software. Although there is no testing approach that suits all contexts, we infer some general guidelines learned during the Development of the Italian Single-dish COntrol System (DISCOS), which is a project aimed at producing the control software for the three INAF radio telescopes (the Medicina and Noto dishes, and the newly-built SRT). These guidelines concern both the development and the maintenance phases, and their ultimate goal is to maximize the DISCOS software quality through a Behavior-Driven Development (BDD) workflow beside a continuous delivery pipeline. We consider different topics and patterns; they involve the proper apportion of the tests (from end-to-end to low-level tests), the choice between hardware simulators and mockers, why and how to apply TDD and the dependency injection to increase the test coverage, the emerging technologies available for test isolation, bug fixing, how to protect the system from the external resources changes (firmware updating, hardware substitution, etc.) and, eventually, how to accomplish BDD starting from functional tests and going through integration and unit tests. We discuss pros and cons of each solution and point out the motivations of our choices either as a general rule or narrowed in the context of the DISCOS project.

  11. Software defined wireless sensor networks security challenges

    CSIR Research Space (South Africa)

    Kgogo, T

    2017-09-01

    Full Text Available party development [28]. Moreover, there is a new attack that fingerprints SDN network and launches more efficient resource consumption attacks like DDoS. In general, SDN security vulnerabilities comes from the absence of integration with existing... resilience in NOX that uses its component organization. Moreover, a Primary-Backup method was introduced to enhanve the resilience of the SDN. “SDN-based DDoS blocking scheme” [38] DoS/DDoS attack specifically on the controller DDoS Blocking...

  12. Open Source Software Projects Needing Security Investments

    Science.gov (United States)

    2015-06-19

    modtls, BouncyCastle, gpg, otr, axolotl. 7. Static analyzers: Clang, Frama-C. 8. Nginx. 9. OpenVPN . It was noted that the funding model may be similar...to OpenSSL, where consulting funds the company. It was also noted that OpenVPN needs to correctly use OpenSSL in order to be secure, so focusing on...Dovecot 4. Other high-impact network services: OpenSSH, OpenVPN , BIND, ISC DHCP, University of Delaware NTPD 5. Core infrastructure data parsers

  13. 76 FR 65558 - Rescission of Social Security Ruling 97-2p

    Science.gov (United States)

    2011-10-21

    ...-800-325-0778, or visit our Internet site, Social Security Online, at http://www.socialsecurity.gov... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2007-0092] Rescission of Social Security Ruling 97-2p AGENCY: Social Security Administration. ACTION: Notice of rescission of Social Security Ruling...

  14. The study on network security based on software engineering

    Science.gov (United States)

    Jia, Shande; Ao, Qian

    2012-04-01

    Developing a SP is a sensitive task because the SP itself can lead to security weaknesses if it is not conform to the security properties. Hence, appropriate techniques are necessary to overcome such problems. These techniques must accompany the policy throughout its deployment phases. The main contribution of this paper is then, the proposition of three of these activities: validation, test and multi-SP conflict management. Our techniques are inspired by the well established techniques of the software engineering for which we have found some similarities with the security domain.

  15. Software for security event management: Development and utilization

    Directory of Open Access Journals (Sweden)

    Aleksandr V. Kuznetcov

    2017-11-01

    Full Text Available We address the challenge to the information security coming from the lack of algorithmic machinery for managing the security events. We start with a mathematical formulation of the problem for a tabular processor by introducing an appropriate target function. Details of corresponding algorithm can be found by following the provided links. We describe our original software module that implements the algorithm for determining the registered security events. The module is based on the tabular processor certified by the Russian Federal Service for Technical and Export Control. We present a control sample for testing the developed module. The sample has the dimension 30x20 and contains 14 choices for threshold values of security events number. The results of the tests comply with the specified boundary conditions and demonstrate a nonlinear dependence of the objective function on the number of registered security events, as well as a nonlinear dependence of the percentage of the detected security event on the total initial number of security events to be registered at the event source. The performance of the module specifically, the central processing unit usage is found acceptable (not exceeding 33%, which allows one to use the software for typical automated workplaces equipped with appropriate tabular processors. Our approach is universal with respect to the application areas.

  16. 49 CFR 393.124 - What are the rules for securing concrete pipe?

    Science.gov (United States)

    2010-10-01

    ... 49 Transportation 5 2010-10-01 2010-10-01 false What are the rules for securing concrete pipe? 393... Specific Securement Requirements by Commodity Type § 393.124 What are the rules for securing concrete pipe? (a) Applicability. (1) The rules in this section apply to the transportation of concrete pipe on...

  17. SPCC- Software Elements for Security Partition Communication Controller

    Science.gov (United States)

    Herpel, H. J.; Willig, G.; Montano, G.; Tverdyshev, S.; Eckstein, K.; Schoen, M.

    2016-08-01

    Future satellite missions like Earth Observation, Telecommunication or any other kind are likely to be exposed to various threats aiming at exploiting vulnerabilities of the involved systems and communications. Moreover, the growing complexity of systems coupled with more ambitious types of operational scenarios imply increased security vulnerabilities in the future. In the paper we will describe an architecture and software elements to ensure high level of security on-board a spacecraft. First the threats to the Security Partition Communication Controller (SPCC) will be addressed including the identification of specific vulnerabilities to the SPCC. Furthermore, appropriate security objectives and security requirements are identified to be counter the identified threats. The security evaluation of the SPCC will be done in accordance to the Common Criteria (CC). The Software Elements for SPCC has been implemented on flight representative hardware which consists of two major elements: the I/O board and the SPCC board. The SPCC board provides the interfaces with ground while the I/O board interfaces with typical spacecraft equipment busses. Both boards are physically interconnected by a high speed spacewire (SpW) link.

  18. 17 CFR 41.24 - Rule amendments to security futures products.

    Science.gov (United States)

    2010-04-01

    ... rule amendment relating to a security futures product if the registered derivatives transaction... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Rule amendments to security futures products. 41.24 Section 41.24 Commodity and Securities Exchanges COMMODITY FUTURES TRADING...

  19. Security Vulnerability Profiles of NASA Mission Software: Empirical Analysis of Security Related Bug Reports

    Science.gov (United States)

    Goseva-Popstojanova, Katerina; Tyo, Jacob P.; Sizemore, Brian

    2017-01-01

    NASA develops, runs, and maintains software systems for which security is of vital importance. Therefore, it is becoming an imperative to develop secure systems and extend the current software assurance capabilities to cover information assurance and cybersecurity concerns of NASA missions. The results presented in this report are based on the information provided in the issue tracking systems of one ground mission and one flight mission. The extracted data were used to create three datasets: Ground mission IVV issues, Flight mission IVV issues, and Flight mission Developers issues. In each dataset, we identified the software bugs that are security related and classified them in specific security classes. This information was then used to create the security vulnerability profiles (i.e., to determine how, why, where, and when the security vulnerabilities were introduced) and explore the existence of common trends. The main findings of our work include:- Code related security issues dominated both the Ground and Flight mission IVV security issues, with 95 and 92, respectively. Therefore, enforcing secure coding practices and verification and validation focused on coding errors would be cost effective ways to improve mission's security. (Flight mission Developers issues dataset did not contain data in the Issue Category.)- In both the Ground and Flight mission IVV issues datasets, the majority of security issues (i.e., 91 and 85, respectively) were introduced in the Implementation phase. In most cases, the phase in which the issues were found was the same as the phase in which they were introduced. The most security related issues of the Flight mission Developers issues dataset were found during Code Implementation, Build Integration, and Build Verification; the data on the phase in which these issues were introduced were not available for this dataset.- The location of security related issues, as the location of software issues in general, followed the Pareto

  20. 78 FR 5565 - Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under...

    Science.gov (United States)

    2013-01-25

    ... RIN 0945-AA03 Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules... HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the HIPAA Rules) to improve their... entities Total cost Notices of Privacy Practices.. 700,000 covered $55.9 million. entities. Breach...

  1. Engaging Non-State Security Providers: Whither the Rule of Law?

    Directory of Open Access Journals (Sweden)

    Timothy Donais

    2017-07-01

    Full Text Available The primacy of the rule of law has long been seen as one of the essential principles of security sector reform (SSR programming, and part of the larger gospel of SSR is that the accountability of security providers is best guaranteed by embedding security governance within a rule of law framework. Acknowledging the reality of non-state security provision, however, presents a challenge to thinking about SSR as merely the extension of the rule of law into the security realm, in large part because whatever legitimacy non-state security providers possess tends to be grounded in 'extralegal' foundations. This paper – more conceptual than empirical in its approach – considers the implications of hybrid forms of security governance for thinking about the relationship between SSR and rule of law promotion, and argues that the rule of law still provides a useful source of strategic direction for SSR programming.

  2. Integrating a flexible modeling framework (FMF) with the network security assessment instrument to reduce software security risk

    Science.gov (United States)

    Gilliam, D. P.; Powell, J. D.

    2002-01-01

    This paper presents a portion of an overall research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

  3. 77 FR 54646 - Social Security Acquiescence Ruling (AR) 12-1(8); Correction; Petersen v. Astrue, 633 F.3d 633...

    Science.gov (United States)

    2012-09-05

    ... II of the Social Security Act AGENCY: Social Security Administration. ACTION: Notice of Social Security Acquiescence Ruling; Correction. SUMMARY: The Social Security Administration published a document... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2012-0046] Social Security Acquiescence Ruling (AR...

  4. 77 FR 67724 - Rescission of Social Security Acquiescence Ruling 05-1(9)

    Science.gov (United States)

    2012-11-13

    ...-1213 or TTY 1-800-325-0778, or visit our Internet site, Social Security Online, at http://www... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2012-0058] Rescission of Social Security Acquiescence Ruling 05-1(9) AGENCY: Social Security Administration. [[Page 67725

  5. Coordination and organization of security software process for power information application environment

    Science.gov (United States)

    Wang, Qiang

    2017-09-01

    As an important part of software engineering, the software process decides the success or failure of software product. The design and development feature of security software process is discussed, so is the necessity and the present significance of using such process. Coordinating the function software, the process for security software and its testing are deeply discussed. The process includes requirement analysis, design, coding, debug and testing, submission and maintenance. In each process, the paper proposed the subprocesses to support software security. As an example, the paper introduces the above process into the power information platform.

  6. Personal computer security: part 1. Firewalls, antivirus software, and Internet security suites.

    Science.gov (United States)

    Caruso, Ronald D

    2003-01-01

    Personal computer (PC) security in the era of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) involves two interrelated elements: safeguarding the basic computer system itself and protecting the information it contains and transmits, including personal files. HIPAA regulations have toughened the requirements for securing patient information, requiring every radiologist with such data to take further precautions. Security starts with physically securing the computer. Account passwords and a password-protected screen saver should also be set up. A modern antivirus program can easily be installed and configured. File scanning and updating of virus definitions are simple processes that can largely be automated and should be performed at least weekly. A software firewall is also essential for protection from outside intrusion, and an inexpensive hardware firewall can provide yet another layer of protection. An Internet security suite yields additional safety. Regular updating of the security features of installed programs is important. Obtaining a moderate degree of PC safety and security is somewhat inconvenient but is necessary and well worth the effort. Copyright RSNA, 2003

  7. Security Vulnerability Profiles of Mission Critical Software: Empirical Analysis of Security Related Bug Reports

    Science.gov (United States)

    Goseva-Popstojanova, Katerina; Tyo, Jacob

    2017-01-01

    While some prior research work exists on characteristics of software faults (i.e., bugs) and failures, very little work has been published on analysis of software applications vulnerabilities. This paper aims to contribute towards filling that gap by presenting an empirical investigation of application vulnerabilities. The results are based on data extracted from issue tracking systems of two NASA missions. These data were organized in three datasets: Ground mission IVV issues, Flight mission IVV issues, and Flight mission Developers issues. In each dataset, we identified security related software bugs and classified them in specific vulnerability classes. Then, we created the security vulnerability profiles, i.e., determined where and when the security vulnerabilities were introduced and what were the dominating vulnerabilities classes. Our main findings include: (1) In IVV issues datasets the majority of vulnerabilities were code related and were introduced in the Implementation phase. (2) For all datasets, around 90 of the vulnerabilities were located in two to four subsystems. (3) Out of 21 primary classes, five dominated: Exception Management, Memory Access, Other, Risky Values, and Unused Entities. Together, they contributed from 80 to 90 of vulnerabilities in each dataset.

  8. New fire and security rules change USA nuclear power plant emergency plans

    International Nuclear Information System (INIS)

    Garrou, A.L.

    1978-01-01

    New safety and security rules for nuclear power plants have resulted from the Energy Reorganisation Act and also from a review following the Browns Ferry fire. The content of the emergency plan which covers personnel, plant, site, as well as a general emergency, is outlined. New fire protection rules, the plan for security, local and state government assistance are also discussed, with a brief reference to the impact of the new rules on continuity of operations. (author)

  9. Software Assurance in Acquisition: Mitigating Risks to the Enterprise. A Reference Guide for Security-Enhanced Software Acquisition and Outsourcing

    Science.gov (United States)

    2009-02-01

    Monitoring ISO /IEC 12207 2008(E) IEEE 1062 1998 PMBOK 3.0 Initiating Closing 3. Monitoring & Controlling 1. Planning 2. Executing Follow-on...software life cycles [ ISO /IEC 15026]. Software assurance is a key element of national security and homeland security. It is critical because dramatic...they are met. This may also include a plan for testing that SwA requirements are met. The [NDIA] and [ ISO /IEC 15026] provide details on structure and

  10. Security Requirements Management in Software Product Line Engineering

    Science.gov (United States)

    Mellado, Daniel; Fernández-Medina, Eduardo; Piattini, Mario

    Security requirements engineering is both a central task and a critical success factor in product line development due to the complexity and extensive nature of product lines. However, most of the current product line practices in requirements engineering do not adequately address security requirements engineering. Therefore, in this chapter we will propose a security requirements engineering process (SREPPLine) driven by security standards and based on a security requirements decision model along with a security variability model to manage the variability of the artefacts related to security requirements. The aim of this approach is to deal with security requirements from the early stages of the product line development in a systematic way, in order to facilitate conformance with the most relevant security standards with regard to the management of security requirements, such as ISO/IEC 27001 and ISO/IEC 15408.

  11. Improving cloud network security using tree-rule firewall

    NARCIS (Netherlands)

    He, Xiangjian; Chomsiri, Thawatchai; Nanda, Priyadarsi; Tan, Zhiyuan

    This study proposes a new model of firewall called the ‘Tree-Rule Firewall’, which offers various benefits and is applicable for large networks such as ‘cloud’ networks. The recently available firewalls (i.e., Listed-Rule firewalls) have their limitations in performing the tasks and are inapplicable

  12. The software improvement process - tools and rules to encourage quality

    International Nuclear Information System (INIS)

    Sigerud, K.; Baggiolini, V.

    2012-01-01

    The Applications section of the CERN accelerator controls group has decided to apply a systematic approach to quality assurance (QA), the 'Software Improvement Process' - SIP. This process focuses on three areas: the development process itself, suitable QA tools, and how to practically encourage developers to do QA. For each stage of the development process we have agreed on the recommended activities and deliverables, and identified tools to automate and support the task. For example we do more code reviews. As peer reviews are resource intensive, we only do them for complex parts of a product. As a complement, we are using static code checking tools, like FindBugs and Checkstyle. We also encourage unit testing and have agreed on a minimum level of test coverage recommended for all products, measured using Clover. Each of these tools is well integrated with our IDE (Eclipse) and give instant feedback to the developer about the quality of their code. The major challenges of SIP have been to 1) agree on common standards and configurations, for example common code formatting and Javadoc documentation guidelines, and 2) how to encourage the developers to do QA. To address the second point, we have successfully implemented 'SIP days', i.e. one day dedicated to QA work to which the whole group of developers participates, and 'Top/Flop' lists, clearly indicating the best and worst products with regards to SIP guidelines and standards, for example test coverage. This paper presents the SIP initiative in more detail, summarizing our experience since two years and our future plans. (authors)

  13. SecureCore Software Architecture: Trusted Path Application (TPA) Requirements

    National Research Council Canada - National Science Library

    Clark, Paul C; Irvine, Cynthia E; Levin, Timothy E; Nguyen, Thuy D; Vidas, Timothy M

    2007-01-01

    .... The purpose of the SecureCore research project is to investigate fundamental architectural features required for the trusted operation of mobile computing devices so the security is built-in, transparent and flexible...

  14. Automatic Learning of Fine Operating Rules for Online Power System Security Control.

    Science.gov (United States)

    Sun, Hongbin; Zhao, Feng; Wang, Hao; Wang, Kang; Jiang, Weiyong; Guo, Qinglai; Zhang, Boming; Wehenkel, Louis

    2016-08-01

    Fine operating rules for security control and an automatic system for their online discovery were developed to adapt to the development of smart grids. The automatic system uses the real-time system state to determine critical flowgates, and then a continuation power flow-based security analysis is used to compute the initial transfer capability of critical flowgates. Next, the system applies the Monte Carlo simulations to expected short-term operating condition changes, feature selection, and a linear least squares fitting of the fine operating rules. The proposed system was validated both on an academic test system and on a provincial power system in China. The results indicated that the derived rules provide accuracy and good interpretability and are suitable for real-time power system security control. The use of high-performance computing systems enables these fine operating rules to be refreshed online every 15 min.

  15. Software Implementation of a Secure Firmware Update Solution in an IOT Context

    Directory of Open Access Journals (Sweden)

    Lukas Kvarda

    2016-01-01

    Full Text Available The present paper is concerned with the secure delivery of firmware updates to Internet of Things (IoT devices. Additionally, it deals with the design of a safe and secure bootloader for a UHF RFID reader. A software implementation of a secure firmware update solution is performed. The results show there is space to integrate even more security features into existing devices.

  16. Demographic-Based Perceptions of Adequacy of Software Security's Presence within Individual Phases of the Software Development Life Cycle

    Science.gov (United States)

    Kramer, Aleksey

    2013-01-01

    The topic of software security has become paramount in information technology (IT) related scholarly research. Researchers have addressed numerous software security topics touching on all phases of the Software Development Life Cycle (SDLC): requirements gathering phase, design phase, development phase, testing phase, and maintenance phase.…

  17. Controls Over Operating System and Security Software Supporting the Defense Finance and Accounting Service

    National Research Council Canada - National Science Library

    1993-01-01

    ... programs from one another. Security software provides access controls that restrict the use of computer resources to authorized individuals and limit those individuals to the computer resources required to perform their jobs...

  18. The influence of human factor on security of software intended for educational purposes

    Directory of Open Access Journals (Sweden)

    Valeriy Valentinovich Gurov

    2016-06-01

    Full Text Available The report considers the construction and analysis of attack tree on the software tools intended for educational purposes. This takes into account different groups of attackers. The criterion of security for such tools is introduced.

  19. An Application of Alloy to Static Analysis for Secure Information Flow and Verification of Software Systems

    National Research Council Canada - National Science Library

    Shaffer, Alan B

    2008-01-01

    Within a multilevel secure (MLS) system, flaws in design and implementation can result in overt and covert channels, both of which may be exploited by malicious software to cause unauthorized information flows...

  20. Controls Over Operating System and Security Software Supporting the Defense Finance and Accounting Service

    National Research Council Canada - National Science Library

    McKinney, Terry

    1994-01-01

    This is the final in a series of three audits of management controls over the operating systems and security software used by the information processing centers that support the Defense Finance and Accounting Centers (DFAS...

  1. Security Awareness in Software-Defined Multi-Domain 5G Networks

    Directory of Open Access Journals (Sweden)

    Jani Suomalainen

    2018-03-01

    Full Text Available Fifth generation (5G technologies will boost the capacity and ease the management of mobile networks. Emerging virtualization and softwarization technologies enable more flexible customization of network services and facilitate cooperation between different actors. However, solutions are needed to enable users, operators, and service providers to gain an up-to-date awareness of the security and trustworthiness of 5G systems. We describe a novel framework and enablers for security monitoring, inferencing, and trust measuring. The framework leverages software-defined networking and big data technologies to customize monitoring for different applications. We present an approach for sharing security measurements across administrative domains. We describe scenarios where the correlation of multi-domain information improves the accuracy of security measures with respect to two threats: end-user location tracking and Internet of things (IoT authentication storms. We explore the security characteristics of data flows in software networks dedicated to different applications with a mobile network testbed.

  2. Macroeconomic Implications of Changes in Social Security Rules

    Directory of Open Access Journals (Sweden)

    Bilal Bagis

    2017-02-01

    Full Text Available The Turkish social insurance system has been feverishly debated for years, particularly through its burden on the economy. The most recent reform is an attempt to neutralize the deterioration within the social security system and its effects on the economy. After the recent reform, ‘the way that retirement benefits are calculated’ is changed unfavorably for workers and the minimum age for retirement is increased. In particular, for an agent with 25 years of social security tax payments, the replacement rate is down from 65 percent to 50 percent. On the other hand, retirement age is up from 60 to 65. The aim of this paper is to investigate the macroeconomic effects of these changes using an OLG model. The author’s findings indicate that labor supply, output and capital stock increase when changes above are applied to the benchmark economy calibrated to the Turkish economy data in 2005. A critical change with the current reform is that the marginal benefit of working has become uniform over ages. In a simulation exercise, the marginal retirement benefit in the benchmark economy is changed to be uniform over ages while keeping the size of social security system unchanged. As a result, the benefit of retiring at a later period increases. However, uniform distribution of the marginal benefits itself decreases both the capital stock and output of the economy. Increasing the retirement age, on the other hand, has positive effects on the economy since agents obtain retirement benefits for fewer years and at an older age. Age increase has substantial positive effects on the labor supply, the capital stock, and the output.

  3. Computer Security: How to succeed in software deployment

    CERN Multimedia

    Computer Security Team

    2014-01-01

    The summer student period has ended and we would like to congratulate all those who successfully accomplished their project! In particular, well done to those who managed to develop and deploy sophisticated web applications in the short summer season. Unfortunately, not all web applications made the final cut, moved into production and became visible on the Internet. We had to reject some... let me explain why.   Making a web application visible on the Internet requires an opening in the CERN outer perimeter firewall. Such a request is usually made through the CERN WebReq web interface. As standard procedure, the CERN Computer Security team reviews every request and performs a security assessment. This is where you, your supervisee and the Computer Security team all start to get frustrated. Many summer students delivered awesome web applications with great new functions and a good “look and feel” following precise use cases, using modern web technologies, dashboards, integr...

  4. Vulnerabilities of Software for Mobile Phones and Secure Programming Techniques

    Directory of Open Access Journals (Sweden)

    T. R. Khabibullin

    2012-09-01

    Full Text Available The article reviews the most common mistakes made by developers when writing software for mobile platforms which lead to appearing vulnerabilities that allow attackers to perform various types of attacks. The basic principles of defensive programming are presented.

  5. 78 FR 17066 - Indirect Stock Transfers and Coordination Rule Exceptions; Transfers of Stock or Securities in...

    Science.gov (United States)

    2013-03-19

    ... Indirect Stock Transfers and Coordination Rule Exceptions; Transfers of Stock or Securities in Outbound... issue of the Federal Register, the IRS and the Treasury Department are issuing temporary regulations... stock transfers for certain outbound asset reorganizations. The temporary regulations also modify the...

  6. Security Analysis of a Software Defined Wide Area Network Solution

    OpenAIRE

    Rajendran, Ashok

    2016-01-01

    Enterprise wide area network (WAN) is a private network that connects the computers and other devices across an organisation's branch locations and the data centers. It forms the backbone of enterprise communication. Currently, multiprotocol label switching (MPLS) is commonly used to provide this service. As a recent alternative to MPLS, software-dened wide area networking (SD-WAN) solutions are being introduced as an IP based cloud-networking service for enterprises. SD-WAN virtualizes the n...

  7. Biometric Secured Result Processing Software For Nigerian Tertiary Institutions

    Directory of Open Access Journals (Sweden)

    Oladipo Oluwasegun

    2015-08-01

    Full Text Available Abstract One of the challenges facing result processing in Nigerian tertiary institutions is the problem of insecurity. Untraceable changes are made to students result and this result to various disasters such as innocent people losing their jobs since their innocence cannot be proven. Biometric based systems operate on behavioral and physiological biometric data to identify a person and grant required access to a user. Physiological characteristics such as fingerprint remains unchanged throughout an individuals life time and thus it can serve as a viable means of identifying and authenticating users who are to access a system. In this study fingerprint biometric based result processing software is developed to ensure that users are well authenticated and are made to see only what they are pre-configured to see and work with. The fingerprint authentication system was developed using visual basic.net. Staff fingerprints were enrolled into the system to form a biometric template which the system validates against at every login attempt on the result processing software. The digital personal one touch ID sdk and other libraries were used in developing the authentication system. The result processing software also ensures that all write transactions to the database are confirmed and identified by forcing another biometric authentication at the point of making a write request to the web server and associated database. This ensures that the exact person initiating the transaction was the same user who logged in to the application. The users identified at login and various confirmation milestones set for write transactions are logged into a table for future reference and audit trail. Conclusively the developed system has helped to eradicate the problem of user impersonation by ensuring only authorized users are made to access the software and in-turn participate in result processing activities.

  8. Text Messaging to Communicate With Public Health Audiences: How the HIPAA Security Rule Affects Practice

    Science.gov (United States)

    Karasz, Hilary N.; Eiden, Amy; Bogan, Sharon

    2013-01-01

    Text messaging is a powerful communication tool for public health purposes, particularly because of the potential to customize messages to meet individuals’ needs. However, using text messaging to send personal health information requires analysis of laws addressing the protection of electronic health information. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule is written with flexibility to account for changing technologies. In practice, however, the rule leads to uncertainty about how to make text messaging policy decisions. Text messaging to send health information can be implemented in a public health setting through 2 possible approaches: restructuring text messages to remove personal health information and retaining limited personal health information in the message but conducting a risk analysis and satisfying other requirements to meet the HIPAA Security Rule. PMID:23409902

  9. Extracting classification rules from an informatic security incidents repository by genetic programming

    Directory of Open Access Journals (Sweden)

    Carlos Javier Carvajal Montealegre

    2015-04-01

    Full Text Available This paper describes the data mining process to obtain classification rules over an information security incident data collection, explaining in detail the use of genetic programming as a mean to model the incidents behavior and representing such rules as decision trees. The described mining process includes several tasks, such as the GP (Genetic Programming approach evaluation, the individual's representation and the algorithm parameters tuning to upgrade the performance. The paper concludes with the result analysis and the description of the rules obtained, suggesting measures to avoid the occurrence of new informatics attacks. This paper is a part of the thesis work degree: Information Security Incident Analytics by Data Mining for Behavioral Modeling and Pattern Recognition (Carvajal, 2012.

  10. Software Development Initiatives to Identify and Mitigate Security Threats - Two Systematic Mapping Studies

    Directory of Open Access Journals (Sweden)

    Paulina Silva

    2016-12-01

    Full Text Available Software Security and development experts have addressed the problem of building secure software systems. There are several processes and initiatives to achieve secure software systems. However, most of these lack empirical evidence of its application and impact in building secure software systems. Two systematic mapping studies (SM have been conducted to cover the existent initiatives for identification and mitigation of security threats. The SMs created were executed in two steps, first in 2015 July, and complemented through a backward snowballing in 2016 July. Integrated results of these two SM studies show a total of 30 relevant sources were identified; 17 different initiatives covering threats identification and 14 covering the mitigation of threats were found. All the initiatives were associated to at least one activity of the Software Development Lifecycle (SDLC; while 6 showed signs of being applied in industrial settings, only 3 initiatives presented experimental evidence of its results through controlled experiments, some of the other selected studies presented case studies or proposals.

  11. Security Situation Assessment of All-Optical Network Based on Evidential Reasoning Rule

    Directory of Open Access Journals (Sweden)

    Zhong-Nan Zhao

    2016-01-01

    Full Text Available It is important to determine the security situations of the all-optical network (AON, which is more vulnerable to hacker attacks and faults than other networks in some cases. A new approach of the security situation assessment to the all-optical network is developed in this paper. In the new assessment approach, the evidential reasoning (ER rule is used to integrate various evidences of the security factors including the optical faults and the special attacks in the AON. Furthermore, a new quantification method of the security situation is also proposed. A case study of an all-optical network is conducted to demonstrate the effectiveness and the practicability of the new proposed approach.

  12. On the Use of Software Metrics as a Predictor of Software Security Problems

    Science.gov (United States)

    2013-01-01

    models to determine if additional metrics are required to increase the accuracy of the model: non-security SCSA warnings, code churn and size, the...vulnerabilities reported by testing and those found in the field. Summary of Most Important Results We evaluated our model on three commercial telecommunications

  13. Automated Source Code Analysis to Identify and Remove Software Security Vulnerabilities: Case Studies on Java Programs

    OpenAIRE

    Natarajan Meghanathan

    2013-01-01

    The high-level contribution of this paper is to illustrate the development of generic solution strategies to remove software security vulnerabilities that could be identified using automated tools for source code analysis on software programs (developed in Java). We use the Source Code Analyzer and Audit Workbench automated tools, developed by HP Fortify Inc., for our testing purposes. We present case studies involving a file writer program embedded with features for password validation, and ...

  14. New security measures are proposed for N-plants: Insider Rule package is issued by NRC

    International Nuclear Information System (INIS)

    Anon.

    1984-01-01

    New rules proposed by the Nuclear Regulatory Commission (NRC) will require background investigations and psychological assessments of new job candidates and continual monitoring of the behavior of all power plant workers with access to sensitive areas. Licensees will have to submit an ''access authorization'' program for approval describing how they will conduct these security activities. The employee checks will go back five years to examine credit, educational, and criminal histories. Implementation of the rules could involve the Edison Electric Institute as an intermediary to funnel criminal checks from the Justice Department and FBI. The NRC is also considering a clarification of areas designated as ''vital'' because current designations may be too strict

  15. 78 FR 9987 - Social Security Ruling, SSR 13-1p; Titles II and XVI: Agency Processes for Addressing Allegations...

    Science.gov (United States)

    2013-02-12

    ... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2012-0071] Social Security Ruling, SSR 13-1p; Titles II and XVI: Agency Processes for Addressing Allegations of Unfairness, Prejudice, Partiality, Bias, Misconduct, or Discrimination by Administrative Law Judges (ALJs); Correction AGENCY: Social Security...

  16. 78 FR 22361 - Social Security Ruling, SSR 13-1p; Titles II and XVI: Agency Processes for Addressing Allegations...

    Science.gov (United States)

    2013-04-15

    ... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2012-0071] Social Security Ruling, SSR 13-1p; Titles II and XVI: Agency Processes for Addressing Allegations of Unfairness, Prejudice, Partiality, Bias, Misconduct, or Discrimination by Administrative Law Judges (ALJs); Correction AGENCY: Social Security...

  17. A Proven Methodology for Developing Secure Software and Applying It to Ground Systems

    Science.gov (United States)

    Bailey, Brandon

    2016-01-01

    Part Two expands upon Part One in an attempt to translate the methodology for ground system personnel. The goal is to build upon the methodology presented in Part One by showing examples and details on how to implement the methodology. Section 1: Ground Systems Overview; Section 2: Secure Software Development; Section 3: Defense in Depth for Ground Systems; Section 4: What Now?

  18. Adaptive Conflict-Free Optimization of Rule Sets for Network Security Packet Filtering Devices

    Directory of Open Access Journals (Sweden)

    Andrea Baiocchi

    2015-01-01

    Full Text Available Packet filtering and processing rules management in firewalls and security gateways has become commonplace in increasingly complex networks. On one side there is a need to maintain the logic of high level policies, which requires administrators to implement and update a large amount of filtering rules while keeping them conflict-free, that is, avoiding security inconsistencies. On the other side, traffic adaptive optimization of large rule lists is useful for general purpose computers used as filtering devices, without specific designed hardware, to face growing link speeds and to harden filtering devices against DoS and DDoS attacks. Our work joins the two issues in an innovative way and defines a traffic adaptive algorithm to find conflict-free optimized rule sets, by relying on information gathered with traffic logs. The proposed approach suits current technology architectures and exploits available features, like traffic log databases, to minimize the impact of ACO development on the packet filtering devices. We demonstrate the benefit entailed by the proposed algorithm through measurements on a test bed made up of real-life, commercial packet filtering devices.

  19. An Analysis of Security and Privacy Issues in Smart Grid Software Architectures on Clouds

    Energy Technology Data Exchange (ETDEWEB)

    Simmhan, Yogesh; Kumbhare, Alok; Cao, Baohua; Prasanna, Viktor K.

    2011-07-09

    Power utilities globally are increasingly upgrading to Smart Grids that use bi-directional communication with the consumer to enable an information-driven approach to distributed energy management. Clouds offer features well suited for Smart Grid software platforms and applications, such as elastic resources and shared services. However, the security and privacy concerns inherent in an information rich Smart Grid environment are further exacerbated by their deployment on Clouds. Here, we present an analysis of security and privacy issues in a Smart Grids software architecture operating on different Cloud environments, in the form of a taxonomy. We use the Los Angeles Smart Grid Project that is underway in the largest U.S. municipal utility to drive this analysis that will benefit both Cloud practitioners targeting Smart Grid applications, and Cloud researchers investigating security and privacy.

  20. Informatics in Radiology (infoRAD): personal computer security: part 2. Software Configuration and file protection.

    Science.gov (United States)

    Caruso, Ronald D

    2004-01-01

    Proper configuration of software security settings and proper file management are necessary and important elements of safe computer use. Unfortunately, the configuration of software security options is often not user friendly. Safe file management requires the use of several utilities, most of which are already installed on the computer or available as freeware. Among these file operations are setting passwords, defragmentation, deletion, wiping, removal of personal information, and encryption. For example, Digital Imaging and Communications in Medicine medical images need to be anonymized, or "scrubbed," to remove patient identifying information in the header section prior to their use in a public educational or research environment. The choices made with respect to computer security may affect the convenience of the computing process. Ultimately, the degree of inconvenience accepted will depend on the sensitivity of the files and communications to be protected and the tolerance of the user. Copyright RSNA, 2004

  1. Understanding How the "Open" of Open Source Software (OSS) Will Improve Global Health Security.

    Science.gov (United States)

    Hahn, Erin; Blazes, David; Lewis, Sheri

    2016-01-01

    Improving global health security will require bold action in all corners of the world, particularly in developing settings, where poverty often contributes to an increase in emerging infectious diseases. In order to mitigate the impact of emerging pandemic threats, enhanced disease surveillance is needed to improve early detection and rapid response to outbreaks. However, the technology to facilitate this surveillance is often unattainable because of high costs, software and hardware maintenance needs, limited technical competence among public health officials, and internet connectivity challenges experienced in the field. One potential solution is to leverage open source software, a concept that is unfortunately often misunderstood. This article describes the principles and characteristics of open source software and how it may be applied to solve global health security challenges.

  2. Social Security Rulings on Federal Old-Age, Survivors, Disability, Health Insurance, Supplemental Security Income, and Black Lung Benefits. Cumulative Bulletin 1976.

    Science.gov (United States)

    Social Security Administration (DHEW), Washington, DC.

