WorldWideScience

Sample records for system security proceedings

  1. Privacy and Security Research Group workshop on network and distributed system security: Proceedings

    Energy Technology Data Exchange (ETDEWEB)

    1993-05-01

    This report contains papers on the following topics: NREN Security Issues: Policies and Technologies; Layer Wars: Protect the Internet with Network Layer Security; Electronic Commission Management; Workflow 2000 - Electronic Document Authorization in Practice; Security Issues of a UNIX PEM Implementation; Implementing Privacy Enhanced Mail on VMS; Distributed Public Key Certificate Management; Protecting the Integrity of Privacy-enhanced Electronic Mail; Practical Authorization in Large Heterogeneous Distributed Systems; Security Issues in the Truffles File System; Issues surrounding the use of Cryptographic Algorithms and Smart Card Applications; Smart Card Augmentation of Kerberos; and An Overview of the Advanced Smart Card Access Control System. Selected papers were processed separately for inclusion in the Energy Science and Technology Database.

  2. 24 CFR 201.51 - Proceeding against the loan security.

    Science.gov (United States)

    2010-04-01

    ....51 Proceeding against the loan security. (a) Property improvement loans. (1) After acceleration of maturity on a secured property improvement loan, the lender may either proceed against the loan security... proceeds against the loan security, it may submit an insurance claim only if it complies with the...

  3. Proceed With Caution China adopts security review system for foreign mergers and acquisitions of domestic companies

    Institute of Scientific and Technical Information of China (English)

    LAN XINZHEN

    2011-01-01

    China's Ministry of Commerce (MOFCOM) recently gave Nestle the nod of approval for the international food giant's acquisition of Yinlu Food Group.A signing ceremony was held on September 8 in Xiamen,southeast China's Fujian Province,where Yinlu is headquartered.This is the first merger and acquisition (M&A) case of a domestic enterprise by a foreign investor since the Provisions on the Safety Review System for M&As of Domestic Enterprises by Foreign Investors came into effect on September 1,2011.Nestle,the largest food and nutrition company in the world,has been accelerating its development in the Chinese market in recent years.On April 18,2011,it announced plans to purchase a 60-percent stake in Yinlu,a family-owned food maker with sales of 5.46billion yuan ($854 million) in 2010.The deal was submitted to MOFCOM's for anti-monopoly review on May 24 and was approved after a three-month review period.In July,the food conglomerate said it would buy a 60-percent stake in leading Chinese confectioner Hsu Fu Chi International.MOFCOM's approval of the deal is still pending.

  4. Security system

    Science.gov (United States)

    Baumann, Mark J.; Kuca, Michal; Aragon, Mona L.

    2016-02-02

    A security system includes a structure having a structural surface. The structure is sized to contain an asset therein and configured to provide a forceful breaching delay. The structure has an opening formed therein to permit predetermined access to the asset contained within the structure. The structure includes intrusion detection features within or associated with the structure that are activated in response to at least a partial breach of the structure.

  5. Proceedings of the 1989 Carnahan conference on security technology

    International Nuclear Information System (INIS)

    DeVore, R.W.

    1989-01-01

    This book contains the proceedings of the 1989 Carnahan conference on security technology and crime countermeasures. Topics covered include: study of methods for the enhancement of classified document control and protection; research and development of a portable microfocus x-ray system capable of providing ultra-high resolution images of improvised explosive devices; and BombCAD - a CAD-based technique for assessing bomb vulnerability and designing and evaluating bomb defense measures

  6. INFORMATION SYSTEM SECURITY (CYBER SECURITY

    Directory of Open Access Journals (Sweden)

    Muhammad Siddique Ansari

    2016-03-01

    Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers

  7. Information Systems Security Audit

    OpenAIRE

    Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

    2007-01-01

    The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  8. Proceedings and Presentations from the 2015 Homeland Security Education Summit

    OpenAIRE

    2015-01-01

    Proceedings: 9th Annual Homeland Defense and Security Education Summit The 9th Annual Homeland Defense and Security Education Summit was held on September 25-26, 2015 at the Hyatt Regency Hotel in Orlando Florida. The theme of the event was Evolving Homeland Security…

  9. Proceedings of The 13. Nordic Workshop on Secure IT Systems, NordSec 2008, Kongens Lyngby Oct 9-10, 2008

    DEFF Research Database (Denmark)

    in Security and Mobile Computing “NordSecMob”, and a meeting of the FIRST research school. We received a total of 39 submissions in response to the call for papers, and the programme committee selected 17 of these for presentation at the workshop—one short paper, which is not included in the proceedings......, and 16 research papers. It was a pleasure for us to work with the program committee, and we want to thank both them and the additional reviewers. Beside the submitted contributions we invited Audun Jøsang, University of Oslo, and Michael Huth, Imperial College London, to speak at the workshop. Abstracts...

  10. Operating System Security

    CERN Document Server

    Jaeger, Trent

    2008-01-01

    Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build "secure" operating systems - operating systems whose mechanisms protect the system against a motivated adversary. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems. In this book, we examine past research that outlines the requirements for a secure operating system and research that implements example systems that aim for such requirements. For system designs that aimed to

  11. National Computer Security Conference Proceedings (12th): Information Systems Security: Solutions for Today - Concepts for Tomorrow Held in Baltimore, Maryland on 10-13 October 1989

    Science.gov (United States)

    1989-10-13

    ACCRED 1 TAT I ONN MIANAG3EMENT I NVENTORY l’RODU I’S SYSTEMIS VUL.NERAB I L I TY TEMPEST SYSTEMS 462 Autoniating the procedure could also reduce user...Energy’s risk assessment needs. While it should be noted that the concept must be customized to an organization’s " culture ," way of doing business, etc., it...the worksheets. Data sets provided in the resource tables are customized to suit the needs and " culture " of the organization. The concept also allows

  12. Security of Dependable Systems

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Security and dependability are crucial for designing trustworthy systems. The approach “security as an add-on” is not satisfactory, yet the integration of security in the development process is still an open problem. Especially, a common framework for specifying dependability and security is very...... much needed. There are many pressing challenges however; here, we address some of them. Firstly, security for dependable systems is a broad concept and traditional view of security, e.g., in terms of confidentiality, integrity and availability, does not suffice. Secondly, a clear definition of security...... in the dependability context is not agreed upon. Thirdly, security attacks cannot be modeled as a stochastic process, because the adversary’s strategy is often carefully planned. In this chapter, we explore these challenges and provide some directions toward their solutions....

  13. Energy systems security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Energy Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to electricity transmission grids and their protection, risk assessment of energy systems, analysis of interdependent energy networks. Methods to manage electricity transmission disturbances so as to avoid blackouts are discussed, and self-healing energy system and a nano-enabled power source are presented.

  14. Computer Security Systems Enable Access.

    Science.gov (United States)

    Riggen, Gary

    1989-01-01

    A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

  15. Integrated security system definition

    International Nuclear Information System (INIS)

    Campbell, G.K.; Hall, J.R. II

    1985-01-01

    The objectives of an integrated security system are to detect intruders and unauthorized activities with a high degree of reliability and the to deter and delay them until effective response/engagement can be accomplished. Definition of an effective integrated security system requires proper application of a system engineering methodology. This paper summarizes a methodology and describes its application to the problem of integrated security system definition. This process includes requirements identification and analysis, allocation of identified system requirements to the subsystem level and provides a basis for identification of synergistic subsystem elements and for synthesis into an integrated system. The paper discusses how this is accomplished, emphasizing at each step how system integration and subsystem synergism is considered. The paper concludes with the product of the process: implementation of an integrated security system

  16. Network systems security analysis

    Science.gov (United States)

    Yilmaz, Ä.°smail

    2015-05-01

    Network Systems Security Analysis has utmost importance in today's world. Many companies, like banks which give priority to data management, test their own data security systems with "Penetration Tests" by time to time. In this context, companies must also test their own network/server systems and take precautions, as the data security draws attention. Based on this idea, the study cyber-attacks are researched throughoutly and Penetration Test technics are examined. With these information on, classification is made for the cyber-attacks and later network systems' security is tested systematically. After the testing period, all data is reported and filed for future reference. Consequently, it is found out that human beings are the weakest circle of the chain and simple mistakes may unintentionally cause huge problems. Thus, it is clear that some precautions must be taken to avoid such threats like updating the security software.

  17. Systems Security Engineering

    Science.gov (United States)

    2010-08-22

    environment that contains network- borne cybersecurity threats, an argument may be made that the firewall increases overall system functionality by reserving...the number of administered devices. This approach to security analysis is at once old and new. In the early days of eCommerce , security

  18. Security System Software

    Science.gov (United States)

    1993-01-01

    C Language Integration Production System (CLIPS), a NASA-developed expert systems program, has enabled a security systems manufacturer to design a new generation of hardware. C.CURESystem 1 Plus, manufactured by Software House, is a software based system that is used with a variety of access control hardware at installations around the world. Users can manage large amounts of information, solve unique security problems and control entry and time scheduling. CLIPS acts as an information management tool when accessed by C.CURESystem 1 Plus. It asks questions about the hardware and when given the answer, recommends possible quick solutions by non-expert persons.

  19. Security systems engineering overview

    International Nuclear Information System (INIS)

    Steele, B.J.

    1996-01-01

    Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at $70 billion in direct costs and up to $300 billion in indirect costs. Health insurance fraud alone is estimated to cost American businesses $100 billion. Theft, warranty fraud, and counterfeiting of computer hardware totaled $3 billion in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies (counterfeit currency, cellular phone billing, credit card fraud, health care fraud, passport, green cards, and questionable documents); industrial espionage detection and prevention (intellectual property, computer chips, etc.); and security barrier technology (creation of delay such as gates, vaults, etc.)

  20. Security systems engineering overview

    Science.gov (United States)

    Steele, Basil J.

    1997-01-01

    Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at 70 billion dollars in direct costs and up to 300 billion dollars in indirect costs. Health insurance fraud alone is estimated to cost American businesses 100 billion dollars. Theft, warranty fraud, and counterfeiting of computer hardware totaled 3 billion dollars in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies; industrial espionage detection and prevention; security barrier technology.

  1. Intelligent autonomous systems 12. Vol. 2. Proceedings

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Sukhan [Sungkyunkwan Univ., Gyeonggi-Do (Korea, Republic of). College of Information and Communication Engineering; Yoon, Kwang-Joon [Konkuk Univ., Seoul (Korea, Republic of); Cho, Hyungsuck [Daegu Gyeongbuk Institute of Science and Technology, Daegu (Korea, Republic of); Lee, Jangmyung (eds.) [Pusan National Univ. (Korea, Republic of). Dept. of Electronics Engineering

    2013-02-01

    Recent research in Intelligent and Autonomous Systems. Volume 2 of the proceedings of the 12th International Conference IAS-12, held June 26-29, 2012, jeju Island, Korea. Written by leading experts in the field. Intelligent autonomous systems are emerged as a key enabler for the creation of a new paradigm of services to humankind, as seen by the recent advancement of autonomous cars licensed for driving in our streets, of unmanned aerial and underwater vehicles carrying out hazardous tasks on-site, and of space robots engaged in scientific as well as operational missions, to list only a few. This book aims at serving the researchers and practitioners in related fields with a timely dissemination of the recent progress on intelligent autonomous systems, based on a collection of papers presented at the 12th International Conference on Intelligent Autonomous Systems, held in Jeju, Korea, June 26-29, 2012. With the theme of ''Intelligence and Autonomy for the Service to Humankind, the conference has covered such diverse areas as autonomous ground, aerial, and underwater vehicles, intelligent transportation systems, personal/domestic service robots, professional service robots for surgery/rehabilitation, rescue/security and space applications, and intelligent autonomous systems for manufacturing and healthcare. This volume 2 includes contributions devoted to Service Robotics and Human-Robot Interaction and Autonomous Multi-Agent Systems and Life Engineering.

  2. Coal Mines Security System

    OpenAIRE

    Ankita Guhe; Shruti Deshmukh; Bhagyashree Borekar; Apoorva Kailaswar; Milind E.Rane

    2012-01-01

    Geological circumstances of mine seem to be extremely complicated and there are many hidden troubles. Coal is wrongly lifted by the musclemen from coal stocks, coal washeries, coal transfer and loading points and also in the transport routes by malfunctioning the weighing of trucks. CIL —Coal India Ltd is under the control of mafia and a large number of irregularities can be contributed to coal mafia. An Intelligent Coal Mine Security System using data acquisition method utilizes sensor, auto...

  3. Cyberspace security system

    Science.gov (United States)

    Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

    2014-06-24

    A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

  4. Security Information System Digital Simulation

    OpenAIRE

    Tao Kuang; Shanhong Zhu

    2015-01-01

    The study built a simulation model for the study of food security information system relay protection. MATLAB-based simulation technology can support the analysis and design of food security information systems. As an example, the food security information system fault simulation, zero-sequence current protection simulation and transformer differential protection simulation are presented in this study. The case studies show that the simulation of food security information system relay protect...

  5. System Security Management in SNMP

    OpenAIRE

    P. Deivendran; Dr. R. Dhanapal Ph.D

    2010-01-01

    We present a framework for managing system security, based on a SNMP Management Information Base (MIB), namely the System Security MIB (SSEC MIB), We have defined managed objects and completed the ASN.1 description of the MIB that embeds them. The related security management functions are mainly focused on monitoring external script execution for system security scanning and access control. The main goal of this work is to introduce the semantics and a standard interface that will allow the r...

  6. Security system signal supervision

    International Nuclear Information System (INIS)

    Chritton, M.R.; Matter, J.C.

    1991-09-01

    This purpose of this NUREG is to present technical information that should be useful to NRC licensees for understanding and applying line supervision techniques to security communication links. A review of security communication links is followed by detailed discussions of link physical protection and DC/AC static supervision and dynamic supervision techniques. Material is also presented on security for atmospheric transmission and video line supervision. A glossary of security communication line supervision terms is appended. 16 figs

  7. Teaching RFID Information Systems Security

    Science.gov (United States)

    Thompson, Dale R.; Di, Jia; Daugherty, Michael K.

    2014-01-01

    The future cyber security workforce needs radio frequency identification (RFID) information systems security (INFOSEC) and threat modeling educational materials. A complete RFID security course with new learning materials and teaching strategies is presented here. A new RFID Reference Model is used in the course to organize discussion of RFID,…

  8. SECURING DIGITIZED LIBRARY CIRCULATORY SYSTEM

    African Journals Online (AJOL)

    user

    The widespread application of the developed system on smart library circulation .... database management system; [9] through securing .... system running on a Windows 8 Operating system .... mini library for their support, advice and unlimited.

  9. Army Secure Operating System: Information Security for Real Time Systems

    National Research Council Canada - National Science Library

    Anderson, Eric

    1984-01-01

    The Army Secure Operating System (ASOS) project, under the management of the U.S. Army CECOM organization, will provide real time systems software necessary for fielding modern Battlefield Automation Systems...

  10. Audit for Information Systems Security

    Directory of Open Access Journals (Sweden)

    Ana-Maria SUDUC

    2010-01-01

    Full Text Available The information and communication technologies advances made available enormous and vast amounts of information. This availability generates also significant risks to computer systems, information and to the critical operations and infrastructures they support. In spite of significant advances in the information security area many information systems are still vulnerable to inside or outside attacks. The existence of an internal audit for information system security increases the probability of adopting adequate security measures and preventing these attacks or lowering the negative consequences. The paper presents an exploratory study on informatics audit for information systems security.

  11. Security infrastructures: towards the INDECT system security

    OpenAIRE

    Stoianov, Nikolai; Urueña, Manuel; Niemiec, Marcin; Machník, Petr; Maestro, Gema

    2012-01-01

    This paper provides an overview of the security infrastructures being deployed inside the INDECT project. These security infrastructures can be organized in five main areas: Public Key Infrastructure, Communication security, Cryptography security, Application security and Access control, based on certificates and smartcards. This paper presents the new ideas and deployed testbeds for these five areas. In particular, it explains the hierarchical architecture of the INDECT PKI...

  12. Secure integrated circuits and systems

    CERN Document Server

    Verbauwhede, Ingrid MR

    2010-01-01

    On any advanced integrated circuit or 'system-on-chip' there is a need for security. In many applications the actual implementation has become the weakest link in security rather than the algorithms or protocols. The purpose of the book is to give the integrated circuits and systems designer an insight into the basics of security and cryptography from the implementation point of view. As a designer of integrated circuits and systems it is important to know both the state-of-the-art attacks as well as the countermeasures. Optimizing for security is different from optimizations for speed, area,

  13. Developing Scalable Information Security Systems

    Directory of Open Access Journals (Sweden)

    Valery Konstantinovich Ablekov

    2013-06-01

    Full Text Available Existing physical security systems has wide range of lacks, including: high cost, a large number of vulnerabilities, problems of modification and support system. This paper covers an actual problem of developing systems without this list of drawbacks. The paper presents the architecture of the information security system, which operates through the network protocol TCP/IP, including the ability to connect different types of devices and integration with existing security systems. The main advantage is a significant increase in system reliability, scalability, both vertically and horizontally, with minimal cost of both financial and time resources.

  14. On Building Secure Communication Systems

    DEFF Research Database (Denmark)

    Carvalho Quaresma, Jose Nuno

    This thesis presents the Guided System Development (GSD) framework, which aims at supporting the development of secure communication systems. A communication system is specified in a language similar to the Alice and Bob notation, a simple and intuitive language used to describe the global...... the verification and implementation of the system. The translation is semi-automatic because the developer has the option of choosing which implementation to use in order to achieve the specified security requirements. The implementation options are given by plugins defined in the framework. The framework......’s flexibility allows for the addition of constructs that model new security properties as well as new plugins that implement the security properties. In order to provide higher security assurances, the system specification can be verified by formal methods tools such as the Beliefs and Knowledge (BAK) tool...

  15. Prototype system of secure VOD

    Science.gov (United States)

    Minemura, Harumi; Yamaguchi, Tomohisa

    1997-12-01

    Secure digital contents delivery systems are to realize copyright protection and charging mechanism, and aim at secure delivery service of digital contents. Encrypted contents delivery and history (log) management are means to accomplish this purpose. Our final target is to realize a video-on-demand (VOD) system that can prevent illegal usage of video data and manage user history data to achieve a secure video delivery system on the Internet or Intranet. By now, mainly targeting client-server systems connected with enterprise LAN, we have implemented and evaluated a prototype system based on the investigation into the delivery method of encrypted video contents.

  16. Information Security and Integrity Systems

    Science.gov (United States)

    1990-01-01

    Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

  17. Control of power plants and power systems. Proceedings

    International Nuclear Information System (INIS)

    Canales-Ruiz, R.

    1996-01-01

    The 88 papers in this volume constitute the proceedings of the International Federation of Automatic Control Symposium held in Mexico in 1995. The broad areas which they cover are: self tuning control; power plant operations; dynamic stability; fuzzy logic applications; power plants modelling; artificial intelligence applications; power plants simulation; voltage control; control of hydro electric units; state estimation; fault diagnosis and monitoring systems; system expansion and operation planning; security assessment; economic dispatch and optimal load flow; adaptive control; distribution; transient stability and preventive control; modelling and control of nuclear plant; knowledge data bases for automatic learning methods applied to power system dynamic security assessment; control of combined cycle units; power control centres. Separate abstracts have been prepared for the three papers relating to nuclear power plants. (UK)

  18. Secure Embedded Systems

    Science.gov (United States)

    2016-02-26

    enables each subsystem with a key management (KM) function and an Advanced Encryption Standard ( AES ) encryption and decryption function. Subsystem A...off, flies to its destination, and then collects video data. Video data containing target information are encrypted and broadcast to authorized ground...select these devices on the basis of their ability to encrypt and authenticate configuration bitstreams, incorporate security monitors to detect attacks

  19. Holographic optical security systems

    Science.gov (United States)

    Fagan, William F.

    1990-06-01

    One of the most successful applications of Holography,in recent years,has been its use as an optical security technique.Indeed the general public's awareness of holograms has been greatly enhanced by the incorporation of holographic elements into the VISA and MASTERCHARGE credit cards.Optical techniques related to Holography,are also being used to protect the currencies of several countries against the counterfeiter. The mass production of high quality holographic images is by no means a trivial task as a considerable degree of expertise is required together with an optical laboratory and embossing machinery.This paper will present an overview of the principal holographic and related optical techniques used for security purposes.Worldwide, over thirty companies are involved in the production of security elements utilising holographic and related optical technologies.Counterfeiting of many products is a major criminal activity with severe consequences not only for the manufacturer but for the public in general as defective automobile parts,aircraft components,and pharmaceutical products, to cite only a few of the more prominent examples,have at one time or another been illegally copied.

  20. Systems analysis of a security alarm system

    International Nuclear Information System (INIS)

    Schiff, A.

    1975-01-01

    When the Lawrence Livermore Laboratory found that its security alarm system was causing more false alarms and maintenance costs than LLL felt was tolerable, a systems analysis was undertaken to determine what should be done about the situation. This report contains an analysis of security alarm systems in general and ends with a review of the existing Security Alarm Control Console (SACC) and recommendations for its improvement, growth and change. (U.S.)

  1. Secure computing on reconfigurable systems

    OpenAIRE

    Fernandes Chaves, R.J.

    2007-01-01

    This thesis proposes a Secure Computing Module (SCM) for reconfigurable computing systems. SC provides a protected and reliable computational environment, where data security and protection against malicious attacks to the system is assured. SC is strongly based on encryption algorithms and on the attestation of the executed functions. The use of SC on reconfigurable devices has the advantage of being highly adaptable to the application and the user requirements, while providing high performa...

  2. 16th Department of Energy Computer Security Group Training Conference: Proceedings

    Energy Technology Data Exchange (ETDEWEB)

    1994-04-01

    Various topic on computer security are presented. Integrity standards, smartcard systems, network firewalls, encryption systems, cryptography, computer security programs, multilevel security guards, electronic mail privacy, the central intelligence agency, internet security, and high-speed ATM networking are typical examples of discussed topics. Individual papers are indexed separately.

  3. Secure Automated Microgrid Energy System

    Science.gov (United States)

    2016-12-01

    O&M Operations and Maintenance PSO Power System Optimization PV Photovoltaic RAID Redundant Array of Independent Disks RBAC Role...elements of the initial study and operational power system model (feeder size , protective devices, generation sources, controllable loads, transformers...EW-201340) Secure Automated Microgrid Energy System December 2016 This document has been cleared for public release; Distribution Statement A

  4. Open source systems security certification

    CERN Document Server

    Damiani, Ernesto; El Ioini, Nabil

    2009-01-01

    Open Source Advances in Computer Applications book series provides timely technological and business information for: Enabling Open Source Systems (OSS) to become an integral part of systems and devices produced by technology companies; Inserting OSS in the critical path of complex network development and embedded products, including methodologies and tools for domain-specific OSS testing (lab code available), plus certification of security, dependability and safety properties for complex systems; Ensuring integrated systems, including OSS, meet performance and security requirements as well as achieving the necessary certifications, according to the overall strategy of OSS usage on the part of the adopter

  5. Cyber Security and Resilient Systems

    International Nuclear Information System (INIS)

    Anderson, Robert S.

    2009-01-01

    The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation's cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested - both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

  6. Cyber Security and Resilient Systems

    Energy Technology Data Exchange (ETDEWEB)

    Robert S. Anderson

    2009-07-01

    The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

  7. Information Security Management System toolkit

    OpenAIRE

    Καραμανλής, Μάνος; Karamanlis, Manos

    2016-01-01

    Secure management of information is becoming critical for any organization because information is one of the most valuable assets in organization’s business operations. An Information security management system (ISMS) consists of the policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its information assets. An ISMS is a systematic approach for establishing, implementing, operating, mon...

  8. Comprehensive legal aid to the participants in criminal proceedings when applying security measures

    Directory of Open Access Journals (Sweden)

    Fadeev P.V.

    2014-12-01

    Full Text Available Legal assistance to the participants in criminal procedure is represented as a complex phenomenon, including the features of international legal assistance, qualified legal assistance, as well as the activities of public authorities in criminal proceedings and professional lawyers (attorneys, advocates, representatives to assist physical and legal persons to protect, safeguard and realize their rights and interests. Legal assistance in case of threat to life, health, rights of participants in criminal proceedings is considered. The activity of certain subjects of criminal proceedings aimed at explaining the rights of crime victims is analyzed. The grounds for applying security measures are determined. Proposals for improving part 3 of article 11 of the RF Criminal Procedure Code are made: “3. In case there is a threat of causing physical, property, moral damage or other harm prohibited by criminal law to rights and legitimate interests of the victim, witness or other participants in criminal proceedings as well as their close relatives, relatives or close persons, the court (judge, the prosecutor, the head of the investigative agency, the investigator, the preliminary investigation agency take security measures, provided by part 9 of article 166, part 2 of article 186, part 8 of article 193, paragraph 4 of part 2 of article 241 and part 5 of article 278 of this Code as well as other security measures provided by the RF legislation, in respect of those persons within twenty-four hours on the basis of these persons’ written (oral statement or on their own initiative within their competence”.

  9. Authenticated Secure Container System (ASCS)

    International Nuclear Information System (INIS)

    1991-01-01

    Sandia National Laboratories developed an Authenticated Secure Container System (ASCS) for the International Atomic Energy Agency (IAEA). Agency standard weights and safeguards samples can be stored in the ASCS to provide continuity of knowledge. The ASCS consists of an optically clear cover, a base containing the Authenticated Item Monitoring System (AIMS) transmitter, and the AIMS receiver unit for data collection. The ASCS will provide the Inspector with information concerning the status of the system, during a surveillance period, such as state of health, tampering attempts, and movement of the container system. The secure container is located inside a Glove Box with the receiver located remotely from the Glove Box. AIMS technology uses rf transmission from the secure container to the receiver to provide a record of state of health and tampering. The data is stored in the receiver for analysis by the Inspector during a future inspection visit. 2 refs

  10. 20 CFR 703.211 - Authority to seize security deposit; use and/or return of proceeds.

    Science.gov (United States)

    2010-04-01

    ... acceptable negotiable securities in its place; (3) Fails to renew any deposited negotiable securities at... place; (4) Has State insolvency proceedings initiated against it; or (5) Fails to comply with any of the... 20 Employees' Benefits 3 2010-04-01 2010-04-01 false Authority to seize security deposit; use and...

  11. Security of supply in Competitive Electricity Markets. Conference proceedings

    International Nuclear Information System (INIS)

    2005-06-01

    A stable and reliable electricity supply is a fundamental factor in our modern economy and many people think that the deregulated market is a threat to this - or at least, they think that there is a need for a new type of regulation. Others believe that the threat to security of supply comes from short sighted politicians rather than from competitive markets. Regulation in order to increase security of supply is a threat to well functioning competitive markets - not the other way around. To give an overview of different regulatory models and to discuss each model's particular pros and cons, ELFORSK (Swedish Electrical Utilities RandD Company) on behalf of the Swedish electricity industry, the national grid company Svenska Kraftnaet and the Regulating Authority has arranged this two-day Conference. This conference once again gathers people from many different parts of the world to exchange ideas and experiences from their respective area of operations. Our belief is that people from the industry, the governments as well as from the academic world will find these two days a useful opportunity to build new relationships and gain new insights into the topics covered. There are three main topics for the Conference: Experiences from Different Markets; The Value of Security of Supply; Ongoing research projects. The members of the Conference Committee are impressed by the quality of the papers presented at this Conference and we believe that this is a source of knowledge that will influence decisions makers in many countries. (11 papers presented at the conference have been indexed separately. Powerpoint presentations have not been indexed but are available from the Market Design homrpage)

  12. SMS security system for smart home detectors

    OpenAIRE

    Cekova, Katerina; Gelev, Saso

    2016-01-01

    Security has always been an important problem everywhere. Home security has been a major issue where crime is increasing and everybody wants home security to protect the home. Safety from theft and flame are the most important requirements of a home security system for people. A remote home security system offers many benefits from keeping homeowners, and their property safe. This paper present controlling of the home security system remotely from Android Application. Owners can turn on or...

  13. It Security and EO Systems

    Science.gov (United States)

    Burnett, M.

    2010-12-01

    One topic that is beginning to influence the systems that support these goals is that of Information Technology (IT) Security. Unsecure systems are vulnerable to increasing attacks and other negative consequences; sponsoring agencies are correspondingly responding with more refined policies and more stringent security requirements. These affect how EO systems can meet the goals of data and service interoperability and harmonization through open access, transformation and visualization services. Contemporary systems, including the vision of a system-of-systems (such as GEOSS, the Global Earth Observation System of Systems), utilize technologies that support a distributed, global, net-centric environment. These types of systems have a high reliance on the open systems, web services, shared infrastructure and data standards. The broader IT industry has developed and used these technologies in their business and mission critical systems for many years. Unfortunately, the IT industry, and their customers have learned the importance of protecting their assets and resources (computing and information) as they have been forced to respond to an ever increasing number and more complex illegitimate “attackers”. This presentation will offer an overview of work done by the CEOS WGISS organization in summarizing security threats, the challenges to responding to them and capturing the current state of the practice within the EO community.

  14. System for secure storage

    NARCIS (Netherlands)

    2005-01-01

    A system (100) comprising read means (112) for reading content data and control logic data from a storage medium (101), the control logic data being uniquely linked to the storage medium (101), processing means (113-117), for processing the content data and feeding the processed content data to an

  15. Almaraz ovation control system security

    Energy Technology Data Exchange (ETDEWEB)

    Madronal Rodriguez, E.; Anderson, E.; Jimenez Diaz, J.; Carrasco Mateos, J. A.

    2013-07-01

    Improving the security of a plant's Distributed Control System (DCS) is an important consideration for plant safety and profitability, as well as the necessity to comply with the regulation. The U.S. Nuclear Regulatory Commission has produced Regulatory Guide (RG) 5.71, and the Nuclear Energy Institute (NEI) has produced NEI 08-09 to assist plants in meeting 10 CFR 73.54, Protection of digital computer and communication systems and networks. These requirements, which address the establishment, implementation and maintenance of a cyber security program, present challenges to ensure that safety, security and emergency preparedness functions of nuclear facilities are not negatively impacted by the vulnerability scanning and testing process.

  16. Almaraz ovation control system security

    International Nuclear Information System (INIS)

    Madronal Rodriguez, E.; Anderson, E.; Jimenez Diaz, J.; Carrasco Mateos, J. A.

    2013-01-01

    Improving the security of a plant's Distributed Control System (DCS) is an important consideration for plant safety and profitability, as well as the necessity to comply with the regulation. The U.S. Nuclear Regulatory Commission has produced Regulatory Guide (RG) 5.71, and the Nuclear Energy Institute (NEI) has produced NEI 08-09 to assist plants in meeting 10 CFR 73.54, Protection of digital computer and communication systems and networks. These requirements, which address the establishment, implementation and maintenance of a cyber security program, present challenges to ensure that safety, security and emergency preparedness functions of nuclear facilities are not negatively impacted by the vulnerability scanning and testing process.