    The purpose of this publication is to make available to the public official rulings relating to the Federal old-age, survivors, disability, health insurance, supplemental security income, and miners' benefit programs. The rulings contain precedential case decisions, statements of policy and interpretations of the law and regulations. Included is a…

  3. A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks

    Directory of Open Access Journals (Sweden)

    Shibo Luo

    2015-12-01

    Full Text Available Software-Defined Networking-based Mobile Networks (SDN-MNs are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directly to SDN-MNs, and a novel security assessment methodology is needed. In this paper, an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process (AHP is proposed for SDN-MNs. Firstly, this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP. Secondly, to address the diversity and complexity of SDN-MNs, a novel attack graph definition and attack graph generation algorithm are proposed. In order to quantify security levels, the Node Minimal Effort (NME is defined to quantify attack cost and derive system security levels based on NME. Thirdly, to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration, we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS as the methodology. Finally, we offer a case study to validate the proposed methodology. The case study and evaluation show the advantages of the proposed security assessment mechanism.

  4. A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks.

    Science.gov (United States)

    Luo, Shibo; Dong, Mianxiong; Ota, Kaoru; Wu, Jun; Li, Jianhua

    2015-12-17

    Software-Defined Networking-based Mobile Networks (SDN-MNs) are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directly to SDN-MNs, and a novel security assessment methodology is needed. In this paper, an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process (AHP) is proposed for SDN-MNs. Firstly, this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP. Secondly, to address the diversity and complexity of SDN-MNs, a novel attack graph definition and attack graph generation algorithm are proposed. In order to quantify security levels, the Node Minimal Effort (NME) is defined to quantify attack cost and derive system security levels based on NME. Thirdly, to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration, we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS) as the methodology. Finally, we offer a case study to validate the proposed methodology. The case study and evaluation show the advantages of the proposed security assessment mechanism.

  5. A coverage and slicing dependencies analysis for seeking software security defects.

    Science.gov (United States)

    He, Hui; Zhang, Dongyan; Liu, Min; Zhang, Weizhe; Gao, Dongmin

    2014-01-01

    Software security defects have a serious impact on the software quality and reliability. It is a major hidden danger for the operation of a system that a software system has some security flaws. When the scale of the software increases, its vulnerability has becoming much more difficult to find out. Once these vulnerabilities are exploited, it may lead to great loss. In this situation, the concept of Software Assurance is carried out by some experts. And the automated fault localization technique is a part of the research of Software Assurance. Currently, automated fault localization method includes coverage based fault localization (CBFL) and program slicing. Both of the methods have their own location advantages and defects. In this paper, we have put forward a new method, named Reverse Data Dependence Analysis Model, which integrates the two methods by analyzing the program structure. On this basis, we finally proposed a new automated fault localization method. This method not only is automation lossless but also changes the basic location unit into single sentence, which makes the location effect more accurate. Through several experiments, we proved that our method is more effective. Furthermore, we analyzed the effectiveness among these existing methods and different faults.

  6. 77 FR 51842 - Social Security Acquiescence Ruling (AR) 12-X(8); Petersen v. Astrue, 633 F.3d 633 (8th Cir. 2011...

    Science.gov (United States)

    2012-08-27

    ..., 1-800-772-1213 or TTY 1-800-325-0778, or visit our Internet site, Social Security Online, at http... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2012-0046] Social Security Acquiescence Ruling (AR... Social Security Act AGENCY: Social Security Administration. ACTION: Notice of Social Security...

  7. End-to-end Information Flow Security Model for Software-Defined Networks

    Directory of Open Access Journals (Sweden)

    D. Ju. Chaly

    2015-01-01

    Full Text Available Software-defined networks (SDN are a novel paradigm of networking which became an enabler technology for many modern applications such as network virtualization, policy-based access control and many others. Software can provide flexibility and fast-paced innovations in the networking; however, it has a complex nature. In this connection there is an increasing necessity of means for assuring its correctness and security. Abstract models for SDN can tackle these challenges. This paper addresses to confidentiality and some integrity properties of SDNs. These are critical properties for multi-tenant SDN environments, since the network management software must ensure that no confidential data of one tenant are leaked to other tenants in spite of using the same physical infrastructure. We define a notion of end-to-end security in context of software-defined networks and propose a semantic model where the reasoning is possible about confidentiality, and we can check that confidential information flows do not interfere with non-confidential ones. We show that the model can be extended in order to reason about networks with secure and insecure links which can arise, for example, in wireless environments.The article is published in the authors’ wording.

  8. 78 FR 12130 - Social Security Ruling, SSR 13-3p; Appeal of an Initial Medical Disability Cessation...

    Science.gov (United States)

    2013-02-21

    ... determination. This Ruling also clarifies how this policy applies at the Appeals Council (AC) level when the AC.... Policy Interpretation Ruling Title II: Appeal of an Initial Medical Disability Cessation Determination or...; Appeal of an Initial Medical Disability Cessation Determination or Decision AGENCY: Social Security...

  9. Software Quality and Security in Teachers' and Students' Codes When Learning a New Programming Language

    Directory of Open Access Journals (Sweden)

    Arnon Hershkovitz

    2015-09-01

    Full Text Available In recent years, schools (as well as universities have added cyber security to their computer science curricula. This topic is still new for most of the current teachers, who would normally have a standard computer science background. Therefore the teachers are trained and then teaching their students what they have just learned. In order to explore differences in both populations’ learning, we compared measures of software quality and security between high-school teachers and students. We collected 109 source files, written in Python by 18 teachers and 31 students, and engineered 32 features, based on common standards for software quality (PEP 8 and security (derived from CERT Secure Coding Standards. We use a multi-view, data-driven approach, by (a using hierarchical clustering to bottom-up partition the population into groups based on their code-related features and (b building a decision tree model that predicts whether a student or a teacher wrote a given code (resulting with a LOOCV kappa of 0.751. Overall, our findings suggest that the teachers’ codes have a better quality than the students’ – with a sub-group of the teachers, mostly males, demonstrate better coding than their peers and the students – and that the students’ codes are slightly better secured than the teachers’ codes (although both populations show very low security levels. The findings imply that teachers might benefit from their prior knowledge and experience, but also emphasize the lack of continuous involvement of some of the teachers with code-writing. Therefore, findings shed light on computer science teachers as lifelong learners. Findings also highlight the difference between quality and security in today’s programming paradigms. Implications for these findings are discussed.

  10. 78 FR 8217 - Social Security Ruling, SSR 13-1p; Titles II and XVI: Agency Processes for Addressing Allegations...

    Science.gov (United States)

    2013-02-05

    ... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2012-0071] Social Security Ruling, SSR 13-1p; Titles II and XVI: Agency Processes for Addressing Allegations of Unfairness, Prejudice, Partiality, Bias... the third column, the fourth line under the ``Summary'' heading, change ``SSR-13-Xp'' to ``SSR-13-1p...

  11. Security in software-defined wireless sensor networks: threats, challenges and potential solutions

    CSIR Research Space (South Africa)

    Pritchard, SW

    2017-07-01

    Full Text Available have focused on low resource cryptography methods to secure the network [27] - [29], [33]. Cryptography methods are separated into symmetric cryptography and asymmetric cryptography. While symmetric cryptography solutions are preferred due to low... implementation cost and efficiency [5], they present many problems when managing large networks and attempts to improve this cryptography for WSNs [11] have resulted in the cost of resources. Symmetric cryptography is also difficult to implement in software...

  12. Secure eHealth-Care Service on Self-Organizing Software Platform

    Directory of Open Access Journals (Sweden)

    Im Y. Jung

    2014-01-01

    Full Text Available There are several applications connected to IT health devices on the self-organizing software platform (SoSp that allow patients or elderly users to be cared for remotely by their family doctors under normal circumstances or during emergencies. An evaluation of the SoSp applied through PAAR watch/self-organizing software platform router was conducted targeting a simple user interface for aging users, without the existence of extrasettings based on patient movement. On the other hand, like normal medical records, the access to, and transmission of, health information via PAAR watch/self-organizing software platform requires privacy protection. This paper proposes a security framework for health information management of the SoSp. The proposed framework was designed to ensure easy detection of identification information for typical users. In addition, it provides powerful protection of the user’s health information.

  13. Knowledge Base for an Intelligent System in order to Identify Security Requirements for Government Agencies Software Projects

    Directory of Open Access Journals (Sweden)

    Adán Beltrán G.

    2016-01-01

    Full Text Available It has been evidenced that one of the most common causes in the failure of software security is the lack of identification and specification of requirements for information security, it is an activity with an insufficient importance in the software development or software acquisition We propose the knowledge base of CIBERREQ. CIBERREQ is an intelligent knowledge-based system used for the identification and specification of security requirements in the software development cycle or in the software acquisition. CIBERREQ receives functional software requirements written in natural language and produces non-functional security requirements through a semi-automatic process of risk management. The knowledge base built is formed by an ontology developed collaboratively by experts in information security. In this process has been identified six types of assets: electronic data, physical data, hardware, software, person and service; as well as six types of risk: competitive disadvantage, loss of credibility, economic risks, strategic risks, operational risks and legal sanctions. In addition there are defined 95 vulnerabilities, 24 threats, 230 controls, and 515 associations between concepts. Additionally, automatic expansion was used with Wikipedia for the asset types Software and Hardware, obtaining 7125 and 5894 software and hardware subtypes respectively, achieving thereby an improvement of 10% in the identification of the information assets candidates, one of the most important phases of the proposed system.

  14. 17 CFR 249.1100 - Form MSD, application for registration as a municipal securities dealer pursuant to rule 15Ba2-1...

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Form MSD, application for registration as a municipal securities dealer pursuant to rule 15Ba2-1 under the Securities Exchange Act of 1934 or amendment to such application. 249.1100 Section 249.1100 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED...

  15. Quantitative Analysis of the Security of Software-Defined Network Controller Using Threat/Effort Model

    Directory of Open Access Journals (Sweden)

    Zehui Wu

    2017-01-01

    Full Text Available SDN-based controller, which is responsible for the configuration and management of the network, is the core of Software-Defined Networks. Current methods, which focus on the secure mechanism, use qualitative analysis to estimate the security of controllers, leading to inaccurate results frequently. In this paper, we employ a quantitative approach to overcome the above shortage. Under the analysis of the controller threat model we give the formal model results of the APIs, the protocol interfaces, and the data items of controller and further provide our Threat/Effort quantitative calculation model. With the help of Threat/Effort model, we are able to compare not only the security of different versions of the same kind controller but also different kinds of controllers and provide a basis for controller selection and secure development. We evaluated our approach in four widely used SDN-based controllers which are POX, OpenDaylight, Floodlight, and Ryu. The test, which shows the similarity outcomes with the traditional qualitative analysis, demonstrates that with our approach we are able to get the specific security values of different controllers and presents more accurate results.

  16. An Embedded System for Safe, Secure and Reliable Execution of High Consequence Software

    Energy Technology Data Exchange (ETDEWEB)

    MCCOY,JAMES A.

    2000-08-29

    As more complex and functionally diverse requirements are placed on high consequence embedded applications, ensuring safe and secure operation requires an execution environment that is ultra reliable from a system viewpoint. In many cases the safety and security of the system depends upon the reliable cooperation between the hardware and the software to meet real-time system throughput requirements. The selection of a microprocessor and its associated development environment for an embedded application has the most far-reaching effects on the development and production of the system than any other element in the design. The effects of this choice ripple through the remainder of the hardware design and profoundly affect the entire software development process. While state-of-the-art software engineering principles indicate that an object oriented (OO) methodology provides a superior development environment, traditional programming languages available for microprocessors targeted for deeply embedded applications do not directly support OO techniques. Furthermore, the microprocessors themselves do not typically support nor do they enforce an OO environment. This paper describes a system level approach for the design of a microprocessor intended for use in deeply embedded high consequence applications that both supports and enforces an OO execution environment.

  17. Information Security Controls against Cross-Site Request Forgery Attacks on Software Applications of Automated Systems

    Science.gov (United States)

    Barabanov, A. V.; Markov, A. S.; Tsirlov, V. L.

    2018-05-01

    This paper presents statistical results and their consolidation, which were received in the study into security of various web-application against cross-site request forgery attacks. Some of the results were received in the study carried out within the framework of certification for compliance with information security requirements. The paper provides the results of consolidating information about the attack and protection measures, which are currently used by the developers of web-applications. It specifies results of the study, which demonstrate various distribution types: distribution of identified vulnerabilities as per the developer type (Russian and foreign), distribution of the security measures used in web-applications, distribution of the identified vulnerabilities as per the programming languages, data on the number of security measures that are used in the studied web-applications. The results of the study show that in most cases the developers of web-applications do not pay due attention to protection against cross-site request forgery attacks. The authors give recommendations to the developers that are planning to undergo a certification process for their software applications.

  18. Automated concept-level information extraction to reduce the need for custom software and rules development.

    Science.gov (United States)

    D'Avolio, Leonard W; Nguyen, Thien M; Goryachev, Sergey; Fiore, Louis D

    2011-01-01

    Despite at least 40 years of promising empirical performance, very few clinical natural language processing (NLP) or information extraction systems currently contribute to medical science or care. The authors address this gap by reducing the need for custom software and rules development with a graphical user interface-driven, highly generalizable approach to concept-level retrieval. A 'learn by example' approach combines features derived from open-source NLP pipelines with open-source machine learning classifiers to automatically and iteratively evaluate top-performing configurations. The Fourth i2b2/VA Shared Task Challenge's concept extraction task provided the data sets and metrics used to evaluate performance. Top F-measure scores for each of the tasks were medical problems (0.83), treatments (0.82), and tests (0.83). Recall lagged precision in all experiments. Precision was near or above 0.90 in all tasks. Discussion With no customization for the tasks and less than 5 min of end-user time to configure and launch each experiment, the average F-measure was 0.83, one point behind the mean F-measure of the 22 entrants in the competition. Strong precision scores indicate the potential of applying the approach for more specific clinical information extraction tasks. There was not one best configuration, supporting an iterative approach to model creation. Acceptable levels of performance can be achieved using fully automated and generalizable approaches to concept-level information extraction. The described implementation and related documentation is available for download.

  19. Fault Tree Analysis for Safety/Security Verification in Aviation Software

    Directory of Open Access Journals (Sweden)

    Andrew J. Kornecki

    2013-01-01

    Full Text Available The Next Generation Air Traffic Management system (NextGen is a blueprint of the future National Airspace System. Supporting NextGen is a nation-wide Aviation Simulation Network (ASN, which allows integration of a variety of real-time simulations to facilitate development and validation of the NextGen software by simulating a wide range of operational scenarios. The ASN system is an environment, including both simulated and human-in-the-loop real-life components (pilots and air traffic controllers. Real Time Distributed Simulation (RTDS developed at Embry Riddle Aeronautical University, a suite of applications providing low and medium fidelity en-route simulation capabilities, is one of the simulations contributing to the ASN. To support the interconnectivity with the ASN, we designed and implemented a dedicated gateway acting as an intermediary, providing logic for two-way communication and transfer messages between RTDS and ASN and storage for the exchanged data. It has been necessary to develop and analyze safety/security requirements for the gateway software based on analysis of system assets, hazards, threats and attacks related to ultimate real-life future implementation. Due to the nature of the system, the focus was placed on communication security and the related safety of the impacted aircraft in the simulation scenario. To support development of safety/security requirements, a well-established fault tree analysis technique was used. This fault tree model-based analysis, supported by a commercial tool, was a foundation to propose mitigations assuring the gateway system safety and security

  20. The EU’s Cybercrime and Cyber-Security Rule-Making: Mapping the Internal and External Dimensions of EU Security

    NARCIS (Netherlands)

    Fahey, E.

    2014-01-01

    EU Security impacts significantly upon individuals and generates many questions of the rule of law, legal certainty and fundamental rights. These are not always central concerns for EU risk regulation, especially given that EU risk regulation has sought to draw close correlations between EU risk and

  1. Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; other modifications to the HIPAA rules.

    Science.gov (United States)

    2013-01-25

    The Department of Health and Human Services (HHS or ``the Department'') is issuing this final rule to: Modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Enforcement Rules to implement statutory amendments under the Health Information Technology for Economic and Clinical Health Act (``the HITECH Act'' or ``the Act'') to strengthen the privacy and security protection for individuals' health information; modify the rule for Breach Notification for Unsecured Protected Health Information (Breach Notification Rule) under the HITECH Act to address public comment received on the interim final rule; modify the HIPAA Privacy Rule to strengthen the privacy protections for genetic information by implementing section 105 of Title I of the Genetic Information Nondiscrimination Act of 2008 (GINA); and make certain other modifications to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the HIPAA Rules) to improve their workability and effectiveness and to increase flexibility for and decrease burden on the regulated entities.

  2. Security in Computer Applications

    CERN Multimedia

    CERN. Geneva

    2004-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development. The last part of the lecture covers some miscellaneous issues like the use of cryptography, rules for networking applications, and social engineering threats. This lecture was first given on Thursd...

  3. STUDY CONTESTING TAX RULES ON SOCIAL SECURITY CONTRIBUTIONS BY TAXPAYERS FROM ROMANIA

    Directory of Open Access Journals (Sweden)

    Adrian Doru BÎGIOI

    2015-07-01

    Full Text Available The management bodies of companies must know and correctly apply tax law. There are, however, the practical situations, when, although they want to respect this, taxpayers are penalized by the tax authorities, because it did not comply with tax obligations. There are many factors that can determine this, among which: circumvent tax rules in order to avoid paying taxes and incorrect application of law. In this study was approached the second factor, namely: analysis of the most common situations in which both taxpayers as well fiscal authorities erroneously apply tax law. To achieve these results, was developed a study regarding the determination degree of contesting the tax rules, in area of social security contributions. Data subject research was extracted in the database officially published by competent insitutions tax. The research was conducted for the period January 1, 2004 and until February 28, 2015. In terms of research methodology, were used both quantitative methods and qualitative methods. Finally, data were centralized by type of articles, they are sorted according to the extent of contestation obtained. The final conclusion is that imprecise definition of the terms tax is one of the main causes which determines incorrect application of tax law. The results can be used especially by the subjects of tax legal relationship, to avoid situations the tax law is applied incorrectly, aspects that may lead to negative situations, both companies and the state institutions.

  4. A resilient and secure software platform and architecture for distributed spacecraft

    Science.gov (United States)

    Otte, William R.; Dubey, Abhishek; Karsai, Gabor

    2014-06-01

    A distributed spacecraft is a cluster of independent satellite modules flying in formation that communicate via ad-hoc wireless networks. This system in space is a cloud platform that facilitates sharing sensors and other computing and communication resources across multiple applications, potentially developed and maintained by different organizations. Effectively, such architecture can realize the functions of monolithic satellites at a reduced cost and with improved adaptivity and robustness. Openness of these architectures pose special challenges because the distributed software platform has to support applications from different security domains and organizations, and where information flows have to be carefully managed and compartmentalized. If the platform is used as a robust shared resource its management, configuration, and resilience becomes a challenge in itself. We have designed and prototyped a distributed software platform for such architectures. The core element of the platform is a new operating system whose services were designed to restrict access to the network and the file system, and to enforce resource management constraints for all non-privileged processes Mixed-criticality applications operating at different security labels are deployed and controlled by a privileged management process that is also pre-configuring all information flows. This paper describes the design and objective of this layer.

  5. Software

    Energy Technology Data Exchange (ETDEWEB)

    Macedo, R.; Budd, G.; Ross, E.; Wells, P.

    2010-07-15

    The software section of this journal presented new software programs that have been developed to help in the exploration and development of hydrocarbon resources. Software provider IHS Inc. has made additions to its geological and engineering analysis software tool, IHS PETRA, a product used by geoscientists and engineers to visualize, analyze and manage well production, well log, drilling, reservoir, seismic and other related information. IHS PETRA also includes a directional well module and a decline curve analysis module to improve analysis capabilities in unconventional reservoirs. Petris Technology Inc. has developed a software to help manage the large volumes of data. PetrisWinds Enterprise (PWE) helps users find and manage wellbore data, including conventional wireline and MWD core data; analysis core photos and images; waveforms and NMR; and external files documentation. Ottawa-based Ambercore Software Inc. has been collaborating with Nexen on the Petroleum iQ software for steam assisted gravity drainage (SAGD) producers. Petroleum iQ integrates geology and geophysics data with engineering data in 3D and 4D. Calgary-based Envirosoft Corporation has developed a software that reduces the costly and time-consuming effort required to comply with Directive 39 of the Alberta Energy Resources Conservation Board. The product includes an emissions modelling software. Houston-based Seismic Micro-Technology (SMT) has developed the Kingdom software that features the latest in seismic interpretation. Holland-based Joa Oil and Gas and Calgary-based Computer Modelling Group have both supplied the petroleum industry with advanced reservoir simulation software that enables reservoir interpretation. The 2010 software survey included a guide to new software applications designed to facilitate petroleum exploration, drilling and production activities. Oil and gas producers can use the products for a range of functions, including reservoir characterization and accounting. In

  6. REVEAL - A tool for rule driven analysis of safety critical software

    International Nuclear Information System (INIS)

    Miedl, H.; Kersken, M.

    1998-01-01

    As the determination of ultrahigh reliability figures for safety critical software is hardly possible, national and international guidelines and standards give mainly requirements for the qualitative evaluation of software. An analysis whether all these requirements are fulfilled is time and effort consuming and prone to errors, if performed manually by analysts, and should instead be dedicated to tools as far as possible. There are many ''general-purpose'' software analysis tools, both static and dynamic, which help analyzing the source code. However, they are not designed to assess the adherence to specific requirements of guidelines and standards in the nuclear field. Against the background of the development of I and C systems in the nuclear field which are based on digital techniques and implemented in high level language, it is essential that the assessor or licenser has a tool with which he can automatically and uniformly qualify as many aspects as possible of the high level language software. For this purpose the software analysis tool REVEAL has been developed at ISTec and the Halden Reactor Project. (author)

  7. Modelling mobility aspects of security policies

    NARCIS (Netherlands)

    Hartel, Pieter H.; van Eck, Pascal; Etalle, Sandro; Wieringa, Roelf J.; Barthe, G.; Burdy, L.; Huisman, Marieke; Lanet, J.-L.; Muntean, T.

    Security policies are rules that constrain the behaviour of a system. Different, largely unrelated sets of rules typically govern the physical and logical worlds. However, increased hardware and software mobility forces us to consider those rules in an integrated fashion. We present SPIN models of

  8. Key on demand (KoD) for software-defined optical networks secured by quantum key distribution (QKD).

    Science.gov (United States)

    Cao, Yuan; Zhao, Yongli; Colman-Meixner, Carlos; Yu, Xiaosong; Zhang, Jie

    2017-10-30

    Software-defined optical networking (SDON) will become the next generation optical network architecture. However, the optical layer and control layer of SDON are vulnerable to cyberattacks. While, data encryption is an effective method to minimize the negative effects of cyberattacks, secure key interchange is its major challenge which can be addressed by the quantum key distribution (QKD) technique. Hence, in this paper we discuss the integration of QKD with WDM optical networks to secure the SDON architecture by introducing a novel key on demand (KoD) scheme which is enabled by a novel routing, wavelength and key assignment (RWKA) algorithm. The QKD over SDON with KoD model follows two steps to provide security: i) quantum key pools (QKPs) construction for securing the control channels (CChs) and data channels (DChs); ii) the KoD scheme uses RWKA algorithm to allocate and update secret keys for different security requirements. To test our model, we define a security probability index which measures the security gain in CChs and DChs. Simulation results indicate that the security performance of CChs and DChs can be enhanced by provisioning sufficient secret keys in QKPs and performing key-updating considering potential cyberattacks. Also, KoD is beneficial to achieve a positive balance between security requirements and key resource usage.

  9. 76 FR 61438 - Self-Regulatory Organizations; International Securities Exchange, LLC; Notice of Proposed Rule...

    Science.gov (United States)

    2011-10-04

    ... clarify that 2102(e) applies to trading halts in new derivative securities, so as to not be confused with... derivative securities products when a temporary interruption occurs in the calculation or wide dissemination... SECURITIES AND EXCHANGE COMMISSION [Release No. 34-65425; File No. SR-ISE-2011-61] Self-Regulatory...

  10. Evaluation and selection of security products for authentication of computer software

    Science.gov (United States)

    Roenigk, Mark W.

    2000-04-01

    Software Piracy is estimated to cost software companies over eleven billion dollars per year in lost revenue worldwide. Over fifty three percent of all intellectual property in the form of software is pirated on a global basis. Software piracy has a dramatic effect on the employment figures for the information industry as well. In the US alone, over 130,000 jobs are lost annually as a result of software piracy.

  11. Security. Review Software for Advanced CHOICE. CHOICE (Challenging Options in Career Education).

    Science.gov (United States)

    Pitts, Ilse M.; And Others

    CHOICE Security is an Apple computer game activity designed to help secondary migrant students memorize their social security numbers and reinforce job and role information presented in "Career Notes, First Applications." The learner may choose from four time options and whether to have the social security number visible on the screen or…

  12. Demographics and Volatile Social Security Wealth: Political Risks of Benefit Rule Changes in Germany

    OpenAIRE

    Christoph Borgmann; Matthias Heidler

    2003-01-01

    In this paper we address the question how the generosity of the benefit rule of the German public pension system has changed during the past three decades and how this development can be explained by demographic changes. Firstly, we illustrate the political risk of benefit rule changes for individuals. We find that depending on the birth year and the considered scenario the relative losses vary between 30 and nearly 60 percent. Secondly, we estimate how demographic developments have triggered...

  13. Integrated Solution Modeling Software: A New Paradigm on Information Security Review and Assessment

    OpenAIRE

    Susanto, Heru; Almunawar, Mohammad Nabil; Tuan, Yong Chee; Aksoy, Mehmet Sabih; Syam, Wahyudin P.

    2012-01-01

    Actually Information security becomes a very important part for the organization's intangible assets, so level of confidence and stakeholder trusted are performance indicator as successes organization. Since information security has a very important role in supporting the activities of the organization, we need a standard or benchmark which regulates governance over information security. The main objective of this paper is to implement a novel practical approach framework to the development o...

  14. Integrated Solution Modeling Software: A New Paradigm on Information Security Review

    OpenAIRE

    Susanto, Heru; Almunawar, Mohammad Nabil; Tuan, Yong Chee; Aksoy, Mehmet Sabih; Syam, Wahyudin P

    2012-01-01

    Actually Information security becomes a very important part for the organization's intangible assets, so level of confidence and stakeholder trusted are performance indicator as successes organization. Since information security has a very important role in supporting the activities of the organization, we need a standard or benchmark which regulates governance over information security. The main objective of this paper is to implement a novel practical approach framework to the development o...

  15. Optimizing the Performance of Radionuclide Identification Software in the Hunt for Nuclear Security Threats

    International Nuclear Information System (INIS)

    Fotion, Katherine A.

    2016-01-01

    The Radionuclide Analysis Kit (RNAK), my team's most recent nuclide identification software, is entering the testing phase. A question arises: will removing rare nuclides from the software's library improve its overall performance? An affirmative response indicates fundamental errors in the software's framework, while a negative response confirms the effectiveness of the software's key machine learning algorithms. After thorough testing, I found that the performance of RNAK cannot be improved with the library choice effect, thus verifying the effectiveness of RNAK's algorithms - multiple linear regression, Bayesian network using the Viterbi algorithm, and branch and bound search.

  16. 49 CFR 393.130 - What are the rules for securing heavy vehicles, equipment and machinery?

    Science.gov (United States)

    2010-10-01

    ... heavy vehicles, equipment and machinery? (a) Applicability. The rules in this section apply to the transportation of heavy vehicles, equipment and machinery which operate on wheels or tracks, such as front end... heavy vehicles, equipment or machinery with crawler tracks or wheels. (1) In addition to the...

  17. The Rule of Law and the U.S. Quest for Security in El Salvador

    Science.gov (United States)

    2007-03-12

    separation of powers, both of which significantly advanced the importance of the rule of law in Western political philosophy . The Declaration of Independence...and civil libertarians on the left, and perhaps helped exacerbate existing class tensions.180 More importantly, the inability of democratically

  18. A sharable cloud-based pancreaticoduodenectomy collaborative database for physicians: emphasis on security and clinical rule supporting.

    Science.gov (United States)

    Yu, Hwan-Jeu; Lai, Hong-Shiee; Chen, Kuo-Hsin; Chou, Hsien-Cheng; Wu, Jin-Ming; Dorjgochoo, Sarangerel; Mendjargal, Adilsaikhan; Altangerel, Erdenebaatar; Tien, Yu-Wen; Hsueh, Chih-Wen; Lai, Feipei

    2013-08-01

    Pancreaticoduodenectomy (PD) is a major operation with high complication rate. Thereafter, patients may develop morbidity because of the complex reconstruction and loss of pancreatic parenchyma. A well-designed database is very important to address both the short-term and long-term outcomes after PD. The objective of this research was to build an international PD database implemented with security and clinical rule supporting functions, which made the data-sharing easier and improve the accuracy of data. The proposed system is a cloud-based application. To fulfill its requirements, the system comprises four subsystems: a data management subsystem, a clinical rule supporting subsystem, a short message notification subsystem, and an information security subsystem. After completing the surgery, the physicians input the data retrospectively, which are analyzed to study factors associated with post-PD common complications (delayed gastric emptying and pancreatic fistula) to validate the clinical value of this system. Currently, this database contains data from nearly 500 subjects. Five medical centers in Taiwan and two cancer centers in Mongolia are participating in this study. A data mining model of the decision tree analysis showed that elderly patients (>76 years) with pylorus-preserving PD (PPPD) have higher proportion of delayed gastric emptying. About the pancreatic fistula, the data mining model of the decision tree analysis revealed that cases with non-pancreaticogastrostomy (PG) reconstruction - body mass index (BMI)>29.65 or PG reconstruction - BMI>23.7 - non-classic PD have higher proportion of pancreatic fistula after PD. The proposed system allows medical staff to collect and store clinical data in a cloud, sharing the data with other physicians in a secure manner to achieve collaboration in research. Copyright © 2013 Elsevier Ireland Ltd. All rights reserved.

  19. 26 CFR 1.356-3 - Rules for treatment of securities as “other property”.

    Science.gov (United States)

    2010-04-01

    ... includes the fair market value of such excess principal amount as of the date of the exchange. If no securities are surrendered in exchange, the term other property includes the fair market value, as of the... amount of $1,000 with a fair market value of $990. The amount of $990 is treated as “other property...

  20. Using Bayesian Networks and Decision Theory to Model Physical Security

    National Research Council Canada - National Science Library

    Roberts, Nancy

    2003-01-01

    .... Cameras, sensors and other components used along with the simple rules in the home automation software provide an environment where the lights, security and other appliances can be monitored and controlled...

  1. SecureCore Software Architecture: Trusted Management Layer (TML) Kernel Extension Module Integration Guide

    National Research Council Canada - National Science Library

    Shifflett, David J; Clark, Paul C; Irvine, Cynthia E; Nguyen, Thuy D; Vidas, Timothy M; Levin, Timothy E

    2007-01-01

    .... The purpose of the SecureCore research project is to investigate fundamental architectural features required for the trusted operation of mobile computing devices such as smart cards, embedded...

  2. SecureCore Software Architecture: Trusted Management Layer (TML) Kernel Extension Module Interface Specification

    National Research Council Canada - National Science Library

    Shifflett, David J; Clark, Paul C; Irvine, Cynthia E; Nguyen, Thuy D; Vidas, Timothy M; Levin, Timothy E

    2008-01-01

    .... The purpose of the SecureCore research project is to investigate fundamental architectural features required for the trusted operation of mobile computing devices such as smart cards, embedded...

  3. FASB (Financial Accounting Standards Board) issues new accounting rules for debt and equity securities.

    Science.gov (United States)

    Reinstein, A; Bayou, M E

    1994-10-01

    The Financial Accounting Standards Board (FASB) recently issued a new statement that requires all companies to change their methods of accounting for debt and equity securities. Rather than allowing organizations to use a historical cost approach in accounting for such financial instruments, FASB Statement No. 115 requires organizations to adopt a market value approach. The provisions of this statement will affect significantly organizations in the healthcare industry that have large investment portfolios.

  4. Improving Security at Work with Software that Uses OpenMP

    Directory of Open Access Journals (Sweden)

    P. S. Polishuk

    2010-03-01

    Full Text Available A model of the offender and the list of major types of threats, the conditions for the realization of which are created by using the software that uses OpenMP is considered. A method for verification of software using OpenMP for the presence of vulnerabilities associated with multi-threaded execution is offered. We give basic algorithms and the system architecture that implements the proposed method. The results of testing the method on various programs, including those containing malicious code, as well as assessment of the possibilities of applying the method in different computing environments are given.

  5. Software Quality and Security in Teachers' and Students' Codes When Learning a New Programming Language

    Science.gov (United States)

    Boutnaru, Shlomi; Hershkovitz, Arnon

    2015-01-01

    In recent years, schools (as well as universities) have added cyber security to their computer science curricula. This topic is still new for most of the current teachers, who would normally have a standard computer science background. Therefore the teachers are trained and then teaching their students what they have just learned. In order to…

  6. Software Implementation of Secure Firmware Update in IoT Concept

    Directory of Open Access Journals (Sweden)

    Lukas Kvarda

    2017-01-01

    Full Text Available This paper focuses on a survey of secure firmware update in the Internet of Things, design and description of safe and secure bootloader implementation on RFID UHF reader, encryption with AES-CCM and versioning with use of external backup flash memory device. In the case of problems with HW compatibility or other unexpected errors with new FW version, it is possible to downgrade to previous FW image, including the factory image. Authentication is provided by the UHF RFID service tag used to extract unique initialization vector of the encryption algorithm for each update session. The results show slower update speed with this new upgrade method of approximately 27% compared to older one, using the only AES-CBC algorithm.

  7. Do you write secure code?

    CERN Multimedia

    Computer Security Team

    2011-01-01

    At CERN, we are excellent at producing software, such as complex analysis jobs, sophisticated control programs, extensive monitoring tools, interactive web applications, etc. This software is usually highly functional, and fulfils the needs and requirements as defined by its author. However, due to time constraints or unintentional ignorance, security aspects are often neglected. Subsequently, it was even more embarrassing for the author to find out that his code flawed and was used to break into CERN computers, web pages or to steal data…   Thus, if you have the pleasure or task of producing software applications, take some time before and familiarize yourself with good programming practices. They should not only prevent basic security flaws in your code, but also improve its readability, maintainability and efficiency. Basic rules for good programming, as well as essential books on proper software development, can be found in the section for software developers on our security we...

  8. A SECURITY EVALUATION FRAMEWORK FOR U.K. E-GOVERNMENT SERVICES AGILE SOFTWARE DEVELOPMENT

    OpenAIRE

    Steve Harrison; Antonis Tzounis; Leandros Maglaras; Francois Siewe; Richard Smith; Helge Janicke

    2016-01-01

    This is an Open Access article This study examines the traditional approach to software development within the United Kingdom Government and the accreditation process. Initially we look at the Waterfall methodology that has been used for several years. We discuss the pros and cons of Waterfall before moving onto the Agile Scrum methodology. Agile has been adopted by the majority of Government digital departments including the Gover...

  9. A Preliminary Survey on the Security of Software-Defined Networks

    OpenAIRE

    Akbaş, Muhammet Fatih; Karaarslan, Enis; Güngör, Cengiz

    2016-01-01

    The number of devices connected to theInternet is increasing, data centers are growing continuously and computernetworks are getting more complex. Traditional network management approach isbecoming more difficult and insufficient. Software-Defined Networks (SDN) is anew generation networking approach which is expected to take place of thetraditional computer networks. SDN architecture provides effective managementof the large and complex networks. Although SDN have benefits from the network s...