  17. THE SECURITY AUDIT WITHIN INFORMATION SYSTEMS

    OpenAIRE

    Dan Constantin TOFAN

    2011-01-01

    The information security audit is definitely a tool for determining, achieving, and maintaining a proper level of security in an organization. This article offers a comprehensive review of the world's most popular standards related to information systems security audit.

  18. Proceedings: Power Plant Electric Auxiliary Systems Workshop

    International Nuclear Information System (INIS)

    1992-06-01

    The EPRI Power Plant Electric Auxiliary Systems Workshop, held April 24--25, 1991, in Princeton, New Jersey, brought together utilities, architect/engineers, and equipment suppliers to discuss common problems with power plant auxiliary systems. Workshop participants presented papers on monitoring, identifying, and solving problems with auxiliary systems. Panel discussions focused on improving systems and existing and future plants. The solutions presented to common auxiliary system problems focused on practical ideas that can enhance plant availability, reduce maintenance costs, and simplify the engineering process. The 13 papers in these proceedings include: Tutorials on auxiliary electrical systems and motors; descriptions of evaluations, software development, and new technologies used recently by electric utilities; an analysis of historical performance losses caused by power plant auxiliary systems; innovative design concepts for improving auxiliary system performance in future power plants

  19. Biomedical devices and systems security.

    Science.gov (United States)

    Arney, David; Venkatasubramanian, Krishna K; Sokolsky, Oleg; Lee, Insup

    2011-01-01

    Medical devices have been changing in revolutionary ways in recent years. One is in their form-factor. Increasing miniaturization of medical devices has made them wearable, light-weight, and ubiquitous; they are available for continuous care and not restricted to clinical settings. Further, devices are increasingly becoming connected to external entities through both wired and wireless channels. These two developments have tremendous potential to make healthcare accessible to everyone and reduce costs. However, they also provide increased opportunity for technology savvy criminals to exploit them for fun and profit. Consequently, it is essential to consider medical device security issues. In this paper, we focused on the challenges involved in securing networked medical devices. We provide an overview of a generic networked medical device system model, a comprehensive attack and adversary model, and describe some of the challenges present in building security solutions to manage the attacks. Finally, we provide an overview of two areas of research that we believe will be crucial for making medical device system security solutions more viable in the long run: forensic data logging, and building security assurance cases.

  20. SMART SECURITY SYSTEM FOR CARS

    OpenAIRE

    Akshay V. Balki*, Ankit A. Ramteke, Akshay Dhankar, Prof. Nilesh S. Panchbudhe

    2017-01-01

    This propose work is an attempt to model design an smart advance vehicle security system that uses biometric scanner and RFID card reader to give ignition pulse using two main module and to prevent theft. The system contains biometric scanner, RFID card reader, alcohol sensor, vibration sensor, GSM module, microcontroller (8051), relay switch, high voltage mesh..The safety of car is exceptionally essential. It provides pulse to ignition system by synchronizing driver’s data from license and t...

  1. Multimedia Security System for Security and Medical Applications

    Science.gov (United States)

    Zhou, Yicong

    2010-01-01

    This dissertation introduces a new multimedia security system for the performance of object recognition and multimedia encryption in security and medical applications. The system embeds an enhancement and multimedia encryption process into the traditional recognition system in order to improve the efficiency and accuracy of object detection and…

  2. Audit Characteristics for Information System Security

    OpenAIRE

    Marius POPA; Mihai DOINEA

    2007-01-01

    The paper presents the main aspects regarding the development of the information security and assurance of their security. The information systems, standards and audit processes definitions are offered. There are presented the most important security standards used in information system security assessment

  3. 33 CFR 127.705 - Security systems.

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Security systems. 127.705 Section 127.705 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED... Waterfront Facilities Handling Liquefied Natural Gas Security § 127.705 Security systems. The operator shall...

  4. Information technology security system engineering methodology

    Science.gov (United States)

    Childs, D.

    2003-01-01

    A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.

  5. Securing the Global Airspace System Via Identity-Based Security

    Science.gov (United States)

    Ivancic, William D.

    2015-01-01

    Current telecommunications systems have very good security architectures that include authentication and authorization as well as accounting. These three features enable an edge system to obtain access into a radio communication network, request specific Quality-of-Service (QoS) requirements and ensure proper billing for service. Furthermore, the links are secure. Widely used telecommunication technologies are Long Term Evolution (LTE) and Worldwide Interoperability for Microwave Access (WiMAX) This paper provides a system-level view of network-centric operations for the global airspace system and the problems and issues with deploying new technologies into the system. The paper then focuses on applying the basic security architectures of commercial telecommunication systems and deployment of federated Authentication, Authorization and Accounting systems to provide a scalable, evolvable reliable and maintainable solution to enable a globally deployable identity-based secure airspace system.

  6. HITACHI security concept for industrial control systems

    International Nuclear Information System (INIS)

    Endoh, H.; Yamada, T.; Okubo, S.; Nakano, T.

    2012-01-01

    Security is a necessary factor for the safe and efficient operation of today's control systems. To ensure safe operation of control systems throughout their lifetime, security measures must be carefully planned in the development phase and then maintained continuously during the operation phase and other following phases. To ensure operation within the system's safe states, Hitachi proposes security concept processes (1) to derive security measures rationally and (2) to maintain the security model over the system life cycle. Hitachi also proposes security development programs which support the integration of standards-compliant systems and development of robust control equipment. (author)

  7. Internetting tactical security sensor systems

    Science.gov (United States)

    Gage, Douglas W.; Bryan, W. D.; Nguyen, Hoa G.

    1998-08-01

    The Multipurpose Surveillance and Security Mission Platform (MSSMP) is a distributed network of remote sensing packages and control stations, designed to provide a rapidly deployable, extended-range surveillance capability for a wide variety of military security operations and other tactical missions. The baseline MSSMP sensor suite consists of a pan/tilt unit with video and FLIR cameras and laser rangefinder. With an additional radio transceiver, MSSMP can also function as a gateway between existing security/surveillance sensor systems such as TASS, TRSS, and IREMBASS, and IP-based networks, to support the timely distribution of both threat detection and threat assessment information. The MSSMP system makes maximum use of Commercial Off The Shelf (COTS) components for sensing, processing, and communications, and of both established and emerging standard communications networking protocols and system integration techniques. Its use of IP-based protocols allows it to freely interoperate with the Internet -- providing geographic transparency, facilitating development, and allowing fully distributed demonstration capability -- and prepares it for integration with the IP-based tactical radio networks that will evolve in the next decade. Unfortunately, the Internet's standard Transport layer protocol, TCP, is poorly matched to the requirements of security sensors and other quasi- autonomous systems in being oriented to conveying a continuous data stream, rather than discrete messages. Also, its canonical 'socket' interface both conceals short losses of communications connectivity and simply gives up and forces the Application layer software to deal with longer losses. For MSSMP, a software applique is being developed that will run on top of User Datagram Protocol (UDP) to provide a reliable message-based Transport service. In addition, a Session layer protocol is being developed to support the effective transfer of control of multiple platforms among multiple control

  8. Home Automation and Security System

    OpenAIRE

    Surinder Kaur,; Rashmi Singh; Neha Khairwal; Pratyk Jain

    2016-01-01

    Easy Home or Home automation plays a very important role in modern era because of its flexibility in using it at different places with high precision which will save money and time by decreasing human hard work. Prime focus of this technology is to control the household equipment’s like light, fan, door, AC etc. automatically. This research paper has detailed information on Home Automation and Security System using Arduino, GSM and how we can control home appliances using Android application....

  9. Internet security information system implement method

    International Nuclear Information System (INIS)

    Liu Baoxu; Mei Jie; Xu Rongsheng; An Dehai; Yu Mingjian; Chen Xiangyang; Zheng Peng

    1999-01-01

    On the basis of analysis of the key elements that will affect the Internet Security Information System, the author takes UNIX Operating System as an example, and provides the important stages that must be considered when implementing the Internet Security Information System. An implemental model of the Internet Security Information System is given

  10. Control system security in nuclear power plant

    International Nuclear Information System (INIS)

    Li Jianghai; Huang Xiaojin

    2012-01-01

    The digitalization and networking of control systems in nuclear power plants has brought significant improvements in system control, operation and maintenance. However, the highly digitalized control system also introduces additional security vulnerabilities. Moreover, the replacement of conventional proprietary systems with common protocols, software and devices makes these vulnerabilities easy to be exploited. Through the interaction between control systems and the physical world, security issues in control systems impose high risks on health, safety and environment. These security issues may even cause damages of critical infrastructures and threaten national security. The importance of control system security by reviewing several control system security incidents that happened in nuclear power plants was showed in recent years. Several key difficulties in addressing these security issues were described. Finally, existing researches on control system security and propose several promising research directions were reviewed. (authors)

  11. Survey of holographic security systems

    Science.gov (United States)

    Kontnik, Lewis T.; Lancaster, Ian M.

    1990-04-01

    The counterfeiting of products and financial instruments is a major problem throughout the world today. The dimensions of the problem are growing, accelerated by the expanding availability of production technologies to sophisticated counterfeiters and the increasing capabilities of these technologies. Various optical techniques, including holography, are beingused in efforts to mark authentic products and to distinguish them from copies. Industry is recognizing that the effectiveness of these techniques depends on such factors as the economics of the counterfeiting process and the distribution channels for the products involved, in addition to the performance of the particular optical security technologies used. This paper surveys the nature of the growing counterfeit market place and reviews the utility of holographic optical security systems. In particular, we review the use of holograms on credit cards and other products; and outline certain steps the holography industry should take to promote these application.

  12. Proceedings:

    Energy Technology Data Exchange (ETDEWEB)

    Sidhu, S.S. (comp.)

    1987-12-01

    With increasingly stringent requirements on the performance of accelerators and storage rings, there is a wide interest in modeling-based control. The organizers recognized the need to have an overview and discussion on the current status of modeling-based accelerator control and how advances in computer technology, software engineering, and expert systems can impact control and diagnosis. As a result, a workshop was organized at the Brookhaven National Laboratory on August 17-18, 1987. It was made possible by the joint support of the AGS, NSLS and Applied Mathematics Departments of BNL. The talks and discussions were divided into three main topics: elements of modeling, knowledge representation, and integration of modeling-based control systems with AI and workstations. This volume is the unedited collection of papers, presented at the Workshop. Separate abstracts were prepared for 10 papers in these proceedings.

  13. 76 FR 81359 - National Security Personnel System

    Science.gov (United States)

    2011-12-28

    ... Security Personnel System AGENCY: Department of Defense; Office of Personnel Management. ACTION: Final rule... concerning the National Security Personnel System (NSPS). Section 1113 of the National Defense Authorization... National Security Personnel System (NSPS) in regulations jointly prescribed by DOD and OPM (Office of...

  14. The Coast Guard Proceedings of the Marine Safety and Security Council: Spring 2016

    Science.gov (United States)

    2016-04-01

    management system designed to manage safety elements in the workplace . In practice, an operational...winning DuPont family of workplace safety training offerings. Management Buy-In Even if an organization embraces nonconformities as a call to improved...PROCEEDINGS Spring 2016 Vol. 73, Number 1 Safety Management System Objectives 6 Safety Management Facilitates Safe Vessel Operation Vessel

  15. Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security (Self-Securing Devices)

    National Research Council Canada - National Science Library

    Ganger, Gregory R

    2007-01-01

    This report summarizes the results of the work on the AFOSR's Critical Infrastructure Protection Program project, entitled Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security...

  16. Threats to financial system security

    Energy Technology Data Exchange (ETDEWEB)

    McGovern, D.E.

    1997-06-01

    The financial system in the United States is slowly migrating from the bricks and mortar of banks on the city square to branch banks, ATM`s, and now direct linkage through computers to the home. Much work has been devoted to the security problems inherent in protecting property and people. The impact of attacks on the information aspects of the financial system has, however, received less attention. Awareness is raised through publicized events such as the junk bond fraud perpetrated by Milken or gross mismanagement in the failure of the Barings Bank through unsupervised trading activities by Leeson in Singapore. These events, although seemingly large (financial losses may be on the order of several billion dollars), are but small contributors to the estimated $114 billion loss to all types of financial fraud in 1993. Most of the losses can be traced to the contribution of many small attacks perpetrated against a variety of vulnerable components and systems. This paper explores the magnitude of these financial system losses and identifies new areas for security to be applied to high consequence events.

  17. Complex Systems Design & Management : Proceedings of the Third International Conference on Complex Systems Design & Management

    CERN Document Server

    Caseau, Yves; Krob, Daniel; Rauzy, Antoine

    2013-01-01

    This book contains all refereed papers that were accepted to the third edition of the « Complex Systems Design & Management » (CSD&M 2012) international conference that took place in Paris (France) from December 12-14, 2012. (Website: http://www.csdm2012.csdm.fr)  These proceedings cover the most recent trends in the emerging field of complex systems sciences & practices from an industrial and academic perspective, including the main industrial domains (transport, defense & security, electronics, energy & environment, e-services), scientific & technical topics (systems fundamentals, systems architecture& engineering, systems metrics & quality, systemic  tools) and system types (transportation systems, embedded systems, software & information systems, systems of systems, artificial ecosystems). The CSD&M 2012 conference is organized under the guidance of the CESAMES non-profit organization (http://www.cesames.net).

  18. SECURITY SYSTEMS FOR MARITIME HARBOUR

    Directory of Open Access Journals (Sweden)

    Georgică SLĂMNOIU

    2010-11-01

    Full Text Available Infrastructure protection objectives are at the top of the agenda of those responsible in the European Union. Currently Romania is one of the countries on its eastern border of the Union and this has special implications in terms of security measures that are required to be implemented. Ships and harbours are important current conflict stage. An integrated system of protection of harbours must be prepared in advance in order to continuously provide information that will increase the overall performance of the intervention forces.

  19. Proceedings of workshop on reactor shutdown system

    International Nuclear Information System (INIS)

    1997-03-01

    India has gained considerable experience in design, development, construction and operation of research and power reactors during the last four decades. Reactor shutdown system (RSS) is the most important engineered safety system of any reactor. A lot of technological developments have taken place to improve the reactor shutdown systems, particularly with advancement in reliability analysis and instrumentation and control. If the reactor is not shutdown, the fuel may melt, releasing radioactivity and possibly reactivity addition as in the case of Fast Breeder Reactor (FBR). Apart from radiological safety consequences, large investment has to be written off. The function of the RSS is to stop fission chain reaction and prevent breach of fuel. The design of RSS is multidisciplinary. It requires reactor physics analysis, design of absorber rods, drive mechanisms, safety logic to order shutdown and instrumentation to detect unsafe conditions. High reliability is essential and this requires two independent shutdown systems. This book contains the proceedings of the workshop on reactor shutdown system and papers relevant to INIS are indexed separately

  20. Developing an Undergraduate Information Systems Security Track

    Science.gov (United States)

    Sharma, Aditya; Murphy, Marianne C.; Rosso, Mark A.; Grant, Donna

    2013-01-01

    Information Systems Security as a specialized area of study has mostly been taught at the graduate level. This paper highlights the efforts of establishing an Information Systems (IS) Security track at the undergraduate level. As there were many unanswered questions and concerns regarding the Security curriculum, focus areas, the benefit of…

  1. Information technology - Security techniques - Information security management systems - Requirements

    CERN Document Server

    International Organization for Standardization. Geneva

    2005-01-01

    ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

  2. Security aspects of database systems implementation

    OpenAIRE

    Pokorný, Tomáš

    2009-01-01

    The aim of this thesis is to provide a comprehensive overview of database systems security. Reader is introduced into the basis of information security and its development. Following chapter defines a concept of database system security using ISO/IEC 27000 Standard. The findings from this chapter form a complex list of requirements on database security. One chapter also deals with legal aspects of this domain. Second part of this thesis offers a comparison of four object-relational database s...

  3. A Security Audit Framework to Manage Information System Security

    Science.gov (United States)

    Pereira, Teresa; Santos, Henrique

    The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

  4. The Livermore Security Console system

    International Nuclear Information System (INIS)

    Smart, J.A.

    1987-01-01

    The Console system contains multiple, redundant workstations that enable operator to monitor alarms, assess incidents, and dispatch field personnel. Each workstation is heavily computerized and incorporates automatic video switching and recording, integrated radio and telephone communications, and an advanced high-resolution map and incident-display system. Operation of the workstation is closely integrated with the map display system, allowing an operators to readily pan and zoom. Objects of security interest are overlaid on the map using color. Access to alarm sensor information, entry-control device status, and the closed-circuit television system is obtained by zooming into an area and selecting the appropriate icons or symbols on the maps. Control menus are overlaid on the map. Several large databases have been closely integrated with the map display system, providing access to information such as telephone numbers and building or room occupants. An expert system is currently being integrated with the map display system. Object state changes are interpreted by a rule-based inference engine. Incidents are overlaid on the map

  5. Systems security and functional readiness

    International Nuclear Information System (INIS)

    Bruckner, D.G.

    1988-01-01

    In Protective Programming Planning, it is important that every facility or installation be configured to support the basic functions and mission of the using organization. This paper addresses the process of identifying the key functional operations of our facilities in Europe and providing the security necessary to keep them operating in natural and man-made threat environments. Functional Readiness is important since many of our existing facilities in Europe were not constructed to meet the demands of today's requirements. There are increased requirements for real-time systems with classified terminals and stringent access control, tempest and other electronic protection devices. One must prioritize the operations of these systems so that essential functions are provided even when the facilities are affected by overt or covert hostile activities

  6. LANSCE radiation security system (RSS)

    International Nuclear Information System (INIS)

    Gallegos, F.R.

    1996-01-01

    The Radiation Security System (RSS) is an engineered safety system which automatically terminates transmission of accelerated ion beams in response to pre-defined abnormal conditions. It is one of the four major mechanisms used to protect people from radiation hazards induced by accelerated pulsed ion beams at the Los Alamos Neutron Science Center (LANSCE). The others are shielding, administrative policies and procedures, and qualified, trained personnel. Prompt radiation hazards at the half-mile long LANSCE accelerator exist due to average beam intensities ranging from 1 milli-amp for H + beam to 100 micro-amps for the high intensity H - beam. Experimental programs are supplied with variable energy (maximum 800 MeV), pulse-width (maximum 1 msec), and pulse frequency (maximum 120 Hz) ion beams. The RSS includes personnel access control systems, beam spill monitoring systems, and beam current level limiting systems. It is a stand-alone system with redundant logic chains. A fault of the RSS will cause the insertion of fusible beam plugs in the accelerator low energy beam transport. The design philosophy, description, and operation of the RSS are described in this paper

  7. Adversary characterization for security system evaluation

    International Nuclear Information System (INIS)

    Suber, L.A. Jr.

    1976-04-01

    Evaluation of security systems effectiveness requires a definition of adversary capabilities, but an objective basis for such a definition has been lacking. A system of adversary attributes is proposed in which any desired adversary may be synthesized by selection of the appropriate level of capability from each attribute or category. In use, the synthesized adversaries will be pitted against a security system in an evaluation model, thus allowing comparison of other adversary or security system configurations

  8. Computer access security code system

    Science.gov (United States)

    Collins, Earl R., Jr. (Inventor)

    1990-01-01

    A security code system for controlling access to computer and computer-controlled entry situations comprises a plurality of subsets of alpha-numeric characters disposed in random order in matrices of at least two dimensions forming theoretical rectangles, cubes, etc., such that when access is desired, at least one pair of previously unused character subsets not found in the same row or column of the matrix is chosen at random and transmitted by the computer. The proper response to gain access is transmittal of subsets which complete the rectangle, and/or a parallelepiped whose opposite corners were defined by first groups of code. Once used, subsets are not used again to absolutely defeat unauthorized access by eavesdropping, and the like.

  9. Secure system design and trustable computing

    CERN Document Server

    Potkonjak, Miodrag

    2016-01-01

    This book provides the foundations for understanding hardware security and trust, which have become major concerns for national security over the past decade.  Coverage includes issues related to security and trust in a variety of electronic devices and systems related to the security of hardware, firmware and software, spanning system applications, online transactions, and networking services.  This serves as an invaluable reference to the state-of-the-art research that is of critical significance to the security of, and trust in, modern society’s microelectronic-supported infrastructures.

  10. Critically Important Object Security System Element Model

    Directory of Open Access Journals (Sweden)

    I. V. Khomyackov

    2012-03-01

    Full Text Available A stochastic model of critically important object security system element has been developed. The model includes mathematical description of the security system element properties and external influences. The state evolution of the security system element is described by the semi-Markov process with finite states number, the semi-Markov matrix and the initial semi-Markov process states probabilities distribution. External influences are set with the intensity of the Poisson thread.

  11. Security Research on Engineering Database System

    Institute of Scientific and Technical Information of China (English)

    2002-01-01

    Engine engineering database system is an oriented C AD applied database management system that has the capability managing distributed data. The paper discusses the security issue of the engine engineering database management system (EDBMS). Through studying and analyzing the database security, to draw a series of securi ty rules, which reach B1, level security standard. Which includes discretionary access control (DAC), mandatory access control (MAC) and audit. The EDBMS implem ents functions of DAC, ...

  12. Information Security Policy Modeling for Network Security Systems

    Directory of Open Access Journals (Sweden)

    Dmitry Sergeevich Chernyavskiy

    2014-12-01

    Full Text Available Policy management for network security systems (NSSs is one of the most topical issues of network security management. Incorrect configurations of NSSs lead to system outages and appearance of vulnerabilities. Moreover, policy management process is a time-consuming task, which includes significant amount of manual work. These factors reduce efficiency of NSSs’ utilization. The paper discusses peculiarities of policy management process and existing approaches to policy modeling, presents a model aimed to formalize policies for NSSs independently on NSSs’ platforms and select the most effective NSSs for implementation of the policies.

  13. National Computer Security Conference Proceedings (10th): Computer Security--From Principles to Practices, 21-24 September 1987

    Science.gov (United States)

    1987-09-24

    conference ; heme -- Computer Securitj,." From Principles to Practices -- reflects the growth of computer security awareness and a maturation of the...Limited. current (North American) systems do not check whether de- clared functions are well-defined. An clemeitary example of an ill- defint -d function is

  14. Information Systems Security: Whose Responsibility? | Senzige ...

    African Journals Online (AJOL)

    ... compounded by the increasingly international nature of information systems, this responsibility still rests with managers only. This paper looks at security concerns related to information systems, identifies the threats and suggests how the security of information systems should be handled. African Journal of Finance and ...

  15. The Flask Security Architecture: System Support for Diverse Security Policies

    Science.gov (United States)

    2006-01-01

    Flask microkernel -based operating sys­ tem, that successfully overcomes these obstacles to pol- icy flexibility. The cleaner separation of mechanism and...other object managers in the system to en- force those access control decisions. Although the pro­ totype system is microkernel -based, the security...mecha­ nisms do not depend on a microkernel architecture and will easily generalize beyond it. The resulting system provides policy flexibility. It sup

  16. Applied computation and security systems

    CERN Document Server

    Saeed, Khalid; Choudhury, Sankhayan; Chaki, Nabendu

    2015-01-01

    This book contains the extended version of the works that have been presented and discussed in the First International Doctoral Symposium on Applied Computation and Security Systems (ACSS 2014) held during April 18-20, 2014 in Kolkata, India. The symposium has been jointly organized by the AGH University of Science & Technology, Cracow, Poland and University of Calcutta, India. The Volume I of this double-volume book contains fourteen high quality book chapters in three different parts. Part 1 is on Pattern Recognition and it presents four chapters. Part 2 is on Imaging and Healthcare Applications contains four more book chapters. The Part 3 of this volume is on Wireless Sensor Networking and it includes as many as six chapters. Volume II of the book has three Parts presenting a total of eleven chapters in it. Part 4 consists of five excellent chapters on Software Engineering ranging from cloud service design to transactional memory. Part 5 in Volume II is on Cryptography with two book...

  17. Design Methodologies for Secure Embedded Systems

    CERN Document Server

    Biedermann, Alexander

    2011-01-01

    Embedded systems have been almost invisibly pervading our daily lives for several decades. They facilitate smooth operations in avionics, automotive electronics, or telecommunication. New problems arise by the increasing employment, interconnection, and communication of embedded systems in heterogeneous environments: How secure are these embedded systems against attacks or breakdowns? Therefore, how can embedded systems be designed to be more secure? And how can embedded systems autonomically react to threats? Facing these questions, Sorin A. Huss is significantly involved in the exploration o

  18. Secure videoconferencing equipment switching system and method

    Science.gov (United States)

    Hansen, Michael E [Livermore, CA

    2009-01-13

    A switching system and method are provided to facilitate use of videoconference facilities over a plurality of security levels. The system includes a switch coupled to a plurality of codecs and communication networks. Audio/Visual peripheral components are connected to the switch. The switch couples control and data signals between the Audio/Visual peripheral components and one but nor both of the plurality of codecs. The switch additionally couples communication networks of the appropriate security level to each of the codecs. In this manner, a videoconferencing facility is provided for use on both secure and non-secure networks.

  19. Integrated security systems design a complete reference for building enterprise-wide digital security systems

    CERN Document Server

    Norman, Thomas L

    2014-01-01

    Integrated Security Systems Design, 2nd Edition, is recognized as the industry-leading book on the subject of security systems design. It explains how to design a fully integrated security system that ties together numerous subsystems into one complete, highly coordinated, and highly functional system. With a flexible and scalable enterprise-level system, security decision makers can make better informed decisions when incidents occur and improve their operational efficiencies in ways never before possible. The revised edition covers why designing an integrated security system is essential a

  20. Protecting intellectual property in space; Proceedings of the Aerospace Computer Security Conference, McLean, VA, March 20, 1985

    Science.gov (United States)

    1985-01-01

    The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.

  1. Advanced topics in security computer system design

    International Nuclear Information System (INIS)

    Stachniak, D.E.; Lamb, W.R.

    1989-01-01

    The capability, performance, and speed of contemporary computer processors, plus the associated performance capability of the operating systems accommodating the processors, have enormously expanded the scope of possibilities for designers of nuclear power plant security computer systems. This paper addresses the choices that could be made by a designer of security computer systems working with contemporary computers and describes the improvement in functionality of contemporary security computer systems based on an optimally chosen design. Primary initial considerations concern the selection of (a) the computer hardware and (b) the operating system. Considerations for hardware selection concern processor and memory word length, memory capacity, and numerous processor features

  2. Cybernetics and systems research. Proceedings of the sixth European meeting

    Energy Technology Data Exchange (ETDEWEB)

    Trappl, R

    1982-01-01

    The following topics were dealt with: general systems methodology; system and decision theory; cybernetics in biology and medicine; cybernetics in cognition and learning; cybernetics in organisation; management and society; health care systems; energy systems; fuzzy sets; communication and computers; artificial intelligence. 211 papers were presented, all of which are published in full in the present proceedings.

  3. Constructing Secure Mobile Agent Systems Using the Agent Operating System

    NARCIS (Netherlands)

    van t Noordende, G.J.; Overeinder, B.J.; Timmer, R.J.; Brazier, F.M.; Tanenbaum, A.S.

    2009-01-01

    Designing a secure and reliable mobile agent system is a difficult task. The agent operating system (AOS) is a building block that simplifies this task. AOS provides common primitives required by most mobile agent middleware systems, such as primitives for secure communication, secure and

  4. BWS Open System Architecture Security Assessment

    OpenAIRE

    Cristian Ionita

    2011-01-01

    Business process management systems play a central role in supporting the business operations of medium and large organizations. Because of this the security characteristics of these systems are becoming very important. The present paper describes the BWS architecture used to implement the open process aware information system DocuMentor. Using the proposed platform, the article identifies the security characteristics of such systems, shows the correlation between these characteristics and th...

  5. Improving industrial process control systems security

    CERN Document Server

    Epting, U; CERN. Geneva. TS Department

    2004-01-01

    System providers are today creating process control systems based on remote connectivity using internet technology, effectively exposing these systems to the same threats as corporate computers. It is becoming increasingly difficult and costly to patch/maintain the technical infrastructure monitoring and control systems to remove these vulnerabilities. A strategy including risk assessment, security policy issues, service level agreements between the IT department and the controls engineering groups must be defined. In addition an increased awareness of IT security in the controls system engineering domain is needed. As consequence of these new factors the control system architectures have to take into account security requirements, that often have an impact on both operational aspects as well as on the project and maintenance cost. Manufacturers of industrial control system equipment do however also propose progressively security related solutions that can be used for our active projects. The paper discusses ...

  6. A Development Framework for Software Security in Nuclear Safety Systems: Integrating Secure Development and System Security Activities

    Energy Technology Data Exchange (ETDEWEB)

    Park, Jaekwan; Suh, Yongsuk [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2014-02-15

    The protection of nuclear safety software is essential in that a failure can result in significant economic loss and physical damage to the public. However, software security has often been ignored in nuclear safety software development. To enforce security considerations, nuclear regulator commission recently issued and revised the security regulations for nuclear computer-based systems. It is a great challenge for nuclear developers to comply with the security requirements. However, there is still no clear software development process regarding security activities. This paper proposes an integrated development process suitable for the secure development requirements and system security requirements described by various regulatory bodies. It provides a three-stage framework with eight security activities as the software development process. Detailed descriptions are useful for software developers and licensees to understand the regulatory requirements and to establish a detailed activity plan for software design and engineering.

  7. Intelligent Model for Video Survillance Security System

    Directory of Open Access Journals (Sweden)

    J. Vidhya

    2013-12-01

    Full Text Available Video surveillance system senses and trails out all the threatening issues in the real time environment. It prevents from security threats with the help of visual devices which gather the information related to videos like CCTV’S and IP (Internet Protocol cameras. Video surveillance system has become a key for addressing problems in the public security. They are mostly deployed on the IP based network. So, all the possible security threats exist in the IP based application might also be the threats available for the reliable application which is available for video surveillance. In result, it may increase cybercrime, illegal video access, mishandling videos and so on. Hence, in this paper an intelligent model is used to propose security for video surveillance system which ensures safety and it provides secured access on video.

  8. High Assurance Models for Secure Systems

    Science.gov (United States)

    Almohri, Hussain M. J.

    2013-01-01

    Despite the recent advances in systems and network security, attacks on large enterprise networks consistently impose serious challenges to maintaining data privacy and software service integrity. We identify two main problems that contribute to increasing the security risk in a networked environment: (i) vulnerable servers, workstations, and…

  9. Analysis of Security Protocols in Embedded Systems

    DEFF Research Database (Denmark)

    Bruni, Alessandro

    Embedded real-time systems have been adopted in a wide range of safety-critical applications—including automotive, avionics, and train control systems—where the focus has long been on safety (i.e., protecting the external world from the potential damage caused by the system) rather than security (i.......e., protecting the system from the external world). With increased connectivity of these systems to external networks the attack surface has grown, and consequently there is a need for securing the system from external attacks. Introducing security protocols in safety critical systems requires careful...... in this direction is to extend saturation-based techniques so that enough state information can be modelled and analysed. Finally, we present a methodology for proving the same security properties in the computational model, by means of typing protocol implementations....

  10. Securing the Aviation Transportation System

    Science.gov (United States)

    2007-12-01

    additional 100,000 airport workers who perform duties in sterile areas (the indoor gate area past the security check point).197 These same...containing thirteen handguns, an assault rifle and eight pounds of marijuana .270 However, two Federal Air Marshals were also onboard the aircraft.271

  11. 49 CFR 659.23 - System security plan: contents.