  10. Optimizing the Performance of Radionuclide Identification Software in the Hunt for Nuclear Security Threats

    Energy Technology Data Exchange (ETDEWEB)

    Fotion, Katherine A. [Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)

    2016-08-18

    The Radionuclide Analysis Kit (RNAK), my team’s most recent nuclide identification software, is entering the testing phase. A question arises: will removing rare nuclides from the software’s library improve its overall performance? An affirmative response indicates fundamental errors in the software’s framework, while a negative response confirms the effectiveness of the software’s key machine learning algorithms. After thorough testing, I found that the performance of RNAK cannot be improved with the library choice effect, thus verifying the effectiveness of RNAK’s algorithms—multiple linear regression, Bayesian network using the Viterbi algorithm, and branch and bound search.

  11. An Examination of an Information Security Framework Implementation Based on Agile Values to Achieve Health Insurance Portability and Accountability Act Security Rule Compliance in an Academic Medical Center: The Thomas Jefferson University Case Study

    Science.gov (United States)

    Reis, David W.

    2012-01-01

    Agile project management is most often examined in relation to software development, while information security frameworks are often examined with respect to certain risk management capabilities rather than in terms of successful implementation approaches. This dissertation extended the study of both Agile project management and information…

  12. Secure Coding for Safety I and C Systems on Nuclear Power Plants

    International Nuclear Information System (INIS)

    Kim, Y. M.; Park, H. S.; Kim, T. H.

    2015-01-01

    This paper addresses secure coding technologies which can reduce the software vulnerabilities and provides secure coding application guidelines for nuclear safety I and C systems. The use of digital equipment may improve their reliability and reduce maintenance costs. But, the design characteristics of nuclear I and C systems are becoming more complex and the possibility of cyber-attacks using software vulnerabilities has been increased. Software defects, bugs and logic flaws have been consistently the primary causes of software vulnerabilities which can introduce security vulnerabilities. In this study, we described a applying methods for secure coding which can reduce the software vulnerabilities. Software defects lists, countermeasures for each defect and coding rules can be applied properly depending on target system's condition. We expect that the results of this study can help developing the secure coding guidelines and significantly reducing or eliminating vulnerabilities in nuclear safety I and C software

  13. Secure Coding for Safety I and C Systems on Nuclear Power Plants

    Energy Technology Data Exchange (ETDEWEB)

    Kim, Y. M.; Park, H. S. [Korea Institute of Nuclear Safety, Daejeon (Korea, Republic of); Kim, T. H. [Formal Works Inc., Seoul (Korea, Republic of)

    2015-10-15

    This paper addresses secure coding technologies which can reduce the software vulnerabilities and provides secure coding application guidelines for nuclear safety I and C systems. The use of digital equipment may improve their reliability and reduce maintenance costs. But, the design characteristics of nuclear I and C systems are becoming more complex and the possibility of cyber-attacks using software vulnerabilities has been increased. Software defects, bugs and logic flaws have been consistently the primary causes of software vulnerabilities which can introduce security vulnerabilities. In this study, we described a applying methods for secure coding which can reduce the software vulnerabilities. Software defects lists, countermeasures for each defect and coding rules can be applied properly depending on target system's condition. We expect that the results of this study can help developing the secure coding guidelines and significantly reducing or eliminating vulnerabilities in nuclear safety I and C software.

  14. Restrictions on Software for Personal and Professional Use

    CERN Multimedia

    2004-01-01

    A growing number of computer security incidents detected at CERN are due to additional software installed for personal and professional use. As a consequence, the smooth operation of CERN is put at risk and often many hours are lost solving the problems. To reduce this security risk, installation and/or use of software on CERN's computing and network infrastructure needs to be restricted. Therefore: Do NOT install software for personal use Do NOT install 'free' or other software unless you have the expertise to configure and maintain it securely. Please comply to these rules to keep our computer systems safe. Further explanation of these restrictions is at http://cern.ch/security/software-restrictions Restricted software, known to cause security and/or network problems (e.g. KaZaA and other P2P/Peer-to-Peer file sharing applications, Skype P2P telephony software, ICQ, VNC, ...), is listed at: http://cern.ch/security/software-restrictions/list

  15. Medicare and Social Security: fraud and abuse; civil money penalties for misuse of certain terms, symbols and emblems--HHS. Final rule.

    Science.gov (United States)

    1991-08-28

    This final rule implements section 428(a) of Public Law 100-360 which authorizes the imposition of civil money penalties for the use--in advertising, solicitations or other communications--of certain words, letters, symbols or emblems associated with the Department of Health and Human Services' Social Security and Medicare programs in a manner that the user knows, or should know, would convey a false impression that (1) the communicated item was approved, endorsed or authorized by the Department or its programs, or (2) the responsible person or organization has some connection with, or authorization from, the Department or these programs. This rulemaking is designed to assist in protecting citizens from misrepresentations concerning the services offered and programs administered by the Social Security Administration and the Health Care Financing Administration.

  16. 77 FR 58604 - Social Security Ruling (SSR), 12-1p; Title II: Determining Whether Work Performed in Self...

    Science.gov (United States)

    2012-09-21

    ... Security Boulevard, Baltimore, MD 21235-6401, (410) 965-6286, or, if you are deaf or hard of hearing, you... the management of the production of the things raised on the rented farm, we will consider those...

  17. 49 CFR 393.118 - What are the rules for securing dressed lumber or similar building products?

    Science.gov (United States)

    2010-10-01

    ... plywood, gypsum board or other materials of similar shape. Lumber or building products which are not... the middle tier that must be secured may not exceed 6 feet about the deck of the trailer; or (ii...

  18. RED: A Java-MySQL Software for Identifying and Visualizing RNA Editing Sites Using Rule-Based and Statistical Filters.

    Directory of Open Access Journals (Sweden)

    Yongmei Sun

    Full Text Available RNA editing is one of the post- or co-transcriptional processes that can lead to amino acid substitutions in protein sequences, alternative pre-mRNA splicing, and changes in gene expression levels. Although several methods have been suggested to identify RNA editing sites, there remains challenges to be addressed in distinguishing true RNA editing sites from its counterparts on genome and technical artifacts. In addition, there lacks a software framework to identify and visualize potential RNA editing sites. Here, we presented a software - 'RED' (RNA Editing sites Detector - for the identification of RNA editing sites by integrating multiple rule-based and statistical filters. The potential RNA editing sites can be visualized at the genome and the site levels by graphical user interface (GUI. To improve performance, we used MySQL database management system (DBMS for high-throughput data storage and query. We demonstrated the validity and utility of RED by identifying the presence and absence of C→U RNA-editing sites experimentally validated, in comparison with REDItools, a command line tool to perform high-throughput investigation of RNA editing. In an analysis of a sample data-set with 28 experimentally validated C→U RNA editing sites, RED had sensitivity and specificity of 0.64 and 0.5. In comparison, REDItools had a better sensitivity (0.75 but similar specificity (0.5. RED is an easy-to-use, platform-independent Java-based software, and can be applied to RNA-seq data without or with DNA sequencing data. The package is freely available under the GPLv3 license at http://github.com/REDetector/RED or https://sourceforge.net/projects/redetector.

  19. RED: A Java-MySQL Software for Identifying and Visualizing RNA Editing Sites Using Rule-Based and Statistical Filters.

    Science.gov (United States)

    Sun, Yongmei; Li, Xing; Wu, Di; Pan, Qi; Ji, Yuefeng; Ren, Hong; Ding, Keyue

    2016-01-01

    RNA editing is one of the post- or co-transcriptional processes that can lead to amino acid substitutions in protein sequences, alternative pre-mRNA splicing, and changes in gene expression levels. Although several methods have been suggested to identify RNA editing sites, there remains challenges to be addressed in distinguishing true RNA editing sites from its counterparts on genome and technical artifacts. In addition, there lacks a software framework to identify and visualize potential RNA editing sites. Here, we presented a software - 'RED' (RNA Editing sites Detector) - for the identification of RNA editing sites by integrating multiple rule-based and statistical filters. The potential RNA editing sites can be visualized at the genome and the site levels by graphical user interface (GUI). To improve performance, we used MySQL database management system (DBMS) for high-throughput data storage and query. We demonstrated the validity and utility of RED by identifying the presence and absence of C→U RNA-editing sites experimentally validated, in comparison with REDItools, a command line tool to perform high-throughput investigation of RNA editing. In an analysis of a sample data-set with 28 experimentally validated C→U RNA editing sites, RED had sensitivity and specificity of 0.64 and 0.5. In comparison, REDItools had a better sensitivity (0.75) but similar specificity (0.5). RED is an easy-to-use, platform-independent Java-based software, and can be applied to RNA-seq data without or with DNA sequencing data. The package is freely available under the GPLv3 license at http://github.com/REDetector/RED or https://sourceforge.net/projects/redetector.

  20. Achieving Better Buying Power through Acquisition of Open Architecture Software Systems. Volume 2 Understanding Open Architecture Software Systems: Licensing and Security Research and Recommendations

    Science.gov (United States)

    2016-01-06

    KWD00], as are  CORBA, Microsoft’s .NET, and Enterprise  Java  Beans.    ● Configured system or sub­system​ – These are software systems built to conform to...background.  55 Some OSS is multiply­licensed, or distributed under two or more licenses. The  MySQL  database  software is distributed either under GPLv2 for...Automation    The license metamodel, calculation, and an assortment of license interpretations are implemented  in a  Java  package. The calculation

  1. 78 FR 6168 - Social Security Ruling, SSR 13-1p; Titles II and XVI: Agency Processes for Addressing Allegations...

    Science.gov (United States)

    2013-01-29

    ... receives such allegations in the context of claim adjudication. Next, the Ruling describes how ODAR's... based on race, color, national origin (including English language ability), religion, sex, sexual..., prejudice, partiality, or bias based on race, color, national origin (including English language ability...

  2. The Turkish state as a "neoliberal leviathan" under the AKP rule : the case of private security companies

    OpenAIRE

    Şanver, Abdullah

    2015-01-01

    This study focuses on private security companies as a component of the AKP’s security policies, which has enabled the Turkish state to extend its dominance over the society. The AKP era, spanning over ten years in Turkey, is a continuity of the neoliberal transformation that began with the Özal era in the 1980s. As the new actor of neoliberal transformation in Turkey, the AKP has implemented the transformation in question extensively. Thus, the AKP reign has become a period when the instituti...

  3. Machine Learning for Security

    CERN Multimedia

    CERN. Geneva

    2015-01-01

    Applied statistics, aka ‘Machine Learning’, offers a wealth of techniques for answering security questions. It’s a much hyped topic in the big data world, with many companies now providing machine learning as a service. This talk will demystify these techniques, explain the math, and demonstrate their application to security problems. The presentation will include how-to’s on classifying malware, looking into encrypted tunnels, and finding botnets in DNS data. About the speaker Josiah is a security researcher with HP TippingPoint DVLabs Research Group. He has over 15 years of professional software development experience. Josiah used to do AI, with work focused on graph theory, search, and deductive inference on large knowledge bases. As rules only get you so far, he moved from AI to using machine learning techniques identifying failure modes in email traffic. There followed digressions into clustered data storage and later integrated control systems. Current ...

  4. Rules And A Rubric Could Be Used To Assess The Openness Of A Homeland Security Enterprise Social Network

    Science.gov (United States)

    2016-12-01

    A primary purpose of an ESN is to connect existing teams across an enterprise to break down pockets of information and then create a place or...program management concerns with very little guidance related to collaboration. The Merriam Webster dictionary offers three definitions of the noun...137 Merriam-Webster Dictionary , s.v. “Rule,” accessed October 2, 2016, http://www.merriam- webster.com/ dictionary

  5. Contractor Software Charges

    National Research Council Canada - National Science Library

    Granetto, Paul

    1994-01-01

    .... Examples of computer software costs that contractors charge through indirect rates are material management systems, security systems, labor accounting systems, and computer-aided design and manufacturing...

  6. Los Alamos National Security, LLC Request for Information on how industry may partner with the Laboratory on KIVA software.

    Energy Technology Data Exchange (ETDEWEB)

    Mcdonald, Kathleen Herrera [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

    2016-02-29

    KIVA is a family of Fortran-based computational fluid dynamics software developed by LANL. The software predicts complex fuel and air flows as well as ignition, combustion, and pollutant-formation processes in engines. The KIVA models have been used to understand combustion chemistry processes, such as auto-ignition of fuels, and to optimize diesel engines for high efficiency and low emissions. Fuel economy is heavily dependent upon engine efficiency, which in turn depends to a large degree on how fuel is burned within the cylinders of the engine. Higher in-cylinder pressures and temperatures lead to increased fuel economy, but they also create more difficulty in controlling the combustion process. Poorly controlled and incomplete combustion can cause higher levels of emissions and lower engine efficiencies.

  7. 78 FR 17744 - Social Security Ruling, SSR 13-2p; Titles II and XVI: Evaluating Cases Involving Drug Addiction...

    Science.gov (United States)

    2013-03-22

    ...The Social Security Administration published a document in the Federal Register on February 20, 2013. (78 FR 11939). On page 11940, in the first column, under the ``CITATIONS'' section, replace the period after 1614(a) with a comma, and remove the additional space between 416.927 and the comma. On page 11941, in the ``DAA Evaluation Process'' chart, in step 6 b, add a period after ``material''. On page 11942, in the second column, under section e. i., first bullet, add a space between ``20'' and ``CFR''. On page 11943, footnote 19, replace ``20 CFR 404.1527(e) and 416.927(e)'' with the correct reference which is ``20 CFR 404.1527(d) and 416.927(d)''. On page 11943, footnote 20, replace ``20 CFR 404.1527(f) and 416.927(f)'' with the correct reference which is ``20 CFR 404.1527(e) and 416.927(e)''. On page 11944, first column, question 8. ``What evidence do we need in cases involving DAA?'', a., italicize the subheading ``General'', and in the first sentence add a period at the end of the sentence. On page 11944, second column, under c. i., third sentence, hyphenate ``nonmedical'' to read ``non-medical''. On page 11944, third column, under c. ii, third sentence, delete ``the'' before ``well''. On page 11944, third column, under d. i., first sentence, hyphenate ``nonmedical'' to read ``non-medical''. On page 11944, footnote 22, replace ``404.928'' with ``404.1528''. On page 11945, second column, c. iii., second sentence, remove the extra space after ``abstinence'' and before the period. On page 11946, second column, first bullet, replace the semi-colon with a period. On page 11946, second column, under ``15. How should adjudicators consider Federal district and circuit court decisions about DAA?'', first sentence, replace ``20 CFR 404.1585 and 416.985'' with ``20 CFR 404.985 and 416.1485'', and under a., italicize the subheading ``General''.

  8. Toward improved software security training using a cyber warfare opposing force (CW OPFOR): the knowledge base design

    Science.gov (United States)

    Stytz, Martin R.; Banks, Sheila B.

    2005-03-01

    "Train the way you will fight" has been a guiding principle for military training and has served the warfighter well as evidenced by numerous successful operations over the last decade. This need for realistic training for all combatants has been recognized and proven by the warfighter and continues to guide military training. However, to date, this key training principle has not been applied fully in the arena of cyberwarfare due to the lack of realistic, cost effective, reasonable, and formidable cyberwarfare opponents. Recent technological advances, improvements in the capability of computer-generated forces (CGFs) to emulate human behavior, and current results in research in information assurance and software protection, coupled with increasing dependence upon information superiority, indicate that the cyberbattlespace will be a key aspect of future conflict and that it is time to address the cyberwarfare training shortfall. To address the need for a cyberwarfare training and defensive testing capability, we propose research and development to yield a prototype computerized, semi-autonomous (SAF) red team capability. We term this capability the Cyber Warfare Opposing Force (CW OPFOR). There are several technologies that are now mature enough to enable, for the first time, the development of this powerful, effective, high fidelity CW OPFOR. These include improved knowledge about cyberwarfare attack and defense, improved techniques for assembling CGFs, improved techniques for capturing and expressing knowledge, software technologies that permit effective rapid prototyping to be effectively used on large projects, and the capability for effective hybrid reasoning systems. Our development approach for the CW OPFOR lays out several phases in order to address these requirements in an orderly manner and to enable us to test the capabilities of the CW OPFOR and exploit them as they are developed. We have completed the first phase of the research project, which

  9. Software engineering

    CERN Document Server

    Thorin, Marc

    1985-01-01

    Software Engineering describes the conceptual bases as well as the main methods and rules on computer programming. This book presents software engineering as a coherent and logically built synthesis and makes it possible to properly carry out an application of small or medium difficulty that can later be developed and adapted to more complex cases. This text is comprised of six chapters and begins by introducing the reader to the fundamental notions of entities, actions, and programming. The next two chapters elaborate on the concepts of information and consistency domains and show that a proc

  10. Strengthening Software Authentication with the ROSE Software Suite

    International Nuclear Information System (INIS)

    White, G

    2006-01-01

    Many recent nonproliferation and arms control software projects include a software authentication regime. These include U.S. Government-sponsored projects both in the United States and in the Russian Federation (RF). This trend toward requiring software authentication is only accelerating. Demonstrating assurance that software performs as expected without hidden ''backdoors'' is crucial to a project's success. In this context, ''authentication'' is defined as determining that a software package performs only its intended purpose and performs said purpose correctly and reliably over the planned duration of an agreement. In addition to visual inspections by knowledgeable computer scientists, automated tools are needed to highlight suspicious code constructs, both to aid visual inspection and to guide program development. While many commercial tools are available for portions of the authentication task, they are proprietary and not extensible. An open-source, extensible tool can be customized to the unique needs of each project (projects can have both common and custom rules to detect flaws and security holes). Any such extensible tool has to be based on a complete language compiler. ROSE is precisely such a compiler infrastructure developed within the Department of Energy (DOE) and targeted at the optimization of scientific applications and user-defined libraries within large-scale applications (typically applications of a million lines of code). ROSE is a robust, source-to-source analysis and optimization infrastructure currently addressing large, million-line DOE applications in C and C++ (handling the full C, C99, C++ languages and with current collaborations to support Fortran90). We propose to extend ROSE to address a number of security-specific requirements, and apply it to software authentication for nonproliferation and arms control projects

  11. Vehicle security encryption based on unlicensed encryption

    Science.gov (United States)

    Huang, Haomin; Song, Jing; Xu, Zhijia; Ding, Xiaoke; Deng, Wei

    2018-03-01

    The current vehicle key is easy to be destroyed and damage, proposing the use of elliptical encryption algorithm is improving the reliability of vehicle security system. Based on the encryption rules of elliptic curve, the chip's framework and hardware structure are designed, then the chip calculation process simulation has been analyzed by software. The simulation has been achieved the expected target. Finally, some issues pointed out in the data calculation about the chip's storage control and other modules.

  12. Collaboration rules.

    Science.gov (United States)

    Evans, Philip; Wolf, Bob

    2005-01-01

    Corporate leaders seeking to boost growth, learning, and innovation may find the answer in a surprising place: the Linux open-source software community. Linux is developed by an essentially volunteer, self-organizing community of thousands of programmers. Most leaders would sell their grandmothers for workforces that collaborate as efficiently, frictionlessly, and creatively as the self-styled Linux hackers. But Linux is software, and software is hardly a model for mainstream business. The authors have, nonetheless, found surprising parallels between the anarchistic, caffeinated, hirsute world of Linux hackers and the disciplined, tea-sipping, clean-cut world of Toyota engineering. Specifically, Toyota and Linux operate by rules that blend the self-organizing advantages of markets with the low transaction costs of hierarchies. In place of markets' cash and contracts and hierarchies' authority are rules about how individuals and groups work together (with rigorous discipline); how they communicate (widely and with granularity); and how leaders guide them toward a common goal (through example). Those rules, augmented by simple communication technologies and a lack of legal barriers to sharing information, create rich common knowledge, the ability to organize teams modularly, extraordinary motivation, and high levels of trust, which radically lowers transaction costs. Low transaction costs, in turn, make it profitable for organizations to perform more and smaller transactions--and so increase the pace and flexibility typical of high-performance organizations. Once the system achieves critical mass, it feeds on itself. The larger the system, the more broadly shared the knowledge, language, and work style. The greater individuals' reputational capital, the louder the applause and the stronger the motivation. The success of Linux is evidence of the power of that virtuous circle. Toyota's success is evidence that it is also powerful in conventional companies.

  13. Hybrid Security Policies

    Directory of Open Access Journals (Sweden)

    Radu CONSTANTINESCU

    2006-01-01

    Full Text Available Policy is defined as the rules and regulations set by the organization. They are laid down by management in compliance with industry regulations, law and internal decisions. Policies are mandatory. Security policies rules how the information is protected against security vulnerabilities and they are the basis for security awareness, training and vital for security audits. Policies are focused on desired results. The means of achieving the goals are defined on controls, standards and procedures.

  14. Design and development of a prototypical software for semi-automatic generation of test methodologies and security checklists for IT vulnerability assessment in small- and medium-sized enterprises (SME)

    Science.gov (United States)

    Möller, Thomas; Bellin, Knut; Creutzburg, Reiner

    2015-03-01

    The aim of this paper is to show the recent progress in the design and prototypical development of a software suite Copra Breeder* for semi-automatic generation of test methodologies and security checklists for IT vulnerability assessment in small and medium-sized enterprises.

  15. Crispen's Five Antivirus Rules.

    Science.gov (United States)

    Crispen, Patrick Douglas

    2000-01-01

    Explains five rules to protect computers from viruses. Highlights include commercial antivirus software programs and the need to upgrade them periodically (every year to 18 months); updating virus definitions at least weekly; scanning attached files from email with antivirus software before opening them; Microsoft Word macro protection; and the…

  16. International Liability Issues for Software Quality

    National Research Council Canada - National Science Library

    Mead, Nancy

    2003-01-01

    This report focuses on international law related to cybercrime, international information security standards, and software liability issues as they relate to information security for critical infrastructure applications...

  17. Modelling security and trust with Secure Tropos

    NARCIS (Netherlands)

    Giorgini, P.; Mouratidis, H.; Zannone, N.; Mouratidis, H.; Giorgini, P.

    2006-01-01

    Although the concepts of security and trust play an important issue in the development of information systems, they have been mainly neglected by software engineering methodologies. In this chapter we present an approach that considers security and trust throughout the software development process.

  18. Privacy and security of patient data in the pathology laboratory

    Directory of Open Access Journals (Sweden)

    Ioan C Cucoranu

    2013-01-01

    Full Text Available Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI. In the United States, the Health Insurance Portability and Accountability Act (HIPAA govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

  19. Privacy and security of patient data in the pathology laboratory.

    Science.gov (United States)

    Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

    2013-01-01

    Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

  20. Methodological approaches based on business rules

    Directory of Open Access Journals (Sweden)

    Anca Ioana ANDREESCU

    2008-01-01

    Full Text Available Business rules and business processes are essential artifacts in defining the requirements of a software system. Business processes capture business behavior, while rules connect processes and thus control processes and business behavior. Traditionally, rules are scattered inside application code. This approach makes it very difficult to change rules and shorten the life cycle of the software system. Because rules change more quickly than the application itself, it is desirable to externalize the rules and move them outside the application. This paper analyzes and evaluates three well-known business rules approaches. It also outlines some critical factors that have to be taken into account in the decision to introduce business rules facilities in a software system. Based on the concept of explicit manipulation of business rules in a software system, the need for a general approach based on business rules is discussed.

  1. Methodological approaches based on business rules

    OpenAIRE

    Anca Ioana ANDREESCU; Adina UTA

    2008-01-01

    Business rules and business processes are essential artifacts in defining the requirements of a software system. Business processes capture business behavior, while rules connect processes and thus control processes and business behavior. Traditionally, rules are scattered inside application code. This approach makes it very difficult to change rules and shorten the life cycle of the software system. Because rules change more quickly than the application itself, it is desirable to externalize...

  2. Business rules for creating process flexibility : Mapping RIF rules and BDI rules

    NARCIS (Netherlands)

    Gong, Y.; Overbeek, S.J.; Janssen, M.

    2011-01-01

    Business rules and software agents can be used for creating flexible business processes. The Rule Interchange Format (RIF) is a new W3C recommendation standard for exchanging rules among disparate systems. Yet, the impact that the introduction of RIF has on the design of flexible business processes

  3. Business Management Software Axolon ERP

    OpenAIRE

    Axolon ERP Solution

    2018-01-01

    Axolon ERP a Business Management Software www.axolonerp.com by Micromind is a comprehensive business management software solution for businesses. We deliver Business Management Software Dubai in UAE, GCC Countries and products also include ERP Software Dubai. HR & Payroll, Inventory Software, Project Management, Software Development, Solutions and Services in Dubai, UAE for small and medium sized Enterprises (SME) in the middle east with a easy-to-use, secure and efficient business management...

  4. Design of a software architecture supporting business-to-government information sharing to improve public safety and security : Combining business rules, Events and blockchain technology

    NARCIS (Netherlands)

    van Engelenburg, S.H.; Janssen, M.F.W.H.A.; Klievink, A.J.

    2017-01-01

    Toensurepublicsafetyandsecurity,itisvitallyimportantforgovernmentstocol- lect information from businesses and analyse it. Such information can be used to determine whether transported goods might be suspicious and therefore require physical inspection. Although businesses are obliged to report some

  5. Computer security

    CERN Document Server

    Gollmann, Dieter

    2011-01-01

    A completely up-to-date resource on computer security Assuming no previous experience in the field of computer security, this must-have book walks you through the many essential aspects of this vast topic, from the newest advances in software and technology to the most recent information on Web applications security. This new edition includes sections on Windows NT, CORBA, and Java and discusses cross-site scripting and JavaScript hacking as well as SQL injection. Serving as a helpful introduction, this self-study guide is a wonderful starting point for examining the variety of competing sec

  6. Secure Web Developers Needed!

    CERN Multimedia

    Computer Security Team

    2012-01-01

    You’re about to launch a new website? Cool!! With today’s web programming languages like PHP, Java, Python or Perl, complex websites can be created, easily fulfilling all your use cases. But hold on. Did you ever think about how easily this can be abused? Attackers today are already using automatic tools which can quickly and easily find and exploit vulnerable web applications.   Web applications often suffer from security vulnerabilities, i.e. design flaws or programming bugs that remained undetected during the whole software development cycle. In production these vulnerabilities become security holes, providing an opportunity for exploitation, and can pose immense security risks (and there is no reason to believe that CERN is immune to this). The costs associated with eliminating these bugs could be loosely described by the "1:10:100 rule", i.e. the relative costs for fixing are 1:10:100 for fixing them in the programming:testing:production phases. Thus, the...

  7. A taxonomy and discussion of software attack technologies

    Science.gov (United States)

    Banks, Sheila B.; Stytz, Martin R.

    2005-03-01

    Software is a complex thing. It is not an engineering artifact that springs forth from a design by simply following software coding rules; creativity and the human element are at the heart of the process. Software development is part science, part art, and part craft. Design, architecture, and coding are equally important activities and in each of these activities, errors may be introduced that lead to security vulnerabilities. Therefore, inevitably, errors enter into the code. Some of these errors are discovered during testing; however, some are not. The best way to find security errors, whether they are introduced as part of the architecture development effort or coding effort, is to automate the security testing process to the maximum extent possible and add this class of tools to the tools available, which aids in the compilation process, testing, test analysis, and software distribution. Recent technological advances, improvements in computer-generated forces (CGFs), and results in research in information assurance and software protection indicate that we can build a semi-intelligent software security testing tool. However, before we can undertake the security testing automation effort, we must understand the scope of the required testing, the security failures that need to be uncovered during testing, and the characteristics of the failures. Therefore, we undertook the research reported in the paper, which is the development of a taxonomy and a discussion of software attacks generated from the point of view of the security tester with the goal of using the taxonomy to guide the development of the knowledge base for the automated security testing tool. The representation for attacks and threat cases yielded by this research captures the strategies, tactics, and other considerations that come into play during the planning and execution of attacks upon application software. The paper is organized as follows. Section one contains an introduction to our research

  8. Decree n.06-488 /P-RM of 23 november 2006 determining the rules related to the protection against ionizing radiation, safety and security of ionizing radiation sources

    International Nuclear Information System (INIS)

    2006-01-01

    This decree determine the r(ules of protection of workers, public, patients and environment against the risks of ionizing radiation. The scope of these rules is defined as well as the definitions of some terms and concepts used in the field such as raioelement, radiopactive waste, dose, level of intervention, etc. The responsability for Malian Agency for radioprotection and for different stakeholders are clarified and those of workers as well. The condition of declaration, obtaining authorization and exemption are set. Instructions related to radioprotection, safety and security ofn ionizing radiation are stated regarding occupational, madical and public exposure and in case of emergency. instructions related to inventory and inspec tion are also defined

  9. What is Security? A perspective on achieving security

    Energy Technology Data Exchange (ETDEWEB)

    Atencio, Julian J.

    2014-05-05

    This presentation provides a perspective on achieving security in an organization. It touches upon security as a mindset, ability to adhere to rules, cultivating awareness of the reason for a security mindset, the quality of a security program, willingness to admit fault or acknowledge failure, peer review in security, science as a model that can be applied to the security profession, the security vision, security partnering, staleness in the security program, security responsibilities, and achievement of success over time despite the impossibility of perfection.

  10. Assuring Software Reliability

    Science.gov (United States)

    2014-08-01

    technologies and processes to achieve a required level of confidence that software systems and services function in the intended manner. 1.3 Security Example...that took three high-voltage lines out of service and a software fail- ure (a race condition3) that disabled the computing service that notified the... service had failed. Instead of analyzing the details of the alarm server failure, the reviewers asked why the following software assurance claim had

  11. Using Bayesian Networks and Decision Theory to Model Physical Security

    Science.gov (United States)

    2003-02-01

    Home automation technologies allow a person to monitor and control various activities within a home or office setting. Cameras, sensors and other...components used along with the simple rules in the home automation software provide an environment where the lights, security and other appliances can be...monitored and controlled. These home automation technologies, however, lack the power to reason under uncertain conditions and thus the system can

  12. Software licenses: Stay honest!

    CERN Multimedia

    Computer Security Team

    2012-01-01

    Do you recall our article about copyright violation in the last issue of the CERN Bulletin, “Music, videos and the risk for CERN”? Now let’s be more precise. “Violating copyright” not only means the illegal download of music and videos, it also applies to software packages and applications.   Users must respect proprietary rights in compliance with the CERN Computing Rules (OC5). Not having legitimately obtained a program or the required licenses to run that software is not a minor offense. It violates CERN rules and puts the Organization at risk! Vendors deserve credit and compensation. Therefore, make sure that you have the right to use their software. In other words, you have bought the software via legitimate channels and use a valid and honestly obtained license. This also applies to “Shareware” and software under open licenses, which might also come with a cost. Usually, only “Freeware” is complete...

  13. Privatising Security

    Directory of Open Access Journals (Sweden)

    Irina Mindova-Docheva

    2016-06-01

    Full Text Available The article proposes an analysis of the different approaches towards employing the international legal framework in the regulation and oversight of private military and security companies’ operation in armed conflicts and in peace time security systems. It proposes a partnership-based approach for public and private actors aiming at creating and sharing common values under the principles of solidarity, protection of human rights and rule of law. A focus of further research should be the process of shaping those common values.

  14. EMI Security Architecture

    CERN Document Server

    White, J.; Schuller, B.; Qiang, W.; Groep, D.; Koeroo, O.; Salle, M.; Sustr, Z.; Kouril, D.; Millar, P.; Benedyczak, K.; Ceccanti, A.; Leinen, S.; Tschopp, V.; Fuhrmann, P.; Heyman, E.; Konstantinov, A.

    2013-01-01

    This document describes the various architectures of the three middlewares that comprise the EMI software stack. It also outlines the common efforts in the security area that allow interoperability between these middlewares. The assessment of the EMI Security presented in this document was performed internally by members of the Security Area of the EMI project.

  15. 78 FR 66318 - Securities Investor Protection Corporation

    Science.gov (United States)

    2013-11-05

    ...] Securities Investor Protection Corporation AGENCY: Securities and Exchange Commission. ACTION: Proposed rule. SUMMARY: The Securities Investor Protection Corporation (``SIPC'') filed a proposed rule change with the... satisfaction of customer claims for standardized options under the Securities Investor Protection Act of 1970...

  16. Security Bingo

    CERN Multimedia

    Computer Security Team

    2011-01-01

    Want to check your security awareness and win one of three marvellous books on computer security? Just print out this page, mark which of the 25 good practices below you already follow, and send the sheet back to us by 31 October 2011 at either Computer.Security@cern.ch or P.O. Box G19710.   Winners[1] must show that they fulfil at least five good practices in a continuous vertical, horizontal or diagonal row. For details on CERN Computer Security, please consult http://cern.ch/security. I personally…   …am concerned about computer security. …run my computer with an anti-virus software and up-to-date signature files. …lock my computer screen whenever I leave my office. …have chosen a reasonably complex password. …have restricted access to all my files and data. …am aware of the security risks and threats to CERN’s computing facilities. &hell...

  17. Security Policy and Developments in Central Asia : Security Documents Compared with Security Challenges

    NARCIS (Netherlands)

    Haas, de M.

    2016-01-01

    This article examines the security policy of the Central Asian (CA) states, by comparing theory (security documents) with practice (the actual security challenges). The lack of CA regional (security) cooperation and authoritarian rule puts political and economic stability at stake. The internal and

  18. Agile IT Security Implementation Methodology

    CERN Document Server

    Laskowski, Jeff

    2011-01-01

    The book is a tutorial that goes from basic to professional level for Agile IT security. It begins by assuming little knowledge of agile security. Readers should hold a good knowledge of security methods and agile development. The book is targeted at IT security managers, directors, and architects. It is useful for anyone responsible for the deployment of IT security countermeasures. Security people with a strong knowledge of agile software development will find this book to be a good review of agile concepts.

  19. A Security Approach in System Development Life Cycle

    OpenAIRE

    P.Mahizharuvi; Dr.Alagarsamy

    2011-01-01

    Many software organizations today are confronted with challenge of building secure software systems. Traditional software engineering principles place little emphasis on security. These principles tend to tread security as one of a long list of quality factors that are expected from all professionally developed software. As software systems of today have a wide reach, security has become a more important factor than ever in the history of software engineering can no longer be treated as Separ...

  20. 78 FR 48037 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

    Science.gov (United States)

    2013-08-07

    ... Clearance and Safeguarding of National Security Information and Restricted Data AGENCY: Nuclear Regulatory... the objectives of Executive Order 13526, Classified National Security Information. The rule allows... signed Executive Order 13526, Classified National Security Information, which was published in the...

  1. Application Security in the ISO27001 Environment

    CERN Document Server

    Vinod, Vasudevan; Firosh, Ummer

    2008-01-01

    Application Security in the ISO27001 Environment demonstrates how to secure software applications within a best practice ISO/IEC 27001 environment and supports implementation of the PCI DSS Payment Application Security Standard.

  2. Coping with Security in Programming

    OpenAIRE

    Frank Schindler

    2006-01-01

    This article deals with importance of security issues in computer programming.Secure software can only be designed with security as a primary goal. To achieve that wewould have to redesign our computer systems with security in our mind including entirecomputer environment, e.g. hardware, programming languages and, of course, operatingsystems. In software development process the quality of resulting computer code should bethe most important aspect during the whole program development process. ...