    Science.gov (United States)

    2010-10-01

    ... 49 Transportation 7 2010-10-01 2010-10-01 false System security plan: contents. 659.23 Section 659... State Oversight Agency § 659.23 System security plan: contents. The system security plan must, at a... system security plan; and (e) Document the rail transit agency's process for making its system security...

  12. Android based security and home automation system

    OpenAIRE

    Khan, Sadeque Reza; Dristy, Farzana Sultana

    2015-01-01

    The smart mobile terminal operator platform Android is getting popular all over the world with its wide variety of applications and enormous use in numerous spheres of our daily life. Considering the fact of increasing demand of home security and automation, an Android based control system is presented in this paper where the proposed system can maintain the security of home main entrance and also the car door lock. Another important feature of the designed system is that it can control the o...

  13. Lecture 13: Control System Cyber Security

    CERN Multimedia

    CERN. Geneva

    2013-01-01

    Today, the industralized world lives in symbiosis with control systems: it depends on power distribution, oil production, public transport, automatic production lines. While the convenience is at hand, still too many control systems are designed without any security in mind, lack basic security protections, and are not even robust enough to withstand basic attacks. The Stuxnet worm attacking Siemens PLCs in 2010 was another close call. Attackers currently enjoy hacking control systems, and aim to switch lights off. This presentation shall recap the current situation and outline why the presenter is still waiting for a change in paradigm. Stefan Lüders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Being initially developer of a common safety system used in all four experiments at the Large Hadron Collider, he gathered expertise in cyber-security issues of control systems. Consequently in 2004, he took over responsibilities in securing CERN's accelerator and...

  14. Distributed security in closed distributed systems

    DEFF Research Database (Denmark)

    Hernandez, Alejandro Mario

    properties. This is also restricted to distributed systems in which the set of locations is known a priori. All this follows techniques borrowed from both the model checking and the static analysis communities. In the end, we reach a step towards solving the problem of enforcing security in distributed...... systems. We achieve the goal of showing how this can be done, though we restrict ourselves to closed systems and with a limited set of enforceable security policies. In this setting, our approach proves to be efficient. Finally, we achieve all this by bringing together several fields of Computer Science......The goal of the present thesis is to discuss, argue and conclude about ways to provide security to the information travelling around computer systems consisting of several known locations. When developing software systems, security of the information managed by these plays an important role...

  15. Security analysis of cyber-physical system

    Science.gov (United States)

    Li, Bo; Zhang, Lichen

    2017-05-01

    In recent years, Cyber-Physical System (CPS) has become an important research direction of academic circles and scientific and technological circles at home and abroad, is considered to be following the third wave of world information technology after the computer, the Internet. PS is a multi-dimensional, heterogeneous, deep integration of open systems, Involving the computer, communication, control and other disciplines of knowledge. As the various disciplines in the research theory and methods are significantly different, so the application of CPS has brought great challenges. This paper introduces the definition and characteristics of CPS, analyzes the current situation of CPS, analyzes the security threats faced by CPS, and gives the security solution for security threats. It also discusses CPS-specific security technology, to promote the healthy development of CPS in information security.

  16. INFORMATION SECURITY IN MOBILE MODULAR MEASURING SYSTEMS

    Directory of Open Access Journals (Sweden)

    A. N. Tkhishev

    2017-01-01

    Full Text Available A special aspect of aircraft test is carrying out both flight evaluation and ground operation evaluation in a structure of flying aids and special tools equipment. The specific of flight and sea tests involve metering in offshore zone, which excludes the possibility of fixed geodetically related measuring tools. In this regard, the specific role is acquired by shipbased measurement systems, in particular the mobile modular measuring systems. Information processed in the mobile modular measurement systems is a critical resource having a high level of confidentiality. When carrying out their functions, it should be implemented a proper information control of the mobile modular measurement systems to ensure their protection from the risk of data leakage, modification or loss, i.e. to ensure a certain level of information security. Due to the specific of their application it is difficult to solve the problems of information security in such complexes. The intruder model, the threat model, the security requirements generated for fixed informatization objects are not applicable to mobile systems. It was concluded that the advanced mobile modular measuring systems designed for flight experiments monitoring and control should be created due to necessary information protection measures and means. The article contains a diagram of security requirements formation, starting with the data envelopment analysis and ending with the practical implementation. The information security probabilistic model applied to mobile modular measurement systems is developed. The list of current security threats based on the environment and specific of the mobile measurement system functioning is examined. The probabilistic model of the information security evaluation is given. The problems of vulnerabilities transformation of designed information system into the security targets with the subsequent formation of the functional and trust requirements list are examined.

  17. Securing military information systems on public infrastructure

    CSIR Research Space (South Africa)

    Botha, P

    2015-03-01

    Full Text Available to set up in time for scenarios which require real time information. This may force communications to utilise public infrastructure. Securing communications for military mobile and Web based systems over public networks poses a greater challenge compared...

  18. Windows XP Operating System Security Analysis

    National Research Council Canada - National Science Library

    Goktepe, Meftun

    2002-01-01

    .... The purpose of this research is to determine if Windows XP, when used as a workstation operating system in domain- based networks, provides adequate security policy enforcement for organizations...

  19. Security of practical quantum key distribution systems

    Energy Technology Data Exchange (ETDEWEB)

    Jain, Nitin

    2015-02-24

    This thesis deals with practical security aspects of quantum key distribution (QKD) systems. At the heart of the theoretical model of any QKD system lies a quantum-mechanical security proof that guarantees perfect secrecy of messages - based on certain assumptions. However, in practice, deviations between the theoretical model and the physical implementation could be exploited by an attacker to break the security of the system. These deviations may arise from technical limitations and operational imperfections in the physical implementation and/or unrealistic assumptions and insufficient constraints in the theoretical model. In this thesis, we experimentally investigate in depth several such deviations. We demonstrate the resultant vulnerabilities via proof-of-principle attacks on a commercial QKD system from ID Quantique. We also propose countermeasures against the investigated loopholes to secure both existing and future QKD implementations.

  20. Control Systems Cyber Security Standards Support Activities

    Energy Technology Data Exchange (ETDEWEB)

    Robert Evans

    2009-01-01

    The Department of Homeland Security’s Control Systems Security Program (CSSP) is working with industry to secure critical infrastructure sectors from cyber intrusions that could compromise control systems. This document describes CSSP’s current activities with industry organizations in developing cyber security standards for control systems. In addition, it summarizes the standards work being conducted by organizations within the sector and provides a brief listing of sector meetings and conferences that might be of interest for each sector. Control systems cyber security standards are part of a rapidly changing environment. The participation of CSSP in the development effort for these standards has provided consistency in the technical content of the standards while ensuring that information developed by CSSP is included.

  1. A Multilevel Secure Workflow Management System

    National Research Council Canada - National Science Library

    Kang, Myong H; Froscher, Judith N; Sheth, Amit P; Kochut, Krys J; Miller, John A

    1999-01-01

    The Department of Defense (DoD) needs multilevel secure (MLS) workflow management systems to enable globally distributed users and applications to cooperate across classification levels to achieve mission critical goals...

  2. Secure and Efficient Routable Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Edgar, Thomas W.; Hadley, Mark D.; Manz, David O.; Winn, Jennifer D.

    2010-05-01

    This document provides the methods to secure routable control system communication in the electric sector. The approach of this document yields a long-term vision for a future of secure communication, while also providing near term steps and a roadmap. The requirements for the future secure control system environment were spelled out to provide a final target. Additionally a survey and evaluation of current protocols was used to determine if any existing technology could achieve this goal. In the end a four-step path was described that brought about increasing requirement completion and culminates in the realization of the long term vision.

  3. Handbook of SCADA/control systems security

    CERN Document Server

    Radvanovsky, Robert

    2013-01-01

    The availability and security of many services we rely upon-including water treatment, electricity, healthcare, transportation, and financial transactions-are routinely put at risk by cyber threats. The Handbook of SCADA/Control Systems Security is a fundamental outline of security concepts, methodologies, and relevant information pertaining to the supervisory control and data acquisition (SCADA) systems and technology that quietly operate in the background of critical utility and industrial facilities worldwide. Divided into five sections, the book examines topics comprising functions within

  4. Algorithms, architectures and information systems security

    CERN Document Server

    Sur-Kolay, Susmita; Nandy, Subhas C; Bagchi, Aditya

    2008-01-01

    This volume contains articles written by leading researchers in the fields of algorithms, architectures, and information systems security. The first five chapters address several challenging geometric problems and related algorithms. These topics have major applications in pattern recognition, image analysis, digital geometry, surface reconstruction, computer vision and in robotics. The next five chapters focus on various optimization issues in VLSI design and test architectures, and in wireless networks. The last six chapters comprise scholarly articles on information systems security coverin

  5. Security for safety critical space borne systems

    Science.gov (United States)

    Legrand, Sue

    1987-01-01

    The Space Station contains safety critical computer software components in systems that can affect life and vital property. These components require a multilevel secure system that provides dynamic access control of the data and processes involved. A study is under way to define requirements for a security model providing access control through level B3 of the Orange Book. The model will be prototyped at NASA-Johnson Space Center.

  6. Detection and intelligent systems for homeland security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Detection and Intelligent Systems for Homeland Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering advanced technology for image and video interpretation systems used for surveillance, which help in solving such problems as identifying faces from live streaming or stored videos. Biometrics for human identification, including eye retinas and irises, and facial patterns are also presented. The book then provides information on sensors for detection of explosive and radioactive materials and methods for sensing chemical

  7. Evaluating and projecting the European security system

    International Nuclear Information System (INIS)

    Dean, J.

    1991-01-01

    Components of the new European security system are described taking into account the new policy making and possibilities to resolve conflicts. Programmes for political and economic integration and co-operation managed by the European Community will provide main positive content of the new European security system. An insight of the future of nuclear armaments in Europe is included together with confidence building measure and the role of NATO

  8. Critical infrastructure system security and resiliency

    CERN Document Server

    Biringer, Betty; Warren, Drake

    2013-01-01

    Security protections for critical infrastructure nodes are intended to minimize the risks resulting from an initiating event, whether it is an intentional malevolent act or a natural hazard. With an emphasis on protecting an infrastructure's ability to perform its mission or function, Critical Infrastructure System Security and Resiliency presents a practical methodology for developing an effective protection system that can either prevent undesired events or mitigate the consequences of such events.Developed at Sandia National Labs, the authors' analytical approach and

  9. Security for cloud storage systems

    CERN Document Server

    Yang, Kan

    2014-01-01

    Cloud storage is an important service of cloud computing, which offers service for data owners to host their data in the cloud. This new paradigm of data hosting and data access services introduces two major security concerns. The first is the protection of data integrity. Data owners may not fully trust the cloud server and worry that data stored in the cloud could be corrupted or even removed. The second is data access control. Data owners may worry that some dishonest servers provide data access to users that are not permitted for profit gain and thus they can no longer rely on the servers

  10. Security alarm communication and display systems development

    International Nuclear Information System (INIS)

    Waddoups, I.G.

    1990-01-01

    Sandia National Laboratories (SNL) has, as lead Department of Energy (DOE) physical security laboratory, developed a variety of alarm communication and display systems for DOE and Department of Defense (DOD) facilities. This paper briefly describes some of the systems developed and concludes with a discussion of technology relevant to those currently designing, developing, implementing, or procuring such a system. Development activities and the rapid evolution of computers over the last decade have resulted in a broad variety of capabilities to support most security system communication and display needs. The major task in selecting a system is becoming familiar with these capabilities and finding the best match to a specific need

  11. Safety of radiation sources and security of radioactive materials. Proceedings of an international conference

    International Nuclear Information System (INIS)

    1999-01-01

    This International Conference, hosted by the Government of France and co-sponsored by the European Commission, the International Criminal Police Organization (Interpol) and the World Customs Organization (WCO), was the first one devoted to the safety of radiation sources and the security of radioactive materials and - for the first time - brought together radiation safety experts, regulators, and customs and police officers, who need to closely co-operate for solving the problem of illicit trafficking. The technical sessions reviewed the state of the art of twelve major topics, divided into two groups: the safety of radiation sources and the security of radioactive materials. The safety part comprised regulatory control, safety assessment techniques, engineering and managerial measures, lessons from experience, international cooperation through reporting systems and databases, verification of safety through inspection and the use of performance indicators for a regulatory programme. The security part comprised measures to prevent breaches in the security of radioactive materials, detection and identification techniques for illicit trafficking, response to detected cases and seized radioactive materials, strengthening awareness, training and exchange of information. The Conference was a success in fostering information exchange through the reviews of the state of the art and the frank and open discussions. It raised awareness of the need for Member States to ensure effective systems of control and for preventing, detecting and responding to illicit trafficking in radioactive materials. The Conference finished by recommending investigating whether international undertakings concerned with an effective operation of national systems for ensuring the safety of radiation sources and security of radioactive materials

  12. Proceedings

    International Nuclear Information System (INIS)

    1974-01-01

    These 1974 Proceedings of the European Society of Nuclear Methods in Agriculture contain reports in the form of minutes of the meetings of various working groups of the Society, the programme and official addresses of the fifth annual meeting including annual reports of the chairman and the secretary of the Society, and the reports of each of the eleven working groups as well as the four following surveys entitled: 1) some aspects of research in plant breeding, conservation of genetic resources in connection with irradiation processes (by A. Jacques from FAO), 2) our responsibility for the environment (by D. Zeeuw from ITAL), 3) pilot plant for the irradiation of sewage sludge (by A. Suesz from Bayerische Landesanstalt fuer Bodenkultur und Pflanzenbau, Munich), 4) nuclear agronomy in France (by P. Guerin de Montgareuil from CEN, Cadarache). Summaries and provisional papers on presented topics will be published in ''ESNA Newsletter''

  13. Evaluation of Security Solutions for Android Systems

    OpenAIRE

    Shabtai, Asaf; Mimran, Dudu; Elovici, Yuval

    2015-01-01

    With the increasing usage of smartphones a plethora of security solutions are being designed and developed. Many of the security solutions fail to cope with advanced attacks and are not aways properly designed for smartphone platforms. Therefore, there is a need for a methodology to evaluate their effectiveness. Since the Android operating system has the highest market share today, we decided to focus on it in this study in which we review some of the state-of-the-art security solutions for A...

  14. Security, privacy and trust in cloud systems

    CERN Document Server

    Nepal, Surya

    2013-01-01

    The book compiles technologies for enhancing and provisioning security, privacy and trust in cloud systems based on Quality of Service requirements. It is a timely contribution to a field that is gaining considerable research interest, momentum, and provides a comprehensive coverage of technologies related to cloud security, privacy and trust. In particular, the book includes - Cloud security fundamentals and related technologies to-date, with a comprehensive coverage of evolution, current landscape, and future roadmap. - A smooth organization with introductory, advanced and specialist content

  15. Network model of security system

    Directory of Open Access Journals (Sweden)

    Adamczyk Piotr

    2016-01-01

    Full Text Available The article presents the concept of building a network security model and its application in the process of risk analysis. It indicates the possibility of a new definition of the role of the network models in the safety analysis. Special attention was paid to the development of the use of an algorithm describing the process of identifying the assets, vulnerability and threats in a given context. The aim of the article is to present how this algorithm reduced the complexity of the problem by eliminating from the base model these components that have no links with others component and as a result and it was possible to build a real network model corresponding to reality.

  16. Core security requirements of DRM systems

    NARCIS (Netherlands)

    Jonker, H.L.; Mauw, S.; Satish, D.

    2008-01-01

    The use of Digital Rights Management (DRM) systems involves several stakeholders, such as the content provider, the license provider and the user, each having their own incentives to use the system. Proper use of the system implies that these incentives can only be met if certain security

  17. [Development of operation patient security detection system].

    Science.gov (United States)

    Geng, Shu-Qin; Tao, Ren-Hai; Zhao, Chao; Wei, Qun

    2008-11-01

    This paper describes a patient security detection system developed with two dimensional bar codes, wireless communication and removal storage technique. Based on the system, nurses and correlative personnel check code wait operation patient to prevent the defaults. The tests show the system is effective. Its objectivity and currency are more scientific and sophisticated than current traditional method in domestic hospital.

  18. Infrared: A Key Technology for Security Systems

    OpenAIRE

    Corsi, Carlo

    2012-01-01

    Infrared science and technology has been, since the first applications, mainly dedicated to security and surveillance especially in military field, besides specialized techniques in thermal imaging for medical diagnostic and building structures and recently in energy savings and aerospace context. Till recently the security applications were mainly based on thermal imaging as surveillance and warning military systems. In all these applications the advent of room temperature, more reliable due...

  19. E-Commerce Privacy and Security System

    OpenAIRE

    Kuldeep Kaur; Dr. Ashutosh Pathak

    2015-01-01

    The Internet is a public networks consisting of thousand of private computer network connected together. Private computer network system is exposed to potential threats from anywhere on the public network. In physical world, crimes often leave evidence finger prints, footprints, witnesses, video on security comes and so on. Online a cyber –crimes, also leaves physical, electronic evidence, but unless good security measures are taken, it may be difficult to trace the source of cybe...

  20. Use of Attack Graphs in Security Systems

    Directory of Open Access Journals (Sweden)

    Vivek Shandilya

    2014-01-01

    Full Text Available Attack graphs have been used to model the vulnerabilities of the systems and their potential exploits. The successful exploits leading to the partial/total failure of the systems are subject of keen security interest. Considerable effort has been expended in exhaustive modeling, analyses, detection, and mitigation of attacks. One prominent methodology involves constructing attack graphs of the pertinent system for analysis and response strategies. This not only gives the simplified representation of the system, but also allows prioritizing the security properties whose violations are of greater concern, for both detection and repair. We present a survey and critical study of state-of-the-art technologies in attack graph generation and use in security system. Based on our research, we identify the potential, challenges, and direction of the current research in using attack graphs.

  1. NOSArmor: Building a Secure Network Operating System

    Directory of Open Access Journals (Sweden)

    Hyeonseong Jo

    2018-01-01

    Full Text Available Software-Defined Networking (SDN, controlling underlying network devices (i.e., data plane in a logically centralized manner, is now actively adopted in many real world networking environments. It is clear that a network administrator can easily understand and manage his networking environments with the help of SDN. In SDN, a network operating system (NOS, also known as an SDN controller, is the most critical component because it should be involved in all transactions for controlling network devices, and thus the security of NOS cannot be highly exaggerated. However, in spite of its importance, no previous works have thoroughly investigated the security of NOS. In this work, to address this problem, we present the NOSArmor, which integrates several security mechanisms, named as security building block (SBB, into a consolidated SDN controller. NOSArmor consists of eight SBBs and each of them addresses different security principles of network assets. For example, while role-based authorization focuses on securing confidentiality of internal storage from malicious applications, OpenFlow protocol verifier protects availability of core service in the controller from malformed control messages received from switches. In addition, NOSArmor shows competitive performance compared to existing other controllers (i.e., ONOS, Floodlight with secureness of network assets.

  2. 47 CFR 80.277 - Ship Security Alert System (SSAS).

    Science.gov (United States)

    2010-10-01

    ... 47 Telecommunication 5 2010-10-01 2010-10-01 false Ship Security Alert System (SSAS). 80.277... Security Alert System (SSAS). (a) Vessels equipped with a Ship Security Alert System pursuant to the Safety..., “RTCM Standard 11020.0—Ship Security Alert Systems (SSAS) using the Cospas-Sarsat System,” Version 1.0...

  3. 6 CFR 5.31 - Security of systems of records.

    Science.gov (United States)

    2010-01-01

    ... 6 Domestic Security 1 2010-01-01 2010-01-01 false Security of systems of records. 5.31 Section 5.31 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY DISCLOSURE OF RECORDS AND INFORMATION Privacy Act § 5.31 Security of systems of records. (a) In general. Each component...

  4. Personal health record systems and their security protection.

    Science.gov (United States)

    Win, Khin Than; Susilo, Willy; Mu, Yi

    2006-08-01

    The objective of this study is to analyze the security protection of personal health record systems. To achieve this we have investigated different personal health record systems, their security functions, and security issues. We have noted that current security mechanisms are not adequate and we have proposed some security mechanisms to tackle these problems.

  5. Design tools for complex dynamic security systems.

    Energy Technology Data Exchange (ETDEWEB)

    Byrne, Raymond Harry; Rigdon, James Brian; Rohrer, Brandon Robinson; Laguna, Glenn A.; Robinett, Rush D. III (.; ); Groom, Kenneth Neal; Wilson, David Gerald; Bickerstaff, Robert J.; Harrington, John J.

    2007-01-01

    The development of tools for complex dynamic security systems is not a straight forward engineering task but, rather, a scientific task where discovery of new scientific principles and math is necessary. For years, scientists have observed complex behavior but have had difficulty understanding it. Prominent examples include: insect colony organization, the stock market, molecular interactions, fractals, and emergent behavior. Engineering such systems will be an even greater challenge. This report explores four tools for engineered complex dynamic security systems: Partially Observable Markov Decision Process, Percolation Theory, Graph Theory, and Exergy/Entropy Theory. Additionally, enabling hardware technology for next generation security systems are described: a 100 node wireless sensor network, unmanned ground vehicle and unmanned aerial vehicle.

  6. Home security system using internet of things

    Science.gov (United States)

    Anitha, A.

    2017-11-01

    IoT refers to the infrastructure of connected physical devices which is growing at a rapid rate as huge number of devices and objects are getting associated to the Internet. Home security is a very useful application of IoT and we are using it to create an inexpensive security system for homes as well as industrial use. The system will inform the owner about any unauthorized entry or whenever the door is opened by sending a notification to the user. After the user gets the notification, he can take the necessary actions. The security system will use a microcontroller known as Arduino Uno to interface between the components, a magnetic Reed sensor to monitor the status, a buzzer for sounding the alarm, and a WiFi module, ESP8266 to connect and communicate using the Internet. The main advantages of such a system includes the ease of setting up, lower costs and low maintenance.

  7. Water System Security and Resilience in Homeland Security Research

    Science.gov (United States)

    EPA's water security research provides tools needed to improve infrastructure security and to recover from an attack or contamination incident involving chemical, biological, or radiological (CBR) agents or weapons.

  8. Security for decentralized health information systems.

    Science.gov (United States)

    Bleumer, G

    1994-02-01

    Health care information systems must reflect at least two basic characteristics of the health care community: the increasing mobility of patients and the personal liability of everyone giving medical treatment. Open distributed information systems bear the potential to reflect these requirements. But the market for open information systems and operating systems hardly provides secure products today. This 'missing link' is approached by the prototype SECURE Talk that provides secure transmission and archiving of files on top of an existing operating system. Its services may be utilized by existing medical applications. SECURE Talk demonstrates secure communication utilizing only standard hardware. Its message is that cryptography (and in particular asymmetric cryptography) is practical for many medical applications even if implemented in software. All mechanisms are software implemented in order to be executable on standard-hardware. One can investigate more or less decentralized forms of public key management and the performance of many different cryptographic mechanisms. That of, e.g. hybrid encryption and decryption (RSA+DES-PCBC) is about 300 kbit/s. That of signing and verifying is approximately the same using RSA with a DES hash function. The internal speed, without disk accesses etc., is about 1.1 Mbit/s. (Apple Quadra 950 (MC 68040, 33 MHz, RAM: 20 MB, 80 ns. Length of RSA modulus is 512 bit).

  9. Selecting RMF Controls for National Security Systems

    Energy Technology Data Exchange (ETDEWEB)

    Witzke, Edward L. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2015-08-01

    In 2014, the United States Department of Defense started tra nsitioning the way it performs risk management and accreditation of informatio n systems to a process entitled Risk Management Framework for DoD Information Technology or RMF for DoD IT. There are many more security and privacy contro ls (and control enhancements) from which to select in RMF, than there w ere in the previous Information Assurance process. This report is an attempt t o clarify the way security controls and enhancements are selected. After a brief overview and comparison of RMF for DoD I T with the previously used process, this report looks at the determination of systems as National Security Systems (NSS). Once deemed to be an NSS, this report addr esses the categorization of the information system with respect to impact level s of the various security objectives and the selection of an initial baseline o f controls. Next, the report describes tailoring the controls through the use of overl ays and scoping considerations. Finally, the report discusses organizatio n-defined values for tuning the security controls to the needs of the information system.

  10. Process Control/SCADA system vendor security awareness and security posture.

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Lüders, S.

    2009-01-01

    A starting point for the adequate security of process control/SCADA systems is the security awareness and security posture by the manufacturers, vendors, system integrators, and service organisations. The results of a short set of questions indicate that major security improvements are required in

  11. Obsessive-Compulsive Homeland Security: Insights from the Neurobiological Security Motivation System

    Science.gov (United States)

    2018-03-01

    HOMELAND SECURITY: INSIGHTS FROM THE NEUROBIOLOGICAL SECURITY MOTIVATION SYSTEM by Marissa D. Madrigal March 2018 Thesis Advisor...FROM THE NEUROBIOLOGICAL SECURITY MOTIVATION SYSTEM 5. FUNDING NUMBERS 6. AUTHOR(S) Marissa D. Madrigal 7. PERFORMING ORGANIZATION NAME(S) AND...how activation of the neurobiological security- motivation system can lead to securitization in response to a security speech act. It explores the model

  12. Primer Control System Cyber Security Framework and Technical Metrics

    Energy Technology Data Exchange (ETDEWEB)

    Wayne F. Boyer; Miles A. McQueen

    2008-05-01

    The Department of Homeland Security National Cyber Security Division supported development of a control system cyber security framework and a set of technical metrics to aid owner-operators in tracking control systems security. The framework defines seven relevant cyber security dimensions and provides the foundation for thinking about control system security. Based on the developed security framework, a set of ten technical metrics are recommended that allow control systems owner-operators to track improvements or degradations in their individual control systems security posture.

  13. Analysis and comparison of transportation security systems

    International Nuclear Information System (INIS)

    Rinne, R.L.

    1976-05-01

    The role of modeling in the analysis of transportation security systems is described. Various modeling approaches are outlined. The conflict model developed in Sandia Laboratories' Transportation Mode Analysis for the NRC Special Safeguards Study is used to demonstrate the capability of models to determine system sensitivities and compare alternatives

  14. Windows 2012 Server network security securing your Windows network systems and infrastructure

    CERN Document Server

    Rountree, Derrick

    2013-01-01

    Windows 2012 Server Network Security provides the most in-depth guide to deploying and maintaining a secure Windows network. The book drills down into all the new features of Windows 2012 and provides practical, hands-on methods for securing your Windows systems networks, including: Secure remote access Network vulnerabilities and mitigations DHCP installations configuration MAC filtering DNS server security WINS installation configuration Securing wired and wireless connections Windows personal firewall

  15. Polish Security Printing Works in the system of public and economic security

    OpenAIRE

    Remigiusz Lewandowski

    2013-01-01

    The article raises the issue of placing PWPW in the system of economic and public security. Two particular categories of security connected with PWPW business activity, i.e. identification and transactional security, have been defined and discussed in the article. The most essential factors affecting the above security categories as well as relations between identification/transactional security and economic/public security. The article indicates that PWPW plays an important role in the state...

  16. A biometric method to secure telemedicine systems.

    Science.gov (United States)

    Zhang, G H; Poon, Carmen C Y; Li, Ye; Zhang, Y T

    2009-01-01

    Security and privacy are among the most crucial issues for data transmission in telemedicine systems. This paper proposes a solution for securing wireless data transmission in telemedicine systems, i.e. within a body sensor network (BSN), between the BSN and server as well as between the server and professionals who have assess to the server. A unique feature of this solution is the generation of random keys by physiological data (i.e. a biometric approach) for securing communication at all 3 levels. In the performance analysis, inter-pulse interval of photoplethysmogram is used as an example to generate these biometric keys to protect wireless data transmission. The results of statistical analysis and computational complexity suggest that this type of key is random enough to make telemedicine systems resistant to attacks.

  17. Artificial immune system applications in computer security

    CERN Document Server

    Tan, Ying

    2016-01-01

    This book provides state-of-the-art information on the use, design, and development of the Artificial Immune System (AIS) and AIS-based solutions to computer security issues. Artificial Immune System: Applications in Computer Security focuses on the technologies and applications of AIS in malware detection proposed in recent years by the Computational Intelligence Laboratory of Peking University (CIL@PKU). It offers a theoretical perspective as well as practical solutions for readers interested in AIS, machine learning, pattern recognition and computer security. The book begins by introducing the basic concepts, typical algorithms, important features, and some applications of AIS. The second chapter introduces malware and its detection methods, especially for immune-based malware detection approaches. Successive chapters present a variety of advanced detection approaches for malware, including Virus Detection System, K-Nearest Neighbour (KNN), RBF networ s, and Support Vector Machines (SVM), Danger theory, ...

  18. Recent advances in systems safety and security

    CERN Document Server

    Stamatescu, Grigore

    2016-01-01

    This book represents a timely overview of advances in systems safety and security, based on selected, revised and extended contributions from the 2nd and 3rd editions of the International Workshop on Systems Safety and Security – IWSSS, held in 2014 and 2015, respectively, in Bucharest, Romania. It includes 14 chapters, co-authored by 34 researchers from 7 countries. The book provides an useful reference from both theoretical and applied perspectives in what concerns recent progress in this area of critical interest. Contributions, broadly grouped by core topic, address challenges related to information theoretic methods for assuring systems safety and security, cloud-based solutions, image processing approaches, distributed sensor networks and legal or risk analysis viewpoints. These are mostly accompanied by associated case studies providing additional practical value and underlying the broad relevance and impact of the field.

  19. Service Oriented Architecture in Network Security - a novel Organisation in Security Systems

    OpenAIRE

    Hilker, Michael; Schommer, Christoph

    2008-01-01

    Current network security systems are a collection of various security components, which are directly installed in the operating system. These check the whole node for suspicious behaviour. Armouring intrusions e.g. have the ability to hide themselves from being checked. We present in this paper an alternative organisation of security systems. The node is completely virtualized with current virtualization systems so that the operating system with applications and the security system is disting...

  20. Review on security issues in RFID systems

    Directory of Open Access Journals (Sweden)

    Mohamed El Beqqal

    2017-12-01

    Full Text Available Radio frequency Identification (RFID is currently considered as one of the most used technologies for an automatic identification of objects or people. Based on a combination of tags and readers, RFID technology has widely been applied in various areas including supply chain, production and traffic control systems. However, despite of its numerous advantages, the technology brings out many challenges and concerns still not being attracting more and more researchers especially the security and privacy issues. In this paper, we review some of the recent research works using RFID solutions and dealing with security and privacy issues, we define our specific parameters and requirements allowing us to classify for each work which part of the RFID system is being secured, the solutions and the techniques used besides the conformity to RFID standards. Finally, we present briefly a solution that consists of combining RFID with smartcard based biometric to enhance security especially in access control scenarios. Hence the result of our study aims to give a clear vision of available solutions and techniques used to prevent and secure the RFID system from specific threats and attacks.