  3. RIGHTS, RULES, AND DEMOCRACY

    Directory of Open Access Journals (Sweden)

    Richard S. Kay, University of Connecticut-School of Law, Estados Unidos

    2012-11-01

    Full Text Available Abstract: Democracy require protection of certain fundamental rights, but can we expect courts to follow rules? There seems little escape from the proposition that substantive constitutional review by an unelected judiciary is a presumptive abridgement of democratic decision-making. Once we have accepted the proposition that there exist human rights that ought to be protected, this should hardly surprise us. No one thinks courts are perfect translators of the rules invoked before them on every occasion. But it is equally clear that rules sometimes do decide cases. In modern legal systems the relative roles of courts and legislators with respect to the rules of the system is a commonplace. Legislatures make rules. Courts apply them in particular disputes. When we are talking about human rights, however, that assumption must be clarified in at least one way. The defense of the practice of constitutional review in this article assumes courts can and do enforce rules. This article also makes clear what is the meaning of “following rules”. Preference for judicial over legislative interpretation of rights, therefore, seems to hang on the question of whether or not judges are capable of subordinating their own judgment to that incorporated in the rules by their makers. This article maintains that, in general, entrenched constitutional rules (and not just constitutional courts can and do constrain public conduct and protect human rights. The article concludes that the value judgments will depend on our estimate of the benefits we derive from the process of representative self-government. Against those benefits we will have to measure the importance we place on being able to live our lives with the security created by a regime of human rights protected by the rule of law. Keywords: Democracy. Human Rights. Rules. Judicial Review.

  4. Computer Security: the security marathon

    CERN Multimedia

    Computer Security Team

    2014-01-01

    If you believe that “security” is a sprint, that a quick hack is invulnerable, that quick bug fixing is sufficient, that plugging security measures on top of existing structures is good, that once you are secure your life will be easy... then let me convince you otherwise.   An excellent example of this is when the summer students join us at CERN. As the summer period is short, software projects must be accomplished quickly, like a sprint. Rush, rush! But often, this sprint ends with aching muscles. Regularly, these summer students approach us to have their project or web server made visible to the Internet. Regularly, quick security reviews of those web servers diagnose severe underperformance with regards to security: the web applications are flawed or use insecure protocols; the employed software tools, databases or web frameworks are sub-optimal and not adequately chosen for that project; the operating system is non-standard and has never been brought up-to-date; and ...

  5. Advanced I and C system of security level for nuclear power station

    International Nuclear Information System (INIS)

    Liu Yanyang

    2001-01-01

    Advanced I and C system of security level using for PWR developed by Framatome and Schneider collective, SPINLINE3, are introduced. The technology is used to outside reactor nuclear measurement system in Qinshan II period. It's succeed benefits by Framatome and Schneider's more years development experience in nuclear power station digitallization security level I and C system field, which improve security and reliability of PWR, and, easy operation and maintains. SPINLINE3 based on digitallization and modularization technical proposal, and covered entireness reactor protect system and correlative control system. The paper also introduce CLARISSE (computer aided design aid) and SCADE (embedded software aid) for developing SPINLINE3. SPINLINE3 fills correlative IS and rule, based on software and hardware unit which certificate and launch into operation. After brief review of Framatome and Schneider's experience, the paper are introducing design guideline, application technology and how to fill demand of security level I and C system

  6. How to Compare the Security Quality Requirements Engineering (SQUARE) Method with Other Methods

    National Research Council Canada - National Science Library

    Mead, Nancy R

    2007-01-01

    The Security Quality Requirements Engineering (SQUARE) method, developed at the Carnegie Mellon Software Engineering Institute, provides a systematic way to identify security requirements in a software development project...

  7. Managing Cisco network security

    CERN Document Server

    Knipp, Eric

    2002-01-01

    An in-depth knowledge of how to configure Cisco IP network security is a MUST for anyone working in today''s internetworked world"There''s no question that attacks on enterprise networks are increasing in frequency and sophistication..."-Mike Fuhrman, Cisco Systems Manager, Security ConsultingManaging Cisco Network Security, Second Edition offers updated and revised information covering many of Cisco''s security products that provide protection from threats, detection of network security incidents, measurement of vulnerability and policy compliance and management of security policy across an extended organization. These are the tools that network administrators have to mount defenses against threats. Chapters also cover the improved functionality and ease of the Cisco Secure Policy Manger software used by thousands of small-to-midsized businesses and a special section on the Cisco Aironet Wireless Security Solutions.Security from a real-world perspectiveKey coverage of the new technologies offered by the Cisc...

  8. Proactive Security Testing and Fuzzing

    Science.gov (United States)

    Takanen, Ari

    Software is bound to have security critical flaws, and no testing or code auditing can ensure that software is flaw-less. But software security testing requirements have improved radically during the past years, largely due to criticism from security conscious consumers and Enterprise customers. Whereas in the past, security flaws were taken for granted (and patches were quietly and humbly installed), they now are probably one of the most common reasons why people switch vendors or software providers. The maintenance costs from security updates often add to become one of the biggest cost items to large Enterprise users. Fortunately test automation techniques have also improved. Techniques like model-based testing (MBT) enable efficient generation of security tests that reach good confidence levels in discovering zero-day mistakes in software. This technique is called fuzzing.

  9. Time Synchronization Prototype, Server Upgrade Procedure Support and Remote Software Development

    Science.gov (United States)

    Sanders, Shania R.

    2014-01-01

    Networks are roadways of communication that connect devices. Like all roadways, there are rules and regulations that govern whatever (information in this case) travels along them. One type of rule that is commonly used is called a protocol. More specifically, a protocol is a standard that specifies how data should be transmitted over a network. The project outlined in this document seeks to implement one protocol in particular, Precision Time Protocol, within the Kennedy Ground Control Subsystem network at Kennedy Space Center. This document also summarizes work completed for server upgrades, remote software developer training and how all three assignments demonstrated the importance of accountability and security.

  10. 76 FR 60939 - Metal Fatigue Analysis Performed by Computer Software

    Science.gov (United States)

    2011-09-30

    ... Software AGENCY: Nuclear Regulatory Commission. ACTION: Regulatory issue summary; request for comment... computer software package, WESTEMS TM , to demonstrate compliance with Section III, ``Rules for... Software Addressees All holders of, and applicants for, a power reactor operating license or construction...

  11. Employee Retirement Income Security Act of 1974: rules and regulations for administration and enforcement; claims procedure. Pension and Welfare Benefits Administration, Labor. Final regulation.

    Science.gov (United States)

    2000-11-21

    This document contains a final regulation revising the minimum requirements for benefit claims procedures of employee benefit plans covered by Title I of the Employee Retirement Income Security Act of 1974 (ERISA or the Act). The regulation establishes new standards for the processing of claims under group health plans and plans providing disability benefits and further clarifies existing standards for all other employee benefit plans. The new standards are intended to ensure more timely benefit determinations, to improve access to information on which a benefit determination is made, and to assure that participants and beneficiaries will be afforded a full and fair review of denied claims. When effective, the regulation will affect participants and beneficiaries of employee benefit plans, employers who sponsor employee benefit plans, plan fiduciaries, and others who assist in the provision of plan benefits, such as third-party benefits administrators and health service providers or health maintenance organizations that provide benefits to participants and beneficiaries of employee benefit plans.

  12. Idioms-based Business Rule Extraction

    NARCIS (Netherlands)

    R Smit (Rob)

    2011-01-01

    htmlabstractThis thesis studies the extraction of embedded business rules, using the idioms of the used framework to identify them. Embedded business rules exist as source code in the software system and knowledge about them may get lost. Extraction of those business rules could make them accessible

  13. Facial recognition software success rates for the identification of 3D surface reconstructed facial images: implications for patient privacy and security.

    Science.gov (United States)

    Mazura, Jan C; Juluru, Krishna; Chen, Joseph J; Morgan, Tara A; John, Majnu; Siegel, Eliot L

    2012-06-01

    Image de-identification has focused on the removal of textual protected health information (PHI). Surface reconstructions of the face have the potential to reveal a subject's identity even when textual PHI is absent. This study assessed the ability of a computer application to match research subjects' 3D facial reconstructions with conventional photographs of their face. In a prospective study, 29 subjects underwent CT scans of the head and had frontal digital photographs of their face taken. Facial reconstructions of each CT dataset were generated on a 3D workstation. In phase 1, photographs of the 29 subjects undergoing CT scans were added to a digital directory and tested for recognition using facial recognition software. In phases 2-4, additional photographs were added in groups of 50 to increase the pool of possible matches and the test for recognition was repeated. As an internal control, photographs of all subjects were tested for recognition against an identical photograph. Of 3D reconstructions, 27.5% were matched correctly to corresponding photographs (95% upper CL, 40.1%). All study subject photographs were matched correctly to identical photographs (95% lower CL, 88.6%). Of 3D reconstructions, 96.6% were recognized simply as a face by the software (95% lower CL, 83.5%). Facial recognition software has the potential to recognize features on 3D CT surface reconstructions and match these with photographs, with implications for PHI.

  14. The laws of software process a new model for the production and management of software

    CERN Document Server

    Armour, Phillip G

    2003-01-01

    The Nature of Software and The Laws of Software ProcessA Brief History of KnowledgeThe Characteristics of Knowledge Storage MediaThe Nature of Software DevelopmentThe Laws of Software Process and the Five Orders of IgnoranceThe Laws of Software ProcessThe First Law of Software ProcessThe Corollary to the First Law of Software ProcessThe Reflexive Creation of Systems and ProcessesThe Lemma of Eternal LatenessThe Second Law of Software ProcessThe Rule of Process BifurcationThe Dual Hypotheses of Knowledge DiscoveryArmour's Observation on Software ProcessThe Third Law of Software Process (also kn

  15. Software and the future of programming languages.

    Science.gov (United States)

    Aho, Alfred V

    2004-02-27

    Although software is the key enabler of the global information infrastructure, the amount and extent of software in use in the world today are not widely understood, nor are the programming languages and paradigms that have been used to create the software. The vast size of the embedded base of existing software and the increasing costs of software maintenance, poor security, and limited functionality are posing significant challenges for the software R&D community.

  16. Protecting the Privacy and Security of Your Health Information

    Science.gov (United States)

    ... can be used and shared with others. The Security Rule sets rules for how your health information must be kept secure with administrative, technical, and physical safeguards. You may have additional protections and health information rights under your State's laws. ...

  17. 78 FR 46309 - Rules of Administrative Finality

    Science.gov (United States)

    2013-07-31

    ...-772-1213 or TTY 1-800-325-0778, or visit our Internet site, Social Security Online, at http://www... SOCIAL SECURITY ADMINISTRATION 20 CFR Parts 404 and 416 [Docket No. SSA 2013-0011] Rules of Administrative Finality AGENCY: Social Security Administration (SSA) ACTION: Notice and request for comments...

  18. Trends in software testing

    CERN Document Server

    Mohanty, J; Balakrishnan, Arunkumar

    2017-01-01

    This book is focused on the advancements in the field of software testing and the innovative practices that the industry is adopting. Considering the widely varied nature of software testing, the book addresses contemporary aspects that are important for both academia and industry. There are dedicated chapters on seamless high-efficiency frameworks, automation on regression testing, software by search, and system evolution management. There are a host of mathematical models that are promising for software quality improvement by model-based testing. There are three chapters addressing this concern. Students and researchers in particular will find these chapters useful for their mathematical strength and rigor. Other topics covered include uncertainty in testing, software security testing, testing as a service, test technical debt (or test debt), disruption caused by digital advancement (social media, cloud computing, mobile application and data analytics), and challenges and benefits of outsourcing. The book w...

  19. Exploration of SWRL Rule Bases through Visualization, Paraphrasing, and Categorization of Rules

    Science.gov (United States)

    Hassanpour, Saeed; O'Connor, Martin J.; Das, Amar K.

    Rule bases are increasingly being used as repositories of knowledge content on the Semantic Web. As the size and complexity of these rule bases increases, developers and end users need methods of rule abstraction to facilitate rule management. In this paper, we describe a rule abstraction method for Semantic Web Rule Language (SWRL) rules that is based on lexical analysis and a set of heuristics. Our method results in a tree data structure that we exploit in creating techniques to visualize, paraphrase, and categorize SWRL rules. We evaluate our approach by applying it to several biomedical ontologies that contain SWRL rules, and show how the results reveal rule patterns within the rule base. We have implemented our method as a plug-in tool for Protégé-OWL, the most widely used ontology modeling software for the Semantic Web. Our tool can allow users to rapidly explore content and patterns in SWRL rule bases, enabling their acquisition and management.

  20. Security and trust requirements engineering

    NARCIS (Netherlands)

    Giorgini, P.; Massacci, F.; Zannone, N.; Aldini, A.; Gorrieri, R.; Martinelli, F.

    2005-01-01

    Integrating security concerns throughout the whole software development process is one of today’s challenges in software and requirements engineering research. A challenge that so far has proved difficult to meet. The major difficulty is that providing security does not only require to solve

  1. Software Assurance: Five Essential Considerations for Acquisition Officials

    National Research Council Canada - National Science Library

    Polydys, Mary L; Wisseman, Stan

    2007-01-01

    .... A recent Chief Information Office (CIO) Executive Council poll indicated that the top two most important attributes of software are reliable software that functions as promised and software free from security vulnerabilities and malicious code...

  2. Software Defined Networking Demands on Software Technologies

    DEFF Research Database (Denmark)

    Galinac Grbac, T.; Caba, Cosmin Marius; Soler, José

    2015-01-01

    Software Defined Networking (SDN) is a networking approach based on a centralized control plane architecture with standardised interfaces between control and data planes. SDN enables fast configuration and reconfiguration of the network to enhance resource utilization and service performances....... This new approach enables a more dynamic and flexible network, which may adapt to user needs and application requirements. To this end, systemized solutions must be implemented in network software, aiming to provide secure network services that meet the required service performance levels. In this paper......, we review this new approach to networking from an architectural point of view, and identify and discuss some critical quality issues that require new developments in software technologies. These issues we discuss along with use case scenarios. Here in this paper we aim to identify challenges...

  3. Software engineering

    CERN Document Server

    Sommerville, Ian

    2010-01-01

    The ninth edition of Software Engineering presents a broad perspective of software engineering, focusing on the processes and techniques fundamental to the creation of reliable, software systems. Increased coverage of agile methods and software reuse, along with coverage of 'traditional' plan-driven software engineering, gives readers the most up-to-date view of the field currently available. Practical case studies, a full set of easy-to-access supplements, and extensive web resources make teaching the course easier than ever.

  4. Enhancing Parliamentary Oversight for Effective Security Sector ...

    African Journals Online (AJOL)

    2015-06-09

    Jun 9, 2015 ... transition from violent conflict or prolonged authoritarian rule. .... State whose primary interest was to secure his regime and prevent ... June 12, 1993 presidential elections triggered the emergence of violent non-state security.

  5. Third-Party Software's Trust Quagmire.

    Science.gov (United States)

    Voas, J; Hurlburt, G

    2015-12-01

    Current software development has trended toward the idea of integrating independent software sub-functions to create more complete software systems. Software sub-functions are often not homegrown - instead they are developed by unknown 3 rd party organizations and reside in software marketplaces owned or controlled by others. Such software sub-functions carry plausible concern in terms of quality, origins, functionality, security, interoperability, to name a few. This article surveys key technical difficulties in confidently building systems from acquired software sub-functions by calling out the principle software supply chain actors.

  6. Securing collaborative environments

    Energy Technology Data Exchange (ETDEWEB)

    Agarwal, Deborah [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States); Jackson, Keith [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States); Thompson, Mary [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States)

    2002-05-16

    The diverse set of organizations and software components involved in a typical collaboratory make providing a seamless security solution difficult. In addition, the users need support for a broad range of frequency and locations for access to the collaboratory. A collaboratory security solution needs to be robust enough to ensure that valid participants are not denied access because of its failure. There are many tools that can be applied to the task of securing collaborative environments and these include public key infrastructure, secure sockets layer, Kerberos, virtual and real private networks, grid security infrastructure, and username/password. A combination of these mechanisms can provide effective secure collaboration capabilities. In this paper, we discuss the requirements of typical collaboratories and some proposals for applying various security mechanisms to collaborative environments.

  7. Software Formal Inspections Guidebook

    Science.gov (United States)

    1993-01-01

    The Software Formal Inspections Guidebook is designed to support the inspection process of software developed by and for NASA. This document provides information on how to implement a recommended and proven method for conducting formal inspections of NASA software. This Guidebook is a companion document to NASA Standard 2202-93, Software Formal Inspections Standard, approved April 1993, which provides the rules, procedures, and specific requirements for conducting software formal inspections. Application of the Formal Inspections Standard is optional to NASA program or project management. In cases where program or project management decide to use the formal inspections method, this Guidebook provides additional information on how to establish and implement the process. The goal of the formal inspections process as documented in the above-mentioned Standard and this Guidebook is to provide a framework and model for an inspection process that will enable the detection and elimination of defects as early as possible in the software life cycle. An ancillary aspect of the formal inspection process incorporates the collection and analysis of inspection data to effect continual improvement in the inspection process and the quality of the software subjected to the process.

  8. 76 FR 40296 - Declassification of National Security Information

    Science.gov (United States)

    2011-07-08

    ... Declassification of National Security Information AGENCY: National Archives and Records Administration. ACTION... classified national security information in records transferred to NARA's legal custody. The rule incorporates changes resulting from issuance of Executive Order 13526, Classified National Security Information...

  9. Security: a Killer App for SDN?

    Science.gov (United States)

    2014-10-01

    Software Defined Networking ( SDN ) has been developed...the possible opportunities that result. 15. SUBJECT TERMS Software Defined Network , SDN , Network Routing, Security 16. SECURITY CLASSIFICATION OF...highwayman.com Highwayman Associates Ltd. Ross Anderson Ross.Anderson@cl.cam.ac.uk University of Cambridge ABSTRACT Software Defined Networking ( SDN ) has

  10. 17 CFR 240.19g2-1 - Enforcement of compliance by national securities exchanges and registered securities associations...

    Science.gov (United States)

    2010-04-01

    ... national securities exchanges and registered securities associations with the Act and rules and regulations... Enforcement of compliance by national securities exchanges and registered securities associations with the Act... associated with its members, a national securities exchange or registered securities association is not...

  11. SOFTWARE OPEN SOURCE, SOFTWARE GRATIS?

    Directory of Open Access Journals (Sweden)

    Nur Aini Rakhmawati

    2006-01-01

    Full Text Available Normal 0 false false false IN X-NONE X-NONE MicrosoftInternetExplorer4 Berlakunya Undang – undang Hak Atas Kekayaan Intelektual (HAKI, memunculkan suatu alternatif baru untuk menggunakan software open source. Penggunaan software open source menyebar seiring dengan isu global pada Information Communication Technology (ICT saat ini. Beberapa organisasi dan perusahaan mulai menjadikan software open source sebagai pertimbangan. Banyak konsep mengenai software open source ini. Mulai dari software yang gratis sampai software tidak berlisensi. Tidak sepenuhnya isu software open source benar, untuk itu perlu dikenalkan konsep software open source mulai dari sejarah, lisensi dan bagaimana cara memilih lisensi, serta pertimbangan dalam memilih software open source yang ada. Kata kunci :Lisensi, Open Source, HAKI

  12. Software Epistemology

    Science.gov (United States)

    2016-03-01

    in-vitro decision to incubate a startup, Lexumo [7], which is developing a commercial Software as a Service ( SaaS ) vulnerability assessment...LTS Label Transition System MUSE Mining and Understanding Software Enclaves RTEMS Real-Time Executive for Multi-processor Systems SaaS Software ...as a Service SSA Static Single Assignment SWE Software Epistemology UD/DU Def-Use/Use-Def Chains (Dataflow Graph)

  13. CBP Customs Rulings Online Search System (CROSS)

    Data.gov (United States)

    Department of Homeland Security — CROSS is a searchable database of CBP rulings that can be retrieved based on simple or complex search characteristics using keywords and Boolean operators. CROSS has...

  14. Software reliability

    CERN Document Server

    Bendell, A

    1986-01-01

    Software Reliability reviews some fundamental issues of software reliability as well as the techniques, models, and metrics used to predict the reliability of software. Topics covered include fault avoidance, fault removal, and fault tolerance, along with statistical methods for the objective assessment of predictive accuracy. Development cost models and life-cycle cost models are also discussed. This book is divided into eight sections and begins with a chapter on adaptive modeling used to predict software reliability, followed by a discussion on failure rate in software reliability growth mo

  15. Computer software.

    Science.gov (United States)

    Rosenthal, L E

    1986-10-01

    Software is the component in a computer system that permits the hardware to perform the various functions that a computer system is capable of doing. The history of software and its development can be traced to the early nineteenth century. All computer systems are designed to utilize the "stored program concept" as first developed by Charles Babbage in the 1850s. The concept was lost until the mid-1940s, when modern computers made their appearance. Today, because of the complex and myriad tasks that a computer system can perform, there has been a differentiation of types of software. There is software designed to perform specific business applications. There is software that controls the overall operation of a computer system. And there is software that is designed to carry out specialized tasks. Regardless of types, software is the most critical component of any computer system. Without it, all one has is a collection of circuits, transistors, and silicone chips.

  16. Model-based security testing

    OpenAIRE

    Schieferdecker, Ina; Großmann, Jürgen; Schneider, Martin

    2012-01-01

    Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security...

  17. Alternative security

    International Nuclear Information System (INIS)

    Weston, B.H.

    1990-01-01

    This book contains the following chapters: The Military and Alternative Security: New Missions for Stable Conventional Security; Technology and Alternative Security: A Cherished Myth Expires; Law and Alternative Security: Toward a Just World Peace; Politics and Alternative Security: Toward a More Democratic, Therefore More Peaceful, World; Economics and Alternative Security: Toward a Peacekeeping International Economy; Psychology and Alternative Security: Needs, Perceptions, and Misperceptions; Religion and Alternative Security: A Prophetic Vision; and Toward Post-Nuclear Global Security: An Overview

  18. Homeland Security

    Science.gov (United States)

    Provides an overview of EPA's homeland security roles and responsibilities, and links to specific homeland security issues: water security, research, emergency response, recovery, and waste management.

  19. Reconsidering the Rules for Space Security

    Science.gov (United States)

    2008-04-01

    Sputnikovaya Sistema [Global Navigation Satellite System] GPS Global Positioning System HCV hypersonic cruise vehicle Intelsat International Telecommunications...reduce incentives to use undegraded signals from Russia’s version of GPS, the Global’naya Navigatsionnaya Sputnikovaya Sistema (GLONASS), and...advice to “be cautious of agree- ments intended for one purpose that, when added to a larger web of treaties or regulations, may have the unintended

  20. Radiological protection national system. Basic security rules

    International Nuclear Information System (INIS)

    1981-01-01

    This work has been prepared as the first one of a set of standards and regulations that will be enforced to provide the protection of men and the environment against the undesirable effects of ionizing radiations. It establishes, in the first place, the system of dose limits for the country and the principles of its utilization. It takes into account the CIPR's recommendations in this area and the mentioned frame of reference, it establishes further the necessary restrictions for the application of the limits to the professionally exposed workers, as well as to the isolated members of the public and the population in general. In addition it establishes the general conditions to be met for the implementation of radiological protection, among them, the classification of working areas and working conditions as well as the compulsory periodical medical surveillance. (H.D.N.)

  1. 78 FR 69286 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

    Science.gov (United States)

    2013-11-19

    ... Clearance and Safeguarding of National Security Information and Restricted Data AGENCY: Nuclear Regulatory... Executive Order 13526, Classified National Security Information. In addition, this direct final rule allowed... licensees (or their designees) to conduct classified [[Page 69287

  2. Security Testing Handbook for Banking Applications

    CERN Document Server

    Doraiswamy, Arvind; Kapoor, Nilesh

    2009-01-01

    Security Testing Handbook for Banking Applications is a specialised guide to testing a wide range of banking applications. The book is intended as a companion to security professionals, software developers and QA professionals who work with banking applications.

  3. Federal Coal Mine Health and Safety Act of 1969, Title IV, as amended (The Black Lung Benefits Act); payment of benefits--withholding Part B benefits where Part C payments are made for the same period. Social Security Administration. Final rule.

    Science.gov (United States)

    1982-05-04

    This regulation confirms the interim rule authorizing the Social Security Administration to withhold payment of Part B Black Lung benefits where Part C Black Lung benefits administered by the Dept. of Labor are paid for the same period. We are doing this by expanding the definition of "overpayment" in 20 CFR 410.560(a) to include these duplicate payments under Part C. This regulation provides a quick and efficient means of avoiding unjustified duplicate payments.

  4. Elements of social security

    DEFF Research Database (Denmark)

    Hansen, Hans

    Elements of Social Security is a comparative study of important elements of the social security systems in Denmark (DK), Sweden (S), Finland (FIN), Austria (A), Germany (D), the Netherlands (NL), Great Britain (GB) and Canada (CAN). It should be emphasized that Germany is the former West Germany...... (Alte Länder). This is the 9th and last edition of the publication,covering income levels and rules for social security and personal taxation for 1999. Basis for the projections to 1999 income levels is the 1998 data (in some cases 1999 data)for OECD's Taxing Wages as reported by national experts....

  5. Security requirements engineering : the SI* modeling language and the Secure Tropos methodology

    NARCIS (Netherlands)

    Massacci, F.; Mylopoulos, J.; Zannone, N.; Ras, Z.W.; Tsay, L.-S.

    2010-01-01

    Security Requirements Engineering is an emerging field which lies at the crossroads of Security and Software Engineering. Much research has focused on this field in recent years, spurred by the realization that security must be dealt with in the earliest phases of the software development process as

  6. Statistical security for Social Security.

    Science.gov (United States)

    Soneji, Samir; King, Gary

    2012-08-01

    The financial viability of Social Security, the single largest U.S. government program, depends on accurate forecasts of the solvency of its intergenerational trust fund. We begin by detailing information necessary for replicating the Social Security Administration's (SSA's) forecasting procedures, which until now has been unavailable in the public domain. We then offer a way to improve the quality of these procedures via age- and sex-specific mortality forecasts. The most recent SSA mortality forecasts were based on the best available technology at the time, which was a combination of linear extrapolation and qualitative judgments. Unfortunately, linear extrapolation excludes known risk factors and is inconsistent with long-standing demographic patterns, such as the smoothness of age profiles. Modern statistical methods typically outperform even the best qualitative judgments in these contexts. We show how to use such methods, enabling researchers to forecast using far more information, such as the known risk factors of smoking and obesity and known demographic patterns. Including this extra information makes a substantial difference. For example, by improving only mortality forecasting methods, we predict three fewer years of net surplus, $730 billion less in Social Security Trust Funds, and program costs that are 0.66% greater for projected taxable payroll by 2031 compared with SSA projections. More important than specific numerical estimates are the advantages of transparency, replicability, reduction of uncertainty, and what may be the resulting lower vulnerability to the politicization of program forecasts. In addition, by offering with this article software and detailed replication information, we hope to marshal the efforts of the research community to include ever more informative inputs and to continue to reduce uncertainties in Social Security forecasts.

  7. Security Dilemma

    DEFF Research Database (Denmark)

    Wivel, Anders

    2011-01-01

    What is a security dilemma? What are the consequences of security dilemmas in international politics?......What is a security dilemma? What are the consequences of security dilemmas in international politics?...

  8. 78 FR 48076 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

    Science.gov (United States)

    2013-08-07

    ...-2011-0268] RIN 3150-AJ07 Facility Security Clearance and Safeguarding of National Security Information..., Classified National Security Information. The rule would allow licensees flexibility in determining the means... licensee security education and training programs and enhances the protection of classified information...

  9. Moving towards Cloud Security

    Directory of Open Access Journals (Sweden)

    Edit Szilvia Rubóczki

    2015-01-01

    Full Text Available Cloud computing hosts and delivers many different services via Internet. There are a lot of reasons why people opt for using cloud resources. Cloud development is increasing fast while a lot of related services drop behind, for example the mass awareness of cloud security. However the new generation upload videos and pictures without reason to a cloud storage, but only few know about data privacy, data management and the proprietary of stored data in the cloud. In an enterprise environment the users have to know the rule of cloud usage, however they have little knowledge about traditional IT security. It is important to measure the level of their knowledge, and evolve the training system to develop the security awareness. The article proves the importance of suggesting new metrics and algorithms for measuring security awareness of corporate users and employees to include the requirements of emerging cloud security.

  10. Supporting secure programming in web applications through interactive static analysis

    Science.gov (United States)

    Zhu, Jun; Xie, Jing; Lipford, Heather Richter; Chu, Bill

    2013-01-01

    Many security incidents are caused by software developers’ failure to adhere to secure programming practices. Static analysis tools have been used to detect software vulnerabilities. However, their wide usage by developers is limited by the special training required to write rules customized to application-specific logic. Our approach is interactive static analysis, to integrate static analysis into Integrated Development Environment (IDE) and provide in-situ secure programming support to help developers prevent vulnerabilities during code construction. No additional training is required nor are there any assumptions on ways programs are built. Our work is motivated in part by the observation that many vulnerabilities are introduced due to failure to practice secure programming by knowledgeable developers. We implemented a prototype interactive static analysis tool as a plug-in for Java in Eclipse. Our technical evaluation of our prototype detected multiple zero-day vulnerabilities in a large open source project. Our evaluations also suggest that false positives may be limited to a very small class of use cases. PMID:25685513

  11. Supporting secure programming in web applications through interactive static analysis

    Directory of Open Access Journals (Sweden)

    Jun Zhu

    2014-07-01

    Full Text Available Many security incidents are caused by software developers’ failure to adhere to secure programming practices. Static analysis tools have been used to detect software vulnerabilities. However, their wide usage by developers is limited by the special training required to write rules customized to application-specific logic. Our approach is interactive static analysis, to integrate static analysis into Integrated Development Environment (IDE and provide in-situ secure programming support to help developers prevent vulnerabilities during code construction. No additional training is required nor are there any assumptions on ways programs are built. Our work is motivated in part by the observation that many vulnerabilities are introduced due to failure to practice secure programming by knowledgeable developers. We implemented a prototype interactive static analysis tool as a plug-in for Java in Eclipse. Our technical evaluation of our prototype detected multiple zero-day vulnerabilities in a large open source project. Our evaluations also suggest that false positives may be limited to a very small class of use cases.

  12. Supporting secure programming in web applications through interactive static analysis.

    Science.gov (United States)

    Zhu, Jun; Xie, Jing; Lipford, Heather Richter; Chu, Bill

    2014-07-01

    Many security incidents are caused by software developers' failure to adhere to secure programming practices. Static analysis tools have been used to detect software vulnerabilities. However, their wide usage by developers is limited by the special training required to write rules customized to application-specific logic. Our approach is interactive static analysis, to integrate static analysis into Integrated Development Environment (IDE) and provide in-situ secure programming support to help developers prevent vulnerabilities during code construction. No additional training is required nor are there any assumptions on ways programs are built. Our work is motivated in part by the observation that many vulnerabilities are introduced due to failure to practice secure programming by knowledgeable developers. We implemented a prototype interactive static analysis tool as a plug-in for Java in Eclipse. Our technical evaluation of our prototype detected multiple zero-day vulnerabilities in a large open source project. Our evaluations also suggest that false positives may be limited to a very small class of use cases.

  13. Army Secure Operating System: Information Security for Real Time Systems

    National Research Council Canada - National Science Library

    Anderson, Eric

    1984-01-01

    The Army Secure Operating System (ASOS) project, under the management of the U.S. Army CECOM organization, will provide real time systems software necessary for fielding modern Battlefield Automation Systems...

  14. Software Innovation

    DEFF Research Database (Denmark)

    Rose, Jeremy

      Innovation is the forgotten key to modern systems development - the element that defines the enterprising engineer, the thriving software firm and the cutting edge software application.  Traditional forms of technical education pay little attention to creativity - often encouraging overly...

  15. Software engineering

    CERN Document Server

    Sommerville, Ian

    2016-01-01

    For courses in computer science and software engineering The Fundamental Practice of Software Engineering Software Engineering introduces readers to the overwhelmingly important subject of software programming and development. In the past few years, computer systems have come to dominate not just our technological growth, but the foundations of our world's major industries. This text seeks to lay out the fundamental concepts of this huge and continually growing subject area in a clear and comprehensive manner. The Tenth Edition contains new information that highlights various technological updates of recent years, providing readers with highly relevant and current information. Sommerville's experience in system dependability and systems engineering guides the text through a traditional plan-based approach that incorporates some novel agile methods. The text strives to teach the innovators of tomorrow how to create software that will make our world a better, safer, and more advanced place to live.

  16. Software Defined Cyberinfrastructure

    Energy Technology Data Exchange (ETDEWEB)

    Foster, Ian; Blaiszik, Ben; Chard, Kyle; Chard, Ryan

    2017-07-17

    Within and across thousands of science labs, researchers and students struggle to manage data produced in experiments, simulations, and analyses. Largely manual research data lifecycle management processes mean that much time is wasted, research results are often irreproducible, and data sharing and reuse remain rare. In response, we propose a new approach to data lifecycle management in which researchers are empowered to define the actions to be performed at individual storage systems when data are created or modified: actions such as analysis, transformation, copying, and publication. We term this approach software-defined cyberinfrastructure because users can implement powerful data management policies by deploying rules to local storage systems, much as software-defined networking allows users to configure networks by deploying rules to switches.We argue that this approach can enable a new class of responsive distributed storage infrastructure that will accelerate research innovation by allowing any researcher to associate data workflows with data sources, whether local or remote, for such purposes as data ingest, characterization, indexing, and sharing. We report on early experiments with this approach in the context of experimental science, in which a simple if-trigger-then-action (IFTA) notation is used to define rules.

  17. Automating risk analysis of software design models.

    Science.gov (United States)

    Frydman, Maxime; Ruiz, Guifré; Heymann, Elisa; César, Eduardo; Miller, Barton P

    2014-01-01

    The growth of the internet and networked systems has exposed software to an increased amount of security threats. One of the responses from software developers to these threats is the introduction of security activities in the software development lifecycle. This paper describes an approach to reduce the need for costly human expertise to perform risk analysis in software, which is common in secure development methodologies, by automating threat modeling. Reducing the dependency on security experts aims at reducing the cost of secure development by allowing non-security-aware developers to apply secure development with little to no additional cost, making secure development more accessible. To automate threat modeling two data structures are introduced, identification trees and mitigation trees, to identify threats in software designs and advise mitigation techniques, while taking into account specification requirements and cost concerns. These are the components of our model for automated threat modeling, AutSEC. We validated AutSEC by implementing it in a tool based on data flow diagrams, from the Microsoft security development methodology, and applying it to VOMS, a grid middleware component, to evaluate our model's performance.

  18. Access control, security, and trust a logical approach

    CERN Document Server

    Chin, Shiu-Kai

    2010-01-01

    Access Control, Security, Trust, and Logic Deconstructing Access Control Decisions A Logical Approach to Access Control PRELIMINARIES A Language for Access ControlSets and Relations Syntax SemanticsReasoning about Access Control Logical RulesFormal Proofs and Theorems Soundness of Logical RulesBasic Concepts Reference Monitors Access Control Mechanisms: Tickets and Lists Authentication Security PoliciesConfidentiality, Integrity, and Availability Discretionary Security Policies Mandatory Security Policies Military Security Policies Commercial PoliciesDISTRIBUTED ACCESS CONTROL Digital Authenti

  19. Secure Multiparty AES

    Science.gov (United States)

    Damgård, Ivan; Keller, Marcel

    We propose several variants of a secure multiparty computation protocol for AES encryption. The best variant requires 2200 + {{400}over{255}} expected elementary operations in expected 70 + {{20}over{255}} rounds to encrypt one 128-bit block with a 128-bit key. We implemented the variants using VIFF, a software framework for implementing secure multiparty computation (MPC). Tests with three players (passive security against at most one corrupted player) in a local network showed that one block can be encrypted in 2 seconds. We also argue that this result could be improved by an optimized implementation.