  1. Data security in Intelligent Transport Systems

    Directory of Open Access Journals (Sweden)

    Tomas Zelinka

    2012-10-01

    Full Text Available Intelligent Transport Services expect availability of the secure seamless communications solutions typically covering widely spread areas. Different ITS solutions require different portfolio of telecommunications service quality. These parameters have to correspond with ITS service performance parameters required by specific service. Even though quite extensive range of public wireless data services with reasonable coverage are provided, most of them are provided with no guaranteed quality and security. ITS requirements can be in most parameters easier reached if multi-path communications systems are applied core solution is combined with both public as well as private ones where and when it is needed. Such solution requires implementation of relevant flexible system architecture supported by the efficient decision processes. This paper is concentrated the telecommunications security issues relevant to the ITS wide area networking. Expected level of security varies in dependence on relevant ITS service requirements. Data volumes transferred both in private data vehicle on board networks as well as between vehicles and infrastructure (C2I or other vehicles (C2C progressively grow. Such trend upsurges the fatal problems appearance probability in case security of the wide area networks is not relevantly treated. That is reason why relevant communications security treatment becomes crucial part of the ITS solution. Besides of available "off shelf" security tools we present solution based on non-public universal identifier with dynamical extension (time and position dependency as an autonomous variables and data selection according to actor role or category. Presented results were obtained within projects e-Ident1, DOTEK2 and SRATVU3.

  2. Security Engineering FY17 Systems Aware Cybersecurity

    Science.gov (United States)

    2017-12-07

    Security Engineering – FY17 Systems Aware Cybersecurity Technical Report SERC-2017-TR-114 December 7 2017 Principal Investigator: Dr...December 7, 2017 Copyright © 2017 Stevens Institute of Technology, Systems Engineering Research Center The Systems Engineering Research Center (SERC...supported, in whole or in part, by the U.S. Department of Defense through the Office of the Assistant Secretary of Defense for Research and Engineering (ASD

  3. 28 CFR 700.24 - Security of systems of records.

    Science.gov (United States)

    2010-07-01

    ... 28 Judicial Administration 2 2010-07-01 2010-07-01 false Security of systems of records. 700.24... Records Under the Privacy Act of 1974 § 700.24 Security of systems of records. (a) The Office Administrator or Security Officer shall be responsible for issuing regulations governing the security of systems...

  4. 8 CFR 103.34 - Security of records systems.

    Science.gov (United States)

    2010-01-01

    ... 8 Aliens and Nationality 1 2010-01-01 2010-01-01 false Security of records systems. 103.34 Section 103.34 Aliens and Nationality DEPARTMENT OF HOMELAND SECURITY IMMIGRATION REGULATIONS POWERS AND DUTIES; AVAILABILITY OF RECORDS § 103.34 Security of records systems. The security of records systems...

  5. 33 CFR 106.255 - Security systems and equipment maintenance.

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Security systems and equipment... Shelf (OCS) Facility Security Requirements § 106.255 Security systems and equipment maintenance. (a) Security systems and equipment must be in good working order and inspected, tested, calibrated, and...

  6. Comparison of Routable Control System Security Approaches

    Energy Technology Data Exchange (ETDEWEB)

    Edgar, Thomas W.; Hadley, Mark D.; Carroll, Thomas E.; Manz, David O.; Winn, Jennifer D.

    2011-06-01

    This document is an supplement to the 'Secure and Efficient Routable Control Systems.' It addressed security in routable control system communication. The control system environment that monitors and manages the power grid historically has utilized serial communication mechanisms. Leased-line serial communication environments operating at 1200 to 9600 baud rates are common. However, recent trends show that communication media such as fiber, optical carrier 3 (OC-3) speeds, mesh-based high-speed wireless, and the Internet are becoming the media of choice. In addition, a dichotomy has developed between the electrical transmission and distribution environments, with more modern communication infrastructures deployed by transmission utilities. The preceding diagram represents a typical control system. The Communication Links cloud supports all of the communication mechanisms a utility might deploy between the control center and devices in the field. Current methodologies used for security implementations are primarily led by single vendors or standards bodies. However, these entities tend to focus on individual protocols. The result is an environment that contains a mixture of security solutions that may only address some communication protocols at an increasing operational burden for the utility. A single approach is needed that meets operational requirements, is simple to operate, and provides the necessary level of security for all control system communication. The solution should be application independent (e.g., Distributed Network Protocol/Internet Protocol [DNP/IP], International Electrotechnical Commission [IEC] C37.118, Object Linking and Embedding for Process Control [OPC], etc.) and focus on the transport layer. In an ideal setting, a well-designed suite of standards for control system communication will be used for vendor implementation and compliance testing. An expected outcome of this effort is an international standard.

  7. Proceedings: Small Wind Turbine Systems, 1981

    Energy Technology Data Exchange (ETDEWEB)

    1981-01-01

    Small wind turbine technology is discussed. Systems development, test programs, utility interface issues, safety and reliability programs, applications, and marketing are discussed. For individual titles, see N83-23723 through N83-23741.

  8. Adaptive security systems -- Combining expert systems with adaptive technologies

    International Nuclear Information System (INIS)

    Argo, P.; Loveland, R.; Anderson, K.

    1997-01-01

    The Adaptive Multisensor Integrated Security System (AMISS) uses a variety of computational intelligence techniques to reason from raw sensor data through an array of processing layers to arrive at an assessment for alarm/alert conditions based on human behavior within a secure facility. In this paper, the authors give an overview of the system and briefly describe some of the major components of the system. This system is currently under development and testing in a realistic facility setting

  9. QuickCash: Secure Transfer Payment Systems

    Directory of Open Access Journals (Sweden)

    Abdulrahman Alhothaily

    2017-06-01

    Full Text Available Payment systems play a significant role in our daily lives. They are an important driver of economic activities and a vital part of the banking infrastructure of any country. Several current payment systems focus on security and reliability but pay less attention to users’ needs and behaviors. For example, people may share their bankcards with friends or relatives to withdraw money for various reasons. This behavior can lead to a variety of privacy and security issues since the cardholder has to share a bankcard and other sensitive information such as a personal identification number (PIN. In addition, it is commonplace that cardholders may lose their cards, and may not be able to access their accounts due to various reasons. Furthermore, transferring money to an individual who has lost their bankcard and identification information is not a straightforward task. A user-friendly person-to-person payment system is urgently needed to perform secure and reliable transactions that benefit from current technological advancements. In this paper, we propose two secure fund transfer methods termed QuickCash Online and QuickCash Offline to transfer money from peer to peer using the existing banking infrastructure. Our methods provide a convenient way to transfer money quickly, and they do not require using bank cards or any identification card. Unlike other person-to-person payment systems, the proposed methods do not require the receiving entity to have a bank account, or to perform any registration procedure. We implement our QuickCash payment systems and analyze their security strengths and properties.

  10. QuickCash: Secure Transfer Payment Systems

    Science.gov (United States)

    Alhothaily, Abdulrahman; Alrawais, Arwa; Song, Tianyi; Lin, Bin; Cheng, Xiuzhen

    2017-01-01

    Payment systems play a significant role in our daily lives. They are an important driver of economic activities and a vital part of the banking infrastructure of any country. Several current payment systems focus on security and reliability but pay less attention to users’ needs and behaviors. For example, people may share their bankcards with friends or relatives to withdraw money for various reasons. This behavior can lead to a variety of privacy and security issues since the cardholder has to share a bankcard and other sensitive information such as a personal identification number (PIN). In addition, it is commonplace that cardholders may lose their cards, and may not be able to access their accounts due to various reasons. Furthermore, transferring money to an individual who has lost their bankcard and identification information is not a straightforward task. A user-friendly person-to-person payment system is urgently needed to perform secure and reliable transactions that benefit from current technological advancements. In this paper, we propose two secure fund transfer methods termed QuickCash Online and QuickCash Offline to transfer money from peer to peer using the existing banking infrastructure. Our methods provide a convenient way to transfer money quickly, and they do not require using bank cards or any identification card. Unlike other person-to-person payment systems, the proposed methods do not require the receiving entity to have a bank account, or to perform any registration procedure. We implement our QuickCash payment systems and analyze their security strengths and properties. PMID:28608846

  11. QuickCash: Secure Transfer Payment Systems.

    Science.gov (United States)

    Alhothaily, Abdulrahman; Alrawais, Arwa; Song, Tianyi; Lin, Bin; Cheng, Xiuzhen

    2017-06-13

    Payment systems play a significant role in our daily lives. They are an important driver of economic activities and a vital part of the banking infrastructure of any country. Several current payment systems focus on security and reliability but pay less attention to users' needs and behaviors. For example, people may share their bankcards with friends or relatives to withdraw money for various reasons. This behavior can lead to a variety of privacy and security issues since the cardholder has to share a bankcard and other sensitive information such as a personal identification number (PIN). In addition, it is commonplace that cardholders may lose their cards, and may not be able to access their accounts due to various reasons. Furthermore, transferring money to an individual who has lost their bankcard and identification information is not a straightforward task. A user-friendly person-to-person payment system is urgently needed to perform secure and reliable transactions that benefit from current technological advancements. In this paper, we propose two secure fund transfer methods termed QuickCash Online and QuickCash Offline to transfer money from peer to peer using the existing banking infrastructure. Our methods provide a convenient way to transfer money quickly, and they do not require using bank cards or any identification card. Unlike other person-to-person payment systems, the proposed methods do not require the receiving entity to have a bank account, or to perform any registration procedure. We implement our QuickCash payment systems and analyze their security strengths and properties.

  12. Proceedings of the Air Force Forum for Intelligent Tutoring Systems

    Science.gov (United States)

    1989-04-01

    Science Air Force Summer Study on Fault Isolation in Air Force Weapons and Support Systems. He is an expert in simulation-oriented computer-based...Tutoring (Collins, 1976.) Reprinted with permission of Lawrence Erlbauni Assoc., Inc., Publishers, ( 1976. It should be clear that understanding natural...Grignetti, M., Hausman , C., & Gould, L. (1975). An intelligent on-line assistant and tutor: NLS-Scholar. In Proceedings of the National Computer

  13. Data backup security in cloud storage system

    OpenAIRE

    Атаян, Борис Геннадьевич; Национальный политехнический университет Армении; Багдасарян, Татевик Араевна; Национальный политехнический университет Армении

    2016-01-01

    Cloud backup system is proposed, which provides means for effective creation, secure storage and restore of backups inCloud. For data archiving new efficient SGBP file format is being used in the system, which is based on DEFLATE compressionalgorithm. Proposed format provides means for fast archive creation, which can contain significant amounts of data. Modernapproaches of backup archive protection are described in the paper. Also the SGBP format is compared to heavily used ZIP format(both Z...

  14. A Survey on Password Security Systems

    OpenAIRE

    Ms. A. G. Khairnar; Prof. N. L. Bhale

    2013-01-01

    Password security is essential for user authentication on small networking system as well large networking system. Till today many researchers introduced various methods to protect passwords on network. Passwords are prone to various types of attacks like brute force attack, password reuse attack, password stealing attack, password cracking attack, etc. This paper gives review on different methods which were introduced for protection of password on a network. This paper also includes work don...

  15. Science of Security Lablet - Scalability and Usability

    Science.gov (United States)

    2014-12-16

    Cybersecurity_Framework.ashx Byres, Eric and Justin Lowe, 2004, The Myths and Facts behind Cyber Security Risks for Industrial Control Systems, Proceedings of the VDE ...Myths and Facts behind Cyber Security Risks for Industria l Control Systems, Proceedings of the VDE Kongress, 2004. Kshetri, Nir, 2005, Pattern of

  16. Proceedings

    International Nuclear Information System (INIS)

    Jury, J.W. ed.

    1990-01-01

    These fifteen papers were presented by students in nuclear engineering from the Universities of Toronto and Manitoba, the Royal Military College, Ecole Polytechnique, McMaster University, and Trent University. They cover the areas of CANDU, SLOWPOKE and MAPLE reactor systems and fuel, applied nucleonics, and simulation theory and thermalhydraulics. (L.L.)

  17. Workshop Proceedings: Utilizing global information systems

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    1998-03-01

    This one day workshop was attended by 50 delegates representing 20 countries. Fourteen papers dealing with cleaner production/cleaner technology global information systems were presented. The objective of the workshop was to increase cooperation and interaction on international clean production/clean technology information transfer activities and to identify ways to ensure continued cooperation and system improvements. Topics discussed included information format to meet user needs; coordination of effort to avoid duplication and to encourage consistency in information delivery; and marketing, to expand the dissemination of information on cleaner production/cleaner technology. In terms of information format, content, systems and reliability were identified as target issues. The group discussing coordination of effort suggested that a wholesale/retail approach to information dissemination be adopted. The group also called for regular meetings to supplement communication via the Internet. The marketing group suggested that there is a need to show the benefits of technologies and to establish links to industrial associations as being critical to success.

  18. Visions of sustainable urban energy systems. Proceedings

    Energy Technology Data Exchange (ETDEWEB)

    Pietzsch, Ursula [HFT Stuttgart (Germany). zafh.net - Centre of Applied Research - Sustainable Energy Technology; Mikosch, Milena [Steinbeis-Zentrum, Stuttgart (Germany). Europaeischer Technologietransfer; Liesner, Lisa (eds.)

    2010-09-15

    Within the polycity final conference from 15th to 17th September, 2010, in Stuttgart (Federal Republic of Germany) the following lectures were held: (1) Visions of sustainable urban energy system (Ursula Eicker); (2) Words of welcome (Tanja Goenner); (3) Zero-energy Europe - We are on our way (Jean-Marie Bemtgen); (4) Polycity - Energy networks in sustainable cities An introduction (Ursula Pietzsch); (5) Energy efficient city - Successful examples in the European concerto initiative (Brigitte Bach); (6) Sustainable building and urban concepts in the Catalonian polycity project contributions to the polycity final conference 2010 (Nuria Pedrals); (7) Energy efficient buildings and renewable supply within the German polycity project (Ursula Eicker); (8) Energy efficient buildings and cities in the US (Thomas Spiegehalter); (9) Energy efficient communities - First results from an IEA collaboration project (Reinhard Jank); (10) The European energy performance of buildings directive (EPBD) - Lessons learned (Eduardo Maldonado); (11) Passive house standard in Europe - State-of-the-art and challenges (Wolfgang Feist); (12) High efficiency non-residential buildings: Concepts, implementations and experiences from the UK (Levin Lomas); (13) This is how we can save our world (Franz Alt); (14) Green buildings and renewable heating and cooling concepts in China (Yanjun Dai); (15) Sustainable urban energy solutions for Asia (Brahmanand Mohanty); (16) Description of ''Parc de l'Alba'' polygeneration system: A large-scale trigeneration system with district heating within the Spanish polycity project (Francesc Figueras Bellot); (17) Improved building automation and control systems with hardware-in-the loop solutions (Martin Becker); (18) The Italian polycity project area: Arquata (Luigi Fazari); (19) Photovoltaic system integration: In rehabilitated urban structures: Experiences and performance results from the Italian polycity project in Turin (Franco

  19. Security Threat Assessment of an Internet Security System Using Attack Tree and Vague Sets

    OpenAIRE

    Kuei-Hu Chang

    2014-01-01

    Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system’s elementary event are incomplete—the traditional approach for ca...

  20. Security threat assessment of an Internet security system using attack tree and vague sets.

    Science.gov (United States)

    Chang, Kuei-Hu

    2014-01-01

    Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system's elementary event are incomplete--the traditional approach for calculating reliability--is no longer applicable. Moreover, it does not consider the failure probability of the bottom events suffered in the attack, which may bias conclusions. In order to effectively solve the problem above, this paper proposes a novel technique, integrating attack tree and vague sets for security threat assessment. For verification of the proposed approach, a numerical example of an Internet security system security threat assessment is adopted in this paper. The result of the proposed method is compared with the listing approaches of security threat assessment methods.

  1. Hacker tracking Security system for HMI

    Science.gov (United States)

    Chauhan, Rajeev Kumar

    2011-12-01

    Conventional Supervisory control and data Acquisition (SCADA) systems use PC, notebook, thin client, and PDA as a Client. Nowadays the Process Industries are following multi shift system that's why multi- client of different category have to work at a single human Machine Interface (HMI). They may hack the HMI Display and change setting of the other client. This paper introduces a Hacker tracking security (HTS) System for HMI. This is developed by using the conventional and Biometric authentication. HTS system is developed by using Numeric passwords, Smart card, biometric, blood flow and Finger temperature. This work is also able to identify the hackers.

  2. A systematic literature review on security and privacy of electronic health record systems: technical perspectives.

    Science.gov (United States)

    Rezaeibagha, Fatemeh; Win, Khin Than; Susilo, Willy

    Even though many safeguards and policies for electronic health record (EHR) security have been implemented, barriers to the privacy and security protection of EHR systems persist. This article presents the results of a systematic literature review regarding frequently adopted security and privacy technical features of EHR systems. Our inclusion criteria were full articles that dealt with the security and privacy of technical implementations of EHR systems published in English in peer-reviewed journals and conference proceedings between 1998 and 2013; 55 selected studies were reviewed in detail. We analysed the review results using two International Organization for Standardization (ISO) standards (29100 and 27002) in order to consolidate the study findings. Using this process, we identified 13 features that are essential to security and privacy in EHRs. These included system and application access control, compliance with security requirements, interoperability, integration and sharing, consent and choice mechanism, policies and regulation, applicability and scalability and cryptography techniques. This review highlights the importance of technical features, including mandated access control policies and consent mechanisms, to provide patients' consent, scalability through proper architecture and frameworks, and interoperability of health information systems, to EHR security and privacy requirements.

  3. A security framework for systems of systems

    NARCIS (Netherlands)

    Trivellato, D.; Zannone, N.; Etalle, S.

    2011-01-01

    Systems of systems consist of a wide variety of dynamic, distributed coalitions of autonomous and heterogeneous systems that collaborate to achieve a common goal. While offering several advantages in terms of scalability and flexibility, this new paradigm has a strong impact on system

  4. A Security Framework for Systems of Systems

    NARCIS (Netherlands)

    Trivellato, Daniel; Zannone, Nicola; Etalle, Sandro

    2011-01-01

    Systems of systems consist of a wide variety of dynamic, distributed coalitions of autonomous and heterogeneous systems that collaborate to achieve a common goal. While offering several advantages in terms of scalability and flexibility, this new paradigm has a strong impact on system

  5. Designing Secure Systems on Reconfigurable Hardware

    OpenAIRE

    Huffmire, Ted; Brotherton, Brett; Callegari, Nick; Valamehr, Jonathan; White, Jeff; Kastner, Ryan; Sherwood, Ted

    2008-01-01

    The extremely high cost of custom ASIC fabrication makes FPGAs an attractive alternative for deployment of custom hardware. Embedded systems based on reconfigurable hardware integrate many functions onto a single device. Since embedded designers often have no choice but to use soft IP cores obtained from third parties, the cores operate at different trust levels, resulting in mixed trust designs. The goal of this project is to evaluate recently proposed security primitives for reconfigurab...

  6. Autonomous Highway Systems Safety and Security

    OpenAIRE

    Sajjad, Imran

    2017-01-01

    Automated vehicles are getting closer each day to large-scale deployment. It is expected that self-driving cars will be able to alleviate traffic congestion by safely operating at distances closer than human drivers are capable of and will overall improve traffic throughput. In these conditions, passenger safety and security is of utmost importance. When multiple autonomous cars follow each other on a highway, they will form what is known as a cyber-physical system. In a general setting, t...

  7. A Framework for Adaptive Information Security Systems : A Holistic Investigation

    OpenAIRE

    Mwakalinga, Jeffy

    2011-01-01

    This research proposes a framework for adaptive information security systems that considers both the technical and social aspects of information systems security. Initial development of information systems security focused on computer technology and communication protocols. Researchers and designers did not consider culture, traditions, ethics, and other social issues of the people using the systems when designing and developing information security systems. They also seemed to ignore environ...

  8. Strengthening the Security of ESA Ground Data Systems

    Science.gov (United States)

    Flentge, Felix; Eggleston, James; Garcia Mateos, Marc

    2013-08-01

    A common approach to address information security has been implemented in ESA's Mission Operations (MOI) Infrastructure during the last years. This paper reports on the specific challenges to the Data Systems domain within the MOI and how security can be properly managed with an Information Security Management System (ISMS) according to ISO 27001. Results of an initial security risk assessment are reported and the different types of security controls that are being implemented in order to reduce the risks are briefly described.

  9. Ultra Safe And Secure Blasting System

    Energy Technology Data Exchange (ETDEWEB)

    Hart, M M

    2009-07-27

    The Ultra is a blasting system that is designed for special applications where the risk and consequences of unauthorized demolition or blasting are so great that the use of an extraordinarily safe and secure blasting system is justified. Such a blasting system would be connected and logically welded together through digital code-linking as part of the blasting system set-up and initialization process. The Ultra's security is so robust that it will defeat the people who designed and built the components in any attempt at unauthorized detonation. Anyone attempting to gain unauthorized control of the system by substituting components or tapping into communications lines will be thwarted in their inability to provide encrypted authentication. Authentication occurs through the use of codes that are generated by the system during initialization code-linking and the codes remain unknown to anyone, including the authorized operator. Once code-linked, a closed system has been created. The system requires all components connected as they were during initialization as well as a unique code entered by the operator for function and blasting.

  10. 33 CFR 105.250 - Security systems and equipment maintenance.

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Security systems and equipment... systems and equipment maintenance. (a) Security systems and equipment must be in good working order and... include procedures for identifying and responding to security system and equipment failures or...

  11. 33 CFR 104.260 - Security systems and equipment maintenance.

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Security systems and equipment... systems and equipment maintenance. (a) Security systems and equipment must be in good working order and... procedures for identifying and responding to security system and equipment failures or malfunctions. ...

  12. Security of legacy process control systems : Moving towards secure process control systems

    NARCIS (Netherlands)

    Oosterink, M.

    2012-01-01

    This white paper describes solutions which organisations may use to improve the security of their legacy process control systems. When we refer to a legacy system, we generally refer to old methodologies, technologies, computer systems or applications which are still in use, despite the fact that

  13. Vietnam: expanding the social security system.

    Science.gov (United States)

    Pruzin, D

    1996-01-01

    Viet Nam's shift toward a market-oriented economy has been associated with annual gross domestic product growth of more than 8% over the past 5 years. At the same time, the emergence of private-sector enterprises and subsequent closure of many state-run enterprises have had profound implications for Viet Nam's social protection systems. At present, only 5.6 million of the country's 33 million workers are covered under the state-run social insurance system. In 1995, the government moved to include private enterprises with 10 or more employees in its state benefits system. The International Labor Organization (ILO) has been working with the Vietnamese Government to design and implement a social security system that would extend coverage progressively to excluded sectors and provide support to workers who have become unemployed as a result of the economic transition process. At its Eighth National Congress, the Vietnamese Communist Party approved a 5-year social and economic plan calling for such an expansion of the social insurance system as well as for a guaranteed standard of living for pensioners. To facilitate anticipated changes, activities that were previously divided between the Ministry of Labor, Invalids, and Social Affairs and the Vietnam General Confederation of Labor have been assigned to the newly formed Vietnam Social Insurance (VSI) Organization. Under consideration is a plan to combine some VSI activities with those of the Vietnam Health Insurance Organization. The ILO will assist with training, computerization, and social security fund investing. Noncompliance is a major obstacle to planned expansion of the social security system; about 90% of private firms are still not paying into the system.

  14. Cryptanalyzing a discrete-time chaos synchronization secure communication system

    International Nuclear Information System (INIS)

    Alvarez, G.; Montoya, F.; Romera, M.; Pastor, G.

    2004-01-01

    This paper describes the security weakness of a recently proposed secure communication method based on discrete-time chaos synchronization. We show that the security is compromised even without precise knowledge of the chaotic system used. We also make many suggestions to improve its security in future versions

  15. Handbook for the Computer Security Certification of Trusted Systems

    National Research Council Canada - National Science Library

    Weissman, Clark

    1995-01-01

    Penetration testing is required for National Computer Security Center (NCSC) security evaluations of systems and products for the B2, B3, and A1 class ratings of the Trusted Computer System Evaluation Criteria (TCSEC...

  16. Analysis of Intel IA-64 Processor Support for Secure Systems

    National Research Council Canada - National Science Library

    Unalmis, Bugra

    2001-01-01

    .... Systems could be constructed for which serious security threats would be eliminated. This thesis explores the Intel IA-64 processor's hardware support and its relationship to software for building a secure system...

  17. Prototype of smart office system using based security system

    Science.gov (United States)

    Prasetyo, T. F.; Zaliluddin, D.; Iqbal, M.

    2018-05-01

    Creating a new technology in the modern era gives a positive impact on business and industry. Internet of Things (IoT) as a new communication technology is very useful in realizing smart systems such as: smart home, smart office, smart parking and smart city. This study presents a prototype of the smart office system which was designed as a security system based on IoT. Smart office system development method used waterfall model. IoT-based smart office system used platform (project builder) cayenne so that. The data can be accessed and controlled through internet network from long distance. Smart office system used arduino mega 2560 microcontroller as a controller component. In this study, Smart office system is able to detect threats of dangerous objects made from metals, earthquakes, fires, intruders or theft and perform security monitoring outside the building by using raspberry pi cameras on autonomous robots in real time to the security guard.

  18. Designing a Secure Point-of-Sale System

    DEFF Research Database (Denmark)

    Sharp, Robin; Pedersen, Allan; Hedegaard, Anders

    2006-01-01

    This paper describes some experiences with using the ''Common Criteria for Information Security Evaluation'' as the basis for a design methodology when designing secure systems. As an example, the design process for a Point-of-Sale (POS) system is described.......This paper describes some experiences with using the ''Common Criteria for Information Security Evaluation'' as the basis for a design methodology when designing secure systems. As an example, the design process for a Point-of-Sale (POS) system is described....

  19. Physical Layer Security for Cooperative NOMA Systems

    KAUST Repository

    Chen, Jianchao

    2018-01-09

    In this correspondence, we investigate the physical layer security for cooperative non-orthogonal multiple access (NOMA) systems, where both amplify-and-forward (AF) and decode-and-forward (DF) protocols are considered. More specifically, some analytical expressions are derived for secrecy outage probability (SOP) and strictly positive secrecy capacity (SPSC). Results show that AF and DF almost achieve the same secrecy performance. Moreover, asymptotic results demonstrate that the SOP tends to a constant at high signal-to-noise ratio (SNR). Finally, our results show that the secrecy performance of considered NOMA systems is independent of the channel conditions between the relay and the poor user.

  20. Physical Layer Security for Cooperative NOMA Systems

    KAUST Repository

    Chen, Jianchao; Yang, Liang; Alouini, Mohamed-Slim

    2018-01-01

    In this correspondence, we investigate the physical layer security for cooperative non-orthogonal multiple access (NOMA) systems, where both amplify-and-forward (AF) and decode-and-forward (DF) protocols are considered. More specifically, some analytical expressions are derived for secrecy outage probability (SOP) and strictly positive secrecy capacity (SPSC). Results show that AF and DF almost achieve the same secrecy performance. Moreover, asymptotic results demonstrate that the SOP tends to a constant at high signal-to-noise ratio (SNR). Finally, our results show that the secrecy performance of considered NOMA systems is independent of the channel conditions between the relay and the poor user.

  1. Secure data management : 8th VLDB workshop, SDM 2011 Seattle, WA, USA, September 2, 2011 : proceedings

    NARCIS (Netherlands)

    Jonker, W.; Petkovic, M.

    2011-01-01

    Preface. This year was the eighth edition of the VLDB Secure Data Management Workshop. The topic of data security remains an important area of research especially due to the steady growing proliferation of emerging data services such as cloud computing, location-based services, and health-related

  2. 49 CFR 659.21 - System security plan: general requirements.

    Science.gov (United States)

    2010-10-01

    ... 49 Transportation 7 2010-10-01 2010-10-01 false System security plan: general requirements. 659.21... State Oversight Agency § 659.21 System security plan: general requirements. (a) The oversight agency shall require the rail transit agency to implement a system security plan that, at a minimum, complies...

  3. 12 CFR 792.67 - Security of systems of records.

    Science.gov (United States)

    2010-01-01

    ... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Security of systems of records. 792.67 Section... AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792.67 Security of systems of records. (a) Each system manager, with the approval of the head of that...

  4. Cyber secure systems approach for NPP digital control systems

    Energy Technology Data Exchange (ETDEWEB)

    McCreary, T. J.; Hsu, A. [HF Controls Corporation, 16650 Westgrove Drive, Addison, TX 75001 (United States)

    2006-07-01

    Whether fossil or nuclear power, the chief operations goal is to generate electricity. The heart of most plant operations is the I and C system. With the march towards open architecture, the I and C system is more vulnerable than ever to system security attacks (denial of service, virus attacks and others), thus jeopardizing plant operations. Plant staff must spend large amounts of time and money setting up and monitoring a variety of security strategies to counter the threats and actual attacks to the system. This time and money is a drain on the financial performance of a plant and distracts valuable operations resources from their real goals: product. The pendulum towards complete open architecture may have swung too far. Not all aspects of proprietary hardware and software are necessarily 'bad'. As the aging U.S. fleet of nuclear power plants starts to engage in replacing legacy control systems, and given the on-going (and legitimate) concern about the security of present digital control systems, decisions about how best to approach cyber security are vital to the specification and selection of control system vendors for these upgrades. The authors maintain that utilizing certain resources available in today's digital technology, plant control systems can be configured from the onset to be inherently safe, so that plant staff can concentrate on the operational issues of the plant. The authors postulate the concept of the plant I and C being bounded in a 'Cyber Security Zone' and present a design approach that can alleviate the concern and cost at the plant level of dealing with system security strategies. Present approaches through various IT cyber strategies, commercial software, and even postulated standards from various industry/trade organizations are almost entirely reactive and simply add to cost and complexity. This Cyber Security Zone design demonstrates protection from the four classes of cyber security attacks: 1)Threat from

  5. Cyber secure systems approach for NPP digital control systems

    International Nuclear Information System (INIS)

    McCreary, T. J.; Hsu, A.

    2006-01-01

    Whether fossil or nuclear power, the chief operations goal is to generate electricity. The heart of most plant operations is the I and C system. With the march towards open architecture, the I and C system is more vulnerable than ever to system security attacks (denial of service, virus attacks and others), thus jeopardizing plant operations. Plant staff must spend large amounts of time and money setting up and monitoring a variety of security strategies to counter the threats and actual attacks to the system. This time and money is a drain on the financial performance of a plant and distracts valuable operations resources from their real goals: product. The pendulum towards complete open architecture may have swung too far. Not all aspects of proprietary hardware and software are necessarily 'bad'. As the aging U.S. fleet of nuclear power plants starts to engage in replacing legacy control systems, and given the on-going (and legitimate) concern about the security of present digital control systems, decisions about how best to approach cyber security are vital to the specification and selection of control system vendors for these upgrades. The authors maintain that utilizing certain resources available in today's digital technology, plant control systems can be configured from the onset to be inherently safe, so that plant staff can concentrate on the operational issues of the plant. The authors postulate the concept of the plant I and C being bounded in a 'Cyber Security Zone' and present a design approach that can alleviate the concern and cost at the plant level of dealing with system security strategies. Present approaches through various IT cyber strategies, commercial software, and even postulated standards from various industry/trade organizations are almost entirely reactive and simply add to cost and complexity. This Cyber Security Zone design demonstrates protection from the four classes of cyber security attacks: 1)Threat from an intruder attempting to

  6. Business Information Exchange System with Security, Privacy, and Anonymity

    Directory of Open Access Journals (Sweden)

    Sead Muftic

    2016-01-01

    Full Text Available Business Information Exchange is an Internet Secure Portal for secure management, distribution, sharing, and use of business e-mails, documents, and messages. It has three applications supporting three major types of information exchange systems: secure e-mail, secure instant messaging, and secure sharing of business documents. In addition to standard security services for e-mail letters, which are also applied to instant messages and documents, the system provides innovative features of privacy and full anonymity of users and their locations, actions, transactions, and exchanged resources. In this paper we describe design, implementation, and use of the system.