  20. International and European Security Law

    Directory of Open Access Journals (Sweden)

    Jonathan Herbach

    2012-02-01

    Full Text Available Security law, or more comprehensively conflict and security law, on the international level represents the intersection of three distinct but interrelated fields: international humanitarian law (the law of armed conflict, jus in bello, the law of collective security (most identified with the United Nations (UN system, jus ad bellum and arms control law (including non-proliferation. Security in this sense is multifaceted - interest security, military security and, as is often referred to in the context of the EU, human security. As such, the law covers a wide range of specific topics with respect to conflict, encompassing the use of force, including choice of weapons and fighting techniques, extending to the rules applicable in peacekeeping and peace enforcement, and yet also dictating obligations outside the context of conflict, such as safeguarding and securing dual-use materials (those with both peaceful and military applications to prevent malicious use.

  1. Computer Security: The dilemma of fractal defence

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    Aren’t mathematical fractals just beautiful? The Mandelbrot set and the Julia set, the Sierpinski gasket, the Menger sponge, the Koch curve (see here)… Based on very simple mathematical rules, they quickly develop into a mosaic of facets slightly different from each other. More and more features appear the closer you zoom into a fractal and expose similar but not identical features of the overall picture.   Computer security is like these fractals, only much less pretty: simple at first glance, but increasingly complex and complicated when you look more closely at the details. The deeper you dig, the more and more possibilities open up for malicious people as the attack surface grows, just like that of “Koch’s snowflakes”, where the border length grows exponentially. Consequently, the defensive perimeter also increases when we follow the bits and bytes layer by layer from their processing in the CPU, trickling up the software stack thro...

  2. Software requirements

    CERN Document Server

    Wiegers, Karl E

    2003-01-01

    Without formal, verifiable software requirements-and an effective system for managing them-the programs that developers think they've agreed to build often will not be the same products their customers are expecting. In SOFTWARE REQUIREMENTS, Second Edition, requirements engineering authority Karl Wiegers amplifies the best practices presented in his original award-winning text?now a mainstay for anyone participating in the software development process. In this book, you'll discover effective techniques for managing the requirements engineering process all the way through the development cy

  3. Network systems security analysis

    Science.gov (United States)

    Yilmaz, Ä.°smail

    2015-05-01

    Network Systems Security Analysis has utmost importance in today's world. Many companies, like banks which give priority to data management, test their own data security systems with "Penetration Tests" by time to time. In this context, companies must also test their own network/server systems and take precautions, as the data security draws attention. Based on this idea, the study cyber-attacks are researched throughoutly and Penetration Test technics are examined. With these information on, classification is made for the cyber-attacks and later network systems' security is tested systematically. After the testing period, all data is reported and filed for future reference. Consequently, it is found out that human beings are the weakest circle of the chain and simple mistakes may unintentionally cause huge problems. Thus, it is clear that some precautions must be taken to avoid such threats like updating the security software.

  4. Producing and supporting sharable software

    International Nuclear Information System (INIS)

    Johnstad, H.; Nicholls, J.

    1987-02-01

    A survey is reported that addressed the question of shareable software for the High Energy Physics community. Statistics are compiled for the responses of 54 people attending a conference on the subject of shareable software to a questionnaire which addressed the usefulness of shareable software, preference of programming language, and source management tools. The results are found to reflect a continued need for shareable software in the High Energy Physics community and that this effort be performed in coordination. A strong mandate is also claimed for large facilities to support the community with software and that these facilities should act as distribution points. Considerable interest is expressed in languages other than FORTRAN, and the desire for standards or rules in programming is expressed. A need is identified for source management tools

  5. Software Reviews.

    Science.gov (United States)

    Dwyer, Donna; And Others

    1989-01-01

    Reviewed are seven software packages for Apple and IBM computers. Included are: "Toxicology"; "Science Corner: Space Probe"; "Alcohol and Pregnancy"; "Science Tool Kit Plus"; Computer Investigations: Plant Growth"; "Climatrolls"; and "Animal Watch: Whales." (CW)

  6. Software Reviews.

    Science.gov (United States)

    Davis, Shelly J., Ed.; Knaupp, Jon, Ed.

    1984-01-01

    Reviewed is computer software on: (1) classification of living things, a tutorial program for grades 5-10; and (2) polynomial practice using tiles, a drill-and-practice program for algebra students. (MNS)

  7. Software Reviews.

    Science.gov (United States)

    Miller, Anne, Ed.; Radziemski, Cathy, Ed.

    1988-01-01

    Three pieces of computer software are described and reviewed: HyperCard, to build and use varied applications; Iggy's Gnees, for problem solving with shapes in grades kindergarten-two; and Algebra Shop, for practicing skills and problem solving. (MNS)

  8. 78 FR 76986 - Children's Online Privacy Protection Rule

    Science.gov (United States)

    2013-12-20

    ... FEDERAL TRADE COMMISSION 16 CFR Part 312 RIN 3084-AB20 Children's Online Privacy Protection Rule... published final rule amendments to the Children's Online Privacy Protection Rule on January 17, 2013 to update the requirements set forth in the notice, parental consent, confidentiality and security, and safe...

  9. 17 CFR 200.67 - Power to adopt rules.

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false Power to adopt rules. 200.67... AND ETHICS; AND INFORMATION AND REQUESTS Canons of Ethics § 200.67 Power to adopt rules. In exercising... by the Congress imposes the obligation upon the members to adopt rules necessary to effectuate the...

  10. Software quality assurance plans for safety-critical software

    International Nuclear Information System (INIS)

    Liddle, P.

    2006-01-01

    Application software is defined as safety-critical if a fault in the software could prevent the system components from performing their nuclear-safety functions. Therefore, for nuclear-safety systems, the AREVA TELEPERM R XS (TXS) system is classified 1E, as defined in the Inst. of Electrical and Electronics Engineers (IEEE) Std 603-1998. The application software is classified as Software Integrity Level (SIL)-4, as defined in IEEE Std 7-4.3.2-2003. The AREVA NP Inc. Software Program Manual (SPM) describes the measures taken to ensure that the TELEPERM XS application software attains a level of quality commensurate with its importance to safety. The manual also describes how TELEPERM XS correctly performs the required safety functions and conforms to established technical and documentation requirements, conventions, rules, and standards. The program manual covers the requirements definition, detailed design, integration, and test phases for the TELEPERM XS application software, and supporting software created by AREVA NP Inc. The SPM is required for all safety-related TELEPERM XS system applications. The program comprises several basic plans and practices: 1. A Software Quality-Assurance Plan (SQAP) that describes the processes necessary to ensure that the software attains a level of quality commensurate with its importance to safety function. 2. A Software Safety Plan (SSP) that identifies the process to reasonably ensure that safety-critical software performs as intended during all abnormal conditions and events, and does not introduce any new hazards that could jeopardize the health and safety of the public. 3. A Software Verification and Validation (V and V) Plan that describes the method of ensuring the software is in accordance with the requirements. 4. A Software Configuration Management Plan (SCMP) that describes the method of maintaining the software in an identifiable state at all times. 5. A Software Operations and Maintenance Plan (SO and MP) that

  11. Application Security Automation

    Science.gov (United States)

    Malaika, Majid A.

    2011-01-01

    With today's high demand for online applications and services running on the Internet, software has become a vital component in our lives. With every revolutionary technology comes challenges unique to its characteristics; for online applications, security is one huge concern and challenge. Currently, there are several schemes that address…

  12. 76 FR 81359 - National Security Personnel System

    Science.gov (United States)

    2011-12-28

    ... Security Personnel System AGENCY: Department of Defense; Office of Personnel Management. ACTION: Final rule... concerning the National Security Personnel System (NSPS). Section 1113 of the National Defense Authorization... National Security Personnel System (NSPS) in regulations jointly prescribed by DOD and OPM (Office of...

  13. Applicable Law on Demobilized and Dematerialized Securities

    Directory of Open Access Journals (Sweden)

    Wael Saghir

    2017-09-01

    Full Text Available In this paper Wael Saghir examines the priority in the business and financial worlds for companies to pursue reduced transaction costs, creating a trend towards demobilization or dematerialization of securities. His paper explains the nature of securities and the governing laws needed to resolve problems of conflict of law rules related to securities.

  14. Security Evolution.

    Science.gov (United States)

    De Patta, Joe

    2003-01-01

    Examines how to evaluate school security, begin making schools safe, secure schools without turning them into fortresses, and secure schools easily and affordably; the evolution of security systems into information technology systems; using schools' high-speed network lines; how one specific security system was developed; pros and cons of the…

  15. Lecture 3: Web Application Security

    CERN Multimedia

    CERN. Geneva

    2013-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture focuses on security aspects of Web application development. Various vulnerabilities typical to web applications (such as Cross-site scripting, SQL injection, cross-site request forgery etc.) are introduced and discussed. Sebastian Lopienski is CERN’s deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and maintains security tools for vulnerability assessment and intrusion detection; provides training and awareness raising; and does incident investigation and response. During his work at CERN since 2001, Sebastian has had various assignments, including designing and developing software to manage and support servic...

  16. 75 FR 20401 - Self-Regulatory Organizations; NYSE Amex LLC; Notice of Filing of Proposed Rule Change, and...

    Science.gov (United States)

    2010-04-19

    .... Proposed NYSE Amex Equities Rule 510 (Derivative Securities Products) The Exchange also proposes some... derivative securities products,'' as defined in Rule 19b-4(e) under the Act and traded pursuant to Rule 19b-4.../or approved by the Commission for the generic trading of derivative securities products based on...

  17. Towards a New Paradigm of Software Development: an Ambassador Driven Process in Distributed Software Companies

    Science.gov (United States)

    Kumlander, Deniss

    The globalization of companies operations and competitor between software vendors demand improving quality of delivered software and decreasing the overall cost. The same in fact introduce a lot of problem into software development process as produce distributed organization breaking the co-location rule of modern software development methodologies. Here we propose a reformulation of the ambassador position increasing its productivity in order to bridge communication and workflow gap by managing the entire communication process rather than concentrating purely on the communication result.

  18. Building an intelligence-led security program

    CERN Document Server

    Liska, Allan

    2014-01-01

    As recently as five years ago, securing a network meant putting in a firewall, intrusion detection system, and installing antivirus software on the desktop. Unfortunately, attackers have grown more nimble and effective, meaning that traditional security programs are no longer effective. Today's effective cyber security programs take these best practices and overlay them with intelligence. Adding cyber threat intelligence can help security teams uncover events not detected by traditional security platforms and correlate seemingly disparate events across the network. Properly-implemented inte

  19. Software essentials design and construction

    CERN Document Server

    Dingle, Adair

    2014-01-01

    About the Cover: Although capacity may be a problem for a doghouse, other requirements are usually minimal. Unlike skyscrapers, doghouses are simple units. They do not require plumbing, electricity, fire alarms, elevators, or ventilation systems, and they do not need to be built to code or pass inspections. The range of complexity in software design is similar. Given available software tools and libraries-many of which are free-hobbyists can build small or short-lived computer apps. Yet, design for software longevity, security, and efficiency can be intricate-as is the design of large-scale sy

  20. Security studies

    International Nuclear Information System (INIS)

    Venot, R.

    2001-01-01

    physical protection system is not covered by such studies, since this type of detection gives no information on either the effectiveness or the reliability of the MC and A systems. A critical scenario is defined as one which leads to discrepancies involving substantial amounts of NM or for which the detection delay is long. Special care is taken when analysing these scenarios. For critical scenarios, sensitivity analysis could be made to determine the smallest quantity of NM the disappearance of which could be detected or the criteria leading to the detection of the disappearance in the control system or in the accounting system. The threats taken into account are identified with reference to the design basis threat specified by the competent authority. Both internal and external threats are taken in account. Internal threats are defined as attempts by insiders to steal quantities of nuclear material, either once or on several occasions; accumulating these quantities leads to a significant quantity of NM. External threats are defined as attempts by groups of aggressors to steal significant amounts of nuclear material. Two hypotheses are taken into account to test the ability of the physical protection system to counter threats of this type. The first is based on a small group of aggressors with limited resources and the second involves a larger team with more sophisticated resources. Of course security studies have to be carried out in compliance with the corresponding confidentiality rules. In addition, such studies have to be regularly updated, notably if significant modifications are made in the MC and A or PP systems. It is important that security studies are available in the facilities for competent personnel, as it gives the rationale behind control and protection of NM. In particular, it could be used, in a performance-based approach, to support analysis reports or to illustrate that the required level of security has been reached. (author)

  1. Cyber security best practices for the nuclear industry

    International Nuclear Information System (INIS)

    Badr, I.

    2012-01-01

    When deploying software based systems, such as, digital instrumentation and controls for the nuclear industry, it is vital to include cyber security assessment as part of architecture and development process. When integrating and delivering software-intensive systems for the nuclear industry, engineering teams should make use of a secure, requirements driven, software development life cycle, ensuring security compliance and optimum return on investment. Reliability protections, data loss prevention, and privacy enforcement provide a strong case for installing strict cyber security policies. (authors)

  2. Cyber security best practices for the nuclear industry

    Energy Technology Data Exchange (ETDEWEB)

    Badr, I. [Rational IBM Software Group, IBM Corporation, Evanston, IL 60201 (United States)

    2012-07-01

    When deploying software based systems, such as, digital instrumentation and controls for the nuclear industry, it is vital to include cyber security assessment as part of architecture and development process. When integrating and delivering software-intensive systems for the nuclear industry, engineering teams should make use of a secure, requirements driven, software development life cycle, ensuring security compliance and optimum return on investment. Reliability protections, data loss prevention, and privacy enforcement provide a strong case for installing strict cyber security policies. (authors)

  3. Australian road rules

    Science.gov (United States)

    2009-02-01

    *These are national-level rules. Australian Road Rules - 2009 Version, Part 18, Division 1, Rule 300 "Use of Mobile Phones" describes restrictions of mobile phone use while driving. The rule basically states that drivers cannot make or receive calls ...

  4. Automating Software Development Process using Fuzzy Logic

    NARCIS (Netherlands)

    Marcelloni, Francesco; Aksit, Mehmet; Damiani, Ernesto; Jain, Lakhmi C.; Madravio, Mauro

    2004-01-01

    In this chapter, we aim to highlight how fuzzy logic can be a valid expressive tool to manage the software development process. We characterize a software development method in terms of two major components: artifact types and methodological rules. Classes, attributes, operations, and inheritance

  5. Radioactive Waste SECURITY

    International Nuclear Information System (INIS)

    Brodowski, R.; Drapalik, M.; Gepp, C.; Gufler, K.; Sholly, S.

    2010-01-01

    The purpose of this work is to investigate the safety requirements for a radioactive waste repository, the fundamental problems involved and the legislative rules and arrangements for doing so. As the title already makes clear, the focus of this work is on aspects that can be assigned to the security sector - ie the security against the influence of third parties - and are to be distinguished from safety measures for the improvement of the technical safety aspects. In this context, mention is made of events such as human intrusion into guarded facilities, whereas e.g. a geological analysis on seismic safety is not discussed. For a variety of reasons, the consideration of security nuclear waste repositories in public discussions is increasingly taking a back seat, as ia. Terrorist threats can be considered as negligible risk or well calculable. Depending on the type of storage, different security aspects still have to be considered. (roessner)

  6. Software reengineering

    Science.gov (United States)

    Fridge, Ernest M., III

    1991-01-01

    Today's software systems generally use obsolete technology, are not integrated properly with other software systems, and are difficult and costly to maintain. The discipline of reverse engineering is becoming prominent as organizations try to move their systems up to more modern and maintainable technology in a cost effective manner. JSC created a significant set of tools to develop and maintain FORTRAN and C code during development of the Space Shuttle. This tool set forms the basis for an integrated environment to re-engineer existing code into modern software engineering structures which are then easier and less costly to maintain and which allow a fairly straightforward translation into other target languages. The environment will support these structures and practices even in areas where the language definition and compilers do not enforce good software engineering. The knowledge and data captured using the reverse engineering tools is passed to standard forward engineering tools to redesign or perform major upgrades to software systems in a much more cost effective manner than using older technologies. A beta vision of the environment was released in Mar. 1991. The commercial potential for such re-engineering tools is very great. CASE TRENDS magazine reported it to be the primary concern of over four hundred of the top MIS executives.

  7. 78 FR 29624 - Rules on Determining Hearing Appearances

    Science.gov (United States)

    2013-05-21

    ... site, Social Security Online, at http://www.socialsecurity.gov . SUPPLEMENTARY INFORMATION: Background... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2007-0044] 20 CFR Parts 404, 405, and 416 RIN 0960-AH40 Rules on Determining Hearing Appearances AGENCY: Social Security Administration. ACTION: Final...

  8. Methods of Software Verification

    Directory of Open Access Journals (Sweden)

    R. E. Gurin

    2015-01-01

    Full Text Available This article is devoted to the problem of software verification (SW. Methods of software verification designed to check the software for compliance with the stated requirements such as correctness, system security and system adaptability to small changes in the environment, portability and compatibility, etc. These are various methods both by the operation process and by the way of achieving result. The article describes the static and dynamic methods of software verification and paid attention to the method of symbolic execution. In its review of static analysis are discussed and described the deductive method, and methods for testing the model. A relevant issue of the pros and cons of a particular method is emphasized. The article considers classification of test techniques for each method. In this paper we present and analyze the characteristics and mechanisms of the static analysis of dependencies, as well as their views, which can reduce the number of false positives in situations where the current state of the program combines two or more states obtained both in different paths of execution and in working with multiple object values. Dependences connect various types of software objects: single variables, the elements of composite variables (structure fields, array elements, the size of the heap areas, the length of lines, the number of initialized array elements in the verification code using static methods. The article pays attention to the identification of dependencies within the framework of the abstract interpretation, as well as gives an overview and analysis of the inference tools.Methods of dynamic analysis such as testing, monitoring and profiling are presented and analyzed. Also some kinds of tools are considered which can be applied to the software when using the methods of dynamic analysis. Based on the work a conclusion is drawn, which describes the most relevant problems of analysis techniques, methods of their solutions and

  9. Automated Software Vulnerability Analysis

    Science.gov (United States)

    Sezer, Emre C.; Kil, Chongkyung; Ning, Peng

    Despite decades of research, software continues to have vulnerabilities. Successful exploitations of these vulnerabilities by attackers cost millions of dollars to businesses and individuals. Unfortunately, most effective defensive measures, such as patching and intrusion prevention systems, require an intimate knowledge of the vulnerabilities. Many systems for detecting attacks have been proposed. However, the analysis of the exploited vulnerabilities is left to security experts and programmers. Both the human effortinvolved and the slow analysis process are unfavorable for timely defensive measure to be deployed. The problem is exacerbated by zero-day attacks.

  10. Software Authentication

    International Nuclear Information System (INIS)

    Wolford, J.K.; Geelhood, B.D.; Hamilton, V.A.; Ingraham, J.; MacArthur, D.W.; Mitchell, D.J.; Mullens, J.A.; Vanier, P. E.; White, G.K.; Whiteson, R.

    2001-01-01

    The effort to define guidance for authentication of software for arms control and nuclear material transparency measurements draws on a variety of disciplines and has involved synthesizing established criteria and practices with newer methods. Challenges include the need to protect classified information that the software manipulates as well as deal with the rapid pace of innovation in the technology of nuclear material monitoring. The resulting guidance will shape the design of future systems and inform the process of authentication of instruments now being developed. This paper explores the technical issues underlying the guidance and presents its major tenets

  11. Software vulnerability: Definition, modelling, and practical evaluation for E-mail: transfer software

    International Nuclear Information System (INIS)

    Kimura, Mitsuhiro

    2006-01-01

    This paper proposes a method of assessing software vulnerability quantitatively. By expanding the concept of the IPO (input-program-output) model, we first define the software vulnerability and construct a stochastic model. Then we evaluate the software vulnerability of the sendmail system by analyzing the actual security-hole data, which were collected from its release note. Also we show the relationship between the estimated software reliability and vulnerability of the analyzed system

  12. Secure it now or secure it later: the benefits of addressing cyber-security from the outset

    Science.gov (United States)

    Olama, Mohammed M.; Nutaro, James

    2013-05-01

    The majority of funding for research and development (R&D) in cyber-security is focused on the end of the software lifecycle where systems have been deployed or are nearing deployment. Recruiting of cyber-security personnel is similarly focused on end-of-life expertise. By emphasizing cyber-security at these late stages, security problems are found and corrected when it is most expensive to do so, thus increasing the cost of owning and operating complex software systems. Worse, expenditures on expensive security measures often mean less money for innovative developments. These unwanted increases in cost and potential slowing of innovation are unavoidable consequences of an approach to security that finds and remediate faults after software has been implemented. We argue that software security can be improved and the total cost of a software system can be substantially reduced by an appropriate allocation of resources to the early stages of a software project. By adopting a similar allocation of R&D funds to the early stages of the software lifecycle, we propose that the costs of cyber-security can be better controlled and, consequently, the positive effects of this R&D on industry will be much more pronounced.

  13. THE TECHNIQUE OF ANALYSIS OF SOFTWARE OF ON-BOARD COMPUTERS OF AIR VESSEL TO ABSENCE OF UNDECLARED CAPABILITIES BY SIGNATURE-HEURISTIC WAY

    Directory of Open Access Journals (Sweden)

    Viktor Ivanovich Petrov

    2017-01-01

    Full Text Available The article considers the issues of civil aviation aircraft onboard computers data safety. Infor- mation security undeclared capabilities stand for technical equipment or software possibilities, which are not mentioned in the documentation. Documentation and tests content requirements are imposed during the software certification. Documentation requirements include documents composition and content of control (specification, description and program code, the source code. Test requirements include: static analysis of program codes (including the compliance of the sources with their loading modules monitoring; dynamic analysis of source code (including implementation of routes monitor- ing. Currently, there are no complex measures for checking onboard computer software. There are no rules and regulations that can allow controlling foreign production aircraft software, and the actual receiving of software is difficult. Consequently, the author suggests developing the basics of aviation rules and regulations, which allow to analyze the programs of CA aircraft onboard computers. If there are no software source codes the two approaches of code analysis are used: a structural static and dy- namic analysis of the source code; signature-heuristic analysis of potentially dangerous operations. Static analysis determines the behavior of the program by reading the program code (without running the program which is represented in the assembler language - disassembly listing. Program tracing is performed by the dynamic analysis. The analysis of aircraft software ability to detect undeclared capa- bilities using the interactive disassembler was considered in this article.

  14. Keystone Business Models for Network Security Processors

    OpenAIRE

    Arthur Low; Steven Muegge

    2013-01-01

    Network security processors are critical components of high-performance systems built for cybersecurity. Development of a network security processor requires multi-domain experience in semiconductors and complex software security applications, and multiple iterations of both software and hardware implementations. Limited by the business models in use today, such an arduous task can be undertaken only by large incumbent companies and government organizations. Neither the “fabless semiconductor...

  15. Security Components of Globalization

    Directory of Open Access Journals (Sweden)

    Florin Iftode

    2015-05-01

    Full Text Available The objective of this paper is our intention to present what are the main connections between globalization and international security. In terms of global security we can perceive the globalization as a process by which global state is represented by the UN, with a single world system, represented by major security organizations and with global effects. We will present from the beginning the main theoretical aspects that define the phenomenon of globalization, and then our contribution in assessing the implications of this phenomenon on the regional and global security. The results of our research are materialized in the last part of the paper. They emphasize the personal assessments on how the phenomenon of globalization has direct effect on global security. When talking about government, we think of norms, rules and decisionmaking procedures in the management of international life. The value that we add to the new scientific interpretation of the definition of globalization is represented, primarily, by the valuable bibliographic used resources and the original approach on the concept that refers to the links between globalization and security. This article may be, at any time, a starting point in an interesting research direction in the field of global security.

  16. Reviews, Software.

    Science.gov (United States)

    Science Teacher, 1988

    1988-01-01

    Reviews two computer software packages for use in physical science, physics, and chemistry classes. Includes "Physics of Model Rocketry" for Apple II, and "Black Box" for Apple II and IBM compatible computers. "Black Box" is designed to help students understand the concept of indirect evidence. (CW)

  17. Software Reviews.

    Science.gov (United States)

    Kinnaman, Daniel E.; And Others

    1988-01-01

    Reviews four educational software packages for Apple, IBM, and Tandy computers. Includes "How the West was One + Three x Four,""Mavis Beacon Teaches Typing,""Math and Me," and "Write On." Reviews list hardware requirements, emphasis, levels, publisher, purchase agreements, and price. Discusses the strengths…

  18. Software Review.

    Science.gov (United States)

    McGrath, Diane, Ed.

    1989-01-01

    Reviewed is a computer software package entitled "Audubon Wildlife Adventures: Grizzly Bears" for Apple II and IBM microcomputers. Included are availability, hardware requirements, cost, and a description of the program. The murder-mystery flavor of the program is stressed in this program that focuses on illegal hunting and game…

  19. Software Reviews.

    Science.gov (United States)

    Teles, Elizabeth, Ed.; And Others

    1990-01-01

    Reviewed are two computer software packages for Macintosh microcomputers including "Phase Portraits," an exploratory graphics tool for studying first-order planar systems; and "MacMath," a set of programs for exploring differential equations, linear algebra, and other mathematical topics. Features, ease of use, cost, availability, and hardware…

  20. MIAWARE Software

    DEFF Research Database (Denmark)

    Wilkowski, Bartlomiej; Pereira, Oscar N. M.; Dias, Paulo

    2008-01-01

    is automatically generated. Furthermore, MIAWARE software is accompanied with an intelligent search engine for medical reports, based on the relations between parts of the lungs. A logical structure of the lungs is introduced to the search algorithm through the specially developed ontology. As a result...

  1. Security controls in a Cullinet database environment

    International Nuclear Information System (INIS)

    Thompson, R.E.

    1988-01-01

    Security controls using Cullinet's Integrated Data Management System (IDMS) are examined. IDMS software integrity problems, with emphasis on security package interfaces, are disclosed. Solutions applied at Sandia Laboratories Engineering Information Management computing facilty are presented. An overall IDMS computer security philosophy is reviewed

  2. Security measures required for HIPAA privacy.

    Science.gov (United States)

    Amatayakul, M

    2000-01-01

    HIPAA security requirements include administrative, physical, and technical services and mechanisms to safeguard confidentiality, availability, and integrity of health information. Security measures, however, must be implemented in the context of an organization's privacy policies. Because HIPAA's proposed privacy rules are flexible and scalable to account for the nature of each organization's business, size, and resources, each organization will be determining its own privacy policies within the context of the HIPAA requirements and its security capabilities. Security measures cannot be implemented in a vacuum.

  3. Financial security

    NARCIS (Netherlands)

    de Goede, M.; Burgess, J.P.

    2010-01-01

    1. Introduction J. Peter Burgess Part 1: New Security Concepts 2. Civilizational Security Brett Bowden 3. Risk Oliver Kessler 4. Small Arms Keith Krause 5. Critical Human Security Taylor Owen 6. Critical Geopolitics Simon Dalby Part 2: New Security Subjects 7. Biopolitics Michael Dillon 8. Gendered

  4. Cyber security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

  5. Workflow-Based Software Development Environment

    Science.gov (United States)

    Izygon, Michel E.

    2013-01-01

    The Software Developer's Assistant (SDA) helps software teams more efficiently and accurately conduct or execute software processes associated with NASA mission-critical software. SDA is a process enactment platform that guides software teams through project-specific standards, processes, and procedures. Software projects are decomposed into all of their required process steps or tasks, and each task is assigned to project personnel. SDA orchestrates the performance of work required to complete all process tasks in the correct sequence. The software then notifies team members when they may begin work on their assigned tasks and provides the tools, instructions, reference materials, and supportive artifacts that allow users to compliantly perform the work. A combination of technology components captures and enacts any software process use to support the software lifecycle. It creates an adaptive workflow environment that can be modified as needed. SDA achieves software process automation through a Business Process Management (BPM) approach to managing the software lifecycle for mission-critical projects. It contains five main parts: TieFlow (workflow engine), Business Rules (rules to alter process flow), Common Repository (storage for project artifacts, versions, history, schedules, etc.), SOA (interface to allow internal, GFE, or COTS tools integration), and the Web Portal Interface (collaborative web environment

  6. Predicting Vulnerability Risks Using Software Characteristics

    Science.gov (United States)

    Roumani, Yaman

    2012-01-01

    Software vulnerabilities have been regarded as one of the key reasons for computer security breaches that have resulted in billions of dollars in losses per year (Telang and Wattal 2005). With the growth of the software industry and the Internet, the number of vulnerability attacks and the ease with which an attack can be made have increased. From…

  7. Security negotiation

    OpenAIRE

    Mitrović, Miroslav M.; Ivaniš, Željko

    2013-01-01

    Contemporary security challenges, risks and threats represent a resultant of the achieved level of interaction between various entities within the paradigm of global security relations. Asymmetry and nonlinearity are main features of contemporary challenges in the field of global security. Negotiation in the area of security, namely the security negotiation, thus goes beyond just the domain of negotiation in conflicts and takes into consideration particularly asymmetric forms of possible sour...

  8. Software Tools for Software Maintenance

    Science.gov (United States)

    1988-10-01

    COMMUNICATIONS, AND COMPUTER SCIENCES I ,(AIRMICS) FO~SOFTWARE TOOLS (.o FOR SOF1 ’ARE MAINTENANCE (ASQBG-1-89-001) October, 1988 DTIC ELECTE -ifB...SUNWW~. B..c Program An~Iysw HA.c C-Tractr C Cobol Stncturing Facility VS Cobol 11 F-Scan Foctma Futbol Cobol Fortran Sltiuc Code Anaiyaer Fortran IS

  9. Evidence of Absence software

    Science.gov (United States)

    Dalthorp, Daniel; Huso, Manuela M. P.; Dail, David; Kenyon, Jessica

    2014-01-01

    Evidence of Absence software (EoA) is a user-friendly application used for estimating bird and bat fatalities at wind farms and designing search protocols. The software is particularly useful in addressing whether the number of fatalities has exceeded a given threshold and what search parameters are needed to give assurance that thresholds were not exceeded. The software is applicable even when zero carcasses have been found in searches. Depending on the effectiveness of the searches, such an absence of evidence of mortality may or may not be strong evidence that few fatalities occurred. Under a search protocol in which carcasses are detected with nearly 100 percent certainty, finding zero carcasses would be convincing evidence that overall mortality rate was near zero. By contrast, with a less effective search protocol with low probability of detecting a carcass, finding zero carcasses does not rule out the possibility that large numbers of animals were killed but not detected in the searches. EoA uses information about the search process and scavenging rates to estimate detection probabilities to determine a maximum credible number of fatalities, even when zero or few carcasses are observed.

  10. EPIQR software

    Energy Technology Data Exchange (ETDEWEB)

    Flourentzos, F. [Federal Institute of Technology, Lausanne (Switzerland); Droutsa, K. [National Observatory of Athens, Athens (Greece); Wittchen, K.B. [Danish Building Research Institute, Hoersholm (Denmark)

    1999-11-01

    The support of the EPIQR method is a multimedia computer program. Several modules help the users of the method to treat the data collected during a diagnosis survey, to set up refurbishment scenario and calculate their cost or energy performance, and finally to visualize the results in a comprehensive way and to prepare quality reports. This article presents the structure and the main features of the software. (au)

  11. Software preservation

    Directory of Open Access Journals (Sweden)

    Tadej Vodopivec

    2011-01-01

    Full Text Available Comtrade Ltd. covers a wide range of activities related to information and communication technologies; its deliverables include web applications, locally installed programs,system software, drivers, embedded software (used e.g. in medical devices, auto parts,communication switchboards. Also the extensive knowledge and practical experience about digital long-term preservation technologies have been acquired. This wide spectrum of activities puts us in the position to discuss the often overlooked aspect of the digital preservation - preservation of software programs. There are many resources dedicated to digital preservation of digital data, documents and multimedia records,but not so many about how to preserve the functionalities and features of computer programs. Exactly these functionalities - dynamic response to inputs - render the computer programs rich compared to documents or linear multimedia. The article opens the questions on the beginning of the way to the permanent digital preservation. The purpose is to find a way in the right direction, where all relevant aspects will be covered in proper balance. The following questions are asked: why at all to preserve computer programs permanently, who should do this and for whom, when we should think about permanent program preservation, what should be persevered (such as source code, screenshots, documentation, and social context of the program - e.g. media response to it ..., where and how? To illustrate the theoretic concepts given the idea of virtual national museum of electronic banking is also presented.

  12. 10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

    Science.gov (United States)

    2010-01-01

    ... information for parties; security clearances. 2.905 Section 2.905 Energy NUCLEAR REGULATORY COMMISSION RULES... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

  13. Security Expertise

    DEFF Research Database (Denmark)

    systematic study of security expertise and opens up a productive dialogue between science and technology studies and security studies to investigate the character and consequences of this expertise. In security theory, the study of expertise is crucial to understanding whose knowledge informs security making......This volume brings together scholars from different fields to explore the power, consequences and everyday practices of security expertise. Expertise mediates between different forms of knowledge: scientific and technological, legal, economic and political knowledge. This book offers the first...... and to reflect on the impact and responsibility of security analysis. In science and technology studies, the study of security politics adds a challenging new case to the agenda of research on expertise and policy. The contributors investigate cases such as academic security studies, security think tanks...

  14. CMS software deployment on OSG

    International Nuclear Information System (INIS)

    Kim, B; Avery, P; Thomas, M; Wuerthwein, F

    2008-01-01

    A set of software deployment tools has been developed for the installation, verification, and removal of a CMS software release. The tools that are mainly targeted for the deployment on the OSG have the features of instant release deployment, corrective resubmission of the initial installation job, and an independent web-based deployment portal with Grid security infrastructure login mechanism. We have been deploying over 500 installations and found the tools are reliable and adaptable to cope with problems with changes in the Grid computing environment and the software releases. We present the design of the tools, statistics that we gathered during the operation of the tools, and our experience with the CMS software deployment on the OSG Grid computing environment

  15. CMS software deployment on OSG

    Energy Technology Data Exchange (ETDEWEB)

    Kim, B; Avery, P [University of Florida, Gainesville, FL 32611 (United States); Thomas, M [California Institute of Technology, Pasadena, CA 91125 (United States); Wuerthwein, F [University of California at San Diego, La Jolla, CA 92093 (United States)], E-mail: bockjoo@phys.ufl.edu, E-mail: thomas@hep.caltech.edu, E-mail: avery@phys.ufl.edu, E-mail: fkw@fnal.gov

    2008-07-15

    A set of software deployment tools has been developed for the installation, verification, and removal of a CMS software release. The tools that are mainly targeted for the deployment on the OSG have the features of instant release deployment, corrective resubmission of the initial installation job, and an independent web-based deployment portal with Grid security infrastructure login mechanism. We have been deploying over 500 installations and found the tools are reliable and adaptable to cope with problems with changes in the Grid computing environment and the software releases. We present the design of the tools, statistics that we gathered during the operation of the tools, and our experience with the CMS software deployment on the OSG Grid computing environment.

  16. 77 FR 5073 - Self-Regulatory Organizations; NASDAQ OMX PHLX LLC; Notice of Filing of Proposed Rule Change...