  7. RFID Based Security Access Control System with GSM Technology

    OpenAIRE

    Peter Adole; Joseph M. Môm; Gabriel A. Igwue

    2016-01-01

    The security challenges being encountered in many places today require electronic means of controlling access to secured premises in addition to the available security personnel. Various technologies were used in different forms to solve these challenges. The Radio Frequency Identification (RFID) Based Access Control Security system with GSM technology presented in this work helps to prevent unauthorized access to controlled environments (secured premises). This is achieved mainly...

  8. Security for small computer systems a practical guide for users

    CERN Document Server

    Saddington, Tricia

    1988-01-01

    Security for Small Computer Systems: A Practical Guide for Users is a guidebook for security concerns for small computers. The book provides security advice for the end-users of small computers in different aspects of computing security. Chapter 1 discusses the security and threats, and Chapter 2 covers the physical aspect of computer security. The text also talks about the protection of data, and then deals with the defenses against fraud. Survival planning and risk assessment are also encompassed. The last chapter tackles security management from an organizational perspective. The bo

  9. Capturing security requirements for software systems.

    Science.gov (United States)

    El-Hadary, Hassan; El-Kassas, Sherif

    2014-07-01

    Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.

  10. Capturing security requirements for software systems

    Directory of Open Access Journals (Sweden)

    Hassan El-Hadary

    2014-07-01

    Full Text Available Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.

  11. Security Management in a Multimedia System

    Science.gov (United States)

    Rednic, Emanuil; Toma, Andrei

    2009-01-01

    In database security, the issue of providing a level of security for multimedia information is getting more and more known. For the moment the security of multimedia information is done through the security of the database itself, in the same way, for all classic and multimedia records. So what is the reason for the creation of a security…

  12. Capturing security requirements for software systems

    Science.gov (United States)

    El-Hadary, Hassan; El-Kassas, Sherif

    2014-01-01

    Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way. PMID:25685514

  13. Secure electronic commerce communication system based on CA

    Science.gov (United States)

    Chen, Deyun; Zhang, Junfeng; Pei, Shujun

    2001-07-01

    In this paper, we introduce the situation of electronic commercial security, then we analyze the working process and security for SSL protocol. At last, we propose a secure electronic commerce communication system based on CA. The system provide secure services such as encryption, integer, peer authentication and non-repudiation for application layer communication software of browser clients' and web server. The system can implement automatic allocation and united management of key through setting up the CA in the network.

  14. Information systems security policies: a survey in Portuguese public administration

    OpenAIRE

    Lopes, Isabel Maria; Sá-Soares, Filipe de

    2010-01-01

    Information Systems Security is a relevant factor for present organizations. Among the security measures, policies assume a central role in literature. However, there is a reduced number of empirical studies about the adoption of information systems security policies. This paper contributes to mitigate this flaw by presenting the results of a survey in the adoption of Information System Security Policies in Local Public Administration in Portugal. The results are discussed in light of literat...

  15. Nuclear power plant security systems - The need for upgrades

    International Nuclear Information System (INIS)

    Murskyj, M.P.; Furlow, C.H.

    1989-01-01

    Most perimeter security systems for nuclear power plants were designed and installed in the late 1970s or early 1980s. This paper explores the need to regularly evaluate and possibly upgrade a security system in the area of perimeter intrusion detection and surveillance. this paper discusses US Nuclear Regulatory Commission audits and regulatory effectiveness reviews (RERs), which have raised issues regarding the performance of perimeter security systems. The audits and RERs identified various degrees of vulnerability in certain aspects of existing perimeter security systems. In addition to reviewing the regulatory concerns, this paper discusses other reasons to evaluate and/or upgrade a perimeter security system

  16. The Coast Guard Proceedings of the Marine Safety and Security Council. Volume 72, Number 4, Winter 2015-2016

    Science.gov (United States)

    2016-04-13

    National Drug Threat Assessment reported that the annual economic cost of controlled prescription drug non-medical use (use beyond that of...scenario: On a clear Tuesday eve- ning, an outbound small coastal freight ship collides with an inbound offshore supply vessel while navigating a bend...NMCProceedings@uscg.mil Website: www.uscg.mil/proceedings Safety Management Systems Waterways: America’s Economic Engine Recreational Boating Safety i

  17. Proceedings of SES International Conference on Can Slovakia secure energy supply and sustainable development without nuclear? Go Nuke Slovakia!

    International Nuclear Information System (INIS)

    2004-01-01

    The Conference proceedings included 28 papers. The Conference included the following sessions: (I): International views; (II): National views; (III): Industry views. Focused in its objective, the is aimed to send a clear, hard-hitting message to decision-makers. This is that: Slovakia cannot secure future energy supply, if it does not complete its partially built reactors and if it closes its safe and effective ones. Nuclear has to remain an indispensable part of the country's future energy mix. The event was opened with invited presentations by officials at the highest level of organisations such as the IAEA, the IEA, OECD/NEA, the NEI, the WNA and WANO, as well as the European Commission and Parliament. This line-up was followed by a host of speakers from the political and nuclear industrial arenas in Slovakia, the Czech Republic, Finland, Hungary and the Russian Federation

  18. 77 FR 11385 - Security Considerations for Lavatory Oxygen Systems

    Science.gov (United States)

    2012-02-27

    ... considerations for lavatory oxygen systems (77 FR 12550). The interim final rule addresses a security... and taken to restore the oxygen system with a design that would consider the security risk. Boeing... [Docket No. FAA-2011-0186; Amdt. Nos. 21-94, 25-133, 121-354, 129-50; SFAR 111] RIN 2120-AJ92 Security...

  19. African Social Security Systems: An Ordinal Evaluation | Dixon ...

    African Journals Online (AJOL)

    The purpose of this paper is to rank the social security systems in 45 African countries using a comparative evaluation methodology that enables an assess ment to be ma(le of a country's statutory social security intention. The conclusion drawn is that the spread of African social security system design standards are ...

  20. Security Techniques for Sensor Systems and the Internet of Things

    Science.gov (United States)

    Midi, Daniele

    2016-01-01

    Sensor systems are becoming pervasive in many domains, and are recently being generalized by the Internet of Things (IoT). This wide deployment, however, presents significant security issues. We develop security techniques for sensor systems and IoT, addressing all security management phases. Prior to deployment, the nodes need to be hardened. We…

  1. A Holistic and Immune System inspired Security Framework

    OpenAIRE

    Mwakalinga, G. Jeffy; Yngström, Louise; Kowalski, Stewart

    2009-01-01

    This paper presents a Framework for adaptive information security systems for securing information systems. Information systems today are vulnerable and not adaptive to the dynamic environments because initial development of these systems focused on computer technology and communications protocol only. Most research in information security does not consider culture of users, system environments and does not pay enough attention to the enemies of information systems. As a result, users serve t...

  2. Random digital encryption secure communication system

    Science.gov (United States)

    Doland, G. D. (Inventor)

    1982-01-01

    The design of a secure communication system is described. A product code, formed from two pseudorandom sequences of digital bits, is used to encipher or scramble data prior to transmission. The two pseudorandom sequences are periodically changed at intervals before they have had time to repeat. One of the two sequences is transmitted continuously with the scrambled data for synchronization. In the receiver portion of the system, the incoming signal is compared with one of two locally generated pseudorandom sequences until correspondence between the sequences is obtained. At this time, the two locally generated sequences are formed into a product code which deciphers the data from the incoming signal. Provision is made to ensure synchronization of the transmitting and receiving portions of the system.

  3. Improving Timeliness in Real-Time Secure Database Systems

    National Research Council Canada - National Science Library

    Son, Sang H; David, Rasikan; Thuraisingham, Bhavani

    2006-01-01

    .... In addition to real-time requirements, security is usually required in many applications. Multilevel security requirements introduce a new dimension to transaction processing in real-time database systems...

  4. Gene expression programming for power system static security ...

    African Journals Online (AJOL)

    user

    fuzzy logic, artificial neural networks and expert systems have been explored for static security assessment problems (Bansal et ..... MATLAB version 7.6 neural network toolbox was ..... Vision 2020 Dynamic Security Assessment in Real time.

  5. CNSS: Interagency Partnering to Protect Our National Security Systems

    National Research Council Canada - National Science Library

    Grimes, John G

    2008-01-01

    .... The CNSS performs the vital function of mobilizing the full, interagency National Security Community for the protection of telecommunications and information systems that support U.S. national security...

  6. Security Controls for NPP I and C Systems

    International Nuclear Information System (INIS)

    Kim, Y. M.; Jeong, C. H.; Kim, T. H.

    2014-01-01

    In Korea, regulatory body have required cyber security plan for nuclear I and C system. Also, all I and C systems and equipment must be classified according to cyber security level and technical, operational and managerial security controls must be provided based on each level. It is necessary to determine the best set of security controls for NPP I and C system. In our research, selection, implementation and verification process of security controls which can be used for I and C systems has developed. For establishing the cyber security of the nuclear I and C system, special cyber security system which consider the difference between general IT system and nuclear I and C system is needed. This research, we developed security improvement methodology for NPP I and C system through establishing security control, applying and verifying activity. Also, the cyber security activities which are needed during development are defined. It is expected that the methodology which has been developed by this research can be used for establish, implement, evaluate the security controls for protecting nuclear I and C system from cyber-attacks

  7. Security Controls for NPP I and C Systems

    Energy Technology Data Exchange (ETDEWEB)

    Kim, Y. M.; Jeong, C. H. [Korea Institute of Nuclear Safety, Daejeon (Korea, Republic of); Kim, T. H. [Formal Works Inc., Seoul (Korea, Republic of)

    2014-05-15

    In Korea, regulatory body have required cyber security plan for nuclear I and C system. Also, all I and C systems and equipment must be classified according to cyber security level and technical, operational and managerial security controls must be provided based on each level. It is necessary to determine the best set of security controls for NPP I and C system. In our research, selection, implementation and verification process of security controls which can be used for I and C systems has developed. For establishing the cyber security of the nuclear I and C system, special cyber security system which consider the difference between general IT system and nuclear I and C system is needed. This research, we developed security improvement methodology for NPP I and C system through establishing security control, applying and verifying activity. Also, the cyber security activities which are needed during development are defined. It is expected that the methodology which has been developed by this research can be used for establish, implement, evaluate the security controls for protecting nuclear I and C system from cyber-attacks.

  8. Designing Fuzzy Rule Based Expert System for Cyber Security

    OpenAIRE

    Goztepe, Kerim

    2016-01-01

    The state of cyber security has begun to attract more attention and interest outside the community of computer security experts. Cyber security is not a single problem, but rather a group of highly different problems involving different sets of threats. Fuzzy Rule based system for cyber security is a system consists of a rule depository and a mechanism for accessing and running the rules. The depository is usually constructed with a collection of related rule sets. The aim of this study is to...

  9. A Novel Multifactor Authentication System Ensuring Usability and Security

    OpenAIRE

    Mathew, Gloriya; Thomas, Shiney

    2013-01-01

    User authentication is one of the most important part of information security. Computer security most commonly depends on passwords to authenticate human users. Password authentication systems will be either been usable but not secure, or secure but not usable. While there are different types of authentication systems available alphanumeric password is the most commonly used authentication mechanism. But this method has significant drawbacks. An alternative solution to the text based authenti...

  10. A Security Approach in System Development Life Cycle

    OpenAIRE

    P.Mahizharuvi; Dr.Alagarsamy

    2011-01-01

    Many software organizations today are confronted with challenge of building secure software systems. Traditional software engineering principles place little emphasis on security. These principles tend to tread security as one of a long list of quality factors that are expected from all professionally developed software. As software systems of today have a wide reach, security has become a more important factor than ever in the history of software engineering can no longer be treated as Separ...

  11. PECULIARITIES OF CONSTRUCTION PROFILES OF SECURITY SYSTEMS OF INFORMATION SYSTEMS

    Directory of Open Access Journals (Sweden)

    Olga V. Lukinova

    2015-01-01

    Full Text Available Examines the specific issues of building functional and technological profiles of the security systems to ensure the safety of information systems in the paradigm of functional standardization; shows a view of the system of protection based on the model of OSE/RM; studied the composition and structure of the concept of "defense mechanism" for the purpose of profiling third instalment correction representation of the system of protection.

  12. Energy systems and technologies for the coming century. Proceedings

    Energy Technology Data Exchange (ETDEWEB)

    Soenderberg Petersen, L; Larsen, Hans [eds.

    2011-05-15

    Risoe International Energy Conference 2011 took place 10 - 12 May 2011. The conference focused on: 1) Future global energy development options, scenarios and policy issues. 2) Intelligent energy systems of the future, including the interaction between supply and end-use. 3) New and emerging technologies for the extended utilisation of sustainable energy. 4) Distributed energy production technologies such as fuel cells, hydrogen, bioenergy, wind, hydro, wave, solar and geothermal. 5) Centralised energy production technologies such as clean coal technologies, CCS and nuclear. 6) Renewable energy for the transport sector and its integration in the energy system The proceedings are prepared from papers presented at the conference and received with corrections, if any, until the final deadline on 20-04-2011. (Author)

  13. Foundations of Intelligent Systems : Proceedings of the Sixth International Conference on Intelligent Systems and Knowledge Engineering

    CERN Document Server

    Li, Tianrui

    2012-01-01

    Proceedings of The Sixth International Conference on Intelligent System and Knowledge Engineering presents selected papers from the conference ISKE 2011, held December 15-17 in Shanghai, China. This proceedings doesn’t only examine original research and approaches in the broad areas of intelligent systems and knowledge engineering, but also present new methodologies and practices in intelligent computing paradigms. The book introduces the current scientific and technical advances in the fields of artificial intelligence, machine learning, pattern recognition, data mining, information retrieval, knowledge-based systems, knowledge representation and reasoning, multi-agent systems, natural-language processing, etc. Furthermore, new computing methodologies are presented, including cloud computing, service computing and pervasive computing with traditional intelligent methods. The proceedings will be beneficial for both researchers and practitioners who want to utilize intelligent methods in their specific resea...

  14. Planning Security Services for IT Systems

    OpenAIRE

    Henderson, Marie; Page, Howard Philip

    2014-01-01

    Often the hardest job is to get business representatives to look at security as something that makes managing their risks and achieving their objectives easier, with security compliance as just part of that journey. This paper addresses that by making planning for security services a 'business tool'.

  15. 17 CFR 230.463 - Report of offering of securities and use of proceeds therefrom.

    Science.gov (United States)

    2010-04-01

    ... effective registration statement for securities to be issued: (1) In a business combination described in Rule 145(a) (§ 230.145(a)); (2) By an issuer which pursuant to a business combination described in Rule 145(a) has succeeded to another issuer that prior to such business combination had a registration...

  16. Secure data management : 6th VLDB workshop, SDM 2009 Lyon, France, August 28, 2009 : proceedings

    NARCIS (Netherlands)

    Jonker, W.; Petkovic, M.

    2009-01-01

    Preface. The new emerging technologies put new requirements on security and data management. As data are accessible anytime anywhere, it becomes much easier to get unauthorized data access. Furthermore, the use of new technologies has brought some privacy concerns. It becomes simpler to collect,

  17. The electronic security partnership of safety/security and information systems departments.

    Science.gov (United States)

    Yow, J Art

    2012-01-01

    The ever-changing world of security electronics is reviewed in this article. The author focuses on its usage in a hospital setting and the need for safety/security and information systems departments to work together to protect and get full value from IP systems.

  18. 75 FR 28042 - Privacy Act of 1974: System of Records; Department of Homeland Security Transportation Security...

    Science.gov (United States)

    2010-05-19

    ..., VA 20598-6036 or [email protected] . For privacy issues please contact: Mary Ellen Callahan (703-235... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2010-0013] Privacy Act of..., Transportation Security Enforcement Record System, System of Records AGENCY: Privacy Office, DHS. ACTION: Notice...

  19. Security of Electronic Payment Systems: A Comprehensive Survey

    OpenAIRE

    Solat , Siamak

    2017-01-01

    This comprehensive survey deliberated over the security of electronic payment systems. In our research, we focused on either dominant systems or new attempts and innovations to improve the level of security of the electronic payment systems. This survey consists of the Card-present (CP) transactions and a review of its dominant system i.e. EMV including several researches at Cambridge university to designate variant types of attacks against this standard which demonstrates lack of a secure "o...

  20. Security administration plan for HANDI 2000 business management system

    Energy Technology Data Exchange (ETDEWEB)

    Wilson, D.

    1998-09-29

    This document encompasses and standardizes the integrated approach for security within the PP and Ps applications, It also identifies the security tools and methods to be used. The Security Administration Plan becomes effective as of this document`s acceptance and will provide guidance through implementation efforts and, as a ``living document`` will support the operations and maintenance of the system.

  1. Examining the Relationship between Organization Systems and Information Security Awareness

    Science.gov (United States)

    Tintamusik, Yanarong

    2010-01-01

    The focus of this dissertation was to examine the crucial relationship between organization systems within the framework of the organizational behavior theory and information security awareness (ISA) of users within the framework of the information security theory. Despite advanced security technologies designed to protect information assets,…

  2. Mitigations for Security Vulnerabilities Found in Control System Networks

    Energy Technology Data Exchange (ETDEWEB)

    Trent D. Nelson

    2006-05-01

    Industry is aware of the need for Control System (CS) security, but in on-site assessments, Idaho National Laboratory (INL) has observed that security procedures and devices are not consistently and effectively implemented. The Department of Homeland Security (DHS), National Cyber Security Division (NCSD), established the Control Systems Security Center (CSSC) at INL to help industry and government improve the security of the CSs used in the nation's critical infrastructures. One of the main CSSC objectives is to identify control system vulnerabilities and develop effective mitigations for them. This paper discusses common problems and vulnerabilities seen in on-site CS assessments and suggests mitigation strategies to provide asset owners with the information they need to better protect their systems from common security flows.

  3. Security Assessment of Payment Systems under PCI DSS Incompatibilities

    OpenAIRE

    Bahtiyar , Şerif; Gür , Gürkan; Altay , Levent

    2014-01-01

    Part 9: Malicious Behavior and Fraud; International audience; With the ubiquitous proliferation of electronic payment systems, data and application security has become more critical for financial operations. The Payment Card Industry Data Security Standard (PCI DSS) has been developed by the payment industry to provide a widely-applicable and definitive security compliance among all components in electronic payment infrastructure. However, the security impact of PCI DSS incompatibilities and ...

  4. Secure wireless embedded systems via component-based design

    DEFF Research Database (Denmark)

    Hjorth, T.; Torbensen, R.

    2010-01-01

    This paper introduces the method secure-by-design as a way of constructing wireless embedded systems using component-based modeling frameworks. This facilitates design of secure applications through verified, reusable software. Following this method we propose a security framework with a secure c......, with full support for confidentiality, authentication, and integrity using keypairs. The approach has been demonstrated in a multi-platform home automation prototype that can remotely unlock a door using a PDA over the Internet....

  5. Security Games for Cyber-Physical Systems

    DEFF Research Database (Denmark)

    Vigo, Roberto; Bruni, Alessandro; Yuksel, Ender

    2013-01-01

    The development of quantitative security analyses that consider both active attackers and reactive defenders is a main challenge in the design of trustworthy Cyber-Physical Systems. We propose a game-theoretic approach where it is natural to model attacker’s and defender’s actions explicitly......, associating costs to attacks and countermeasures. Cost considerations enable to contrast different strategies on the basis of their effectiveness and efficiency, paving the way to a multi-objective notion of optimality. Moreover, the framework allows expressing the probabilistic nature of the environment...... and of the attack detection process. Finally, a solver is presented to compute strategies and their costs, resorting to a recent combination of strategy iteration with linear programming....

  6. Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

    Energy Technology Data Exchange (ETDEWEB)

    Hadley, Mark D.; Clements, Samuel L.

    2009-01-01

    Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets are considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.

  7. Research and realization of info-net security controlling system

    Science.gov (United States)

    Xu, Tao; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

    2017-03-01

    The thesis introduces some relative concepts about Network Cybernetics, and we design and realize a new info-net security controlling system based on Network Cybernetics. The system can control the endpoints, safely save files, encrypt communication, supervise actions of users and show security conditions, in order to realize full-scale security management. At last, we simulate the functions of the system. The results show, the system can ensure the controllability of users and devices, and supervise them real-time. The system can maximize the security of the network and users.

  8. A Hierarchical Security Architecture for Cyber-Physical Systems

    Energy Technology Data Exchange (ETDEWEB)

    Quanyan Zhu; Tamer Basar

    2011-08-01

    Security of control systems is becoming a pivotal concern in critical national infrastructures such as the power grid and nuclear plants. In this paper, we adopt a hierarchical viewpoint to these security issues, addressing security concerns at each level and emphasizing a holistic cross-layer philosophy for developing security solutions. We propose a bottom-up framework that establishes a model from the physical and control levels to the supervisory level, incorporating concerns from network and communication levels. We show that the game-theoretical approach can yield cross-layer security strategy solutions to the cyber-physical systems.

  9. Security engineering: systems engineering of security through the adaptation and application of risk management

    Science.gov (United States)

    Gilliam, David P.; Feather, Martin S.

    2004-01-01

    Information Technology (IT) Security Risk Management is a critical task in the organization, which must protect its resources and data against the loss of confidentiality, integrity, and availability. As systems become more complex and diverse, and more vulnerabilities are discovered while attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security. This paper describes an approach to address IT security risk through risk management and mitigation in both the institution and in the project life cycle.

  10. MODEL-BASED SECURITY ENGINEERING OF SOA SYSTEM USING SECURITY INTENT DSL

    OpenAIRE

    Muhammad Qaiser Saleem; Jafreezal Jaafar; Mohd Fadzil Hassan

    2011-01-01

    Currently most of the enterprises are using SOA and web services technologies to build their web information system. They are using MDA principles for design and development of WIS and using UML as a modelling language for business process modelling. Along with the increased connectivity in SOA environment, security risks rise exponentially. Security is not defined during the early phases of development and left onto developer. Properly configuring security requirements in SOA applications is...

  11. Help for the Developers of Control System Cyber Security Standards

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2008-05-01

    A Catalog of Control Systems Security: Recommendations for Standards Developers (Catalog), aimed at assisting organizations to facilitate the development and implementation of control system cyber security standards, has been developed. This catalog contains requirements that can help protect control systems from cyber attacks and can be applied to the Critical Infrastructures and Key Resources of the United States and other nations. The requirements contained in the catalog are a compilation of practices or various industry bodies used to increase the security of control systems from both physical and cyber attacks. They should be viewed as a collection of recommendations to be considered and judiciously employed, as appropriate, when reviewing and developing cyber security standards for control systems. The recommendations in the Catalog are intended to be broad enough to provide any industry using control systems the flexibility needed to develop sound cyber security standards specific to their individual security requirements.

  12. Process Control Systems in the Chemical Industry: Safety vs. Security

    Energy Technology Data Exchange (ETDEWEB)

    Jeffrey Hahn; Thomas Anderson

    2005-04-01

    Traditionally, the primary focus of the chemical industry has been safety and productivity. However, recent threats to our nation’s critical infrastructure have prompted a tightening of security measures across many different industry sectors. Reducing vulnerabilities of control systems against physical and cyber attack is necessary to ensure the safety, security and effective functioning of these systems. The U.S. Department of Homeland Security has developed a strategy to secure these vulnerabilities. Crucial to this strategy is the Control Systems Security and Test Center (CSSTC) established to test and analyze control systems equipment. In addition, the CSSTC promotes a proactive, collaborative approach to increase industry's awareness of standards, products and processes that can enhance the security of control systems. This paper outlines measures that can be taken to enhance the cybersecurity of process control systems in the chemical sector.

  13. CC-based Design of Secure Application Systems

    DEFF Research Database (Denmark)

    Sharp, Robin

    2009-01-01

    This paper describes some experiences with using the Common Criteria for Information Security Evaluation as the basis for a design methodology for secure application systems. The examples considered include a Point-of-Sale (POS) system, a wind turbine park monitoring and control system and a secu...... an effective and secure design, starting with the formulation of a Protection Profile and ending with a concrete design, within the project timeframe.......This paper describes some experiences with using the Common Criteria for Information Security Evaluation as the basis for a design methodology for secure application systems. The examples considered include a Point-of-Sale (POS) system, a wind turbine park monitoring and control system and a secure...

  14. Modelling the System of Ensuring the Investment Security

    Directory of Open Access Journals (Sweden)

    Moroz Maxim O.

    2017-11-01

    Full Text Available The article explores approaches to modelling the system of ensuring the investment security. Necessity of observance of investment security of Ukraine has been substantiated. The author’s own vision of the modelling essentials has been provided. The eligibility for consideration of the system of ensuring the investment security of Ukraine in the functional, structural, process, formative, and factor aspects has been proved. The target setting and tasks of a functional model of the system of ensuring the investment security have been defined. The functions, subjects, organizational-economic mechanisms of the system of ensuring the investment security of Ukraine have been characterized. A structural model of the system of ensuring the investment security has been presented. Special attention has been given to the definition of objects of direct and indirect influence, control and controlled subsystems, aggregate of indicators, safe levels, principles of formation of the investment security system. The process and formative models of the system of ensuring the investment security, as well as the algorithm of the complex assessment of the level of investment security, were analyzed in detail. Measures to ensure the investment security of Ukraine have been defined.

  15. National Computer Security Conference Proceedings (11th): Computer Security--Into the Future, 17-20 October 1988

    Science.gov (United States)

    1988-10-20

    It also led to the decision to base expect to have a functional prototype. The prototype version Will the hematical Lnptunsc ent of Ulysses oh the...Multics is a B2 system, its auditing facilities satisfy the tinuous for biometric access protection for IBM personal auditing requirements for B2 trusted...contains Discovery analyzes the daily inquiry activity for each additional biometric signature data that match a user’s user access code for

  16. Towards the Security Evaluation of Biometric Authentication Systems

    OpenAIRE

    El-Abed , Mohamad; Giot , Romain; Hemery , Baptiste; Rosenberger , Christophe; Schwartzmann , Jean-Jacques

    2011-01-01

    International audience; Despite the obvious advantages of biometric authentication systems over traditional security ones (based on tokens or passwords), they are vulnerable to attacks which may considerably decrease their security. In order to contribute in resolving such problematic, we propose a modality-independent evaluation methodology for the security evaluation of biometric systems. It is based on the use of a database of common threats and vulnerabilities of biometric systems, and th...

  17. THE MODEL FOR RISK ASSESSMENT ERP-SYSTEMS INFORMATION SECURITY

    Directory of Open Access Journals (Sweden)

    V. S. Oladko

    2016-12-01

    Full Text Available The article deals with the problem assessment of information security risks in the ERP-system. ERP-system functions and architecture are studied. The model malicious impacts on levels of ERP-system architecture are composed. Model-based risk assessment, which is the quantitative and qualitative approach to risk assessment, built on the partial unification 3 methods for studying the risks of information security - security models with full overlapping technique CRAMM and FRAP techniques developed.

  18. 31 CFR 306.23 - Securities eligible to be held in the TREASURY DIRECT Book-entry Securities System.

    Science.gov (United States)

    2010-07-01

    ... TREASURY DIRECT Book-entry Securities System. 306.23 Section 306.23 Money and Finance: Treasury Regulations... Securities eligible to be held in the TREASURY DIRECT Book-entry Securities System. (a) Eligible issues. The... conversion to the TREASURY DIRECT Book-entry Securities System. The notice shall specify the period during...

  19. Managing a major security system installation: Practical lessons learned

    International Nuclear Information System (INIS)

    Roehrig, S.C.

    1986-01-01

    Sandia National Laboratories has been heavily involved for over a decade in aiding a number of DOE facilities in defining and implementing upgraded security safeguards systems. Because security system definition, design, and installation is still a relatively new field to the commercial world, effective project management must pay special attention to first understanding and then interpreting the unique aspects of a security system for all concerned parties. Experiences from an actual security system installation are used to illustrate some project management approaches which have been found to be effective

  20. Life system modeling and intelligent computing. Pt. II. Proceedings

    Energy Technology Data Exchange (ETDEWEB)

    Li, Kang; Irwin, George W. (eds.) [Belfast Queen' s Univ. (United Kingdom). School of Electronics, Electrical Engineering and Computer Science; Fei, Minrui; Jia, Li [Shanghai Univ. (China). School of Mechatronical Engineering and Automation

    2010-07-01

    This book is part II of a two-volume work that contains the refereed proceedings of the International Conference on Life System Modeling and Simulation, LSMS 2010 and the International Conference on Intelligent Computing for Sustainable Energy and Environment, ICSEE 2010, held in Wuxi, China, in September 2010. The 194 revised full papers presented were carefully reviewed and selected from over 880 submissions and recommended for publication by Springer in two volumes of Lecture Notes in Computer Science (LNCS) and one volume of Lecture Notes in Bioinformatics (LNBI). This particular volume of Lecture Notes in Computer Science (LNCS) includes 55 papers covering 7 relevant topics. The 56 papers in this volume are organized in topical sections on advanced evolutionary computing theory and algorithms; advanced neural network and fuzzy system theory and algorithms; modeling and simulation of societies and collective behavior; biomedical signal processing, imaging, and visualization; intelligent computing and control in distributed power generation systems; intelligent methods in power and energy infrastructure development; intelligent modeling, monitoring, and control of complex nonlinear systems. (orig.)

  1. Security Systems Commissioning: An Old Trick for Your New Dog

    Science.gov (United States)

    Black, James R.

    2009-01-01

    Sophisticated, software-based security systems can provide powerful tools to support campus security. By nature, such systems are flexible, with many capabilities that can help manage the process of physical protection. However, the full potential of these systems can be overlooked because of unfamiliarity with the products, weaknesses in security…

  2. 32 CFR 637.20 - Security surveillance systems.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 4 2010-07-01 2010-07-01 true Security surveillance systems. 637.20 Section 637... ENFORCEMENT AND CRIMINAL INVESTIGATIONS MILITARY POLICE INVESTIGATION Investigations § 637.20 Security surveillance systems. Closed circuit video recording systems, to include those with an audio capability, may be...

  3. 28 CFR 16.51 - Security of systems of records.