    Science.gov (United States)

    2012-02-01

    ... Trading of PHLX FOREX Options\\TM\\ January 26, 2012. Pursuant to Section 19(b)(1) of the Securities... new Phlx Rules 1000C (Applicability of Rule 1000C Series-- PHLX FOREX Options\\TM\\) \\3\\; Rule 1001C (Definitions--PHLX FOREX Options); Rule 1002C (Series of PHLX FOREX Options Open for Trading); Rule 1003C...

  17. Establishing software quality assurance

    International Nuclear Information System (INIS)

    Malsbury, J.

    1983-01-01

    This paper is concerned with four questions about establishing software QA: What is software QA. Why have software QA. What is the role of software QA. What is necessary to ensure the success of software QA

  18. Development of Watch Schedule Using Rules Approach

    Science.gov (United States)

    Jurkevicius, Darius; Vasilecas, Olegas

    The software for schedule creation and optimization solves a difficult, important and practical problem. The proposed solution is an online employee portal where administrator users can create and manage watch schedules and employee requests. Each employee can login with his/her own account and see his/her assignments, manage requests, etc. Employees set as administrators can perform the employee scheduling online, manage requests, etc. This scheduling software allows users not only to see the initial and optimized watch schedule in a simple and understandable form, but also to create special rules and criteria and input their business. The system using rules automatically will generate watch schedule.

  19. An ethernet/IP security review with intrusion detection applications

    International Nuclear Information System (INIS)

    Laughter, S. A.; Williams, R. D.

    2006-01-01

    Supervisory Control and Data Acquisition (SCADA) and automation networks, used throughout utility and manufacturing applications, have their own specific set of operational and security requirements when compared to corporate networks. The modern climate of heightened national security and awareness of terrorist threats has made the security of these systems of prime concern. There is a need to understand the vulnerabilities of these systems and how to monitor and protect them. Ethernet/IP is a member of a family of protocols based on the Control and Information Protocol (CIP). Ethernet/IP allows automation systems to be utilized on and integrated with traditional TCP/IP networks, facilitating integration of these networks with corporate systems and even the Internet. A review of the CIP protocol and the additions Ethernet/IP makes to it has been done to reveal the kind of attacks made possible through the protocol. A set of rules for the SNORT Intrusion Detection software is developed based on the results of the security review. These can be used to monitor, and possibly actively protect, a SCADA or automation network that utilizes Ethernet/IP in its infrastructure. (authors)

  20. 33 CFR 89.27 - Waters upon which Inland Rule 24(i) applies.

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Waters upon which Inland Rule 24(i) applies. 89.27 Section 89.27 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY INLAND NAVIGATION RULES INLAND NAVIGATION RULES: IMPLEMENTING RULES Waters Upon Which Certain...

  1. The problems of nuclear security in Georgia

    International Nuclear Information System (INIS)

    Nabakhtiani, N.

    2006-01-01

    Georgia is carrying out activities to improve nuclear security according to the demands of international standards and rules. The support of developed countries and international organisations is very important to solve the associated problems. (author)

  2. Biometric Feature Script for Information Security

    Directory of Open Access Journals (Sweden)

    N. E. Gunko

    2010-03-01

    Full Text Available Special studies related to the development of rules for making decisions on the psychological characteristics of the offender in his manuscript handwriting with the goal of ensuring information security.

  3. Report of the Defense Science Board Task Force on Mission Impact of Foreign Influence on DoD Software

    National Research Council Canada - National Science Library

    2007-01-01

    The Defense Science Board (DSB) Task Force on Mission Impact of Foreign Influence on DoD Software examined areas in software security, security architecture, and risk mitigation and received briefings from industry, academia...

  4. Software Prototyping

    Science.gov (United States)

    Del Fiol, Guilherme; Hanseler, Haley; Crouch, Barbara Insley; Cummins, Mollie R.

    2016-01-01

    Summary Background Health information exchange (HIE) between Poison Control Centers (PCCs) and Emergency Departments (EDs) could improve care of poisoned patients. However, PCC information systems are not designed to facilitate HIE with EDs; therefore, we are developing specialized software to support HIE within the normal workflow of the PCC using user-centered design and rapid prototyping. Objective To describe the design of an HIE dashboard and the refinement of user requirements through rapid prototyping. Methods Using previously elicited user requirements, we designed low-fidelity sketches of designs on paper with iterative refinement. Next, we designed an interactive high-fidelity prototype and conducted scenario-based usability tests with end users. Users were asked to think aloud while accomplishing tasks related to a case vignette. After testing, the users provided feedback and evaluated the prototype using the System Usability Scale (SUS). Results Survey results from three users provided useful feedback that was then incorporated into the design. After achieving a stable design, we used the prototype itself as the specification for development of the actual software. Benefits of prototyping included having 1) subject-matter experts heavily involved with the design; 2) flexibility to make rapid changes, 3) the ability to minimize software development efforts early in the design stage; 4) rapid finalization of requirements; 5) early visualization of designs; 6) and a powerful vehicle for communication of the design to the programmers. Challenges included 1) time and effort to develop the prototypes and case scenarios; 2) no simulation of system performance; 3) not having all proposed functionality available in the final product; and 4) missing needed data elements in the PCC information system. PMID:27081404

  5. Watermarking security

    CERN Document Server

    Bas, Patrick; Cayre, François; Doërr, Gwenaël; Mathon, Benjamin

    2016-01-01

    This book explains how to measure the security of a watermarking scheme, how to design secure schemes but also how to attack popular watermarking schemes. This book gathers the most recent achievements in the field of watermarking security by considering both parts of this cat and mouse game. This book is useful to industrial practitioners who would like to increase the security of their watermarking applications and for academics to quickly master this fascinating domain.

  6. 78 FR 44729 - Disqualification of Felons and Other “Bad Actors” From Rule 506 Offerings

    Science.gov (United States)

    2013-07-24

    ... administrative sanctions for, securities fraud or other violations of specified laws. Rule 506 in its current... Vol. 78 Wednesday, No. 142 July 24, 2013 Part IV Securities and Exchange Commission 17 CFR Parts...

  7. Security Locks

    Science.gov (United States)

    Hart, Kevin

    2010-01-01

    According to a 2008 "Year in Review" report by Educational Security Incidents, an online repository that collects data on higher education security issues, the total number of security incidents reported at universities and colleges worldwide rose to 173 in 2008, a 24.5 percent increase over 2007. The number of institutions…

  8. Advances in software development for intelligent interfaces for alarm and emergency management consoles

    International Nuclear Information System (INIS)

    Moseley, M.R.; Olson, C.E.

    1986-01-01

    Recent advances in technology allow features like voice synthesis, voice and speech recognition, image understanding, and intelligent data base management to be incorporated in computer driven alarm and emergency management information systems. New software development environments make it possible to do rapid prototyping of custom applications. Three examples using these technologies are discussed. (1) Maximum use is made of high-speed graphics and voice synthesis to implement a state-of-the-art alarm processing and display system with features that make the operator-machine interface efficient and accurate. Although very functional, this system is not portable or flexible; the software would have to be substantially rewritten for other applications. (2) An application generator which has the capability of ''building'' a specific alarm processing and display application in a matter of a few hours, using the site definition developed in the security planning phase to produce the custom application. This package is based on a standardized choice of hardware, within which it is capable of building a system to order, automatically constructing graphics, data tables, alarm prioritization rules, and interfaces to peripherals. (3) A software tool, the User Interface Management System (UIMS), is described which permits rapid prototyping of human-machine interfaces for a variety of applications including emergency management, alarm display and process information display. The object-oriented software of the UIMS achieves rapid prototyping of a new interface by standardizing to a class library of software objects instead of hardware objects

  9. Gaming the system. Dodging the rules, ruling the dodgers.

    Science.gov (United States)

    Morreim, E H

    1991-03-01

    Although traditional obligations of fidelity require physicians to deliver quality care to their patients, including to utilize costly technologies, physicians are steadily losing their accustomed control over the necessary resources. The "economic agents" who own the medical and monetary resources of care now impose a wide array of rules and restrictions in order to contain their costs of operation. However, physicians can still control resources indirectly through "gaming the system," employing tactics such as "fudging" that exploit resource rules' ambiguity and flexibility to bypass the rules while ostensibly honoring them. Physicians may be especially inclined to game the system where resource rules seriously underserve patients' needs, where economic agents seem to be "gaming the patient," with needless obstacles to care, or where others, such as hospitals or even physicians themselves, may be denied needed reimbursements. Though tempting, gaming is morally and medically hazardous. It can harm patients and society, offend honesty, and violate basic principles of contractual and distributive justice. It is also, in fact, usually unnecessary in securing needed resources for patients. More fundamentally, we must reconsider what physicians owe their patients. They owe what is theirs to give: their competence, care and loyalty. In light of medicine's changing economics, two new duties emerge: economic advising, whereby physicians explicitly discuss the economic as well as medical aspects of each treatment option; and economic advocacy, whereby physicians intercede actively on their patients' behalf with the economic agents who control the resources.

  10. Analysis of Intel IA-64 Processor Support for Secure Systems

    National Research Council Canada - National Science Library

    Unalmis, Bugra

    2001-01-01

    .... Systems could be constructed for which serious security threats would be eliminated. This thesis explores the Intel IA-64 processor's hardware support and its relationship to software for building a secure system...

  11. Global Software Engineering: A Software Process Approach

    Science.gov (United States)

    Richardson, Ita; Casey, Valentine; Burton, John; McCaffery, Fergal

    Our research has shown that many companies are struggling with the successful implementation of global software engineering, due to temporal, cultural and geographical distance, which causes a range of factors to come into play. For example, cultural, project managementproject management and communication difficulties continually cause problems for software engineers and project managers. While the implementation of efficient software processes can be used to improve the quality of the software product, published software process models do not cater explicitly for the recent growth in global software engineering. Our thesis is that global software engineering factors should be included in software process models to ensure their continued usefulness in global organisations. Based on extensive global software engineering research, we have developed a software process, Global Teaming, which includes specific practices and sub-practices. The purpose is to ensure that requirements for successful global software engineering are stipulated so that organisations can ensure successful implementation of global software engineering.

  12. Software system safety

    Science.gov (United States)

    Uber, James G.

    1988-01-01

    Software itself is not hazardous, but since software and hardware share common interfaces there is an opportunity for software to create hazards. Further, these software systems are complex, and proven methods for the design, analysis, and measurement of software safety are not yet available. Some past software failures, future NASA software trends, software engineering methods, and tools and techniques for various software safety analyses are reviewed. Recommendations to NASA are made based on this review.

  13. 77 FR 43407 - Self-Regulatory Organizations; The Options Clearing Corporation; Order Approving Proposed Rule...

    Science.gov (United States)

    2012-07-24

    ...-Laws and Rules to security futures on index-linked securities such as exchange-traded notes, which are currently traded on OneChicago, LLC. Index-linked securities are non-convertible debt of a major financial... futures contracts, one or more physical commodities, currencies or debt securities, or a combination of...

  14. The software environment of RODOS

    International Nuclear Information System (INIS)

    Schuele, O.; Rafat, M.; Kossykh, V.

    1996-01-01

    The Software Environment of RODOS provides tools for processing and managing a large variety of different types of information, including those which are categorized in terms of meteorology, radiology, economy, emergency actions and countermeasures, rules, preferences, facts, maps, statistics, catalogues, models and methods. The main tasks of the Operating Subsystem OSY, which is based on the Client-Server Model, are the control of system operation, data management, and the exchange of information among various modules as well as the interaction with users in distributed computer systems. The paper describes the software environment of RODOS, in particular, the individual modules of its Operating Subsystem OSY, its distributed database, the geographical information system RoGIS, the on-line connections to radiological and meteorological networks and the software environment for the integration of external programs into the RODOS system

  15. The software environment of RODOS

    International Nuclear Information System (INIS)

    Schuele, O.; Rafat, M.

    1998-01-01

    The Software Environment of RODOS provides tools for processing and managing a large variety of different types of information, including those which are categorised in terms of meteorology, radiology, economy, emergency actions and countermeasures, rules, preferences, facts, maps, statistics, catalogues, models and methods. The main tasks of the Operating Subsystem OSY, which is based on the Client-Server Model, are the control of system operation, data management, and the exchange of information among various modules as well as the interaction with users in distributed computer systems. The paper describes the software environment of RODOS, in particular, the individual modules of its Operating Subsystem OSY, its distributed database, the geographical information system RoGIS, the on-line connections to radiological and meteorological networks and the software environment for the integration of external programs into the RODOS system. (orig.)

  16. The software environment of RODOS

    Energy Technology Data Exchange (ETDEWEB)

    Schuele, O; Rafat, M [Forschungszentrum Karlsruhe, Institut fuer Neutronenphysik und Reaktortechnik, Karlsruhe (Germany); Kossykh, V [Scientific Production Association ' TYPHOON' , Emergency Centre, Obninsk (Russian Federation)

    1996-07-01

    The Software Environment of RODOS provides tools for processing and managing a large variety of different types of information, including those which are categorized in terms of meteorology, radiology, economy, emergency actions and countermeasures, rules, preferences, facts, maps, statistics, catalogues, models and methods. The main tasks of the Operating Subsystem OSY, which is based on the Client-Server Model, are the control of system operation, data management, and the exchange of information among various modules as well as the interaction with users in distributed computer systems. The paper describes the software environment of RODOS, in particular, the individual modules of its Operating Subsystem OSY, its distributed database, the geographical information system RoGIS, the on-line connections to radiological and meteorological networks and the software environment for the integration of external programs into the RODOS system.

  17. Whitelisting and the Rule of Law

    DEFF Research Database (Denmark)

    Leander, Anna

    2016-01-01

    Leander’s chapter argues that whitelists in commercial security are establishing and consolidating a rule of law marked by managerialism. It closely describes the significance of the mundane, seemingly innocuous whitelists. Whitelists have proliferated as part of governance through Codes of Condu...

  18. Dynamic Rule Encryption for Mobile Payment

    Directory of Open Access Journals (Sweden)

    Emir Husni

    2017-01-01

    Full Text Available The trend of financial transactions by using a mobile phone or mobile payment increases. By using the mobile payment service, users can save money on mobile phone (handset and separate from the pulse. For protecting users, mobile payment service providers must complete the mobile payment service with the transaction security. One way to provide transaction security is to utilize a secure mobile payment application. This research provides a safety feature used for an Android-based mobile payment application. This security feature is making encryption rules dynamically named Dynamic Rule Encryption (DRE. DRE has the ability to protect data by means of encrypting data with dynamic rules, and DRE also has a token function for an authentication. DRE token raised with dynamic time-based rules. Here, the time is used as a reference with the order of the day in the year (day of the year. The processes of the DRE’s encryption, decryption, and the DRE’s functionality as the token are discussed in this paper. Here, the Hamming distance metric is employed for having maximum differences between plaintext and ciphertext.

  19. enforcing tertiary school library rules and regulations

    African Journals Online (AJOL)

    2014-10-31

    Oct 31, 2014 ... beings -library users/patrons. It is also a standard rule that library ... degree of criminal behaviors in the use of their resources (Momodu, 2002). It is also a well known fact that some individual users of academic libraries display disruptive or criminal behaviors within the library and this often poses security ...

  20. An Empirical Study of Security Issues Posted in Open Source Projects

    DEFF Research Database (Denmark)

    Zahedi, Mansooreh; Ali Babar, Muhammad; Treude, Christoph

    2018-01-01

    When developers gain thorough understanding and knowledge of software security, they can produce more secure software. This study aims at empirically identifying and understanding the security issues posted on a random sample of GitHub repositories. We tried to understand the presence of security...

  1. Software development an open source approach

    CERN Document Server

    Tucker, Allen; de Silva, Chamindra

    2011-01-01

    Overview and Motivation Software Free and Open Source Software (FOSS)Two Case Studies Working with a Project Team Key FOSS Activities Client-Oriented vs. Community-Oriented Projects Working on a Client-Oriented Project Joining a Community-Oriented Project Using Project Tools Collaboration Tools Code Management Tools Run-Time System ConstraintsSoftware Architecture Architectural Patterns Layers, Cohesion, and Coupling Security Concurrency, Race Conditions, and DeadlocksWorking with Code Bad Smells and Metrics Refactoring Testing Debugging Extending the Software for a New ProjectDeveloping the D

  2. A Tutorial on Software Obfuscation

    OpenAIRE

    Banescu, Sebastian and Pretschner, Alexander

    2017-01-01

    Protecting a digital asset once it leaves the cyber trust boundary of its creator is a challenging security problem. The creator is an entity which can range from a single person to an entire organization. The trust boundary of an entity is represented by all the (virtual or physical) machines controlled by that entity. Digital assets range from media content to code, and include items such as: music, movies, computer games and premium software features. The business model of t...

  3. 76 FR 59803 - Children's Online Privacy Protection Rule

    Science.gov (United States)

    2011-09-27

    ... next COPPA Rule review was originally set for 2017. On April 5, 2010, the Commission published a...); and United States v. Bonzi Software, Inc., No. CV-04-1048 (C.D. Cal., filed Feb. 14, 2004) (desktop...

  4. Lemnos Interoperable Security Program

    Energy Technology Data Exchange (ETDEWEB)

    Stewart, John [Tennessee Valley Authority, Knoxville, TN (United States); Halbgewachs, Ron [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Chavez, Adrian [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Smith, Rhett [Schweitzer Engineering Laboratories, Chattanooga, TN (United States); Teumim, David [Teumim Technical, Allentown, PA (United States)

    2012-01-31

    The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relating to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or tunnels , to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock

  5. Food security governance in Latin America

    NARCIS (Netherlands)

    Pérez-Escamilla, Rafael; Shamah-Levy, Teresa; Candel, Jeroen

    2017-01-01

    In spite of major advances in recent decades, food insecurity continues to be a pressing concern to policymakers across the world. Food security governance (FSG) relates to the formal and informal rules and processes through which interests are articulated, and decisions relevant to food security

  6. Social Security and Part-Time Employment.

    Science.gov (United States)

    Euzeby, Alain

    1988-01-01

    Discusses rules governing social security and their implications for part-time employees in various countries. Topics include (1) methods of financing social security, (2) benefits, (3) measures concerning the unemployed, (4) a floor for employers' contributions, (5) graduated contribution rates, and (6) financial incentives. (CH)

  7. Reminder: Mandatory Computer Security Course

    CERN Multimedia

    IT Department

    2011-01-01

    Just like any other organization, CERN is permanently under attack – even right now. Consequently it's important to be vigilant about security risks, protecting CERN's reputation - and your work. The availability, integrity and confidentiality of CERN's computing services and the unhindered operation of its accelerators and experiments come down to the combined efforts of the CERN Security Team and you. In order to remain par with the attack trends, the Security Team regularly reminds CERN users about the computer security risks, and about the rules for using CERN’s computing facilities. Therefore, a new dedicated basic computer security course has been designed informing you about the “Do’s” and “Dont’s” when using CERN's computing facilities. This course is mandatory for all person owning a CERN computer account and must be followed once every three years. Users who have never done the course, or whose course needs to be renewe...

  8. New Mandatory Computer Security Course

    CERN Multimedia

    CERN Bulletin

    2010-01-01

    Just like any other organization, CERN is permanently under attack - even right now. Consequently it's important to be vigilant about security risks, protecting CERN's reputation - and your work. The availability, integrity and confidentiality of CERN's computing services and the unhindered operation of its accelerators and experiments come down to the combined efforts of the CERN Security Team and you. In order to remain par with the attack trends, the Security Team regularly reminds CERN users about the computer security risks, and about the rules for using CERN’s computing facilities. Since 2007, newcomers have to follow a dedicated basic computer security course informing them about the “Do’s” and “Dont’s” when using CERNs computing facilities. This course has recently been redesigned. It is now mandatory for all CERN members (users and staff) owning a CERN computer account and must be followed once every three years. Members who...

  9. FeynRules - Feynman rules made easy

    OpenAIRE

    Christensen, Neil D.; Duhr, Claude

    2008-01-01

    In this paper we present FeynRules, a new Mathematica package that facilitates the implementation of new particle physics models. After the user implements the basic model information (e.g. particle content, parameters and Lagrangian), FeynRules derives the Feynman rules and stores them in a generic form suitable for translation to any Feynman diagram calculation program. The model can then be translated to the format specific to a particular Feynman diagram calculator via F...

  10. Delayed rule following

    OpenAIRE

    Schmitt, David R.

    2001-01-01

    Although the elements of a fully stated rule (discriminative stimulus [SD], some behavior, and a consequence) can occur nearly contemporaneously with the statement of the rule, there is often a delay between the rule statement and the SD. The effects of this delay on rule following have not been studied in behavior analysis, but they have been investigated in rule-like settings in the areas of prospective memory (remembering to do something in the future) and goal pursuit. Discriminative even...

  11. Aligning Requirements-Driven Software Processes with IT Governance

    OpenAIRE

    Nguyen Huynh Anh, Vu; Kolp, Manuel; Heng, Samedi; Wautelet, Yves

    2017-01-01

    Requirements Engineering is closely intertwined with Information Technology (IT) Governance. Aligning IT Governance principles with Requirements-Driven Software Processes allows them to propose governance and management rules for software development to cope with stakeholders’ requirements and expectations. Typically, the goal of IT Governance in software engineering is to ensure that the results of a software organization business processes meet the strategic requirements of the organization...

  12. DIRAC distributed secure framework

    International Nuclear Information System (INIS)

    Casajus, A; Graciani, R

    2010-01-01

    DIRAC, the LHCb community Grid solution, provides access to a vast amount of computing and storage resources to a large number of users. In DIRAC users are organized in groups with different needs and permissions. In order to ensure that only allowed users can access the resources and to enforce that there are no abuses, security is mandatory. All DIRAC services and clients use secure connections that are authenticated using certificates and grid proxies. Once a client has been authenticated, authorization rules are applied to the requested action based on the presented credentials. These authorization rules and the list of users and groups are centrally managed in the DIRAC Configuration Service. Users submit jobs to DIRAC using their local credentials. From then on, DIRAC has to interact with different Grid services on behalf of this user. DIRAC has a proxy management service where users upload short-lived proxies to be used when DIRAC needs to act on behalf of them. Long duration proxies are uploaded by users to a MyProxy service, and DIRAC retrieves new short delegated proxies when necessary. This contribution discusses the details of the implementation of this security infrastructure in DIRAC.

  13. Towards Evidence-Based Assessment of Factors Contributing to the Introduction and Detection of Software Vulnerabilities

    OpenAIRE

    Finifter, Matthew Smith

    2013-01-01

    There is an entire ecosystem of tools, techniques, and processes designed to improve software security by preventing, finding, mitigating, and/or eliminating software vulnerabilities. Software vendors have this entire ecosystem to choose from during each phase of the software development lifecycle, which begins when someone identifies a software need, ends when the software vendor decides to halt support for the software, and includes everything in between.Unfortunately, guidance regarding wh...

  14. 31 CFR 356.32 - What tax rules apply?

    Science.gov (United States)

    2010-07-01

    ... political subdivision of a State, except for State estate or inheritance taxes and other exceptions as... 31 Money and Finance: Treasury 2 2010-07-01 2010-07-01 false What tax rules apply? 356.32 Section...) Miscellaneous Provisions § 356.32 What tax rules apply? (a) General. Securities issued under this part are...

  15. 17 CFR 240.19c-3 - Governing off-board trading by members of national securities exchanges.

    Science.gov (United States)

    2010-04-01

    ... members of national securities exchanges. 240.19c-3 Section 240.19c-3 Commodity and Securities Exchanges... Members § 240.19c-3 Governing off-board trading by members of national securities exchanges. The rules of each national securities exchange shall provide as follows: (a) No rule, stated policy or practice of...

  16. Sandia software guidelines: Software quality planning

    Energy Technology Data Exchange (ETDEWEB)

    1987-08-01

    This volume is one in a series of Sandia Software Guidelines intended for use in producing quality software within Sandia National Laboratories. In consonance with the IEEE Standard for Software Quality Assurance Plans, this volume identifies procedures to follow in producing a Software Quality Assurance Plan for an organization or a project, and provides an example project SQA plan. 2 figs., 4 tabs.

  17. Avoidable Software Procurements

    Science.gov (United States)

    2012-09-01

    software license, software usage, ELA, Software as a Service , SaaS , Software Asset...PaaS Platform as a Service SaaS Software as a Service SAM Software Asset Management SMS System Management Server SEWP Solutions for Enterprise Wide...delivery of full Cloud Services , we will see the transition of the Cloud Computing service model from Iaas to SaaS , or Software as a Service . Software

  18. Security Research on Engineering Database System

    Institute of Scientific and Technical Information of China (English)

    2002-01-01

    Engine engineering database system is an oriented C AD applied database management system that has the capability managing distributed data. The paper discusses the security issue of the engine engineering database management system (EDBMS). Through studying and analyzing the database security, to draw a series of securi ty rules, which reach B1, level security standard. Which includes discretionary access control (DAC), mandatory access control (MAC) and audit. The EDBMS implem ents functions of DAC, ...

  19. 17 CFR 270.17f-1 - Custody of securities with members of national securities exchanges.

    Science.gov (United States)

    2010-04-01

    ... upon physical inspection thereof and upon examination of the books of the custodian. The physical... a member of a national securities exchange of any obligation under existing law or under the rules...

  20. Adaptive security protocol selection for mobile computing

    NARCIS (Netherlands)

    Pontes Soares Rocha, B.; Costa, D.N.O.; Moreira, R.A.; Rezende, C.G.; Loureiro, A.A.F.; Boukerche, A.

    2010-01-01

    The mobile computing paradigm has introduced new problems for application developers. Challenges include heterogeneity of hardware, software, and communication protocols, variability of resource limitations and varying wireless channel quality. In this scenario, security becomes a major concern for

  1. 77 FR 39554 - Self-Regulatory Organizations; NYSE Arca, Inc.; Order Granting Approval of Proposed Rule Change...

    Science.gov (United States)

    2012-07-03

    ... later date at a fixed price. The Fund may not (i) with respect to 75% of its total assets, purchase... security. The Fund will not purchase illiquid securities, including Rule 144A securities and loan... 204A-1 under the Advisers Act relating to codes of ethics. This Rule requires investment advisers to...

  2. 75 FR 57384 - Rescission of Rules Pertaining to the Payment of Bounties for Information Leading to the Recovery...

    Science.gov (United States)

    2010-09-21

    .... SUPPLEMENTARY INFORMATION: The Insider Trading and Securities Fraud Enforcement Act of 1988 authorized the... SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 201 [Release No. 34-62921] Rescission of Rules... Trading AGENCY: Securities and Exchange Commission. ACTION: Final rule. SUMMARY: The Dodd-Frank Wall...

  3. 77 FR 56681 - Order Granting Limited Exemptions From Exchange Act Rule 10b-17 and Rules 101 and 102 of...

    Science.gov (United States)

    2012-09-13

    ... created series of the Company. The Fund will invest in stocks consisting of the component securities of... Regulation M Generally, Rule 101 of Regulation M is an anti-manipulation rule that, subject to certain... exemption are directed to the anti-fraud and anti-manipulation provisions of the Exchange Act, particularly...

  4. IPv6 Security

    Science.gov (United States)

    Babik, M.; Chudoba, J.; Dewhurst, A.; Finnern, T.; Froy, T.; Grigoras, C.; Hafeez, K.; Hoeft, B.; Idiculla, T.; Kelsey, D. P.; López Muñoz, F.; Martelli, E.; Nandakumar, R.; Ohrenberg, K.; Prelz, F.; Rand, D.; Sciabà, A.; Tigerstedt, U.; Traynor, D.; Wartel, R.

    2017-10-01

    IPv4 network addresses are running out and the deployment of IPv6 networking in many places is now well underway. Following the work of the HEPiX IPv6 Working Group, a growing number of sites in the Worldwide Large Hadron Collider Computing Grid (WLCG) are deploying dual-stack IPv6/IPv4 services. The aim of this is to support the use of IPv6-only clients, i.e. worker nodes, virtual machines or containers. The IPv6 networking protocols while they do contain features aimed at improving security also bring new challenges for operational IT security. The lack of maturity of IPv6 implementations together with the increased complexity of some of the protocol standards raise many new issues for operational security teams. The HEPiX IPv6 Working Group is producing guidance on best practices in this area. This paper considers some of the security concerns for WLCG in an IPv6 world and presents the HEPiX IPv6 working group guidance for the system administrators who manage IT services on the WLCG distributed infrastructure, for their related site security and networking teams and for developers and software engineers working on WLCG applications.

  5. Security bingo for administrators

    CERN Multimedia

    Computer Security Team

    2011-01-01

    Have you ever thought about the security of your service(s) or system(s)? Show us and win one of three marvellous books on computer security! Just print out this page, mark which of the 25 good practices below you already follow, and send the sheet back to us at Computer.Security@cern.ch or P.O. Box G19710, by November 14th 2011.   Winners[1] must show us that they follow at least five good practices in a continuous horizontal row, vertical column or diagonal. For details on CERN Computer Security, please consult http://cern.ch/security. My service or system…   …is following a software development life-cycle. …is patched in an automatic and timely fashion. …runs a tightened local ingress/egress firewall. …uses CERN Single-Sign-On (SSO). …has physical access protections in place. …runs all processes / services / applications with least privileges. …has ...

  6. Software engineering architecture-driven software development

    CERN Document Server

    Schmidt, Richard F

    2013-01-01

    Software Engineering: Architecture-driven Software Development is the first comprehensive guide to the underlying skills embodied in the IEEE's Software Engineering Body of Knowledge (SWEBOK) standard. Standards expert Richard Schmidt explains the traditional software engineering practices recognized for developing projects for government or corporate systems. Software engineering education often lacks standardization, with many institutions focusing on implementation rather than design as it impacts product architecture. Many graduates join the workforce with incomplete skil

  7. Threat modeling designing for security

    CERN Document Server

    Shostack, Adam

    2014-01-01

    Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies. Systems secur

  8. 78 FR 69168 - Self-Regulatory Organizations; National Securities Clearing Corporation; Order Approving Proposed...

    Science.gov (United States)

    2013-11-18

    ... approve a proposed rule change of a self-regulatory organization if it finds that such proposed rule... SECURITIES AND EXCHANGE COMMISSION [Release No. 34-70848; File No. SR-NSCC-2013-10] Self-Regulatory Organizations; National Securities Clearing Corporation; Order Approving Proposed Rule Change To...

  9. Securing Hadoop

    CERN Document Server

    Narayanan, Sudheesh

    2013-01-01

    This book is a step-by-step tutorial filled with practical examples which will focus mainly on the key security tools and implementation techniques of Hadoop security.This book is great for Hadoop practitioners (solution architects, Hadoop administrators, developers, and Hadoop project managers) who are looking to get a good grounding in what Kerberos is all about and who wish to learn how to implement end-to-end Hadoop security within an enterprise setup. It's assumed that you will have some basic understanding of Hadoop as well as be familiar with some basic security concepts.

  10. Grid Security

    CERN Multimedia

    CERN. Geneva

    2004-01-01

    The aim of Grid computing is to enable the easy and open sharing of resources between large and highly distributed communities of scientists and institutes across many independent administrative domains. Convincing site security officers and computer centre managers to allow this to happen in view of today's ever-increasing Internet security problems is a major challenge. Convincing users and application developers to take security seriously is equally difficult. This paper will describe the main Grid security issues, both in terms of technology and policy, that have been tackled over recent years in LCG and related Grid projects. Achievements to date will be described and opportunities for future improvements will be addressed.

  11. Open source IPSEC software in manned and unmanned space missions

    Science.gov (United States)

    Edwards, Jacob

    Network security is a major topic of research because cyber attackers pose a threat to national security. Securing ground-space communications for NASA missions is important because attackers could endanger mission success and human lives. This thesis describes how an open source IPsec software package was used to create a secure and reliable channel for ground-space communications. A cost efficient, reproducible hardware testbed was also created to simulate ground-space communications. The testbed enables simulation of low-bandwidth and high latency communications links to experiment how the open source IPsec software reacts to these network constraints. Test cases were built that allowed for validation of the testbed and the open source IPsec software. The test cases also simulate using an IPsec connection from mission control ground routers to points of interest in outer space. Tested open source IPsec software did not meet all the requirements. Software changes were suggested to meet requirements.

  12. Green Secure Processors: Towards Power-Efficient Secure Processor Design

    Science.gov (United States)

    Chhabra, Siddhartha; Solihin, Yan

    With the increasing wealth of digital information stored on computer systems today, security issues have become increasingly important. In addition to attacks targeting the software stack of a system, hardware attacks have become equally likely. Researchers have proposed Secure Processor Architectures which utilize hardware mechanisms for memory encryption and integrity verification to protect the confidentiality and integrity of data and computation, even from sophisticated hardware attacks. While there have been many works addressing performance and other system level issues in secure processor design, power issues have largely been ignored. In this paper, we first analyze the sources of power (energy) increase in different secure processor architectures. We then present a power analysis of various secure processor architectures in terms of their increase in power consumption over a base system with no protection and then provide recommendations for designs that offer the best balance between performance and power without compromising security. We extend our study to the embedded domain as well. We also outline the design of a novel hybrid cryptographic engine that can be used to minimize the power consumption for a secure processor. We believe that if secure processors are to be adopted in future systems (general purpose or embedded), it is critically important that power issues are considered in addition to performance and other system level issues. To the best of our knowledge, this is the first work to examine the power implications of providing hardware mechanisms for security.

  13. Cloud Security: Issues and Research Directions

    Science.gov (United States)

    2014-11-18

    4. Cloud Computing Security: What Changes with Software - Defined Networking ? Maur´ıcio Tsugawa, Andr´ea Matsunaga, and Jos´e A. B. Fortes 5...machine’s memory from an untrusted or malicious hypervisor. In Chapter 4, Tsugawa et al. discuss the security issues introduced when Software - Defined ... Networking ( SDN ) is deployed within and across clouds. Chapters 5-9 are focused on the protection of data stored in the cloud. In Chapter 5, Wang et

  14. Security Support in Continuous Deployment Pipeline

    DEFF Research Database (Denmark)

    Ullah, Faheem; Raft, Adam Johannes; Shahin, Mojtaba

    2017-01-01

    Continuous Deployment (CD) has emerged as a new practice in the software industry to continuously and automatically deploy software changes into production. Continuous Deployment Pipeline (CDP) supports CD practice by transferring the changes from the repository to production. Since most of the CDP...... penetration tools. Our findings indicate that the applied tactics improve the security of the major components (i.e., repository, continuous integration server, main server) of a CDP by controlling access to the components and establishing secure connections....

  15. 2016 International Conference on Software Process Improvement

    CERN Document Server

    Muñoz, Mirna; Rocha, Álvaro; Feliu, Tomas; Peña, Adriana

    2017-01-01

    This book offers a selection of papers from the 2016 International Conference on Software Process Improvement (CIMPS’16), held between the 12th and 14th of October 2016 in Aguascalientes, Aguascalientes, México. The CIMPS’16 is a global forum for researchers and practitioners to present and discuss the most recent innovations, trends, results, experiences and concerns in the different aspects of software engineering with a focus on, but not limited to, software processes, security in information and communication technology, and big data. The main topics covered include: organizational models, standards and methodologies, knowledge management, software systems, applications and tools, information and communication technologies and processes in non-software domains (mining, automotive, aerospace, business, health care, manufacturing, etc.) with a clear focus on software process challenges.