    Science.gov (United States)

    2010-07-01

    ... 28 Judicial Administration 1 2010-07-01 2010-07-01 false Security of systems of records. 16.51... Security of systems of records. (a) Each component shall establish administrative and physical controls to prevent unauthorized access to its systems of records, to prevent unauthorized disclosure of records, and...

  4. 13 CFR 102.33 - Security of systems of records.

    Science.gov (United States)

    2010-01-01

    ... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Security of systems of records....33 Security of systems of records. (a) Each Program/Support Office Head or designee shall establish administrative and physical controls to prevent unauthorized access to its systems of records, to prevent...

  5. 49 CFR 234.211 - Security of warning system apparatus.

    Science.gov (United States)

    2010-10-01

    ... 49 Transportation 4 2010-10-01 2010-10-01 false Security of warning system apparatus. 234.211... ADMINISTRATION, DEPARTMENT OF TRANSPORTATION GRADE CROSSING SIGNAL SYSTEM SAFETY AND STATE ACTION PLANS Maintenance, Inspection, and Testing Maintenance Standards § 234.211 Security of warning system apparatus...

  6. Evaluating the Security Risks of System Using Hidden Markov Models

    African Journals Online (AJOL)

    System security assessment tools are either restricted to manual risk evaluation methodologies that are not appropriate for real-time application or used to determine the impact of certain events on the security status of networked systems. In this paper, we determine the strength of computer systems from the perspective of ...

  7. MAGLEV `95. 14th international conference on magnetically levitated systems. Proceedings

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    1996-12-31

    The proceedings present the papers of the 14th International Conference on Magnetically Levitated Systems held in Bremen, FRG, in November 1995. For 70 of 74 papers a separate subject analysis has been carried out. 4 papers are not available in the proceedings. (HW)

  8. Nuclear Security Objectives of an NMAC System

    Energy Technology Data Exchange (ETDEWEB)

    West, Rebecca Lynn [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

    2018-01-05

    After completing this module, you should be able to: Describe the role of Nuclear Material Accounting and Control (NMAC) in comprehensive nuclear security at a facility; Describe purpose of NMAC; Identify differences between the use of NMAC for IAEA safeguards and for facility nuclear security; List NMAC elements and measures; and Describe process for resolution of irregularities

  9. The Firewall and Security of Information Systems

    OpenAIRE

    Radut Carmen; Albici Mihaela; Tenovici Cristina Otilia

    2010-01-01

    Information security is a broader concept which refers to ensuring the integrity, confidentiality and availability of information. The dynamics of information technology to induce new risks to which organizations must implement new measures of control. Technological development has been accompanied by security solutions, equipment manufacturers and applications including technical methods of protection performance. However, while in information technology change is exponential, the human comp...

  10. Proceedings: Distributed digital systems, plant process computers, and networks

    International Nuclear Information System (INIS)

    1995-03-01

    These are the proceedings of a workshop on Distributed Digital Systems, Plant Process Computers, and Networks held in Charlotte, North Carolina on August 16--18, 1994. The purpose of the workshop was to provide a forum for technology transfer, technical information exchange, and education. The workshop was attended by more than 100 representatives of electric utilities, equipment manufacturers, engineering service organizations, and government agencies. The workshop consisted of three days of presentations, exhibitions, a panel discussion and attendee interactions. Original plant process computers at the nuclear power plants are becoming obsolete resulting in increasing difficulties in their effectiveness to support plant operations and maintenance. Some utilities have already replaced their plant process computers by more powerful modern computers while many other utilities intend to replace their aging plant process computers in the future. Information on recent and planned implementations are presented. Choosing an appropriate communications and computing network architecture facilitates integrating new systems and provides functional modularity for both hardware and software. Control room improvements such as CRT-based distributed monitoring and control, as well as digital decision and diagnostic aids, can improve plant operations. Commercially available digital products connected to the plant communications system are now readily available to provide distributed processing where needed. Plant operations, maintenance activities, and engineering analyses can be supported in a cost-effective manner. Selected papers are indexed separately for inclusion in the Energy Science and Technology Database

  11. Life system modeling and intelligent computing. Pt. I. Proceedings

    Energy Technology Data Exchange (ETDEWEB)

    Li, Kang; Irwin, George W. (eds.) [Belfast Queen' s Univ. (United Kingdom). School of Electronics, Electrical Engineering and Computer Science; Fei, Minrui; Jia, Li [Shanghai Univ. (China). School of Mechatronical Engineering and Automation

    2010-07-01

    This book is part I of a two-volume work that contains the refereed proceedings of the International Conference on Life System Modeling and Simulation, LSMS 2010 and the International Conference on Intelligent Computing for Sustainable Energy and Environment, ICSEE 2010, held in Wuxi, China, in September 2010. The 194 revised full papers presented were carefully reviewed and selected from over 880 submissions and recommended for publication by Springer in two volumes of Lecture Notes in Computer Science (LNCS) and one volume of Lecture Notes in Bioinformatics (LNBI). This particular volume of Lecture Notes in Computer Science (LNCS) includes 55 papers covering 7 relevant topics. The 55 papers in this volume are organized in topical sections on intelligent modeling, monitoring, and control of complex nonlinear systems; autonomy-oriented computing and intelligent agents; advanced theory and methodology in fuzzy systems and soft computing; computational intelligence in utilization of clean and renewable energy resources; intelligent modeling, control and supervision for energy saving and pollution reduction; intelligent methods in developing vehicles, engines and equipments; computational methods and intelligence in modeling genetic and biochemical networks and regulation. (orig.)

  12. Computer security of NPP instrumentation and control systems: categorization

    International Nuclear Information System (INIS)

    Klevtsov, A.L.; Simonov, A.A.; Trubchaninov, S.A.

    2016-01-01

    The paper is devoted to studying categorization of NPP instrumentation and control (I&C) systems from the point of view of computer security and to consideration of the computer security levels and zones used by the International Atomic Energy Agency (IAEA). The paper also describes the computer security degrees and zones regulated by the International Electrotechnical Commission (IEC) standard. The computer security categorization of the systems used by the U.S. Nuclear Regulatory Commission (NRC) is presented. The experts analyzed the main differences in I&C systems computer security categorization accepted by the IAEA, IEC and U.S. NRC. The approaches to categorization that should be advisably used in Ukraine during the development of regulation on NPP I&C systems computer security are proposed in the paper

  13. Dynamic Security Assessment Of Computer Networks In Siem-Systems

    Directory of Open Access Journals (Sweden)

    Elena Vladimirovna Doynikova

    2015-10-01

    Full Text Available The paper suggests an approach to the security assessment of computer networks. The approach is based on attack graphs and intended for Security Information and Events Management systems (SIEM-systems. Key feature of the approach consists in the application of the multilevel security metrics taxonomy. The taxonomy allows definition of the system profile according to the input data used for the metrics calculation and techniques of security metrics calculation. This allows specification of the security assessment in near real time, identification of previous and future attacker steps, identification of attackers goals and characteristics. A security assessment system prototype is implemented for the suggested approach. Analysis of its operation is conducted for several attack scenarios.

  14. A Security Architecture for Fault-Tolerant Systems

    Science.gov (United States)

    1993-06-03

    aspect of our effort to achieve better performance is integrating the system into microkernel -based operating systems. 4 Summary and discussion In...135-171, June 1983. [vRBC+92] R. van Renesse, K. Birman, R. Cooper, B. Glade, and P. Stephenson. Reliable multicast between microkernels . In...Proceedings of the USENIX Microkernels and Other Kernel Architectures Workshop, April 1992. 29

  15. Sandia National Laboratories: National Security Missions: Defense Systems

    Science.gov (United States)

    ; Technology Defense Systems & Assessments About Defense Systems & Assessments Program Areas Audit Sandia's Economic Impact Licensing & Technology Transfer Browse Technology Portfolios ; Culture Work-Life Balance Special Programs Nuclear Weapons Defense Systems Global Security Energy Facebook

  16. TOWARD HIGHLY SECURE AND AUTONOMIC COMPUTING SYSTEMS: A HIERARCHICAL APPROACH

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Hsien-Hsin S

    2010-05-11

    The overall objective of this research project is to develop novel architectural techniques as well as system software to achieve a highly secure and intrusion-tolerant computing system. Such system will be autonomous, self-adapting, introspective, with self-healing capability under the circumstances of improper operations, abnormal workloads, and malicious attacks. The scope of this research includes: (1) System-wide, unified introspection techniques for autonomic systems, (2) Secure information-flow microarchitecture, (3) Memory-centric security architecture, (4) Authentication control and its implication to security, (5) Digital right management, (5) Microarchitectural denial-of-service attacks on shared resources. During the period of the project, we developed several architectural techniques and system software for achieving a robust, secure, and reliable computing system toward our goal.

  17. Information security system quality assessment through the intelligent tools

    Science.gov (United States)

    Trapeznikov, E. V.

    2018-04-01

    The technology development has shown the automated system information security comprehensive analysis necessity. The subject area analysis indicates the study relevance. The research objective is to develop the information security system quality assessment methodology based on the intelligent tools. The basis of the methodology is the information security assessment model in the information system through the neural network. The paper presents the security assessment model, its algorithm. The methodology practical implementation results in the form of the software flow diagram are represented. The practical significance of the model being developed is noted in conclusions.

  18. Electronic security systems better ways to crime prevention

    CERN Document Server

    Walker, Philip

    2013-01-01

    Electronic Security Systems: Better Ways to Crime Prevention teaches the reader about the application of electronics for security purposes through the use of case histories, analogies, anecdotes, and other related materials. The book is divided into three parts. Part 1 covers the concepts behind security systems - its objectives, limitations, and components; the fundamentals of space detection; detection of intruder movement indoors and outdoors; surveillance; and alarm communication and control. Part 2 discusses equipments involved in security systems such as the different types of sensors,

  19. System security in the space flight operations center

    Science.gov (United States)

    Wagner, David A.

    1988-01-01

    The Space Flight Operations Center is a networked system of workstation-class computers that will provide ground support for NASA's next generation of deep-space missions. The author recounts the development of the SFOC system security policy and discusses the various management and technology issues involved. Particular attention is given to risk assessment, security plan development, security implications of design requirements, automatic safeguards, and procedural safeguards.

  20. Study of Security Attributes of Smart Grid Systems- Current Cyber Security Issues

    Energy Technology Data Exchange (ETDEWEB)

    Wayne F. Boyer; Scott A. McBride

    2009-04-01

    This document provides information for a report to congress on Smart Grid security as required by Section 1309 of Title XIII of the Energy Independence and Security Act of 2007. The security of any future Smart Grid is dependent on successfully addressing the cyber security issues associated with the nation’s current power grid. Smart Grid will utilize numerous legacy systems and technologies that are currently installed. Therefore, known vulnerabilities in these legacy systems must be remediated and associated risks mitigated in order to increase the security and success of the Smart Grid. The implementation of Smart Grid will include the deployment of many new technologies and multiple communication infrastructures. This report describes the main technologies that support Smart Grid and summarizes the status of implementation into the existing U.S. electrical infrastructure.

  1. EFFICIENCY INDICATORS INFORMATION MANAGEMENT IN INTEGRATED SECURITY SYSTEMS

    Directory of Open Access Journals (Sweden)

    N. S. Rodionova

    2014-01-01

    Full Text Available Summary. Introduction of information technology to improve the efficiency of security activity leads to the need to consider a number of negative factors associated with in consequence of the use of these technologies as a key element of modern security systems. One of the most notable factor is the exposure to information processes in protection systems security threats. This largely relates to integrated security systems (ISS is the system of protection with the highest level of informatization security functions. Significant damage to protected objects that they could potentially incur as a result of abnormal operation ISS, puts a very actual problem of assessing factors that reduce the efficiency of the ISS to justify the ways and methods to improve it. Because of the nature of threats and blocking distortion of information in the ISS of interest are: the volume undistorted ISF working environment, as a characteristic of data integrity; time access to information as a feature of its availability. This in turn leads to the need to use these parameters as the performance characteristics of information processes in the ISS - the completeness and timeliness of information processing. The article proposes performance indicators of information processes in integrated security systems in terms of optimal control procedures to protect information from unauthorized access. Set the considered parameters allows to conduct comprehensive security analysis of integrated security systems, and to provide recommendations to improve the management of information security procedures in them.

  2. An Early Warning System for Oil Security in China

    Directory of Open Access Journals (Sweden)

    Qingsong Wang

    2018-01-01

    Full Text Available The oil system security in a country or region will affect its sustainable development ability. China’s oil security has risen to the national strategic level. It is urgent to construct an early warning indicator system to reflect the oil security level accurately, as well as to diagnose and assess the oil system status effectively and put forward the corresponding proposals for ensuring oil security. An early warning indicator system of China’s oil system covering 23 sub-indicators from three aspects, i.e., resource security, market security and consumption security, was constructed using the SPSS (Statistical Product and Service Solutions factor analysis method. It shows that China’s oil system safety level has been seriously threatened and is generally declining. However, due to the strong introduction of energy policies and increasing energy utilization technology in recent years, the increasing proportion of new energy, renewable energy and oil substitutes eases the energy security threats. In response to complex oil security issues, the Chinese government needs to strengthen macroeconomic regulation and control at the policy level continuously, increase efforts to explore resource reserves, upgrade energy conservation and emission reduction technologies, develop new alternatives for oil products, and reduce the dependence on international oil imports.

  3. Ideal Based Cyber Security Technical Metrics for Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    W. F. Boyer; M. A. McQueen

    2007-10-01

    Much of the world's critical infrastructure is at risk from attack through electronic networks connected to control systems. Security metrics are important because they provide the basis for management decisions that affect the protection of the infrastructure. A cyber security technical metric is the security relevant output from an explicit mathematical model that makes use of objective measurements of a technical object. A specific set of technical security metrics are proposed for use by the operators of control systems. Our proposed metrics are based on seven security ideals associated with seven corresponding abstract dimensions of security. We have defined at least one metric for each of the seven ideals. Each metric is a measure of how nearly the associated ideal has been achieved. These seven ideals provide a useful structure for further metrics development. A case study shows how the proposed metrics can be applied to an operational control system.

  4. Systems Security Engineering Capability Maturity Model SSE-CMM Model Description Document

    National Research Council Canada - National Science Library

    1999-01-01

    The Systems Security Engineering Capability Maturity Model (SSE-CMM) describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering...

  5. Cognitive Security of Wireless Communication Systems in the Physical Layer

    Directory of Open Access Journals (Sweden)

    Mustafa Harun Yılmaz

    2017-01-01

    Full Text Available While the wireless communication systems provide the means of connectivity nearly everywhere and all the time, communication security requires more attention. Even though current efforts provide solutions to specific problems under given circumstances, these methods are neither adaptive nor flexible enough to provide security under the dynamic conditions which make the security breaches an important concern. In this paper, a cognitive security (CS concept for wireless communication systems in the physical layer is proposed with the aim of providing a comprehensive solution to wireless security problems. The proposed method will enable the comprehensive security to ensure a robust and reliable communication in the existence of adversaries by providing adaptive security solutions in the communication systems by exploiting the physical layer security from different perspective. The adaptiveness relies on the fact that radio adapts its propagation characteristics to satisfy secure communication based on specific conditions which are given as user density, application specific adaptation, and location within CS concept. Thus, instead of providing any type of new security mechanism, it is proposed that radio can take the necessary precautions based on these conditions before the attacks occur. Various access scenarios are investigated to enable the CS while considering these conditions.

  6. Information security management system planning for CBRN facilities

    International Nuclear Information System (INIS)

    Lenaeu, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

    2015-01-01

    The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

  7. Security information and event management systems: benefits and inefficiencies

    OpenAIRE

    Κάτσαρης, Δημήτριος Σ.

    2014-01-01

    In this Master’s thesis, the new trend in computer and information security industry called Security Information and Event Management systems will be covered. The evolution, advantages and weaknesses of these systems will be described, as well as a home-based implementation with open source tools will be proposed and implemented.

  8. Applications for cyber security - System and application monitoring

    International Nuclear Information System (INIS)

    Marron, J. E.

    2006-01-01

    Standard network security measures are adequate for defense against external attacks. However, many experts agree that the greater threat is from internal sources. Insiders with malicious intentions can change controller instructions, change alarm thresholds, and issue commands to equipment which can damage equipment and compromise control system integrity. In addition to strict physical security the state of the system must be continually monitored. System and application monitoring goes beyond the capabilities of network security appliances. It will include active processes, operating system services, files, network adapters and IP addresses. The generation of alarms is a crucial feature of system and application monitoring. The alarms should be integrated to avoid the burden on operators of checking multiple locations for security violations. Tools for system and application monitoring include commercial software, free software, and ad-hoc tools that can be easily created. System and application monitoring is part of a 'defense-in-depth' approach to a control network security plan. Layered security measures prevent an individual security measure failure from being exploited into a successful security breach. Alarming of individual failures is essential for rapid isolation and correction of single failures. System and application monitoring is the innermost layer of this defense strategy. (authors)

  9. Hybrid algorithm for rotor angle security assessment in power systems

    Directory of Open Access Journals (Sweden)

    D. Prasad Wadduwage

    2015-08-01

    Full Text Available Transient rotor angle stability assessment and oscillatory rotor angle stability assessment subsequent to a contingency are integral components of dynamic security assessment (DSA in power systems. This study proposes a hybrid algorithm to determine whether the post-fault power system is secure due to both transient rotor angle stability and oscillatory rotor angle stability subsequent to a set of known contingencies. The hybrid algorithm first uses a new security measure developed based on the concept of Lyapunov exponents (LEs to determine the transient security of the post-fault power system. Later, the transient secure power swing curves are analysed using an improved Prony algorithm which extracts the dominant oscillatory modes and estimates their damping ratios. The damping ratio is a security measure about the oscillatory security of the post-fault power system subsequent to the contingency. The suitability of the proposed hybrid algorithm for DSA in power systems is illustrated using different contingencies of a 16-generator 68-bus test system and a 50-generator 470-bus test system. The accuracy of the stability conclusions and the acceptable computational burden indicate that the proposed hybrid algorithm is suitable for real-time security assessment with respect to both transient rotor angle stability and oscillatory rotor angle stability under multiple contingencies of the power system.

  10. Information security management system planning for CBRN facilities

    Energy Technology Data Exchange (ETDEWEB)

    Lenaeu, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)

    2015-12-01

    The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

  11. Development of an integrated campus security alerting system ...

    African Journals Online (AJOL)

    This work presents an integrated alerting system which uses both the Internet Protocol (IP) cameras and micro-switches for monitoring security situations thereby providing an immediate alerting signal to the security personnel. The system has the input unit, processing unit, control unit and the power supply unit as its ...

  12. Understanding human factors in cyber security as a dynamic system

    NARCIS (Netherlands)

    Young, H.J.; Vliet, A.J. van; Ven, J.G.S. van de; Jol, S.C.; Broekman, C.C.M.T.

    2018-01-01

    The perspective of human factors is largely missing from the wider cyber security dialogue and its scope is often limited. We propose a framework in which we consider cyber security as a state of a system. System change is brought on by an entity’s behavior. Interventions are ways of changing

  13. Assessing and managing security risk in IT systems a structured methodology

    CERN Document Server

    McCumber, John

    2004-01-01

    SECURITY CONCEPTSUsing ModelsIntroduction: Understanding, Selecting, and Applying Models Understanding AssetsLayered Security Using Models in Security Security Models for Information Systems Shortcomings of Models in SecuritySecurity in Context Reference Defining Information SecurityConfidentiality, Integrity, and Availability Information AttributesIntrinsic versus Imputed Value Information as an Asset The Elements of Security Security Is Security Only in Context Information as an Asset Introduction Determining Value Managing Information Resources ReferencesUnderstanding Threat and Its Relatio

  14. A Call for National Security System Transformation

    Science.gov (United States)

    2012-06-01

    Gabriel Marcella . Carlisle, PA: Strategic Studies Institute, U.S. Army War College, 2008. Fox News Corporation. “Last American Troops Leave Iraq...by Gabriel Marcella . Carlisle, PA: Strategic Studies Institute, U.S. Army War College, 2008. Stewart, Douglas. “Constructing the Iron Cage: The...1947 National Security Act.” In Affairs of State: The Interagency and National Security. Edited by Gabriel Marcella . Carlisle, PA: Strategic

  15. Cost and performance analysis of physical security systems

    International Nuclear Information System (INIS)

    Hicks, M.J.; Yates, D.; Jago, W.H.; Phillips, A.W.

    1998-04-01

    Analysis of cost and performance of physical security systems can be a complex, multi-dimensional problem. There are a number of point tools that address various aspects of cost and performance analysis. Increased interest in cost tradeoffs of physical security alternatives has motivated development of an architecture called Cost and Performance Analysis (CPA), which takes a top-down approach to aligning cost and performance metrics. CPA incorporates results generated by existing physical security system performance analysis tools, and utilizes an existing cost analysis tool. The objective of this architecture is to offer comprehensive visualization of complex data to security analysts and decision-makers

  16. Physical layer approaches for securing wireless communication systems

    CERN Document Server

    Wen, Hong

    2013-01-01

    This book surveys the outstanding work of physical-layer (PHY) security, including  the recent achievements of confidentiality and authentication for wireless communication systems by channel identification. A practical approach to building unconditional confidentiality for Wireless Communication security by feedback and error correcting code is introduced and a framework of PHY security based on space time block code (STBC) MIMO system is demonstrated.  Also discussed is a scheme which combines cryptographic techniques implemented in the higher layer with the physical layer security approach

  17. Secure Server Login by Using Third Party and Chaotic System

    Science.gov (United States)

    Abdulatif, Firas A.; zuhiar, Maan

    2018-05-01

    Server is popular among all companies and it used by most of them but due to the security threat on the server make this companies are concerned when using it so that in this paper we will design a secure system based on one time password and third parity authentication (smart phone). The proposed system make security to the login process of server by using one time password to authenticate person how have permission to login and third parity device (smart phone) as other level of security.

  18. Proceedings of the 2nd Workshop on Recommender Systems for Technology Enhanced Learning (RecSysTEL 2012)

    NARCIS (Netherlands)

    Manouselis, Nikos; Drachsler, Hendrik; Verbert, Katrien; Santos, Olga

    2012-01-01

    Manouselis, N., Drachsler, H., Verbert, K., & Santos, O. C. (Eds.) (2012). Proceedings of the 2nd Workshop on Recommender Systems for Technology Enhanced Learning (RecSysTEL 2012). Published by CEUR Workshop Proceedings, 2012, Vol. 896.

  19. A security scheme of SMS system

    Science.gov (United States)

    Zhang, Fangzhou; Yang, Hong-Wei; Song, Chuck

    2005-02-01

    With the prosperous development and the use of SMS, more and more important information need to be transferred through the wireless and mobile networks by the users. But in the GSM/GPRS network, the SMS messages are transferred in text mode through the signaling channel and there is no integrality for SMS messages. Because of the speciality of the mobile communications, the security of signaling channel is very weak. So we need to improve and enhance the security and integrality of SMS. At present, developed investigation based on SMS security is still incomplete. The key distribution and management is not perfect to meet the usability in a wide area. This paper introduces a high-level security method to solve this problem. We design the Secure SMS of GSM/GPRS in order to improve the security of the important information that need to be transferred by the mobile networks. Using this method, we can improve the usability of E-payment and other mobile electronic commerce.

  20. A novel wireless local positioning system for airport (indoor) security

    Science.gov (United States)

    Zekavat, Seyed A.; Tong, Hui; Tan, Jindong

    2004-09-01

    A novel wireless local positioning system (WLPS) for airport (or indoor) security is introduced. This system is used by airport (indoor) security guards to locate all of, or a group of airport employees or passengers within the airport area. WLPS consists of two main parts: (1) a base station that is carried by security personnel; hence, introducing dynamic base station (DBS), and (2) a transponder (TRX) that is mounted on all people (including security personnel) present at the airport; thus, introducing them as active targets. In this paper, we (a) draw a futuristic view of the airport security systems, and the flow of information at the airports, (b) investigate the techniques of extending WLPS coverage area beyond the line-of-sight (LoS), and (c) study the performance of this system via standard transceivers, and direct sequence code division multiple access (DS-CDMA) systems with and without antenna arrays and conventional beamforming (BF).

  1. Information security requirements in patient-centred healthcare support systems.

    Science.gov (United States)

    Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

    2013-01-01

    Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

  2. Master planning for successful safeguard/security systems engineering

    International Nuclear Information System (INIS)

    Bruckner, D.G.

    1987-01-01

    The development and phased implementation of an overall master plan for weapons systems and facilities engaged in the complexities of high technology provides a logical road map for system accomplishment. An essential factor in such a comprehensive plan is development of an integrated systems security engineering plan. Some DOD programs use new military regulations and policy directives to mandate consideration of the safeguard/security disciplines be considered for weapons systems and facilities during the entire life cycle of the program. The emphasis is to make certain the weapon system and applicable facilities have complementary security features. Together they must meet the needs of the operational mission and, at the same time, provide the security forces practical solutions to their requirements. This paper discusses the process of meshing the safe- guards/security requirements with an overall the master plan and the challenges attendant to this activity

  3. System for Secure Integration of Aviation Data

    Science.gov (United States)

    Kulkarni, Deepak; Wang, Yao; Keller, Rich; Chidester, Tom; Statler, Irving; Lynch, Bob; Patel, Hemil; Windrem, May; Lawrence, Bob

    2007-01-01

    The Aviation Data Integration System (ADIS) of Ames Research Center has been established to promote analysis of aviation data by airlines and other interested users for purposes of enhancing the quality (especially safety) of flight operations. The ADIS is a system of computer hardware and software for collecting, integrating, and disseminating aviation data pertaining to flights and specified flight events that involve one or more airline(s). The ADIS is secure in the sense that care is taken to ensure the integrity of sources of collected data and to verify the authorizations of requesters to receive data. Most importantly, the ADIS removes a disincentive to collection and exchange of useful data by providing for automatic removal of information that could be used to identify specific flights and crewmembers. Such information, denoted sensitive information, includes flight data (here signifying data collected by sensors aboard an aircraft during flight), weather data for a specified route on a specified date, date and time, and any other information traceable to a specific flight. The removal of information that could be used to perform such tracing is called "deidentification." Airlines are often reluctant to keep flight data in identifiable form because of concerns about loss of anonymity. Hence, one of the things needed to promote retention and analysis of aviation data is an automated means of de-identification of archived flight data to enable integration of flight data with non-flight aviation data while preserving anonymity. Preferably, such an automated means would enable end users of the data to continue to use pre-existing data-analysis software to identify anomalies in flight data without identifying a specific anomalous flight. It would then also be possible to perform statistical analyses of integrated data. These needs are satisfied by the ADIS, which enables an end user to request aviation data associated with de-identified flight data. The ADIS

  4. Department of Energy security program needs effective information systems

    International Nuclear Information System (INIS)

    1991-10-01

    Although security is an important, nearly billion-dollar-a-year function in the Department of Energy (DOE), key information systems that hold important data about security weaknesses and incidents have limited analytical capabilities and contain unreliable information. The resultant difficulty in identifying patterns and trends reduces managers' ability to ensure the effectiveness of the security program. Resources are also wasted because DOE has deployed incompatible systems that are unable to electronically share or transfer data, often forcing employees to manually re-enter data that are already stored in computers elsewhere. Finally, continuing data problems with other important security information systems, such as those used to track security clearances and classified documents, indicate that information system deficiencies are extensive. A major reason for these problems is that DOE has not done a comprehensive, strategic assessment of its information and information technology needs of the security program. DOE's efforts are fragmented because it has not assigned to any organization the leadership responsibility to determine security information needs and to plan and manage security information resources Department-wide. This paper reports that a number of changes are needed to correct these problems and take advantage of information technology to help strengthen the security program

  5. COLLABORATIVE NETWORK SECURITY MANAGEMENT SYSTEM BASED ON ASSOCIATION MINING RULE

    Directory of Open Access Journals (Sweden)

    Nisha Mariam Varughese

    2014-07-01

    Full Text Available Security is one of the major challenges in open network. There are so many types of attacks which follow fixed patterns or frequently change their patterns. It is difficult to find the malicious attack which does not have any fixed patterns. The Distributed Denial of Service (DDoS attacks like Botnets are used to slow down the system performance. To address such problems Collaborative Network Security Management System (CNSMS is proposed along with the association mining rule. CNSMS system is consists of collaborative Unified Threat Management (UTM, cloud based security centre and traffic prober. The traffic prober captures the internet traffic and given to the collaborative UTM. Traffic is analysed by the Collaborative UTM, to determine whether it contains any malicious attack or not. If any security event occurs, it will reports to the cloud based security centre. The security centre generates security rules based on association mining rule and distributes to the network. The cloud based security centre is used to store the huge amount of tragic, their logs and the security rule generated. The feedback is evaluated and the invalid rules are eliminated to improve the system efficiency.

  6. Evaluation of a Cyber Security System for Hospital Network.

    Science.gov (United States)

    Faysel, Mohammad A

    2015-01-01

    Most of the cyber security systems use simulated data in evaluating their detection capabilities. The proposed cyber security system utilizes real hospital network connections. It uses a probabilistic data mining algorithm to detect anomalous events and takes appropriate response in real-time. On an evaluation using real-world hospital network data consisting of incoming network connections collected for a 24-hour period, the proposed system detected 15 unusual connections which were undetected by a commercial intrusion prevention system for the same network connections. Evaluation of the proposed system shows a potential to secure protected patient health information on a hospital network.

  7. Evaluation on Electronic Securities Settlements Systems by AHP Methods

    Science.gov (United States)

    Fukaya, Kiyoyuki; Komoda, Norihisa

    Accompanying the spread of Internet and the change of business models, electronic commerce expands buisness areas. Electronic finance commerce becomes popular and especially online security tradings becoome very popular in this area. This online securitiy tradings have some good points such as less mistakes than telephone calls. In order to expand this online security tradings, the transfer of the security paper is one the largest problems to be solved. Because it takes a few days to transfer the security paper from a seller to a buyer. So the dematerialization of security papers is one of the solutions. The demterilization needs the information systems for setteling security. Some countries such as France, German, United Kingdom and U.S.A. have been strating the dematerialization projects. The legacy assesments on these projects focus from the viewpoint of the legal schemes only and there is no assessment from system architectures. This paper focuses on the information system scheme and valuates these dematerlization projects by AHP methods from the viewpoints of “dematerializaion of security papers", “speed of transfer", “usefulness on the system" and “accumulation of risks". This is the first case of valuations on security settlements systems by AHP methods, especially four counties’ systems.

  8. A Survey on the Security of Blockchain Systems

    OpenAIRE

    Li, Xiaoqi; Jiang, Peng; Chen, Ting; Luo, Xiapu; Wen, Qiaoyan

    2018-01-01

    Since its inception, the blockchain technology has shown promising application prospects. From the initial cryptocurrency to the current smart contract, blockchain has been applied to many fields. Although there are some studies on the security and privacy issues of blockchain, there lacks a systematic examination on the security of blockchain systems. In this paper, we conduct a systematic study on the security threats to blockchain and survey the corresponding real attacks by examining popu...