  16. The software life cycle

    CERN Document Server

    Ince, Darrel

    1990-01-01

    The Software Life Cycle deals with the software lifecycle, that is, what exactly happens when software is developed. Topics covered include aspects of software engineering, structured techniques of software development, and software project management. The use of mathematics to design and develop computer systems is also discussed. This book is comprised of 20 chapters divided into four sections and begins with an overview of software engineering and software development, paying particular attention to the birth of software engineering and the introduction of formal methods of software develop

  17. New Brunswick electricity market rules : summary

    International Nuclear Information System (INIS)

    2004-02-01

    The electricity market rules for New Brunswick were reviewed with particular reference to two broad classifications. The first classification is based on the roles and responsibilities of the system operator (SO) in facilitating the Bilateral Contract market, as well as the role of market participants in participating in the Bilateral Contract market. The second classification is based on the roles and responsibilities of each of the SO, market participants and transmitters in maintaining the reliability of the integrated electricity system and ensuring a secure supply of electricity for consumers in New Brunswick. The market rules consist of 10 chapters entitled: (1) introduction to the market rules and administrative rules of general application, (2) market participation and the use of the SO-controlled grid, (3) market administration, (4) technical and connection requirements, testing and commissioning, (5) system reliability, (6) operational requirements, (7) settlement, (8) connection of new or modified facilities, (9) transmission system planning, investment and operation, and (10) definitions and interpretation

  18. New HIPAA rules: a guide for radiology providers.

    Science.gov (United States)

    Dresevic, Adrienne; Mikel, Clinton

    2013-01-01

    The Office for Civil Rights issued its long awaited final regulations modifying the HIPAA privacy, security, enforcement, and breach notification rules--the HIPAA Megarule. The new HIPAA rules will require revisions to Notice of Privacy Practices, changes to business associate agreements, revisions to HIPAA privacy and security policies and procedures, and an overall assessment of HIPAA compliance. The HIPAA Megarule formalizes the HITECH Act requirements, and makes it clear that the OCRs ramp up of HIPAA enforcement is not merely a passing trend. The new rules underscore that both covered entities and business associates must reassess and strengthen HIPAA compliance.

  19. Model-Based Security Testing

    Directory of Open Access Journals (Sweden)

    Ina Schieferdecker

    2012-02-01

    Full Text Available Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.

  20. Statistics of software vulnerability detection in certification testing

    Science.gov (United States)

    Barabanov, A. V.; Markov, A. S.; Tsirlov, V. L.

    2018-05-01

    The paper discusses practical aspects of introduction of the methods to detect software vulnerability in the day-to-day activities of the accredited testing laboratory. It presents the approval results of the vulnerability detection methods as part of the study of the open source software and the software that is a test object of the certification tests under information security requirements, including software for communication networks. Results of the study showing the allocation of identified vulnerabilities by types of attacks, country of origin, programming languages used in the development, methods for detecting vulnerability, etc. are given. The experience of foreign information security certification systems related to the detection of certified software vulnerabilities is analyzed. The main conclusion based on the study is the need to implement practices for developing secure software in the development life cycle processes. The conclusions and recommendations for the testing laboratories on the implementation of the vulnerability analysis methods are laid down.

  1. Social Security.

    Science.gov (United States)

    Social and Labour Bulletin, 1983

    1983-01-01

    This group of articles discusses a variety of studies related to social security and retirement benefits. These studies are related to both developing and developed nations and are also concerned with studying work conditions and government role in administering a democratic social security system. (SSH)

  2. Secure system design and trustable computing

    CERN Document Server

    Potkonjak, Miodrag

    2016-01-01

    This book provides the foundations for understanding hardware security and trust, which have become major concerns for national security over the past decade.  Coverage includes issues related to security and trust in a variety of electronic devices and systems related to the security of hardware, firmware and software, spanning system applications, online transactions, and networking services.  This serves as an invaluable reference to the state-of-the-art research that is of critical significance to the security of, and trust in, modern society’s microelectronic-supported infrastructures.

  3. Security management

    International Nuclear Information System (INIS)

    Adams, H.W.

    1990-01-01

    Technical progress is moving more and more quickly and the systems thus produced are so complex and have become so unclear to the individual that he can no longer estimate the consequences: Faith in progress has given way to deep mistrust. Companies have adjusted to this change in consciousness. An interesting tendency can be identified: technical security is already available - now the organization of security has become an important objective for companies. The key message of the book is: If outworn technical systems are no longer adequate, the organization must be thoroughly overhauled. Five chapters deal with the following themes: organization as an aspect of society; risk control; aspects of security; is there security in ADP; the broader concept of security. (orig./HP) [de

  4. Bundle Security Protocol for ION

    Science.gov (United States)

    Burleigh, Scott C.; Birrane, Edward J.; Krupiarz, Christopher

    2011-01-01

    This software implements bundle authentication, conforming to the Delay-Tolerant Networking (DTN) Internet Draft on Bundle Security Protocol (BSP), for the Interplanetary Overlay Network (ION) implementation of DTN. This is the only implementation of BSP that is integrated with ION.

  5. WPSS: Watching people security services

    NARCIS (Netherlands)

    Bouma, H.; Baan, J.; Borsboom, S.; Zon, K. van; Luo, X.; Loke, B.; Stoeller, B.; Kuilenburg, H. van; Dijk, J.

    2013-01-01

    To improve security, the number of surveillance cameras is rapidly increasing. However, the number of human operators remains limited and only a selection of the video streams are observed. Intelligent software services can help to find people quickly, evaluate their behavior and show the most

  6. Lock It Up! Computer Security.

    Science.gov (United States)

    Wodarz, Nan

    1997-01-01

    The data contained on desktop computer systems and networks pose security issues for virtually every district. Sensitive information can be protected by educating users, altering the physical layout, using password protection, designating access levels, backing up data, reformatting floppy disks, using antivirus software, and installing encryption…

  7. Staying Secure for School Safety

    Science.gov (United States)

    Youngkin, Minu

    2012-01-01

    Proper planning and preventive maintenance can increase school security and return on investment. Preventive maintenance begins with planning. Through careful planning, education institutions can determine what is working and if any equipment, hardware or software needs to be replaced or upgraded. When reviewing a school's safety and security…

  8. 76 FR 70350 - West Oahu Offshore Security Zone

    Science.gov (United States)

    2011-11-14

    ... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 165 [Docket No. USCG-2011-1048] RIN 1625-AA87 West Oahu Offshore Security Zone AGENCY: Coast Guard, DHS. ACTION: Temporary final rule. SUMMARY: The Coast Guard is establishing a temporary security zone on the navigable waters of Oahu's western...

  9. 77 FR 11385 - Security Considerations for Lavatory Oxygen Systems

    Science.gov (United States)

    2012-02-27

    ... considerations for lavatory oxygen systems (77 FR 12550). The interim final rule addresses a security... and taken to restore the oxygen system with a design that would consider the security risk. Boeing... [Docket No. FAA-2011-0186; Amdt. Nos. 21-94, 25-133, 121-354, 129-50; SFAR 111] RIN 2120-AJ92 Security...

  10. 28 CFR 501.2 - National security cases.

    Science.gov (United States)

    2010-07-01

    ... 28 Judicial Administration 2 2010-07-01 2010-07-01 false National security cases. 501.2 Section... ADMINISTRATION SCOPE OF RULES § 501.2 National security cases. (a) Upon direction of the Attorney General, the... unauthorized disclosure of such information would pose a threat to the national security and that there is a...

  11. Query translation for XPath-based security views

    NARCIS (Netherlands)

    Vercammen, R.; Hidders, A.J.H.; Paredaens, J.; Grust, T.; Hopfner, H.; Illarramendi, A.

    2006-01-01

    Since XML is used as a storage format in an increasing number of applications, security has become an important issue in XML databases. One aspect of security is restricting access to data by certain users. This can, for example, be achieved by means of access rules or XML security views, which

  12. 75 FR 742 - Temporary Rule Regarding Principal Trades With Certain Advisory Clients

    Science.gov (United States)

    2010-01-06

    ... SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 275 [Release No. IA-2965A; File No. S7-23-07] RIN 3235-AJ96 Temporary Rule Regarding Principal Trades With Certain Advisory Clients AGENCY: Securities... transactions with certain of their advisory clients. As adopted, the only change to the rule was the expiration...

  13. Employment of security personnel

    International Nuclear Information System (INIS)

    Anon.

    1990-01-01

    If a company or institution hires personnel of a security service company to protect its premises, this kind of employment does not mean the company carries on temporary employment business. Within the purview of section 99, sub-section 1 of the BetrVG (Works Constitution Act), the security service personnel is not 'employed' in the proper sense even if the security tasks fulfilled by them are done at other times by regular employees of the company or institution. The court decision also decided that the Works Council need not give consent to employment of foreign security personnel. The court decision was taken for settlement of court proceedings commenced by Institute of Plasma Physics in Garching. In his comments, W. Hunold accedes to the court's decision and discusses the underlying reasons of this decision and of a previous ruling in the same matter by putting emphasis on the difference between a contract for services and a contract for work, and a contract for temporary employment. The author also discusses the basic features of an employment contract. (orig./HP) [de

  14. Phonological reduplication in sign language: rules rule

    Directory of Open Access Journals (Sweden)

    Iris eBerent

    2014-06-01

    Full Text Available Productivity—the hallmark of linguistic competence—is typically attributed to algebraic rules that support broad generalizations. Past research on spoken language has documented such generalizations in both adults and infants. But whether algebraic rules form part of the linguistic competence of signers remains unknown. To address this question, here we gauge the generalization afforded by American Sign Language (ASL. As a case study, we examine reduplication (X→XX—a rule that, inter alia, generates ASL nouns from verbs. If signers encode this rule, then they should freely extend it to novel syllables, including ones with features that are unattested in ASL. And since reduplicated disyllables are preferred in ASL, such rule should favor novel reduplicated signs. Novel reduplicated signs should thus be preferred to nonreduplicative controls (in rating, and consequently, such stimuli should also be harder to classify as nonsigns (in the lexical decision task. The results of four experiments support this prediction. These findings suggest that the phonological knowledge of signers includes powerful algebraic rules. The convergence between these conclusions and previous evidence for phonological rules in spoken language suggests that the architecture of the phonological mind is partly amodal.

  15. Using simplex method in verifying software safety

    Directory of Open Access Journals (Sweden)

    Vujošević-Janičić Milena

    2009-01-01

    Full Text Available In this paper we have discussed the application of the Simplex method in checking software safety - the application in automated detection of buffer overflows in C programs. This problem is important because buffer overflows are suitable targets for hackers' security attacks and sources of serious program misbehavior. We have also described our implementation, including a system for generating software correctness conditions and a Simplex based theorem prover that resolves these conditions.

  16. Computer Security: Mac security – nothing for old versions

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2016-01-01

    A fundamental pillar of computer security is the regular maintenance of your code, operating system and application software – or, in computer lingo: patching, patching, patching.   Only software which is up-to-date should be free from any known vulnerabilities and thus provide you with a basic level of computer security. Neglecting regular updates is putting your computer at risk – and consequently your account, your password, your data, your photos, your videos and your money. Therefore, prompt and automatic patching is paramount. But the Microsofts, Googles and Apples of this world do not always help… Software vendors handle their update policy in different ways. While Android is a disaster – not because of Google, but due to the slow adaptation of many smartphone vendors (see “Android’s Armageddon”) – Microsoft provides updates for their Windows 7, Windows 8 and Windows 10 operating systems through their &ldq...

  17. High Assurance Models for Secure Systems

    Science.gov (United States)

    Almohri, Hussain M. J.

    2013-01-01

    Despite the recent advances in systems and network security, attacks on large enterprise networks consistently impose serious challenges to maintaining data privacy and software service integrity. We identify two main problems that contribute to increasing the security risk in a networked environment: (i) vulnerable servers, workstations, and…

  18. Incorporating lab experience into computer security courses

    NARCIS (Netherlands)

    Ben Othmane, L.; Bhuse, V.; Lilien, L.T.

    2013-01-01

    We describe our experience with teaching computer security labs at two different universities. We report on the hardware and software lab setups, summarize lab assignments, present the challenges encountered, and discuss the lessons learned. We agree with and emphasize the viewpoint that security

  19. INFORMATION SYSTEM SECURITY (CYBER SECURITY

    Directory of Open Access Journals (Sweden)

    Muhammad Siddique Ansari

    2016-03-01

    Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers

  20. Recommendations and best practices for cloud enterprise security

    OpenAIRE

    Ramachandran, M; Chang, V

    2015-01-01

    © 2014 IEEE. Enterprise security is essential to achieve global information security in business and organizations. Enterprise Cloud computing is a new paradigm for that enterprise where businesses need to be secured. Enterprise Cloud computing has established its businesses and software as a service paradigm is increasing its demand for more services. However, this new trend needs to be more systematic with respect to Enterprise Cloud security. Enterprise Cloud security is the key factor in ...

  1. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2006-01-01

    Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Application Program Security. Cryptography. Computer, System, and Security Architecture. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigation and Ethics. Physical Security.

  2. Improving the Security and Performance of the BaBar Detector Controls System

    International Nuclear Information System (INIS)

    Kotturi, Karen D.

    2003-01-01

    It starts out innocently enough--users want to monitor Online data and so run their own copies of the detector control GUIs in their offices and at home. But over time, the number of processes making requests for values to display on GUIs, webpages and stripcharts can grow, and affect the performance of an Input/Output Controller (IOC) such that it is unable to respond to requests from requests critical to data-taking. At worst, an IOC can hang, its CPU having been allocated 100% to responding to network requests. For the BaBar Online Detector Control System, we were able to eliminate this problem and make great gains in security by moving all of the IOCs to a non-routed, virtual LAN and by enlisting a workstation with two network interface cards to act as the interface between the virtual LAN and the public BaBar network. On the interface machine, we run the Experimental Physics Industrial Control System (EPICS) Channel Access (CA) gateway software (originating from Advanced Photon Source). This software accepts as inputs, all the channels which are loaded into the EPICS databases on all the IOCs. It polls them to update its copy of the values. It answers requests from applications by sending them the currently cached value. We adopted the requirement that data-taking would be independent of the gateway, so that, in the event of a gateway failure, data-taking would be uninterrupted. In this way, we avoided introducing any new risk elements to data-taking. Security rules already in use by the IOC were propagated to the gateway's own security rules and the security of the IOCs themselves was improved by removing them from the public BaBar network

  3. 76 FR 46668 - Business Conduct Standards for Security-Based Swap Dealers and Major Security-Based Swap...

    Science.gov (United States)

    2011-08-03

    ... SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 240 [Release No. 34-64766; File No. S7-25-11] RIN 3235-AL10 Business Conduct Standards for Security-Based Swap Dealers and Major Security-Based Swap Participants Correction In proposed rule document number 2011-16758, appearing on pages 42396-42455 in the...

  4. A Better Budget Rule

    Science.gov (United States)

    Dothan, Michael; Thompson, Fred

    2009-01-01

    Debt limits, interest coverage ratios, one-off balanced budget requirements, pay-as-you-go rules, and tax and expenditure limits are among the most important fiscal rules for constraining intertemporal transfers. There is considerable evidence that the least costly and most effective of such rules are those that focus directly on the rate of…

  5. Automated Security Testing of Web Widget Interactions

    NARCIS (Netherlands)

    Bezemer, C.P.; Mesbah, A.; Van Deursen, A.

    2009-01-01

    This paper is a pre-print of: Cor-Paul Bezemer, Ali Mesbah, and Arie van Deursen. Automated Security Testing of Web Widget Interactions. In Proceedings of the 7th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering

  6. Control system security in nuclear power plant

    International Nuclear Information System (INIS)

    Li Jianghai; Huang Xiaojin

    2012-01-01

    The digitalization and networking of control systems in nuclear power plants has brought significant improvements in system control, operation and maintenance. However, the highly digitalized control system also introduces additional security vulnerabilities. Moreover, the replacement of conventional proprietary systems with common protocols, software and devices makes these vulnerabilities easy to be exploited. Through the interaction between control systems and the physical world, security issues in control systems impose high risks on health, safety and environment. These security issues may even cause damages of critical infrastructures and threaten national security. The importance of control system security by reviewing several control system security incidents that happened in nuclear power plants was showed in recent years. Several key difficulties in addressing these security issues were described. Finally, existing researches on control system security and propose several promising research directions were reviewed. (authors)

  7. 33 CFR 89.25 - Waters upon which Inland Rules 9(a)(ii), 14(d), and 15(b) apply.

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Waters upon which Inland Rules 9(a)(ii), 14(d), and 15(b) apply. 89.25 Section 89.25 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY INLAND NAVIGATION RULES INLAND NAVIGATION RULES: IMPLEMENTING RULES Waters...

  8. Strategic information security

    CERN Document Server

    Wylder, John

    2003-01-01

    Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

  9. The use of crypto-analysis techniques for securing internet ...

    African Journals Online (AJOL)

    ... recommended to be combined with other techniques, such as client-side software, data transaction protocols, web server software, and the network server operating system involved in handling e-commerce, for securing internet transaction. This recommendation will invariable ensure that internet transaction is secured.

  10. ESTSC - Software Best Practices

    Science.gov (United States)

    DOE Scientific and Technical Software Best Practices December 2010 Table of Contents 1.0 Introduction 2.0 Responsibilities 2.1 OSTI/ESTSC 2.2 SIACs 2.3 Software Submitting Sites/Creators 2.4 Software Sensitivity Review 3.0 Software Announcement and Submission 3.1 STI Software Appropriate for Announcement 3.2

  11. Software Assurance Competency Model

    Science.gov (United States)

    2013-03-01

    COTS) software , and software as a service ( SaaS ). L2: Define and analyze risks in the acquisition of contracted software , COTS software , and SaaS ...2010a]: Application of technologies and processes to achieve a required level of confidence that software systems and services function in the...

  12. Software attribute visualization for high integrity software

    Energy Technology Data Exchange (ETDEWEB)

    Pollock, G.M.

    1998-03-01

    This report documents a prototype tool developed to investigate the use of visualization and virtual reality technologies for improving software surety confidence. The tool is utilized within the execution phase of the software life cycle. It provides a capability to monitor an executing program against prespecified requirements constraints provided in a program written in the requirements specification language SAGE. The resulting Software Attribute Visual Analysis Tool (SAVAnT) also provides a technique to assess the completeness of a software specification.

  13. Secure PVM

    Energy Technology Data Exchange (ETDEWEB)

    Dunigan, T.H.; Venugopal, N.

    1996-09-01

    This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user`s PVM application, or, optionally, security can be provided on a message-by message basis. Diffe-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.

  14. Junos Security

    CERN Document Server

    Cameron, Rob; Giecco, Patricio; Eberhard, Timothy; Quinn, James

    2010-01-01

    Junos® Security is the complete and authorized introduction to the new Juniper Networks SRX hardware series. This book not only provides a practical, hands-on field guide to deploying, configuring, and operating SRX, it also serves as a reference to help you prepare for any of the Junos Security Certification examinations offered by Juniper Networks. Network administrators and security professionals will learn how to use SRX Junos services gateways to address an array of enterprise data network requirements -- including IP routing, intrusion detection, attack mitigation, unified threat manag

  15. An Interoperability Framework and Capability Profiling for Manufacturing Software

    Science.gov (United States)

    Matsuda, M.; Arai, E.; Nakano, N.; Wakai, H.; Takeda, H.; Takata, M.; Sasaki, H.

    ISO/TC184/SC5/WG4 is working on ISO16100: Manufacturing software capability profiling for interoperability. This paper reports on a manufacturing software interoperability framework and a capability profiling methodology which were proposed and developed through this international standardization activity. Within the context of manufacturing application, a manufacturing software unit is considered to be capable of performing a specific set of function defined by a manufacturing software system architecture. A manufacturing software interoperability framework consists of a set of elements and rules for describing the capability of software units to support the requirements of a manufacturing application. The capability profiling methodology makes use of the domain-specific attributes and methods associated with each specific software unit to describe capability profiles in terms of unit name, manufacturing functions, and other needed class properties. In this methodology, manufacturing software requirements are expressed in terns of software unit capability profiles.

  16. Matrimonial Causes Rules, 1986, 30 January 1987.

    Science.gov (United States)

    1987-01-01

    These Rules are made under Section 4 of the Matrimonial Causes Law, 1976 and contain provisions on applications for leave to present a petition for divorce, documents to accompany the petition, information to be contained in the petition, service of the petition, pleadings subsequent to the petition, directions for trial, security for costs, decrees, and enforcement of orders, among other things. The Rules also stipulate that when "it appears that there is a child of the marriage under the age of sixteen, the record shall show specifically that the question of provision for such child has been considered and dealt with by the Court." full text

  17. New Safety rules

    CERN Multimedia

    Safety Commission

    2008-01-01

    The revision of CERN Safety rules is in progress and the following new Safety rules have been issued on 15-04-2008: Safety Procedure SP-R1 Establishing, Updating and Publishing CERN Safety rules: http://cern.ch/safety-rules/SP-R1.htm; Safety Regulation SR-S Smoking at CERN: http://cern.ch/safety-rules/SR-S.htm; Safety Regulation SR-M Mechanical Equipment: http://cern.ch/safety-rules/SR-M.htm; General Safety Instruction GSI-M1 Standard Lifting Equipment: http://cern.ch/safety-rules/GSI-M1.htm; General Safety Instruction GSI-M2 Standard Pressure Equipment: http://cern.ch/safety-rules/GSI-M2.htm; General Safety Instruction GSI-M3 Special Mechanical Equipment: http://cern.ch/safety-rules/GSI-M3.htm. These documents apply to all persons under the Director General’s authority. All Safety rules are available at the web page: http://www.cern.ch/safety-rules The Safety Commission

  18. Action Rules Mining

    CERN Document Server

    Dardzinska, Agnieszka

    2013-01-01

    We are surrounded by data, numerical, categorical and otherwise, which must to be analyzed and processed to convert it into information that instructs, answers or aids understanding and decision making. Data analysts in many disciplines such as business, education or medicine, are frequently asked to analyze new data sets which are often composed of numerous tables possessing different properties. They try to find completely new correlations between attributes and show new possibilities for users.   Action rules mining discusses some of data mining and knowledge discovery principles and then describe representative concepts, methods and algorithms connected with action. The author introduces the formal definition of action rule, notion of a simple association action rule and a representative action rule, the cost of association action rule, and gives a strategy how to construct simple association action rules of a lowest cost. A new approach for generating action rules from datasets with numerical attributes...

  19. 18 CFR 385.104 - Rule of construction (Rule 104).

    Science.gov (United States)

    2010-04-01

    ... Definitions § 385.104 Rule of construction (Rule 104). To the extent that the text of a rule is inconsistent with its caption, the text of the rule controls. [Order 376, 49 FR 21705, May 23, 1984] ...

  20. Tier 1 and Tier 3 eAdjudication Business Rule Validation

    Science.gov (United States)

    2018-04-01

    correct rejections. • Research ways to safely approve more cases through eAdjudication. PERSEREC has established a business rule test environment that can... WORK UNIT NUMBER: 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) Defense Personnel and Security Research Center Office of People Analytics 400...interagency working group of personnel security and suitability experts on business rule development for T3 and T3R. The results of rule development and

  1. CERN’s Computing rules updated to include policy for control systems

    CERN Multimedia

    IT Department

    2008-01-01

    The use of CERN’s computing facilities is governed by rules defined in Operational Circular No. 5 and its subsidiary rules of use. These rules are available from the web site http://cern.ch/ComputingRules. Please note that the subsidiary rules for Internet/Network use have been updated to include a requirement that control systems comply with the CNIC(Computing and Network Infrastructure for Control) Security Policy. The security policy for control systems, which was approved earlier this year, can be accessed at https://edms.cern.ch/document/584092 IT Department

  2. 19 CFR 177.7 - Situations in which no ruling will be issued.

    Science.gov (United States)

    2010-04-01

    ....7 Section 177.7 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY... for a ruling which fails to comply with the provisions of this part. Moreover, no ruling letter will... litigation in the United States Court of International Trade. No ruling letter will be issued with respect to...

  3. 33 CFR 83.36 - Signals to attract attention (Rule 36).

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Signals to attract attention... SECURITY INLAND NAVIGATION RULES RULES Sound and Light Signals § 83.36 Signals to attract attention (Rule 36). If necessary to attract the attention of another vessel, any vessel may make light or sound...

  4. 77 FR 76854 - Temporary Rule Regarding Principal Trades With Certain Advisory Clients

    Science.gov (United States)

    2012-12-31

    ... 3235-AL28 Temporary Rule Regarding Principal Trades With Certain Advisory Clients AGENCY: Securities... transactions with certain of their advisory clients. The amendment extends the date on which rule 206(3)- 3T... releases used RIN 3235-AJ96. (See Temporary Rule Regarding Principal Trades with Certain Advisory Clients...

  5. 17 CFR 230.100 - Definitions of terms used in the rules and regulations.

    Science.gov (United States)

    2010-04-01

    ... express reference to the Act or to the rules and regulations or to a portion thereof defines such term for... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false Definitions of terms used in... terms used in the rules and regulations. (a) As used in the rules and regulations prescribed in this...

  6. Collective Security

    DEFF Research Database (Denmark)

    Galster, Kjeld

    in worldwide market conditions left perceptible ripples in Danish economy, budget discussions grew in importance over this period. The pacifist stance entailed disinclination to accept that the collective security concept and international treaties and accords signed by Denmark should necessitate credible...... and other international treaties provided arguments for adjusting the foreign and security policy ambitions, and since the general flux in worldwide market conditions left perceptible ripples in Danish economy, budget discussions grew in importance over this period. The pacifist stance entailed......Collective Security: National Egotism (Abstract) In Danish pre-World War I defence debate the notion of collective security is missing. During the early years of the 19th century, the political work is influenced by a pervasive feeling of rising tension and danger on the continent of Europe...

  7. Security Transformation

    National Research Council Canada - National Science Library

    Metz, Steven

    2003-01-01

    ... adjustment. With American military forces engaged around the world in both combat and stabilization operations, the need for rigorous and critical analysis of security transformation has never been greater...

  8. Information Security and Integrity Systems

    Science.gov (United States)

    1990-01-01

    Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

  9. Governing the Rule-Making of Organic Agriculture

    DEFF Research Database (Denmark)

    Linneberg, Mai Skjøtt

    of Denmark and Sweden. Although the cases illustrate two modes of governance: in the former, rule-making is formally internalized in the State and in the latter, in a private-interest organization, a similar set of stakeholders participate in the actual rule-making processes. The analysis provides...... an interesting avenue into understanding the relationship between local and supranational rule-makers, and how local rule-makers may act to secure local circumstances and demands from supranational legislators concurrently. Moreover, the analysis offers suggestions as to possible consequences of striving...

  10. Reliability of software

    International Nuclear Information System (INIS)

    Kopetz, H.

    1980-01-01

    Common factors and differences in the reliability of hardware and software; reliability increase by means of methods of software redundancy. Maintenance of software for long term operating behavior. (HP) [de

  11. Automated generation of lattice QCD Feynman rules

    Energy Technology Data Exchange (ETDEWEB)

    Hart, A.; Mueller, E.H. [Edinburgh Univ. (United Kingdom). SUPA School of Physics and Astronomy; von Hippel, G.M. [Deutsches Elektronen-Synchrotron (DESY), Zeuthen (Germany); Horgan, R.R. [Cambridge Univ. (United Kingdom). DAMTP, CMS

    2009-04-15

    The derivation of the Feynman rules for lattice perturbation theory from actions and operators is complicated, especially for highly improved actions such as HISQ. This task is, however, both important and particularly suitable for automation. We describe a suite of software to generate and evaluate Feynman rules for a wide range of lattice field theories with gluons and (relativistic and/or heavy) quarks. Our programs are capable of dealing with actions as complicated as (m)NRQCD and HISQ. Automated differentiation methods are used to calculate also the derivatives of Feynman diagrams. (orig.)

  12. Automated generation of lattice QCD Feynman rules

    International Nuclear Information System (INIS)

    Hart, A.; Mueller, E.H.; Horgan, R.R.

    2009-04-01

    The derivation of the Feynman rules for lattice perturbation theory from actions and operators is complicated, especially for highly improved actions such as HISQ. This task is, however, both important and particularly suitable for automation. We describe a suite of software to generate and evaluate Feynman rules for a wide range of lattice field theories with gluons and (relativistic and/or heavy) quarks. Our programs are capable of dealing with actions as complicated as (m)NRQCD and HISQ. Automated differentiation methods are used to calculate also the derivatives of Feynman diagrams. (orig.)

  13. Improving Intrusion Detection System Based on Snort Rules for Network Probe Attacks Detection with Association Rules Technique of Data Mining

    Directory of Open Access Journals (Sweden)

    Nattawat Khamphakdee

    2015-07-01

    Full Text Available The intrusion detection system (IDS is an important network security tool for securing computer and network systems. It is able to detect and monitor network traffic data. Snort IDS is an open-source network security tool. It can search and match rules with network traffic data in order to detect attacks, and generate an alert. However, the Snort IDS  can detect only known attacks. Therefore, we have proposed a procedure for improving Snort IDS rules, based on the association rules data mining technique for detection of network probe attacks.  We employed the MIT-DARPA 1999 data set for the experimental evaluation. Since behavior pattern traffic data are both normal and abnormal, the abnormal behavior data is detected by way of the Snort IDS. The experimental results showed that the proposed Snort IDS rules, based on data mining detection of network probe attacks, proved more efficient than the original Snort IDS rules, as well as icmp.rules and icmp-info.rules of Snort IDS.  The suitable parameters for the proposed Snort IDS rules are defined as follows: Min_sup set to 10%, and Min_conf set to 100%, and through the application of eight variable attributes. As more suitable parameters are applied, higher accuracy is achieved.

  14. European Security

    DEFF Research Database (Denmark)

    Møller, Bjørn

    Theoretical chapters on "Security", "Organisations" and "Regions," Historical Chapters on "Europe and Its Distinguishing Features" and on "The United Nations," "NATO," "The CSCE/OSCE and the Council of Europe" and "The European Union"......Theoretical chapters on "Security", "Organisations" and "Regions," Historical Chapters on "Europe and Its Distinguishing Features" and on "The United Nations," "NATO," "The CSCE/OSCE and the Council of Europe" and "The European Union"...

  15. Data Security

    OpenAIRE

    Lopez, Diego

    2013-01-01

    Training specialists in the field of data security and security administrators for the information systems represents a significant priority demanded by both governmental environments and the central and local administrations, as well as by the private sector - companies, banks. They are responsible for implementing information services and systems, but they are also their beneficiaries, with applicability in fields such as: e government, e-administration, e-banking, e-commerce, e-payment, wh...

  16. Space Flight Software Development Software for Intelligent System Health Management

    Science.gov (United States)

    Trevino, Luis C.; Crumbley, Tim

    2004-01-01

    The slide presentation examines the Marshall Space Flight Center Flight Software Branch, including software development projects, mission critical space flight software development, software technical insight, advanced software development technologies, and continuous improvement in the software development processes and methods.

  17. Software Engineering Guidebook

    Science.gov (United States)

    Connell, John; Wenneson, Greg

    1993-01-01

    The Software Engineering Guidebook describes SEPG (Software Engineering Process Group) supported processes and techniques for engineering quality software in NASA environments. Three process models are supported: structured, object-oriented, and evolutionary rapid-prototyping. The guidebook covers software life-cycles, engineering, assurance, and configuration management. The guidebook is written for managers and engineers who manage, develop, enhance, and/or maintain software under the Computer Software Services Contract.

  18. Nuclear security

    International Nuclear Information System (INIS)

    1991-12-01

    This paper reports that despite their crucial importance to national security, safeguards at the Department of Energy's (DOE) weapons facilities may be falling short. DOE security inspections have identified many weaknesses, including poor performance by members of DOE's security force, poor accountability for quantities of nuclear materials, and the inability of personnel to locate documents containing classified information. About 13 percent of the 2,100 identified weakness resulted in DOE inspectors giving out unsatisfactory security ratings; another 38 percent led to marginal ratings. In addition, DOE's centralized safeguards and security information tracking system lacks current data on whether DOE field offices have corrected the identified weaknesses. Without reliable information, DOE has no way of knowing whether timely action was taken to correct problems, nor can it determine whether weaknesses are systematic. DOE has tried to minimize the impact of these security weaknesses at its facilities by establishing multiple layers of protection measures and instituting interim and compensatory measures for identified weaknesses. DOE is planning enhancements to the centralized tracking system that should improve its reliability and increase its effectiveness

  19. FOOD SECURITY

    Directory of Open Access Journals (Sweden)

    Dorina Ardelean

    2013-12-01

    Full Text Available The assurance of food security at the individual level doesn’t implicitly provide for the one at family level as the concepts of hunger, malnutrition and food insecurity are the steps of the same process of access restricted to a sufficient supply of food. In order to achieve food security at the individual level the following is necessary: ensuring food availability (production, reserve stocks; redistribution of food availability within the country or out through international exchanges; effective access of the population to purchase food consumer goods, by ensuring its effective demand as required. Food security of families (FFS is required for assuring individual food security (IFS, but it is not sufficient because the food available may be unevenly distributed between family members. National food security (NFS corresponds to the possibilities that different countries have to ensure both FFS and IFS without sacrificing other important objectives. Under the name of GAS is defined the global food security which represents permanent access for the entire population of the globe to the necessary food for a healthy and active life.

  20. Accuracy Test of Software Architecture Compliance Checking Tools : Test Instruction

    NARCIS (Netherlands)

    Prof.dr. S. Brinkkemper; Dr. Leo Pruijt; C. Köppe; J.M.E.M. van der Werf

    2015-01-01

    Author supplied: "Abstract Software Architecture Compliance Checking (SACC) is an approach to verify conformance of implemented program code to high-level models of architectural design. Static SACC focuses on the modular software architecture and on the existence of rule violating dependencies

  1. Comparative analysis of business rules and business process modeling languages

    Directory of Open Access Journals (Sweden)

    Audrius Rima

    2013-03-01

    Full Text Available During developing an information system is important to create clear models and choose suitable modeling languages. The article analyzes the SRML, SBVR, PRR, SWRL, OCL rules specifying language and UML, DFD, CPN, EPC and IDEF3 BPMN business process modeling language. The article presents business rules and business process modeling languages theoretical comparison. The article according to selected modeling aspects of the comparison between different business process modeling languages ​​and business rules representation languages sets. Also, it is selected the best fit of language set for three layer framework for business rule based software modeling.

  2. An Assessment of the Library Application Software Packages in ...

    African Journals Online (AJOL)

    Journal Home > Vol 7, No 2 (2007) > ... the study examined the adopted softwares' security, compatibility/capabilities, ... The study found that most application packages available in the Nigerian automation market place are effective since they ...

  3. Additional Security Considerations for Grid Management

    Science.gov (United States)

    Eidson, Thomas M.

    2003-01-01

    The use of Grid computing environments is growing in popularity. A Grid computing environment is primarily a wide area network that encompasses multiple local area networks, where some of the local area networks are managed by different organizations. A Grid computing environment also includes common interfaces for distributed computing software so that the heterogeneous set of machines that make up the Grid can be used more easily. The other key feature of a Grid is that the distributed computing software includes appropriate security technology. The focus of most Grid software is on the security involved with application execution, file transfers, and other remote computing procedures. However, there are other important security issues related to the management of a Grid and the users who use that Grid. This note discusses these additional security issues and makes several suggestions as how they can be managed.

  4. Security an introduction

    CERN Document Server

    Purpura, Philip P

    2011-01-01

    Section I The History and Profession of SecurityDefinition, Role, and History of Security Security Defined The Contexts of Security The Roles of Security The History of Security Security in an Environment of Threats, Terrorism, and All-Hazards Threats and Hazards Terrorism National Strategies The Profession and Business of Security The Business of Security Professionalism and Security Associations Ethics Regulation of the Security Industry Security Training Higher Education Careers Section II Protecting People and AssetsSecurity Methodology Methodology Defined Security Business Proposals Secur

  5. Compatibility of safety and security

    International Nuclear Information System (INIS)

    Jalouneix, J.

    2013-01-01

    Nuclear safety means the achievement of proper operating conditions, prevention of accidents or mitigation of accident consequences, resulting in protection of workers, the public and the environment from undue radiation hazards while nuclear security means the prevention and detection of, and response to, theft, sabotage, unauthorized access, illegal transfer or other malicious acts involving nuclear material. Nuclear safety and nuclear security present large similarities in their aim as in their methods and are mutually complementary in the field of protection with regard to the risk of sabotage. However they show specific attributes in certain areas which leads to differences in their implementation. For instance security culture must integrate deterrence and confidentiality while safety culture implies transparency and open dialogue. Two important design principles apply identically for safety and security: the graded approach and the defense in depth. There are also strong similarities in operating provisions: -) a same need to check the availability of the equipment, -) a same need to treat the experience feedback, or -) a same need to update the basic rules. There are also strong similarities in emergency management, for instance the elaboration of emergency plans and the performance of periodic exercises. Activities related to safety of security of an installation must be managed by a quality management system. For all types of nuclear activities and facilities, a well shared safety culture and security culture is the guarantee of a safe and secure operation. The slides of the presentation have been added at the end of the paper

  6. An integrated framework for software vulnerability detection ...

    Indian Academy of Sciences (India)

    Manoj Kumar

    2017-07-15

    Jul 15, 2017 ... concern and intelligent framework and provides more secured ... In the present scenario, the software systems are being .... human. In human body, the autonomic nervous system ..... such as artificial neural networks, genetic algorithm, grey ..... [8] Bansiya J 1997 A hierarchical model for quality assessment.

  7. Open source software migration: Best practices

    CSIR Research Space (South Africa)

    Molefe, Onkgopotse M

    2010-09-01

    Full Text Available Open source software (OSS) has gained prominence worldwide, largely due to cost savings and security considerations. This has caused a change in the IT sector and has led to the migration of desktops from proprietary to OSS. The problem...

  8. Trade and investment rules for energy

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    2009-09-15

    Rules that govern energy trade is an issue that has generated increasing concern everywhere, from the standpoint of both the security of supply for consumers and security of demand for suppliers. This concern reflects the importance of rules that comprehensively address the needs from supply and demand point of view and integrate the international fabric of energy trade. The GATT and the WTO Agreement define trans-border movement of energy but leave many aspects unclear, particularly as efforts accelerate to control carbon emissions. This timely report by a WEC Task Force of experts with legal standing in the energy business identifies the most pressing issues relating to energy trade and suggests actions and measures which, if implemented, would provide clarity and answer many questions. More importantly, these measures would strengthen the WTO and coming rounds of negotiations.

  9. 75 FR 51863 - Self-Regulatory Organizations; NYSE Arca, Inc.; Order Approving Proposed Rule Change Relating to...

    Science.gov (United States)

    2010-08-23

    ... securities defined in Section 2 of NYSE Arca Equities Rule 8, collectively, ``Derivative Securities Products... Derivative Securities Products) each shall have a minimum market value of at least $75 million. The Exchange... provides, among other things, that (i) the component stocks (excluding Derivative Securities Products...

  10. 76 FR 57787 - Self-Regulatory Organizations; EDGA Exchange, Inc.; Notice of Filing of Proposed Rule Change...

    Science.gov (United States)

    2011-09-16

    ... securities product (``UTP Derivative Security'') that derives its value from one or more currencies or..., proposed EDGA Rule 14.1(c)(5)(A) provides that a Restricted Market Maker in a UTP Derivative Security on... Reference Asset of that UTP Derivative Security, or any derivative instrument based on a Reference Asset of...

  11. SC2: Secure Communication over Smart Cards

    DEFF Research Database (Denmark)

    Dragoni, Nicola; Lostal, Eduardo; Papini, Davide

    2012-01-01

    The Security-by-Contract (S×C) framework has recently been proposed to support software evolution in open multi-application smart cards. The key idea lies in the notion of contract, a specification of the security behavior of an application that must be compliant with the security policy of the c...

  12. Development of Farm Records Software

    Directory of Open Access Journals (Sweden)

    M. S. Abubakar

    2017-12-01

    Full Text Available Farm records are mostly manually kept on paper notebooks and folders where similar records are organized in one folder or spread sheet. These records are usually kept for many years therefore they becomes bulky and less organized. Consequently, it becomes difficult to search, update and tedious and time consuming to manage these records. This study was carried-out to overcome these problems associated with manual farm records keeping by developing user-friendly, easily accessible, reliable and secured software. The software was limited records keeping in crop production, livestock production, poultry production, employees, income and expenditure. The system was implemented using Java Server Faces (JSF for designing Graphical User Interface (GUI, Enterprises Java Beans (EJB for logic tier and MySQL database for storing farm records.

  13. Network Coded Software Defined Networking

    DEFF Research Database (Denmark)

    Krigslund, Jeppe; Hansen, Jonas; Roetter, Daniel Enrique Lucani

    2015-01-01

    Software Defined Networking (SDN) and Network Coding (NC) are two key concepts in networking that have garnered a large attention in recent years. On the one hand, SDN's potential to virtualize services in the Internet allows a large flexibility not only for routing data, but also to manage....... This paper advocates for the use of SDN to bring about future Internet and 5G network services by incorporating network coding (NC) functionalities. The inherent flexibility of both SDN and NC provides a fertile ground to envision more efficient, robust, and secure networking designs, that may also...

  14. ECLIPSE, an Emerging Standardized Modular, Secure and Affordable Software Toolset in Support of Product Assurance, Quality Assurance and Project Management for the Entire European Space Industry (from Innovative SMEs to Primes and Institutions)

    Science.gov (United States)

    Bennetti, Andrea; Ansari, Salim; Dewhirst, Tori; Catanese, Giuseppe

    2010-08-01

    The development of satellites and ground systems (and the technologies that support them) is complex and demands a great deal of rigor in the management of both the information it relies upon and the information it generates via the performance of well established processes. To this extent for the past fifteen years Sapienza Consulting has been supporting the European Space Agency (ESA) in the management of this information and provided ESA with ECSS (European Cooperation for Space Standardization) Standards based Project Management (PM), Product Assurance (PA) and Quality Assurance (QA) software applications. In 2009 Sapienza recognised the need to modernize, standardizing and integrate its core ECSS-based software tools into a single yet modularised suite of applications named ECLIPSE aimed at: • Fulfilling a wider range of historical and emerging requirements, • Providing a better experience for users, • Increasing the value of the information it collects and manages • Lowering the cost of ownership and operation • Increasing collaboration within and between space sector organizations • Aiding in the performance of several PM, PA, QA, and configuration management tasks in adherence to ECSS standards. In this paper, Sapienza will first present the toolset, and a rationale for its development, describing and justifying its architecture, and basic modules composition. Having defined the toolset architecture, this paper will address the current status of the individual applications. A compliance assessment will be presented for each module in the toolset with respect to the ECSS standard it addresses. Lastly experience from early industry and Institutional users will be presented.

  15. 77 FR 59030 - Self-Regulatory Organizations; BATS Exchange, Inc.; Order Granting Approval of Proposed Rule...

    Science.gov (United States)

    2012-09-25

    ... (collectively, ``Derivative Securities Products'') \\5\\ when applying the quantitative generic listing criteria... or other Derivative Securities Products. \\4\\ The Exchange notes that NYSE Arca uses the term...\\ Rule 14.11 includes criteria for derivative securities that may be listed or traded on the Exchange...

  16. 78 FR 21046 - Amendment to Rule Filing Requirements for Dually-Registered Clearing Agencies

    Science.gov (United States)

    2013-04-09

    ... clearing operations of a Registered Clearing Agency and are not linked to securities clearing operations...: (A) does not adversely affect the safeguarding of securities or funds in the custody or control of...)(ii) to designate proposed rule changes concerning the agency's security futures operations as taking...

  17. The importance of trust in computer security

    DEFF Research Database (Denmark)

    Jensen, Christian D.

    2014-01-01

    The computer security community has traditionally regarded security as a “hard” property that can be modelled and formally proven under certain simplifying assumptions. Traditional security technologies assume that computer users are either malicious, e.g. hackers or spies, or benevolent, competent...... and well informed about the security policies. Over the past two decades, however, computing has proliferated into all aspects of modern society and the spread of malicious software (malware) like worms, viruses and botnets have become an increasing threat. This development indicates a failure in some...... of the fundamental assumptions that underpin existing computer security technologies and that a new view of computer security is long overdue. In this paper, we examine traditionalmodels, policies and mechanisms of computer security in order to identify areas where the fundamental assumptions may fail. In particular...

  18. DIRAC Security

    CERN Document Server

    Casajús Ramo, A

    2006-01-01

    DIRAC is the LHCb Workload and Data Management System. Based on a service-oriented architecture, it enables generic distributed computing with lightweight Agents and Clients for job execution and data transfers. DIRAC implements a client-server architecture exposing server methods through XML Remote Procedure Call (XML-RPC) protocol. DIRAC is mostly coded in python. DIRAC security infrastructure has been designed to be a completely generic XML-RPC transport over a SSL tunnel. This new security layer is able to handle standard X509 certificates as well as grid-proxies to authenticate both sides of the connection. Serve and client authentication relies over OpenSSL and py-Open SSL, but to be able to handle grid proxies some modifications have been added to those libraries. DIRAC security infrastructure handles authorization and authorization as well as provides extended capabilities like secure connection tunneling and file transfer. Using this new security infrastructure all LHCb users can safely make use o...

  19. Computer Security: professionalism in security, too

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    At CERN, we apply a great deal of dedication and professionalism to all the work we do. This is necessary because of the complexity and sophistication of the devices we deal with. However, when it comes to computer security, we can all agree that there is room for improvement.   In some cases, we’ve observed devices that are connected to our Intranet networks without the adequate level of protection. Also, in order to allow it to be disseminated easily with peers, information is often disclosed on public webpages, sometimes without appropriate consideration of important security-related aspects. Program code is lost due to a lack of proper version control or the use of central storage systems. Systems are brought down by “finger trouble”, confusing the right and wrong IP addresses. Software or system development is done directly on production devices, impinging on their proper operation up to the point where the system grinds to a halt. Applications full of useful fe...

  20. Technical rules in law

    Energy Technology Data Exchange (ETDEWEB)

    Debelius, J

    1978-08-01

    An important source of knowledge for technical experts is the state of the art reflected by catalogues of technical rules. Technical rules may also achieve importance in law due to a legal transformation standard. Here, rigid and flexible reference are controversial with regard to their admissibility from the point of view of constitutional law. In case of a divergence from the generally accepted technical rules, it is assumed - refutably - that the necessary care had not been taken. Technical rules are one out of several sources of information; they have no normative effect. This may result in a duty of anyone applying them to review the state of technology himself.

  1. Technical rules in law

    International Nuclear Information System (INIS)

    Debelius, J.

    1978-01-01

    An important source of knowledge for technical experts is the state of the art reflected by catalogues of technical rules. Technical rules may also achieve importance in law due to a legal transformation standard. Here, rigid and flexible reference are controversial with regard to their admissibility from the point of view of constitutional law. In case of a divergence from the generally accepted technical rules, it is assumed - refutably - that the necessary care had not been taken. Technical rules are one out of several sources of information; they have no normative effect. This may result in a duty of anyone applying them to review the state of technology himself. (orig.) [de

  2. CLOUD COMPUTING SECURITY

    Directory of Open Access Journals (Sweden)

    Ştefan IOVAN

    2016-05-01

    Full Text Available Cloud computing reprentes the software applications offered as a service online, but also the software and hardware components from the data center.In the case of wide offerd services for any type of client, we are dealing with a public cloud. In the other case, in wich a cloud is exclusively available for an organization and is not available to the open public, this is consider a private cloud [1]. There is also a third type, called hibrid in which case an user or an organization might use both services available in the public and private cloud. One of the main challenges of cloud computing are to build the trust and ofer information privacy in every aspect of service offerd by cloud computingle. The variety of existing standards, just like the lack of clarity in sustenability certificationis not a real help in building trust. Also appear some questions marks regarding the efficiency of traditionsecurity means that are applied in the cloud domain. Beside the economic and technology advantages offered by cloud, also are some advantages in security area if the information is migrated to cloud. Shared resources available in cloud includes the survey, use of the "best practices" and technology for advance security level, above all the solutions offered by the majority of medium and small businesses, big companies and even some guvermental organizations [2].

  3. Ensuring Software IP Cleanliness

    Directory of Open Access Journals (Sweden)

    Mahshad Koohgoli

    2007-12-01

    Full Text Available At many points in the life of a software enterprise, determination of intellectual property (IP cleanliness becomes critical. The value of an enterprise that develops and sells software may depend on how clean the software is from the IP perspective. This article examines various methods of ensuring software IP cleanliness and discusses some of the benefits and shortcomings of current solutions.

  4. Commercial Literacy Software.

    Science.gov (United States)

    Balajthy, Ernest

    1997-01-01

    Presents the first year's results of a continuing project to monitor the availability of software of relevance for literacy education purposes. Concludes there is an enormous amount of software available for use by teachers of reading and literacy--whereas drill-and-practice software is the largest category of software available, large numbers of…

  5. Ensuring Software IP Cleanliness

    OpenAIRE

    Mahshad Koohgoli; Richard Mayer

    2007-01-01

    At many points in the life of a software enterprise, determination of intellectual property (IP) cleanliness becomes critical. The value of an enterprise that develops and sells software may depend on how clean the software is from the IP perspective. This article examines various methods of ensuring software IP cleanliness and discusses some of the benefits and shortcomings of current solutions.

  6. Statistical Software Engineering

    Science.gov (United States)

    1998-04-13

    multiversion software subject to coincident errors. IEEE Trans. Software Eng. SE-11:1511-1517. Eckhardt, D.E., A.K Caglayan, J.C. Knight, L.D. Lee, D.F...J.C. and N.G. Leveson. 1986. Experimental evaluation of the assumption of independence in multiversion software. IEEE Trans. Software

  7. Agile Software Development

    Science.gov (United States)

    Biju, Soly Mathew

    2008-01-01

    Many software development firms are now adopting the agile software development method. This method involves the customer at every level of software development, thus reducing the impact of change in the requirement at a later stage. In this article, the principles of the agile method for software development are explored and there is a focus on…

  8. Improving Software Developer's Competence

    DEFF Research Database (Denmark)

    Abrahamsson, Pekka; Kautz, Karlheinz; Sieppi, Heikki

    2002-01-01

    Emerging agile software development methods are people oriented development approaches to be used by the software industry. The personal software process (PSP) is an accepted method for improving the capabilities of a single software engineer. Five original hypotheses regarding the impact...

  9. Software - Naval Oceanography Portal

    Science.gov (United States)

    are here: Home › USNO › Earth Orientation › Software USNO Logo USNO Navigation Earth Orientation Products GPS-based Products VLBI-based Products EO Information Center Publications about Products Software Search databases Auxiliary Software Supporting Software Form Folder Earth Orientation Matrix Calculator

  10. Software Engineering Education Directory

    Science.gov (United States)

    1990-04-01

    and Engineering (CMSC 735) Codes: GPEV2 * Textiooks: IEEE Tutoria on Models and Metrics for Software Management and Engameeing by Basi, Victor R...Software Engineering (Comp 227) Codes: GPRY5 Textbooks: IEEE Tutoria on Software Design Techniques by Freeman, Peter and Wasserman, Anthony 1. Software

  11. 75 FR 75207 - Regulation SBSR-Reporting and Dissemination of Security-Based Swap Information

    Science.gov (United States)

    2010-12-02

    ... Dissemination of Security-Based Swap Information; Proposed Rule #0;#0;Federal Register / Vol. 75 , No. 231... Dissemination of Security-Based Swap Information AGENCY: Securities and Exchange Commission. ACTION: Proposed... SBSR--Reporting and Dissemination of Security-Based Swap Information (``Regulation SBSR'') under the...

  12. 78 FR 46622 - Application of Topaz Exchange, LLC for Registration as a National Securities Exchange; Findings...

    Science.gov (United States)

    2013-08-01

    ... Exchange, LLC for Registration as a National Securities Exchange; Findings, Opinion, and Order of the... Registration as a National Securities Exchange (``Form 1 Application'') \\1\\ under Section 6 of the Securities... substantive, are consistent with the existing rules of other registered national securities exchanges, or are...

  13. Great software debates

    CERN Document Server

    Davis, A

    2004-01-01

    The industry’s most outspoken and insightful critic explains how the software industry REALLY works. In Great Software Debates, Al Davis, shares what he has learned about the difference between the theory and the realities of business and encourages you to question and think about software engineering in ways that will help you succeed where others fail. In short, provocative essays, Davis fearlessly reveals the truth about process improvement, productivity, software quality, metrics, agile development, requirements documentation, modeling, software marketing and sales, empiricism, start-up financing, software research, requirements triage, software estimation, and entrepreneurship.

  14. A Container-based Trusted Multi-level Security Mechanism

    Directory of Open Access Journals (Sweden)

    Li Xiao-Yong

    2017-01-01

    Full Text Available Multi-level security mechanism has been widely applied in the military, government, defense and other domains in which information is required to be divided by security-level. Through this type of security mechanism, users at different security levels are provided with information at corresponding security levels. Traditional multi-level security mechanism which depends on the safety of operating system finally proved to be not practical. We propose a container-based trusted multi-level security mechanism in this paper to improve the applicability of the multi-level mechanism. It guarantees multi-level security of the system through a set of multi-level security policy rules and trusted techniques. The technical feasibility and application scenarios are also discussed. The ease of realization, strong practical significance and low cost of our method will largely expand the application of multi-level security mechanism in real life.

  15. Security of M-Commerce transactions

    Directory of Open Access Journals (Sweden)

    Ion IVAN

    2013-07-01

    Full Text Available In this material electronic market are defined. How they are structured. Security in E-Commerce applications is very important both at the administrative level and from the user perspective. The new trend in the field is the M-commerce that involves making purchases through mobile devices. And for M-commerce transactions the security is a very important thing. Here's how to analyze the security of M-commerce transactions and ways to increase security for these transactions taking into account the organization of M-Commerce applications, software used, hardware used and other important issues in the development of these applications.

  16. Views on Software Testability

    OpenAIRE

    Shimeall, Timothy; Friedman, Michael; Chilenski, John; Voas, Jeffrey

    1994-01-01

    The field of testability is an active, well-established part of engineering of modern computer systems. However, only recently have technologies for software testability began to be developed. These technologies focus on accessing the aspects of software that improve or depreciate the ease of testing. As both the size of implemented software and the amount of effort required to test that software increase, so will the important of software testability technologies in influencing the softwa...

  17. Agile software assessment

    OpenAIRE

    Nierstrasz Oscar; Lungu Mircea

    2012-01-01

    Informed decision making is a critical activity in software development but it is poorly supported by common development environments which focus mainly on low level programming tasks. We posit the need for agile software assessment which aims to support decision making by enabling rapid and effective construction of software models and custom analyses. Agile software assessment entails gathering and exploiting the broader context of software information related to the system at hand as well ...

  18. Software component quality evaluation

    Science.gov (United States)

    Clough, A. J.

    1991-01-01

    The paper describes a software inspection process that can be used to evaluate the quality of software components. Quality criteria, process application, independent testing of the process and proposed associated tool support are covered. Early results indicate that this technique is well suited for assessing software component quality in a standardized fashion. With automated machine assistance to facilitate both the evaluation and selection of software components, such a technique should promote effective reuse of software components.

  19. Strategy as simple rules.

    Science.gov (United States)

    Eisenhardt, K M; Sull, D N

    2001-01-01

    The success of Yahoo!, eBay, Enron, and other companies that have become adept at morphing to meet the demands of changing markets can't be explained using traditional thinking about competitive strategy. These companies have succeeded by pursuing constantly evolving strategies in market spaces that were considered unattractive according to traditional measures. In this article--the third in an HBR series by Kathleen Eisenhardt and Donald Sull on strategy in the new economy--the authors ask, what are the sources of competitive advantage in high-velocity markets? The secret, they say, is strategy as simple rules. The companies know that the greatest opportunities for competitive advantage lie in market confusion, but they recognize the need for a few crucial strategic processes and a few simple rules. In traditional strategy, advantage comes from exploiting resources or stable market positions. In strategy as simple rules, advantage comes from successfully seizing fleeting opportunities. Key strategic processes, such as product innovation, partnering, or spinout creation, place the company where the flow of opportunities is greatest. Simple rules then provide the guidelines within which managers can pursue such opportunities. Simple rules, which grow out of experience, fall into five broad categories: how- to rules, boundary conditions, priority rules, timing rules, and exit rules. Companies with simple-rules strategies must follow the rules religiously and avoid the temptation to change them too frequently. A consistent strategy helps managers sort through opportunities and gain short-term advantage by exploiting the attractive ones. In stable markets, managers rely on complicated strategies built on detailed predictions of the future. But when business is complicated, strategy should be simple.

  20. Rules, culture, and fitness.

    Science.gov (United States)

    Baum, W M

    1995-01-01

    Behavior analysis risks intellectual isolation unless it integrates its explanations with evolutionary theory. Rule-governed behavior is an example of a topic that requires an evolutionary perspective for a full understanding. A rule may be defined as a verbal discriminative stimulus produced by the behavior of a speaker under the stimulus control of a long-term contingency between the behavior and fitness. As a discriminative stimulus, the rule strengthens listener behavior that is reinforced in the short run by socially mediated contingencies, but which also enters into the long-term contingency that enhances the listener's fitness. The long-term contingency constitutes the global context for the speaker's giving the rule. When a rule is said to be "internalized," the listener's behavior has switched from short- to long-term control. The fitness-enhancing consequences of long-term contingencies are health, resources, relationships, or reproduction. This view ties rules both to evolutionary theory and to culture. Stating a rule is a cultural practice. The practice strengthens, with short-term reinforcement, behavior that usually enhances fitness in the long run. The practice evolves because of its effect on fitness. The standard definition of a rule as a verbal statement that points to a contingency fails to distinguish between a rule and a bargain ("If you'll do X, then I'll do Y"), which signifies only a single short-term contingency that provides mutual reinforcement for speaker and listener. In contrast, the giving and following of a rule ("Dress warmly; it's cold outside") can be understood only by reference also to a contingency providing long-term enhancement of the listener's fitness or the fitness of the listener's genes. Such a perspective may change the way both behavior analysts and evolutionary biologists think about rule-governed behavior.

  1. Modeling Security Aspects of Network

    Science.gov (United States)

    Schoch, Elmar

    With more and more widespread usage of computer systems and networks, dependability becomes a paramount requirement. Dependability typically denotes tolerance or protection against all kinds of failures, errors and faults. Sources of failures can basically be accidental, e.g., in case of hardware errors or software bugs, or intentional due to some kind of malicious behavior. These intentional, malicious actions are subject of security. A more complete overview on the relations between dependability and security can be found in [31]. In parallel to the increased use of technology, misuse also has grown significantly, requiring measures to deal with it.

  2. Methods and Software for Building Bibliographic Data Bases.

    Science.gov (United States)

    Daehn, Ralph M.

    1985-01-01

    This in-depth look at database management systems (DBMS) for microcomputers covers data entry, information retrieval, security, DBMS software and design, and downloading of literature search results. The advantages of in-house systems versus online search vendors are discussed, and specifications of three software packages and 14 sources are…

  3. WPSS: watching people security services

    Science.gov (United States)

    Bouma, Henri; Baan, Jan; Borsboom, Sander; van Zon, Kasper; Luo, Xinghan; Loke, Ben; Stoeller, Bram; van Kuilenburg, Hans; Dijk, Judith

    2013-10-01

    To improve security, the number of surveillance cameras is rapidly increasing. However, the number of human operators remains limited and only a selection of the video streams are observed. Intelligent software services can help to find people quickly, evaluate their behavior and show the most relevant and deviant patterns. We present a software platform that contributes to the retrieval and observation of humans and to the analysis of their behavior. The platform consists of mono- and stereo-camera tracking, re-identification, behavioral feature computation, track analysis, behavior interpretation and visualization. This system is demonstrated in a busy shopping mall with multiple cameras and different lighting conditions.

  4. Bureaucracy, Safety and Software: a Potentially Lethal Cocktail

    Science.gov (United States)

    Hatton, Les

    This position paper identifies a potential problem with the evolution of software controlled safety critical systems. It observes that the rapid growth of bureaucracy in society quickly spills over into rules for behaviour. Whether the need for the rules comes first or there is simple anticipation of the need for a rule by a bureaucrat is unclear in many cases. Many such rules lead to draconian restrictions and often make the existing situation worse due to the presence of unintended consequences as will be shown with a number of examples.

  5. Prototype implementation of segment assembling software

    Directory of Open Access Journals (Sweden)

    Pešić Đorđe

    2018-01-01

    Full Text Available IT education is very important and a lot of effort is put into the development of tools for helping students to acquire programming knowledge and for helping teachers in automating the examination process. This paper describes a prototype of the program segment assembling software used in the context of making tests in the field of algorithmic complexity. The proposed new program segment assembling model uses rules and templates. A template is a simple program segment. A rule defines combining method and data dependencies if they exist. One example of program segment assembling by the proposed system is given. Graphical user interface is also described.

  6. Binary effectivity rules

    DEFF Research Database (Denmark)

    Keiding, Hans; Peleg, Bezalel

    2006-01-01

    is binary if it is rationalized by an acyclic binary relation. The foregoing result motivates our definition of a binary effectivity rule as the effectivity rule of some binary SCR. A binary SCR is regular if it satisfies unanimity, monotonicity, and independence of infeasible alternatives. A binary...

  7. Delayed rule following.

    Science.gov (United States)

    Schmitt, D R

    2001-01-01

    Although the elements of a fully stated rule (discriminative stimulus [S(D)], some behavior, and a consequence) can occur nearly contemporaneously with the statement of the rule, there is often a delay between the rule statement and the S(D). The effects of this delay on rule following have not been studied in behavior analysis, but they have been investigated in rule-like settings in the areas of prospective memory (remembering to do something in the future) and goal pursuit. Discriminative events for some behavior can be event based (a specific setting stimulus) or time based. The latter are more demanding with respect to intention following and show age-related deficits. Studies suggest that the specificity with which the components of a rule (termed intention) are stated has a substantial effect on intention following, with more detailed specifications increasing following. Reminders of an intention, too, are most effective when they refer specifically to both the behavior and its occasion. Covert review and written notes are two effective strategies for remembering everyday intentions, but people who use notes appear not to be able to switch quickly to covert review. By focusing on aspects of the setting and rule structure, research on prospective memory and goal pursuit expands the agenda for a more complete explanation of rule effects.

  8. "Chaos Rules" Revisited

    Science.gov (United States)

    Murphy, David

    2011-01-01

    About 20 years ago, while lost in the midst of his PhD research, the author mused over proposed titles for his thesis. He was pretty pleased with himself when he came up with "Chaos Rules" (the implied double meaning was deliberate), or more completely, "Chaos Rules: An Exploration of the Work of Instructional Designers in Distance Education." He…

  9. Information Security

    NARCIS (Netherlands)

    Hartel, Pieter H.; Suryana Herman, Nanna; Leukfeldt, E.R.; Stol, W.Ph.

    2012-01-01

    Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is

  10. Food security

    NARCIS (Netherlands)

    Ridder, M. de

    2011-01-01

    Food security is back on the agenda as a top priority for policy makers. In January 2011, record high food prices resulted in protests in Tunisia, which subsequently led to the spread of the revolutions in other North African and Middle Eastern countries. Although experts have asserted that no

  11. Software Quality Assurance Metrics

    Science.gov (United States)

    McRae, Kalindra A.

    2004-01-01

    Software Quality Assurance (SQA) is a planned and systematic set of activities that ensures conformance of software life cycle processes and products conform to requirements, standards and procedures. In software development, software quality means meeting requirements and a degree of excellence and refinement of a project or product. Software Quality is a set of attributes of a software product by which its quality is described and evaluated. The set of attributes includes functionality, reliability, usability, efficiency, maintainability, and portability. Software Metrics help us understand the technical process that is used to develop a product. The process is measured to improve it and the product is measured to increase quality throughout the life cycle of software. Software Metrics are measurements of the quality of software. Software is measured to indicate the quality of the product, to assess the productivity of the people who produce the product, to assess the benefits derived from new software engineering methods and tools, to form a baseline for estimation, and to help justify requests for new tools or additional training. Any part of the software development can be measured. If Software Metrics are implemented in software development, it can save time, money, and allow the organization to identify the caused of defects which have the greatest effect on software development. The summer of 2004, I worked with Cynthia Calhoun and Frank Robinson in the Software Assurance/Risk Management department. My task was to research and collect, compile, and analyze SQA Metrics that have been used in other projects that are not currently being used by the SA team and report them to the Software Assurance team to see if any metrics can be implemented in their software assurance life cycle process.

  12. Farmland Tenure Security in China: Influencing Factors of Actual and Perceived Farmland Tenure Security

    Science.gov (United States)

    Ren, Guangcheng; Zhu, Xueqin; Heerink, Nico; van Ierland, Ekko; Feng, Shuyi

    2017-04-01

    Tenure security plays an important role in farm households' investment, land renting and other decisions. Recent literature distinguishes between actual farmland tenure security (i.e. farm households' actual control of farmland) and perceived farmland tenure security (i.e. farm households' subjective understanding of their farmland tenure situation and expectation regarding government enforcement and equality of the law). However little is known on what factors influence the actual and perceived farmland tenure security in rural China. Theoretically, actual farmland tenure security is related to village self-governance as a major informal governance rule in rural China. Both economic efficiency and equity considerations are likely to play a role in the distribution of land and its tenure security. Household perceptions of farmland tenure security depend not only on the actual farmland tenure security in a village, but may also be affected by households' investment in and ability of changing social rules. Our study examines what factors contribute to differences in actual and perceived farmland tenure security between different villages and farm households in different regions of China. Applying probit models to the data collected from 1,485 households in 124 villages in Jiangsu, Jiangxi, Liaoning and Chongqing, we find that development of farmland rental market and degree of self-governance of a village have positive impacts, and development of labour market has a negative effect on actual farmland tenure security. Household perceptions of tenure security depend not only on actual farmland tenure security and on households' investment in and ability of changing social rules, but also on risk preferences of households. This finding has interesting policy implications for future land reforms in rural China.

  13. Electronuclear sum rules

    International Nuclear Information System (INIS)

    Arenhoevel, H.; Drechsel, D.; Weber, H.J.

    1978-01-01

    Generalized sum rules are derived by integrating the electromagnetic structure functions along lines of constant ratio of momentum and energy transfer. For non-relativistic systems these sum rules are related to the conventional photonuclear sum rules by a scaling transformation. The generalized sum rules are connected with the absorptive part of the forward scattering amplitude of virtual photons. The analytic structure of the scattering amplitudes and the possible existence of dispersion relations have been investigated in schematic relativistic and non-relativistic models. While for the non-relativistic case analyticity does not hold, the relativistic scattering amplitude is analytical for time-like (but not for space-like) photons and relations similar to the Gell-Mann-Goldberger-Thirring sum rule exist. (Auth.)

  14. Software Engineering Program: Software Process Improvement Guidebook

    Science.gov (United States)

    1996-01-01

    The purpose of this document is to provide experience-based guidance in implementing a software process improvement program in any NASA software development or maintenance community. This guidebook details how to define, operate, and implement a working software process improvement program. It describes the concept of the software process improvement program and its basic organizational components. It then describes the structure, organization, and operation of the software process improvement program, illustrating all these concepts with specific NASA examples. The information presented in the document is derived from the experiences of several NASA software organizations, including the SEL, the SEAL, and the SORCE. Their experiences reflect many of the elements of software process improvement within NASA. This guidebook presents lessons learned in a form usable by anyone considering establishing a software process improvement program within his or her own environment. This guidebook attempts to balance general and detailed information. It provides material general enough to be usable by NASA organizations whose characteristics do not directly match those of the sources of the information and models presented herein. It also keeps the ideas sufficiently close to the sources of the practical experiences that have generated the models and information.

  15. From Software Development to Software Assembly

    NARCIS (Netherlands)

    Sneed, Harry M.; Verhoef, Chris

    2016-01-01

    The lack of skilled programming personnel and the growing burden of maintaining customized software are forcing organizations to quit producing their own software. It's high time they turned to ready-made, standard components to fulfill their business requirements. Cloud services might be one way to

  16. Air traffic security act unconstitutional

    International Nuclear Information System (INIS)

    Heller, W.

    2006-01-01

    In the interest of more effective protective measures against terrorist attacks, the German federal parliament inter alia added a clause to the Air Traffic Security Act (Sec. 14, Para. 3, Air Traffic Security Act) empowering the armed forces to shoot down aircraft to be used as a weapon against human lives. In Germany, this defense possibility has been discussed also in connection with deliberate crashes of hijacked aircraft on nuclear power plants. The 1 st Division of the German Federal Constitutional Court, in its decision of February 15, 2006, ruled that Sec. 14, Para. 3, Air Traffic Security Act was incompatible with the Basic Law and thus was null and void (file No. 1 BvR 357/05) for two reasons: - There was no legislative authority on the part of the federal government. - The provision was incompatible with the basic right of life and the guarantee of human dignity as enshrined in the Basic Law. (orig.)

  17. Agile Software Development in the Department of Defense Environment

    Science.gov (United States)

    2017-03-31

    traditional project/program life cycle (i.e., waterfall ). In the traditional model , security requirements are not evaluated until development is...2015), which may better facilitate adoption of Agile software development in the DoD. Several models are provided for software-dominant and software...the DoD has historically used a traditional, waterfall approach for acquiring systems and services), and oversight requirements that are

  18. OpenLabs Security Laboratory - The Online Security Experiment Platform

    OpenAIRE

    Johan Zackrisson; Charlie Svahnberg

    2008-01-01

    For experiments to be reproducible, it is important to have a known and controlled environment. This requires isolation from the surroundings. For security experiments, e.g. with hostile software, this is even more important as the experiment can affect the environment in adverse ways. In a normal campus laboratory, isolation can be achieved by network separation. For an online environment, where remote control is essential, separation and isolation are still needed, and therefore the securit...

  19. Securing the Application Layer in eCommerce

    OpenAIRE

    Bala Musa S; Norita Md Norwawi; Mohd Hasan Selamat

    2012-01-01

    As e-commerce transaction is evolving, security is becoming a paramount issue since a great deal of credit cards, fund transfer, web shopping and public retirements are involved. Therefore, an appropriate development process is necessary for such security critical application. Also, handling security issues at early stage of software development is paramount to avoiding vulnerabilities from scaling through production environment unnoticed. This paper proposes a comprehensive security requirem...

  20. Secure electronic commerce communication system based on CA

    Science.gov (United States)

    Chen, Deyun; Zhang, Junfeng; Pei, Shujun

    2001-07-01

    In this paper, we introduce the situation of electronic commercial security, then we analyze the working process and security for SSL protocol. At last, we propose a secure electronic commerce communication system based on CA. The system provide secure services such as encryption, integer, peer authentication and non-repudiation for application layer communication software of browser clients' and web server. The system can implement automatic allocation and united management of key through setting up the CA in the network.