  9. Gene expression programming for power system static security ...

    African Journals Online (AJOL)

    user

    Keywords: static security, gene expression programming, probabilistic neural network ... Hence digital computers are usually installed in operations control centers to gather ...... power system protection, and applications of AI in power systems.

  10. Information Security Management - Part Of The Integrated Management System

    Science.gov (United States)

    Manea, Constantin Adrian

    2015-07-01

    The international management standards allow their integrated approach, thereby combining aspects of particular importance to the activity of any organization, from the quality management systems or the environmental management of the information security systems or the business continuity management systems. Although there is no national or international regulation, nor a defined standard for the Integrated Management System, the need to implement an integrated system occurs within the organization, which feels the opportunity to integrate the management components into a cohesive system, in agreement with the purpose and mission publicly stated. The issues relating to information security in the organization, from the perspective of the management system, raise serious questions to any organization in the current context of electronic information, reason for which we consider not only appropriate but necessary to promote and implement an Integrated Management System Quality - Environment - Health and Operational Security - Information Security

  11. Reforming the South African Social Security Adjudication System ...

    African Journals Online (AJOL)

    Reforming the South African Social Security Adjudication System: innovative experiences ... Dispute resolution systems in the labour relations, business competition ... the rights of access to justice, to a fair trial and to just administrative action).

  12. Need an Information Security in Access Control System?

    Directory of Open Access Journals (Sweden)

    V. R. Petrov

    2011-12-01

    Full Text Available The purpose of this paper is the general problems of information security in access control system. The field of using is the in project of reconstruction Physical protection system.

  13. Proceedings from the conference on high speed computing: High speed computing and national security

    Energy Technology Data Exchange (ETDEWEB)

    Hirons, K.P.; Vigil, M.; Carlson, R. [comps.

    1997-07-01

    This meeting covered the following topics: technologies/national needs/policies: past, present and future; information warfare; crisis management/massive data systems; risk assessment/vulnerabilities; Internet law/privacy and rights of society; challenges to effective ASCI programmatic use of 100 TFLOPs systems; and new computing technologies.

  14. Designing a machinery control system (MCS) security testbed

    OpenAIRE

    Desso, Nathan H.

    2014-01-01

    Approved for public release; distribution is unlimited Industrial control systems (ICS) face daily cyber security threats, can have a significant impact to the security of our nation, and present a difficult challenge to defend. Critical infrastructures, including military systems like the machinery control systems (MCS) found onboard modern U.S. warships, are affected because of their use of commercial automation solutions. The increase of automated control systems within the U.S. Navy sa...

  15. National regulatory authorities with competence in the safety of radiation sources and the security of radioactive materials. Proceedings

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    2001-08-01

    The Buenos Aires Conference, hosted by the Government of Argentina, was attended by 89 regulatory officials from 57 Member States. The conference provided a forum for fostering the exchange of information and experience on the development of adequate regulatory systems for effective control of the safety of radiation sources and security of radioactive materials. This publication contains 64 individual presentations delivered at the Conference. Each of them was indexed separately.

  16. Proceedings of the seventh international food convention: nutritional security through sustainable development research and education for healthy foods - souvenir

    International Nuclear Information System (INIS)

    2013-12-01

    At present, the application of advanced technology during production, processing, storage and distribution of food with an ultimate aim of strengthening the socio-economic status of farmers, entrepreneurs and rural artisan community has paramount importance. The convention made an effort to touch upon the following areas: food and nutritional security and sustainability, food processing and engineering, food safety management systems, food health and nutrition, skill development and entrepreneurship, food science and technology research etc. Papers relevant to INIS are indexed separately

  17. National regulatory authorities with competence in the safety of radiation sources and the security of radioactive materials. Proceedings

    International Nuclear Information System (INIS)

    2001-01-01

    The Buenos Aires Conference, hosted by the Government of Argentina, was attended by 89 regulatory officials from 57 Member States. The conference provided a forum for fostering the exchange of information and experience on the development of adequate regulatory systems for effective control of the safety of radiation sources and security of radioactive materials. This publication contains 64 individual presentations delivered at the Conference. Each of them was indexed separately

  18. Improving Control System Security through the Evaluation of Current Trends in Computer Security Research

    Energy Technology Data Exchange (ETDEWEB)

    Rolston

    2005-03-01

    At present, control system security efforts are primarily technical and reactive in nature. What has been overlooked is the need for proactive efforts, focused on the IT security research community from which new threats might emerge. Evaluating cutting edge IT security research and how it is evolving can provide defenders with valuable information regarding what new threats and tools they can anticipate in the future. Only known attack methodologies can be blocked, and there is a gap between what is known to the general security community and what is being done by cutting edge researchers --both those trying to protect systems and those trying to compromise them. The best security researchers communicate with others in their field; they know what cutting edge research is being done; what software can be penetrated via this research; and what new attack techniques and methodologies are being circulated in the black hat community. Standardization of control system applications, operating systems, and networking protocols is occurring at a rapid rate, following a path similar to the standardization of modern IT networks. Many attack methodologies used on IT systems can be ported over to the control system environment with little difficulty. It is extremely important to take advantage of the lag time between new research, its use on traditional IT networks, and the time it takes to port the research over for use on a control system network. Analyzing nascent trends in IT security and determining their applicability to control system networks provides significant information regarding defense mechanisms needed to secure critical infrastructure more effectively. This work provides the critical infrastructure community with a better understanding of how new attacks might be launched, what layers of defense will be needed to deter them, how the attacks could be detected, and how their impact could be limited.

  19. 75 FR 8088 - Privacy Act of 1974; Department of Homeland Security/ALL-023 Personnel Security Management System...

    Science.gov (United States)

    2010-02-23

    ... risk of harm to economic or property interests, identity theft or fraud, or harm to the security or... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2009-0041] Privacy Act of 1974; Department of Homeland Security/ALL--023 Personnel Security Management System of Records AGENCY...

  20. Research on information security system of waste terminal disposal process

    Science.gov (United States)

    Zhou, Chao; Wang, Ziying; Guo, Jing; Guo, Yajuan; Huang, Wei

    2017-05-01

    Informatization has penetrated the whole process of production and operation of electric power enterprises. It not only improves the level of lean management and quality service, but also faces severe security risks. The internal network terminal is the outermost layer and the most vulnerable node of the inner network boundary. It has the characteristics of wide distribution, long depth and large quantity. The user and operation and maintenance personnel technical level and security awareness is uneven, which led to the internal network terminal is the weakest link in information security. Through the implementation of security of management, technology and physics, we should establish an internal network terminal security protection system, so as to fully protect the internal network terminal information security.

  1. Information Security System and Development of a Modern Organization

    OpenAIRE

    Wawak, Slawomir

    2009-01-01

    Information security management systems are increasingly applied in a number of sectors of the new, global, interconnected economy. They are used by production and service companies, businesses that provide information technology and telecom services, state administration authorities and local governments. Specifically, they are used in case of crime groups or as a means of securing illegal transactions.

  2. Behavior Change Support Systems for Privacy and Security

    NARCIS (Netherlands)

    Kegel, Roeland Hendrik,Pieter; Wieringa, Roelf J.; Kulyk, Olga Anatoliyivna; Kelders, S.; van Gemert-Pijnen, L.; Oinas-Kukkonen, H

    2015-01-01

    This article proposes to use Behavior Change Support Systems (BCSSs) to improve the security of IT applications and the privacy of its users. We discuss challenges specific to BCSSs applied to information security, list research questions to be answered in order to meet these challenges, and propose

  3. Security analysis - from analytical methods to intelligent systems

    Energy Technology Data Exchange (ETDEWEB)

    Lambert-Torres, G; Silva, A.P. Alves da; Ferreira, C [Escola Federal de Engenharia de Itajuba, MG (Brazil); Mattos dos Reis, L O [Taubate Univ., SP (Brazil)

    1994-12-31

    This paper presents an alternative approach to Security Analysis based on Artificial Neural Network (ANN) techniques. This new technique tries to imitate the human brain and is based on neurons and synopses. A critical review of the ANN used in Power System Operation problem solving is made, while structures to solve the Security Analysis problems are proposed. (author) 7 refs., 4 figs.

  4. Analyzing the security of an existing computer system

    Science.gov (United States)

    Bishop, M.

    1986-01-01

    Most work concerning secure computer systems has dealt with the design, verification, and implementation of provably secure computer systems, or has explored ways of making existing computer systems more secure. The problem of locating security holes in existing systems has received considerably less attention; methods generally rely on thought experiments as a critical step in the procedure. The difficulty is that such experiments require that a large amount of information be available in a format that makes correlating the details of various programs straightforward. This paper describes a method of providing such a basis for the thought experiment by writing a special manual for parts of the operating system, system programs, and library subroutines.

  5. Method for secure electronic voting system: face recognition based approach

    Science.gov (United States)

    Alim, M. Affan; Baig, Misbah M.; Mehboob, Shahzain; Naseem, Imran

    2017-06-01

    In this paper, we propose a framework for low cost secure electronic voting system based on face recognition. Essentially Local Binary Pattern (LBP) is used for face feature characterization in texture format followed by chi-square distribution is used for image classification. Two parallel systems are developed based on smart phone and web applications for face learning and verification modules. The proposed system has two tire security levels by using person ID followed by face verification. Essentially class specific threshold is associated for controlling the security level of face verification. Our system is evaluated three standard databases and one real home based database and achieve the satisfactory recognition accuracies. Consequently our propose system provides secure, hassle free voting system and less intrusive compare with other biometrics.

  6. Globally reasoning about localised security policies in distributed systems

    DEFF Research Database (Denmark)

    Hernandez, Alejandro Mario

    In this report, we aim at establishing proper ways for model checking the global security of distributed systems, which are designed consisting of set of localised security policies that enforce specific issues about the security expected. The systems are formally specified following a syntax......, defined in detail in this report, and their behaviour is clearly established by the Semantics, also defined in detail in this report. The systems include the formal attachment of security policies into their locations, whose intended interactions are trapped by the policies, aiming at taking access...... control decisions of the system, and the Semantics also takes care of this. Using the Semantics, a Labelled Transition System (LTS) can be induced for every particular system, and over this LTS some model checking tasks could be done. We identify how this LTS is indeed obtained, and propose an alternative...

  7. Engineering secure Internet of Things systems

    CERN Document Server

    Aziz, Benjamin; Crispo, Bruno

    2016-01-01

    This book examines important security considerations for the Internet of Things (IoT). IoT is collecting a growing amount of private and sensitive data about our lives, and requires increasing degrees of reliability and trustworthiness in terms of the levels of assurance provided with respect to confidentiality, integrity and availability.

  8. 49 CFR 659.25 - Annual review of system safety program plan and system security plan.

    Science.gov (United States)

    2010-10-01

    ... system security plan. 659.25 Section 659.25 Transportation Other Regulations Relating to Transportation... and system security plan. (a) The oversight agency shall require the rail transit agency to conduct an annual review of its system safety program plan and system security plan. (b) In the event the rail...

  9. Process Control System Cyber Security Standards - An Overview

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2006-05-01

    The use of cyber security standards can greatly assist in the protection of process control systems by providing guidelines and requirements for the implementation of computer-controlled systems. These standards are most effective when the engineers and operators, using the standards, understand what each standard addresses. This paper provides an overview of several standards that deal with the cyber security of process measurements and control systems.

  10. Cyber-Physical Systems Security: a Systematic Mapping Study

    OpenAIRE

    Lun, Yuriy Zacchia; D'Innocenzo, Alessandro; Malavolta, Ivano; Di Benedetto, Maria Domenica

    2016-01-01

    Cyber-physical systems are integrations of computation, networking, and physical processes. Due to the tight cyber-physical coupling and to the potentially disrupting consequences of failures, security here is one of the primary concerns. Our systematic mapping study sheds some light on how security is actually addressed when dealing with cyber-physical systems. The provided systematic map of 118 selected studies is based on, for instance, application fields, various system components, relate...

  11. The Design and Realization of Household Intelligent Security System

    Directory of Open Access Journals (Sweden)

    Huang Sheng-Bo

    2016-01-01

    Full Text Available It is known that Smart home has brought great convenience to the lives of humans. However, we have attached quantities of interest in its security as the development of technology goes on. According to the security requirements at the moment, we introduce the scheme of smart home security system based on ZigBee, and design system hardware and software process. By applying a STC89C52 microcontroller, our system is able to accurately detect and give alarms automatically to house fire, harmful gases and thefts.

  12. Measurable Control System Security through Ideal Driven Technical Metrics

    Energy Technology Data Exchange (ETDEWEB)

    Miles McQueen; Wayne Boyer; Sean McBride; Marie Farrar; Zachary Tudor

    2008-01-01

    The Department of Homeland Security National Cyber Security Division supported development of a small set of security ideals as a framework to establish measurable control systems security. Based on these ideals, a draft set of proposed technical metrics was developed to allow control systems owner-operators to track improvements or degradations in their individual control systems security posture. The technical metrics development effort included review and evaluation of over thirty metrics-related documents. On the bases of complexity, ambiguity, or misleading and distorting effects the metrics identified during the reviews were determined to be weaker than necessary to aid defense against the myriad threats posed by cyber-terrorism to human safety, as well as to economic prosperity. Using the results of our metrics review and the set of security ideals as a starting point for metrics development, we identified thirteen potential technical metrics - with at least one metric supporting each ideal. Two case study applications of the ideals and thirteen metrics to control systems were then performed to establish potential difficulties in applying both the ideals and the metrics. The case studies resulted in no changes to the ideals, and only a few deletions and refinements to the thirteen potential metrics. This led to a final proposed set of ten core technical metrics. To further validate the security ideals, the modifications made to the original thirteen potential metrics, and the final proposed set of ten core metrics, seven separate control systems security assessments performed over the past three years were reviewed for findings and recommended mitigations. These findings and mitigations were then mapped to the security ideals and metrics to assess gaps in their coverage. The mappings indicated that there are no gaps in the security ideals and that the ten core technical metrics provide significant coverage of standard security issues with 87% coverage. Based

  13. Carboy Security Testing and Training Programs for Industrial Control Systems

    International Nuclear Information System (INIS)

    Noyes, Daniel

    2012-01-01

    Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These training vary from web-based cyber security training for control systems engineers to more advanced hands-on training that culminates with a Red Team/Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors

  14. Cyber Security Testing and Training Programs for Industrial Control Systems

    International Nuclear Information System (INIS)

    Noyes, Daniel

    2012-01-01

    Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

  15. Cyber Security Testing and Training Programs for Industrial Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Daniel Noyes

    2012-03-01

    Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

  16. Security credentials management system (SCMS) design and analysis for the connected vehicle system : draft.

    Science.gov (United States)

    2013-12-27

    This report presents an analysis by Booz Allen Hamilton (Booz Allen) of the technical design for the Security Credentials Management System (SCMS) intended to support communications security for the connected vehicle system. The SCMS technical design...

  17. Computer Security: Protect your plant: a "serious game" about control system cyber-security

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    Control system cyber-security is attracting increasing attention: from cybercriminals, from the media and from security researchers.   After the legendary “Stuxnet” attacks of 2010 against an Iranian uranium enrichment plant, the infiltration of Saudi Aramco in 2012, and most recently the hacking of German blast furnaces, we should be prepared. Just imagine what would happen if hackers turned off the lights in Geneva and the Pays-de-Gex for a month? (“Hacking control systems, switching lights off!"). Or if attackers infiltrated CERN’s accelerator or experiment control systems and stopped us from pursuing our core business: delivering beams and recording particle collisions (“Hacking control systems, switching... accelerators off?"). Now you can test your ability to protect an industrial plant against cyber-threats! The Computer Security Team, in collaboration with Kaspersky Lab, is organising a so-...

  18. An autonomic security monitor for distributed operating systems

    OpenAIRE

    Arenas, A.; Aziz, Benjamin; Maj, S.; Matthews, B.

    2011-01-01

    This paper presents an autonomic system for the monitoring of security-relevant information in a Grid-based operating system. The system implements rule-based policies using Java Drools. Policies are capable of controlling the system environment based on changes in levels of CPU/memory usage, accesses to system resources, detection of abnormal behaviour such as DDos attacks.

  19. Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture

    Science.gov (United States)

    Muller, George; Perkins, Casey J.; Lancaster, Mary J.; MacDonald, Douglas G.; Clements, Samuel L.; Hutton, William J.; Patrick, Scott W.; Key, Bradley Robert

    2015-07-28

    Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture are described. According to one aspect, a computer-implemented security evaluation method includes accessing information regarding a physical architecture and a cyber architecture of a facility, building a model of the facility comprising a plurality of physical areas of the physical architecture, a plurality of cyber areas of the cyber architecture, and a plurality of pathways between the physical areas and the cyber areas, identifying a target within the facility, executing the model a plurality of times to simulate a plurality of attacks against the target by an adversary traversing at least one of the areas in the physical domain and at least one of the areas in the cyber domain, and using results of the executing, providing information regarding a security risk of the facility with respect to the target.

  20. Secure Web System in a Cloud Environment

    OpenAIRE

    Pokherl, Bibesh

    2013-01-01

    Advent of cloud computing has brought a lot of benefits for users based on its essential characteristics. Users are attracted by its costs per use service and rapidly deploy their applications in the cloud and scale by using virtualization technology without investing in their own IT infrastructure. These applications can be accessed through web based technology, such as web browsers or mobile apps. However, security becomes a major challenge when user’s data and applications are stored in a ...

  1. Intrinsic information Security: Embedding security issues in the design process of telematics systems

    NARCIS (Netherlands)

    Tettero, Olaf; Tettero, O.

    This book presents a systematic approach to embed information security issues in the design process of telematics systems. The approach supports both designers and user organisations. We elaborate on the activities that designers should perform to design telematics systems in which information

  2. Cybernetic Security and Business Intelligence in the System of Diagnostics of Economic Security of the Enterprise

    Directory of Open Access Journals (Sweden)

    Ruslan Skrynkovskyy

    2017-10-01

    Full Text Available The purpose of the article is to determine the place, the role and features of cybernetic security and improve the business intelligence scheme in the system of diagnosing economic security of the enterprise. It had been found out that: 1 the term “cybernetic security of an enterprise” should be understood as the state of the protection of the cybernetic space of the whole enterprise or individual objects of its information infrastructure (computer system, computer data, etc. from the risk of external cybernetic influence, which ensures their sustainable development and the formation of prospects, as well as timely detection, prevention and neutralization of real and potential cybernetic interruptions and threats to the interests of the enterprise; 2 the main components of cybernetic security in the system of diagnostics of economic security of the enterprise are: investigation of information and telecommunication systems and cryptosystems of the opposing sides; cybernetic effects; protection of information sphere. It was established that the main task of business intelligence in the system of diagnosing economic security of the enterprise is the verification of the reliability of business information, the provision of cybernetic protection of information resources, information and communication technologies and systems and the elimination of the possibility of misinformation of senior management by the managers of the middle level, suppliers, marketing intermediaries, clientele, competitors or contact audiences of the enterprise. The prospect of further research in this direction is the development of a system of goals of the polycriterial diagnostics of the activity (economic diagnostics of the enterprise (on the basis of the isolation and systematization of its diagnostic purposes, taking into account the presented results of the study.

  3. Secure ADS-B authentication system and method

    Science.gov (United States)

    Viggiano, Marc J (Inventor); Valovage, Edward M (Inventor); Samuelson, Kenneth B (Inventor); Hall, Dana L (Inventor)

    2010-01-01

    A secure system for authenticating the identity of ADS-B systems, including: an authenticator, including a unique id generator and a transmitter transmitting the unique id to one or more ADS-B transmitters; one or more ADS-B transmitters, including a receiver receiving the unique id, one or more secure processing stages merging the unique id with the ADS-B transmitter's identification, data and secret key and generating a secure code identification and a transmitter transmitting a response containing the secure code and ADSB transmitter's data to the authenticator; the authenticator including means for independently determining each ADS-B transmitter's secret key, a receiver receiving each ADS-B transmitter's response, one or more secure processing stages merging the unique id, ADS-B transmitter's identification and data and generating a secure code, and comparison processing comparing the authenticator-generated secure code and the ADS-B transmitter-generated secure code and providing an authentication signal based on the comparison result.

  4. The public transportation system security and emergency preparedness planning guide

    Science.gov (United States)

    2003-01-01

    Recent events have focused renewed attention on the vulnerability of the nation's critical infrastructure to major events, including terrorism. The Public Transportation System Security and Emergency Preparedness Planning Guide has been prepared to s...

  5. Reactive In-flight Multisensor Security System (RIMSS), Phase II

    Data.gov (United States)

    National Aeronautics and Space Administration — The need for in-flight event detection and monitoring systems is clear. To address this and other safety and security needs, IEM proposed the Reactive In-flight...

  6. Information security in SCADA systems in nuclear power plants

    International Nuclear Information System (INIS)

    Satyamurty, S.A.V.

    2013-01-01

    Few decades back most of the I and C systems are Hardwired based. With the developments in digital electronics, micro processors and micro controllers, the I and C systems are becoming more and more Computer based. Though it brought convenience to the designer, comfort to the operator in the form of better GUI, it also brought many challenges in the form of information security. The talk covers the typical I and C design using SCADA systems, the challenges, typical problems faced and the need for information security. The talk illustrates various security measures to be implemented in the design, development and testing stages. These security measures have to be taken both in the development environment and deployment environment. Verification and validation of computer based system is very important. Configuration change management is very essential for smooth running of the plant. The talk illustrates the various measures need to be taken. (author)

  7. Insights on the Security and Dependability of Industrial Control Systems

    NARCIS (Netherlands)

    Kargl, Frank; van der Heijden, R.; van der Heijden, Rens W.; König, Hartmut; Valdes, Alfonso; Dacier, Marc C.

    2014-01-01

    The authors discuss the findings of a recent research seminar on the security and dependability of industrial control systems and provide an overview of major challenges in the field and areas where current research should focus.

  8. Report: Improvements Needed in Key EPA Information System Security Practices

    Science.gov (United States)

    Report #10-P-0146, June 15, 2010. Williams Adley found that EPA program offices lacked evidence that they planned and executed tests of information system security controls as required by federal requirements.

  9. Optical Imaging Sensors and Systems for Homeland Security Applications

    CERN Document Server

    Javidi, Bahram

    2006-01-01

    Optical and photonic systems and devices have significant potential for homeland security. Optical Imaging Sensors and Systems for Homeland Security Applications presents original and significant technical contributions from leaders of industry, government, and academia in the field of optical and photonic sensors, systems and devices for detection, identification, prevention, sensing, security, verification and anti-counterfeiting. The chapters have recent and technically significant results, ample illustrations, figures, and key references. This book is intended for engineers and scientists in the relevant fields, graduate students, industry managers, university professors, government managers, and policy makers. Advanced Sciences and Technologies for Security Applications focuses on research monographs in the areas of -Recognition and identification (including optical imaging, biometrics, authentication, verification, and smart surveillance systems) -Biological and chemical threat detection (including bios...

  10. development of an integrated campus security alerting system

    African Journals Online (AJOL)

    user

    Keywords: Campus Security, Microcontroller, Internet Protocol Camera, Integrated system, Micro-switches. 1. INTRODUCTION .... personnel can fall back to the information captured/stored ...... Adetoba A. O. "Design and Construction of a Car.

  11. Agency Secure Image And Storage Tracking System (ASIST)

    Data.gov (United States)

    US Agency for International Development — Agency Secure Image and Storage Tracking System (Missions): is a Documentum-based user interface developed and maintained by the USAID OCIO (formerly IRM) to improve...

  12. APPROACHES TO THE SECURITY SYSTEM AT THE MS SHAREPOINT

    Directory of Open Access Journals (Sweden)

    Iryna V. Zolotarenko

    2010-10-01

    Full Text Available Relevance of the material contained in the article is conditioned by pressing needs of society in creating secure information systems, facilitating the introduction of advanced information technologies in the education department. Security is important for the reliability and efficiency of such systems. One way of solving the security problem is the distribution of categories of users and granting their rights at different levels. The paper analyzes general approaches to organize groups and permission levels of users in information systems developed based on MS SharePoint. The main design decisions on security in information system planning research at the National Academy of Pedagogical Sciences of Ukraine based on the Internet use the conceptual results of this article.

  13. Proceedings: 2003 Workshop on Life Cycle Management Planning for Systems, Structures, and Components

    International Nuclear Information System (INIS)

    2003-01-01

    These proceedings of the 2003 EPRI Life Cycle Management Workshop provide nuclear plant owners with an overview of the state of development of methods and tools for performing long-term planning for maintenance, aging management, and obsolescence management of systems, structures, and components important to a plant's long-term safety, power production, and value in a market-driven industry. The proceedings summarize the results of applying life cycle management at several plants

  14. 32 CFR 2001.50 - Telecommunications automated information systems and network security.

    Science.gov (United States)

    2010-07-01

    ... NATIONAL SECURITY INFORMATION Safeguarding § 2001.50 Telecommunications automated information systems and... identified in the Committee on National Security Systems (CNSS) issuances and the Intelligence Community Directive (ICD) 503, Intelligence Community Information Technology Systems Security Risk Management...

  15. Security features of a nuclear material accounting system

    International Nuclear Information System (INIS)

    Erkkila, B.H.

    1988-01-01

    The Los Alamos Nuclear Material Accounting and Safeguards System (MASS) is a near-real-time accountability system for bulk materials, discrete items, and materials undergoing dynamic processing. MASS has evolved from a 80-column, card-based process control system to a very sophisticated computer system. Recently, the computer hardware was upgraded to a modern transaction oriented central computer system designed to accommodate extensive growth in the foreseeable future. The security of the MASS computer system is provided through various access controls. There are two kinds of access controls to be addressed. They are physical access control to the hardware which make up the system and access control to the software. There are many features which provide a measure of security to the hardware that are discussed. Access to the software is controlled by a security password. Access to various transaction activities in the system is controlled through the level of MASS under privilege. Details of MASS user privilege are discussed

  16. Analysing Information Systems Security In Higher Learning Institutions Of Uganda

    OpenAIRE

    Mugyenyi Raymond

    2017-01-01

    Information communication technology has increased globalisation in higher learning institution all over the world. This has been achieved through introduction of systems that ease operations related to information handling in the institutions. The paper assessed and analysed the information systems security performance status in higher learning institutions of Uganda. The existing policies that govern the information security have also been analysed together with the current status of inform...

  17. Evaluating pay-as-you-go social security systems

    OpenAIRE

    Bachmann, Andreas; Wüthrich, Kaspar

    2013-01-01

    This paper proposes a new method for welfare analysis of unfunded social security systems. Based on an overlapping generations model with endogenous labor supply, we derive a formula for the evaluation of existing pay-as-you-go social security systems that depends on impulse response functions and projected growth rates only. We propose an implementation strategy based on reduced form estimates of a VAR model that is valid under weak assumptions about the deep structure of the model. Our meth...

  18. Inhibiting and driving forces for the digitalization of security systems: security officers’ view on the issue

    OpenAIRE

    Lahtinen, Markus

    2007-01-01

    This memo reports on factors that drive and inhibit the digitalization of security systems. The reported factors are as follows: Technology-push factors • Need to lower costs on the end-user side, i.e. replacing labour with technology • Perceived convenience and ease-of-use of digital systems • Digital products can be connected to the current enterprise network; enabling an expanding set of security features • Firms holding the IP-capability (IP=Internet Protocol) and not h...

  19. Security Concerns and Countermeasures in Network Coding Based Communications Systems

    DEFF Research Database (Denmark)

    Talooki, Vahid; Bassoli, Riccardo; Roetter, Daniel Enrique Lucani

    2015-01-01

    key protocol types, namely, state-aware and stateless protocols, specifying the benefits and disadvantages of each one of them. We also present the key security assumptions of network coding (NC) systems as well as a detailed analysis of the security goals and threats, both passive and active......This survey paper shows the state of the art in security mechanisms, where a deep review of the current research and the status of this topic is carried out. We start by introducing network coding and its variety applications in enhancing current traditional networks. In particular, we analyze two....... This paper also presents a detailed taxonomy and a timeline of the different NC security mechanisms and schemes reported in the literature. Current proposed security mechanisms and schemes for NC in the literature are classified later. Finally a timeline of these mechanism and schemes is presented....

  20. Mixing chaos modulations for secure communications in OFDM systems

    Science.gov (United States)

    Seneviratne, Chatura; Leung, Henry

    2017-12-01

    In this paper, we consider a novel chaotic OFDM communication scheme is to improve the physical layer security. By secure communication we refer to physical layer security that provides low probability of detection (LPD)/low probability of intercept (LPI) transmission. A mixture of chaotic modulation schemes is used to generate chaotically modulated symbols for each subcarrier of the OFDM transmitter. At the receiver, different demodulators are combined together for the different modulation schemes for enhanced security. Time domain, frequency domain and statistical randomness tests show that transmit signals are indistinguishable from background noise. BER performance comparison shows that the physical layer security of the proposed scheme comes with a slight performance degradation compared to conventional OFDM communication systems.

  1. Economic foundation and importance of non-state security sector within the national security system

    Directory of Open Access Journals (Sweden)

    Anđelković Slobodan

    2016-01-01

    Full Text Available The main purpose of this paper was to present the causes (for, role (played by and the growing importance of the non-state actors within the national security sector, while analyzing the economic interest of individuals, organizations and the state itself that were favoring such a development. In the course of our research we established how, as the state narrowed its activities down to more vital and more dangerous fields of work, this opened up space for independent contractors to enter those fields which carried less systemic risk. Such change was made possible in the post-Cold War context, when many of the former service members were hired by private companies. The economic motive had a role to play as well, given the need for additional security going beyond what state offered to its citizens, as many doubted the ability (efficiency of state to provide it in the first place; and private sector's willingness to provide it for a price. In Serbia, position of non-state security sector is still very much limited by the traditional notion of security as well as the division of competences, both left-overs from socialist times. This goes against positive tendencies within the sector itself (improvement of types and specialization of the security as service; strengthening of legal regulation; flexibility of services being offered. By conducting its basic service and improving the security of its clients, representatives of non-state security sector are - indirectly - improving the security of society as a whole, ensuring economic stability, which presents one of key national interests.

  2. POLICE OFFICE MODEL IMPROVEMENT FOR SECURITY OF SWARM ROBOTIC SYSTEMS

    Directory of Open Access Journals (Sweden)

    I. A. Zikratov

    2014-09-01

    Full Text Available This paper focuses on aspects of information security for group of mobile robotic systems with swarm intellect. The ways for hidden attacks realization by the opposing party on swarm algorithm are discussed. We have fulfilled numerical modeling of potentially destructive information influence on the ant shortest path algorithm. We have demonstrated the consequences of attacks on the ant algorithm with different concentration in a swarm of subversive robots. Approaches are suggested for information security mechanisms in swarm robotic systems, based on the principles of centralized security management for mobile agents. We have developed the method of forming a self-organizing information security management system for robotic agents in swarm groups implementing POM (Police Office Model – a security model based on police offices, to provide information security in multi-agent systems. The method is based on the usage of police station network in the graph nodes, which have functions of identification and authentication of agents, identifying subversive robots by both their formal characteristics and their behavior in the swarm. We have suggested a list of software and hardware components for police stations, consisting of: communication channels between the robots in police office, nodes register, a database of robotic agents, a database of encryption and decryption module. We have suggested the variants of logic for the mechanism of information security in swarm systems with different temporary diagrams of data communication between police stations. We present comparative analysis of implementation of protected swarm systems depending on the functioning logic of police offices, integrated in swarm system. It is shown that the security model saves the ability to operate in noisy environments, when the duration of the interference is comparable to the time necessary for the agent to overcome the path between police stations.

  3. Security of the data transmission in the industrial control system

    Directory of Open Access Journals (Sweden)

    Marcin Bednarek

    2015-12-01

    Full Text Available The theme of this paper is to present the data transmission security system between the stations of the industrial control system. The possible options for secure communications between process stations, as well as between process and operator station are described. Transmission security mechanism is based on algorithms for symmetric and asymmetric encryption. The authentication process uses a software token algorithm and a one-way hash function. The algorithm for establishing a secured connection between the stations, including the authentication process and encryption of data transmission is given. The process of securing the transmission consists of 4 sub-processes: (I authentication; (II asymmetric, public keys transmission; (III symmetric key transmission; (IV data transmission. The presented process of securing the transmission was realized in the industrial controller and emulator. For this purpose, programming languages in accordance with EN 61131 were used. The functions were implemented as user function blocks. This allows us to include a mixed code in the structure of the block (both: ST and FBD. Available function categories: support of the asymmetric encryption; asymmetric encryption utility functions; support of the symmetric encryption; symmetric encryption utility functions; support of the hash value calculations; utility functions of conversion.[b]Keywords[/b]: transmission security, encryption, authentication, industrial control system

  4. Framework for optimal power flow incorporating dynamic system security

    International Nuclear Information System (INIS)

    El-Kady, M.A.; Owayedh, M.S.

    2006-01-01

    This paper introduces a novel framework and methodologies which are capable of tackling the complex issue of power system economy versus security in a practical and effective manner. At heart of achieving such a challenging and far-reaching objective is the incorporation of the Dyanamic Security Assessment (DSA) into production optimization techniques using the Transient Energy Function (TEF) method. In addition, and in parallel with the already well established concept of the system security, two new concepts pertaining to power system performance will be introduced in this paper, namely the concept of system dynamic susceptibility, which measures the level of systems weakness to a particular contingency and the concept of system consequent restorability, which measures the extent of contingency severity in terms of the required subsequent system restoration work should a particular contingency occur. (author)

  5. A review of the security of insulin pump infusion systems.

    Science.gov (United States)

    Paul, Nathanael; Kohno, Tadayoshi; Klonoff, David C

    2011-11-01

    Insulin therapy has enabled patients with diabetes to maintain blood glucose control to lead healthier lives. Today, rather than injecting insulin manually using syringes, a patient can use a device such as an insulin pump to deliver insulin programmatically. This allows for more granular insulin delivery while attaining blood glucose control. Insulin pump system features have increasingly benefited patients, but the complexity of the resulting system has grown in parallel. As a result, security breaches that can negatively affect patient health are now possible. Rather than focus on the security of a single device, we concentrate on protecting the security of the entire system. In this article, we describe the security issues as they pertain to an insulin pump system that includes an embedded system of components, which include the insulin pump, continuous glucose management system, blood glucose monitor, and other associated devices (e.g., a mobile phone or personal computer). We detail not only the growing wireless communication threat in each system component, but also describe additional threats to the system (e.g., availability and integrity). Our goal is to help create a trustworthy infusion pump system that will ultimately strengthen pump safety, and we describe mitigating solutions to address identified security issues. © 2011 Diabetes Technology Society.

  6. Establishing an Information Security System related to Physical Protection

    International Nuclear Information System (INIS)

    Jang, Sung Soon; Yoo, Ho Sik

    2009-01-01

    A physical protection system (PPS) integrates people, procedures and equipment for the protection of assets or facilities against theft, sabotage or other malevolent attacks. In the physical protection field, it is important the maintain confidentiality of PPS related information, such as the alarm system layout, detailed maps of buildings, and guard schedules. In this abstract, we suggest establishing a methodology for an information security system. The first step in this methodology is to determine the information to protect and possible adversaries. Next, system designers should draw all possible paths to the information and arrange appropriate protection elements. Finally he/she should analyze and upgrade their information security system

  7. New technology for food systems and security.

    Science.gov (United States)

    Yau, N J Newton

    2009-01-01

    In addition to product trade, technology trade has become one of the alternatives for globalization action around the world. Although not all technologies employed on the technology trade platform are innovative technologies, the data base of international technology trade still is a good indicator for observing innovative technologies around world. The technology trade data base from Sinew Consulting Group (SCG) Ltd. was employed as an example to lead the discussion on security or safety issues that may be caused by these innovative technologies. More technologies related to processing, functional ingredients and quality control technology of food were found in the data base of international technology trade platform. The review was conducted by categorizing technologies into the following subcategories in terms of safety and security issues: (1) agricultural materials/ingredients, (2) processing/engineering, (3) additives, (4) packaging/logistics, (5) functional ingredients, (6) miscellaneous (include detection technology). The author discusses examples listed for each subcategory, including GMO technology, nanotechnology, Chinese medicine based functional ingredients, as well as several innovative technologies. Currently, generation of innovative technology advance at a greater pace due to cross-area research and development activities. At the same time, more attention needs to be placed on the employment of these innovative technologies.

  8. Authentication systems for securing clinical documentation workflows. A systematic literature review.

    Science.gov (United States)

    Schwartze, J; Haarbrandt, B; Fortmeier, D; Haux, R; Seidel, C

    2014-01-01

    Integration of electronic signatures embedded in health care processes in Germany challenges health care service and supply facilities. The suitability of the signature level of an eligible authentication procedure is confirmed for a large part of documents in clinical practice. However, the concrete design of such a procedure remains unclear. To create a summary of usable user authentication systems suitable for clinical workflows. A Systematic literature review based on nine online bibliographic databases. Search keywords included authentication, access control, information systems, information security and biometrics with terms user authentication, user identification and login in title or abstract. Searches were run between 7 and 12 September 2011. Relevant conference proceedings were searched manually in February 2013. Backward reference search of selected results was done. Only publications fully describing authentication systems used or usable were included. Algorithms or purely theoretical concepts were excluded. Three authors did selection independently. DATA EXTRACTION AND ASSESSMENT: Semi-structured extraction of system characteristics was done by the main author. Identified procedures were assessed for security and fulfillment of relevant laws and guidelines as well as for applicability. Suitability for clinical workflows was derived from the assessments using a weighted sum proposed by Bonneau. Of 7575 citations retrieved, 55 publications meet our inclusion criteria. They describe 48 different authentication systems; 39 were biometric and nine graphical password systems. Assessment of authentication systems showed high error rates above European CENELEC standards and a lack of applicability of biometric systems. Graphical passwords did not add overall value compared to conventional passwords. Continuous authentication can add an additional layer of safety. Only few systems are suitable partially or entirely for use in clinical processes. Suitability

  9. Design and Implementation of GSM Based Automated Home Security System

    Directory of Open Access Journals (Sweden)

    Love Aggarwal

    2014-05-01

    Full Text Available The Automated Home Security System aims at building a security system for common households using GSM modem, sensors and microcontroller. Since many years, impeccable security system has been the prime need of every man who owns a house. The increasing crime rate has further pressed the need for it. Our system is an initiative in this direction. The system provides security function by monitoring the surroundings at home for intruders, fire, gas leakages etc. using sensors and issue alerts to the owners and local authorities by using GSM via SMS. It provides the automation function as it can control (On/Off the various home appliances while the owners are away via SMS. Thus the Automated Home Security System is self-sufficient and can be relied upon undoubtedly. Also, it is capable of establishing two way communication with its owner so that he/she can keep a watch on his/her home via sensor information or live video streaming. A camera can be installed for continuous monitoring of the system and its surroundings. The system consists of two main parts: hardware and software. Hardware consists of Microcontroller, Sensors, Buzzer and GSM modem while software is implemented by tools using Embedded ‘C’.

  10. Security assessment for intentional island operation in modern power system

    DEFF Research Database (Denmark)

    Chen, Yu; Xu, Zhao; Østergaard, Jacob

    2011-01-01

    be increased. However, when to island or how to ensure the islanded systems can survive the islanding transition is uncertain. This article proposes an Islanding Security Region (ISR) concept to provide security assessment of island operation. By comparing the system operating state with the ISR, the system......There has been a high penetration level of Distributed Generations (DGs) in distribution systems in Denmark. Even more DGs are expected to be installed in the coming years. With that, to utilize them in maintaining the security of power supply is of great concern for Danish utilities. During...... the emergency in the power system, some distribution networks may be intentionally separated from the main grid to avoid complete system collapse. If DGs in those networks could continuously run instead of immediately being shut down, the blackout could be avoided and the reliability of supply could...

  11. Fuzzy assessment of health information system users' security awareness.

    Science.gov (United States)

    Aydın, Özlem Müge; Chouseinoglou, Oumout

    2013-12-01

    Health information systems (HIS) are a specific area of information systems (IS), where critical patient data is stored and quality health service is only realized with the correct use and efficient dissemination of this data to health workers. Therefore, a balance needs to be established between the levels of security and flow of information on HIS. Instead of implementing higher levels and further mechanisms of control to increase the security of HIS, it is preferable to deal with the arguably weakest link on HIS chain with respect to security: HIS users. In order to provide solutions and approaches for transforming users to the first line of defense in HIS but also to employ capable and appropriate candidates from the pool of newly graduated students, it is important to assess and evaluate the security awareness levels and characteristics of these existing and future users. This study aims to provide a new perspective to understand the phenomenon of security awareness of HIS users with the use of fuzzy analysis, and to assess the present situation of current and future HIS users of a leading medical and educational institution of Turkey, with respect to their security characteristics based on four different security scales. The results of the fuzzy analysis, the guide on how to implement this fuzzy analysis to any health institution and how to read and interpret these results, together with the possible implications of these results to the organization are provided.

  12. The Current State of the International Security System

    OpenAIRE

    Ивашов, Леонид Григорьевич

    2013-01-01

    The author examines the modern geopolitical world and assesses the threats to Russia’s security. These threats are demonstrated to be hitched to the goals of the US National Strategy and, in particular, to the US plans on deployment of anti-ballistic missile system. The author argues that in this situation the mainstay of Russia’s foreign policy should become “security through cooperation.”Key words: international security, anti-ballistic missile, preemptive war, geopolitical centers, UN Secu...

  13. Spent fuel reprocessing system security engineering capability maturity model

    International Nuclear Information System (INIS)

    Liu Yachun; Zou Shuliang; Yang Xiaohua; Ouyang Zigen; Dai Jianyong

    2011-01-01

    In the field of nuclear safety, traditional work places extra emphasis on risk assessment related to technical skills, production operations, accident consequences through deterministic or probabilistic analysis, and on the basis of which risk management and control are implemented. However, high quality of product does not necessarily mean good safety quality, which implies a predictable degree of uniformity and dependability suited to the specific security needs. In this paper, we make use of the system security engineering - capability maturity model (SSE-CMM) in the field of spent fuel reprocessing, establish a spent fuel reprocessing systems security engineering capability maturity model (SFR-SSE-CMM). The base practices in the model are collected from the materials of the practice of the nuclear safety engineering, which represent the best security implementation activities, reflect the regular and basic work of the implementation of the security engineering in the spent fuel reprocessing plant, the general practices reveal the management, measurement and institutional characteristics of all process activities. The basic principles that should be followed in the course of implementation of safety engineering activities are indicated from 'what' and 'how' aspects. The model provides a standardized framework and evaluation system for the safety engineering of the spent fuel reprocessing system. As a supplement to traditional methods, this new assessment technique with property of repeatability and predictability with respect to cost, procedure and quality control, can make or improve the activities of security engineering to become a serial of mature, measurable and standard activities. (author)

  14. Use of computer programs to evaluate effectiveness of security systems

    International Nuclear Information System (INIS)

    Harris, L. Jr.; Goldman, L.A.; Mc Daniel, T.L.

    1987-01-01

    Thirty or more computer programs for security vulnerability analysis were developed from 1975 through 1980. Most of these programs are intended for evaluating security system effectiveness against outsider threats, but at least six programs are primarily oriented to insider threats. Some strengths and weaknesses of these programs are described. Six of these programs, four for outsider threats and two for insider threats, have been revised and adapted for use with IBM personal computers. The vulnerability analysis process is discussed with emphasis on data collection. The difference between design data and operational data is described. For performance-type operational data, such as detection probabilities and barrier delay times, the difference between unstressed and stressed performance data is discussed. Stressed performance data correspond to situations where an adversary attempts to weaken a security system by mitigating certain security measures. Suggestions are made on the combined use of manual analysis and computer analysis

  15. A survey of visualization systems for network security.

    Science.gov (United States)

    Shiravi, Hadi; Shiravi, Ali; Ghorbani, Ali A

    2012-08-01

    Security Visualization is a very young term. It expresses the idea that common visualization techniques have been designed for use cases that are not supportive of security-related data, demanding novel techniques fine tuned for the purpose of thorough analysis. Significant amount of work has been published in this area, but little work has been done to study this emerging visualization discipline. We offer a comprehensive review of network security visualization and provide a taxonomy in the form of five use-case classes encompassing nearly all recent works in this area. We outline the incorporated visualization techniques and data sources and provide an informative table to display our findings. From the analysis of these systems, we examine issues and concerns regarding network security visualization and provide guidelines and directions for future researchers and visual system developers.

  16. A transportation security system applying RFID and GPS

    Directory of Open Access Journals (Sweden)

    Ruijian Zhang

    2013-03-01

    Full Text Available Purpose: This paper is about developing a centralized, internet based security tool which utilizes RFID and GPS technology to identify drivers and track the load integrity. Design/methodology/approach: The system will accomplish the security testing in real-time using the internet and the U.S. Customs’ database (ACE. A central database and the interfaces and communication between the database and ACE will be established. After the vehicle is loaded, all openings of the tanker are sealed with disposable RFID tag seals. Findings/value: An RFID reader and GPS tracker wirelessly connected with the databases will serve as testing grounds for the implementation of security measures that can help prevent future terrorist attacks and help in ensuring that the goods and products are not compromised while in transit. The system will also reduce the labor work of security check to its minimum. 

  17. Household Food Security Policy Analysis A System Dynamics Perspective

    Directory of Open Access Journals (Sweden)

    Isdore Paterson Guma

    2015-08-01

    Full Text Available Household food security FS is complex and requires multiple stakeholder intervention. Systemic approach aids stakeholders to understand the mechanisms and feedback between complexities in food security providing effective decision making as global resource consumption continues to grow. The study investigated food security challenges and a system dynamics model was developed for evaluating policies and intervention strategies for better livelihood at household level. Dynamic synthesis methodology questionnaires and interview guide were used to unearth food security challenges faced by households. A causal loop diagram was drawn. The model demonstrates a balance between food stock seeds preserved seeds for sale and consumption from crop harvest throughout the food cycles. This research makes contribution to the literature by evaluating dynamic synthesis methodology and FS policy discussions from a feedback point of view.

  18. Secure Wireless Military Healthcare Telemedicine Enterprise System

    National Research Council Canada - National Science Library

    Lucas, Kenneth

    2006-01-01

    .... In theory clinicians should be able to select and use the information modalities and electronic medical record systems they prefer, with the technical systems integration issues of information...

  19. Application of smart cards in physical and information security systems

    International Nuclear Information System (INIS)

    Dreifus, H.N.

    1988-01-01

    Smart Cards, integrated circuits embedded into credit cards, have been proposed for many computer and physical security applications. The cards have shown promise in improving both the security and monitoring of systems ranging from computer network identification through physical protection and access control. With the increasing computational power embedded within these cards, advanced encryption techniques such as public key cryptography can now be realized, enabling more sophisticated uses

  20. Mobile Connectivity and Security Issues for Cloud Informatic Systems

    OpenAIRE

    Cosmin Cătălin Olteanu

    2015-01-01

    The main purpose of the paper is to illustrate the importance of new software tools that can be used with mobile devices to make them more secure for the use of day to day business software. Many companies are using mobile applications to access some components to ERP’s or CRM’s remotely. Even the new come, cloud Informatic Systems are using more remote devices than ever. This is why we need to secure somehow these mobile applications.

  1. Mobile Connectivity and Security Issues for Cloud Informatic Systems

    Directory of Open Access Journals (Sweden)

    Cosmin Cătălin Olteanu

    2015-05-01

    Full Text Available The main purpose of the paper is to illustrate the importance of new software tools that can be used with mobile devices to make them more secure for the use of day to day business software. Many companies are using mobile applications to access some components to ERP’s or CRM’s remotely. Even the new come, cloud Informatic Systems are using more remote devices than ever. This is why we need to secure somehow these mobile applications.

  2. Home Automation and Security System Using Android ADK

    OpenAIRE

    Deepali Javale; Mohd. Mohsin; Shreerang Nandanwar; Mayur Shingate

    2013-01-01

    Today we are living in 21st century where automation is playing important role in human life. Home automation allows us to control household appliances like light, door, fan, AC etc. It also provides home security and emergency system to be activated. Home automation not only refers to reduce human efforts but also energy efficiency and time saving. The main objective of home automation and security is to help handicapped and old aged people which will enable them to control home appliances a...

  3. Culturing Security System of Chemical Laboratory in Indonesia

    Directory of Open Access Journals (Sweden)

    Eka Dian Pusfitasari

    2017-04-01

    Full Text Available Indonesia has experiences on the lack of chemical security such as: a number of bombing terrors and hazardous chemicals found in food. Bomb used in terror is a homemade bomb made from chemicals which are widely spread in the research laboratories such as a mixture of pottasium chlorate, sulphur, and alumunium. Therefore, security of chemicals should be implemented to avoid the misused of the chemicals. Although it has experienced many cases of the misuse of chemicals, and many regulations and seminars related to chemical security have been held, but the implementation of chemical security is still a new thing for Indonesian citizens. The evident is coming from the interviews conducted in this study. Questions asked in this interview/survey included: the implementation of chemical safety and chemical security in laboratory; chemical inventory system and its regulation; and training needed for chemical security implementation. Respondents were basically a researcher from Government Research Institutes, University laboratories, senior high school laboratories, and service laboratories were still ambiguous in distinguishing chemical safety and chemical security. Because of this condition, most Indonesia chemical laboratories did not totally apply chemical security system. Education is very important step to raise people awareness and address this problem. Law and regulations should be sustained by all laboratory personnel activities to avoid chemical diversion to be used for harming people and environment. The Indonesia Government could also develop practical guidelines and standards to be applied to all chemical laboratories in Indonesia. These acts can help Government’s efforts to promote chemical security best practices which usually conducted by doing seminars and workshop.

  4. Supervision functions - Secure operation of sustainable power systems

    DEFF Research Database (Denmark)

    Morais, Hugo; Zhang, Xinxin; Lind, Morten

    2013-01-01

    of power systems operation control. The use of PMUs allows more penetration of DG mainly, with technologies based on renewable resources with intermittent and unpredictable operation such a wind power. This paper introduces the Secure Operation of Sustainable Power Systems (SOSPO) project. The SOSPO...... project tries to respond to the question "How to ensure a secure operation of the future power system where the operating point is heavily is fluctuating?" focusing in the Supervision module architecture and in the power system operation states. The main goal of Supervision module is to determine...... the power system operation state based on new stability and security parameters derived from PMUs measurement and coordinate the use of automatic and manual control actions. The coordination of the control action is based not only in the static indicators but also in the performance evaluation of control...

  5. Safeguards and security considerations for automated and robotic systems

    Energy Technology Data Exchange (ETDEWEB)

    Jordan, S.E.; Jaeger, C.D.

    1994-09-01

    Within the reconfigured Nuclear Weapons Complex there will be a large number of automated and robotic (A&R) systems because of the many benefits derived from their use. To meet the overall security requirements of a facility, consideration must be given to those systems that handle and process nuclear material. Since automation and robotics is a relatively new technology, not widely applied to the Nuclear Weapons Complex, safeguards and security (S&S) issues related to these systems have not been extensively explored, and no guidance presently exists. The goal of this effort is to help integrate S&S into the design of future A&R systems. Towards this, the authors first examined existing A and R systems from a security perspective to identify areas of concern and possible solutions of these problems. They then were able to develop generalized S&S guidance and design considerations for automation and robotics.

  6. Safeguards and security considerations for automated and robotic systems

    International Nuclear Information System (INIS)

    Jordan, S.E.; Jaeger, C.D.

    1994-01-01

    Within the reconfigured Nuclear Weapons Complex there will be a large number of automated and robotic (A ampersand R) systems because of the many benefits derived from their use. To meet the overall security requirements of a facility, consideration must be given to those systems that handle and process nuclear material. Since automation and robotics is a relatively new technology, not widely applied to the Nuclear Weapons Complex, safeguards and security (S ampersand S) issues related to these systems have not been extensively explored, and no guidance presently exists. The goal of this effort is to help integrate S ampersand S into the design of future A ampersand R systems. Towards this, the authors first examined existing A and R systems from a security perspective to identify areas of concern and possible solutions of these problems. They then were able to develop generalized S ampersand S guidance and design considerations for automation and robotics

  7. Safeguards and security considerations for automated and robotic systems

    International Nuclear Information System (INIS)

    Jordan, S.E.; Jaeger, C.D.

    1994-01-01

    Within the reconfigured Nuclear Weapons Complex there will be a large number of automated and robotic (A ampersand R) systems because of the many benefits derived from their use. To meet the overall security requirements of a facility, consideration must be given to those systems that handle and process nuclear material. Since automation and robotics is a relatively new technology, not widely applied to the Nuclear Weapons Complex, safeguards and security (S ampersand S) issues related to these systems have not been extensively explored, and no guidance presently exists. The goal of this effort is to help integrate S ampersand S into the design of future A ampersand R systems. Towards this, we first examined existing A ampersand R systems from a security perspective to identify areas of concern and possible solutions to these problems. We then were able to develop generalized S ampersand S guidance and design considerations for automation and robotics

  8. IT Security Aspects of Industrial Control Systems

    Directory of Open Access Journals (Sweden)

    Peter Holecko

    2006-01-01

    Full Text Available This paper discusses a set of general network system architectures for industrial process control systems as well as vulnerabilities related to these systems and the IT threats these systems are exposed to from the point of view of Common Criteria methodology and ITU-T recommendation X.805.

  9. 75 FR 49943 - New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security...

    Science.gov (United States)

    2010-08-16

    ... INFORMATION CONTACT: Joanna Johnson, Office of Information Technology, TSA-11, Transportation Security... Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY: Transportation... System Operator Security Information. Type of Request: New collection. OMB Control Number: Not yet...

  10. 76 FR 10529 - Special Conditions: Gulfstream Model GVI Airplane; Electronic Systems Security Protection From...

    Science.gov (United States)

    2011-02-25

    ... Security Protection From Unauthorized External Access AGENCY: Federal Aviation Administration (FAA), DOT... electronic system security protection for the aircraft control domain and airline information domain from... identified and assessed, and that effective electronic system security protection strategies are implemented...

  11. 76 FR 36863 - Special Conditions: Gulfstream Model GVI Airplane; Electronic Systems Security Protection From...

    Science.gov (United States)

    2011-06-23

    ... Security Protection From Unauthorized External Access AGENCY: Federal Aviation Administration (FAA), DOT... for Gulfstream GVI airplanes. 1. The applicant must ensure electronic system security protection for... that effective electronic system security protection strategies are implemented to protect the airplane...

  12. Hardware-Assisted System for Program Execution Security of SOC

    Directory of Open Access Journals (Sweden)

    Wang Xiang

    2016-01-01

    Full Text Available With the rapid development of embedded systems, the systems’ security has become more and more important. Most embedded systems are at the risk of series of software attacks, such as buffer overflow attack, Trojan virus. In addition, with the rapid growth in the number of embedded systems and wide application, followed embedded hardware attacks are also increasing. This paper presents a new hardware assisted security mechanism to protect the program’s code and data, monitoring its normal execution. The mechanism mainly monitors three types of information: the start/end address of the program of basic blocks; the lightweight hash value in basic blocks and address of the next basic block. These parameters are extracted through additional tools running on PC. The information will be stored in the security module. During normal program execution, the security module is designed to compare the real-time state of program with the information in the security module. If abnormal, it will trigger the appropriate security response, suspend the program and jump to the specified location. The module has been tested and validated on the SOPC with OR1200 processor. The experimental analysis shows that the proposed mechanism can defence a wide range of common software and physical attacks with low performance penalties and minimal overheads.

  13. INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY

    Energy Technology Data Exchange (ETDEWEB)

    Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

    2011-07-01

    Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

  14. Industrial Control System Cyber Security: Questions And Answers Relevant To Nuclear Facilities, Safeguards And Security

    International Nuclear Information System (INIS)

    Anderson, Robert S.; Schanfein, Mark; Bjornard, Trond; Moskowitz, Paul

    2011-01-01

    Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

  15. Improving Security in the ATLAS PanDA System

    International Nuclear Information System (INIS)

    Caballero, J; Maeno, T; Potekhin, M; Wenaus, T; Nilsson, P; Stewart, G

    2011-01-01

    The security challenges faced by users of the grid are considerably different to those faced in previous environments. The adoption of pilot jobs systems by LHC experiments has mitigated many of the problems associated with the inhomogeneities found on the grid and has greatly improved job reliability; however, pilot jobs systems themselves must then address many security issues, including the execution of multiple users' code under a common 'grid' identity. In this paper we describe the improvements and evolution of the security model in the ATLAS PanDA (Production and Distributed Analysis) system. We describe the security in the PanDA server which is in place to ensure that only authorized members of the VO are allowed to submit work into the system and that jobs are properly audited and monitored. We discuss the security in place between the pilot code itself and the PanDA server, ensuring that only properly authenticated workload is delivered to the pilot for execution. When the code to be executed is from a 'normal' ATLAS user, as opposed to the production system or other privileged actor, then the pilot may use an EGEE developed identity switching tool called gLExec. This changes the grid proxy available to the job and also switches the UNIX user identity to protect the privileges of the pilot code proxy. We describe the problems in using this system and how they are overcome. Finally, we discuss security drills which have been run using PanDA and show how these improved our operational security procedures.

  16. Design of security scheme of the radiotherapy planning administration system based on the hospital information system

    International Nuclear Information System (INIS)

    Zhuang Yongzhi; Zhao Jinzao

    2010-01-01

    Objective: To design a security scheme of radiotherapy planning administration system. Methods: Power Builder 9i language was used to program the system through the model of client-server machine. Oracle 9i was used as the database server. Results In this system, user registration management, user login management, application-level functions of control, database access control, and audit trail were designed to provide system security. Conclusions: As a prototype for the security analysis and protection of this scheme provides security of the system, application system, important data and message, which ensures the system work normally. (authors)

  17. Carboy Security Testing and Training Programs for Industrial Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Noyes, Daniel [Idaho National Laboratory, Idaho (United States)

    2012-03-15

    Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These training vary from web-based cyber security training for control systems engineers to more advanced hands-on training that culminates with a Red Team/Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

  18. Secure Wireless Military Healthcare Telemedicine Enterprise System

    National Research Council Canada - National Science Library

    Lucas, Kenneth

    2003-01-01

    ...(exp TM) software and Division Tools with cross platform telemedicine systems, inclusive of computer based systems, handheld wireless PDA devices, and miniature computers, to existing DoD legacy...

  19. Secure Wireless Military Healthcare Telemedicine Enterprise System

    National Research Council Canada - National Science Library

    Lucas, Kenneth

    2002-01-01

    ...) software and Dvision Tools with cross platform telemedicine systems, inclusive of computer based systems, handheld wireless PDA devices, and miniature computers, to existing DoD legacy and developing...

  20. Data survivability vs. security in information systems

    International Nuclear Information System (INIS)

    Levitin, Gregory; Hausken, Kjell; Taboada, Heidi A.; Coit, David W.

    2012-01-01

    A multiple objective problem formulation and solution methodology is presented to select optimal information and data storage configurations considering both data survivability and data security, as well as cost. This paper considers a situation where the information is divided into several separately stored blocks in order to mitigate the risk of unauthorized access or theft. The information can be used only if all of the blocks are accessed. To impede the information theft, the defender prefers to maximize the number of blocks. On the other hand the destruction of any block destroys the integrity of information and makes it impossible to use. To impede the information destruction, the defender prefers to maximize the number of parallel (reserve) copies of each block, regardless how many blocks in series there are. Given the set of available information storage resources, the defender must consider a multi-objective optimization problem to determine how many blocks and their copies to create, and how to distribute them among available resources in order to minimize information vulnerability, insecurity, and storage cost. Non-dominated solutions to this problem are determined using a multiple objective genetic algorithm (MOGA). This methodology is demonstrated with two general examples.

  1. A Multifactor Secure Authentication System for Wireless Payment

    Science.gov (United States)

    Sanyal, Sugata; Tiwari, Ayu; Sanyal, Sudip

    Organizations are deploying wireless based online payment applications to expand their business globally, it increases the growing need of regulatory requirements for the protection of confidential data, and especially in internet based financial areas. Existing internet based authentication systems often use either the Web or the Mobile channel individually to confirm the claimed identity of the remote user. The vulnerability is that access is based on only single factor authentication which is not secure to protect user data, there is a need of multifactor authentication. This paper proposes a new protocol based on multifactor authentication system that is both secure and highly usable. It uses a novel approach based on Transaction Identification Code and SMS to enforce another security level with the traditional Login/password system. The system provides a highly secure environment that is simple to use and deploy with in a limited resources that does not require any change in infrastructure or underline protocol of wireless network. This Protocol for Wireless Payment is extended as a two way authentications system to satisfy the emerging market need of mutual authentication and also supports secure B2B communication which increases faith of the user and business organizations on wireless financial transaction using mobile devices.

  2. Congestion management considering voltage security of power systems

    International Nuclear Information System (INIS)

    Esmaili, Masoud; Shayanfar, Heidar Ali; Amjady, Nima

    2009-01-01

    Congestion in a power network is turned up due to system operating limits. To relieve congestion in a deregulated power market, the system operator pays to market participants, GENCOs and DISCOs, to alter their active powers considering their bids. After performing congestion management, the network may be operated with a low security level because of hitting some flows their upper limit and some voltages their lower limit. In this paper, a novel congestion management method based on the voltage stability margin sensitivities is introduced. Using the proposed method, the system operator so alleviates the congestion that the network can more retain its security. The proposed method not only makes the system more secure after congestion management than other methods already presented for this purpose but also its cost of providing security is lower than the earlier methods. Test results of the proposed method along with the earlier ones on the New-England test system elaborate the efficiency of the proposed method from the viewpoint of providing a better voltage stability margin and voltage profile as well as a lower security cost. (author)

  3. A sensor monitoring system for telemedicine, safety and security applications

    Science.gov (United States)

    Vlissidis, Nikolaos; Leonidas, Filippos; Giovanis, Christos; Marinos, Dimitrios; Aidinis, Konstantinos; Vassilopoulos, Christos; Pagiatakis, Gerasimos; Schmitt, Nikolaus; Pistner, Thomas; Klaue, Jirka

    2017-02-01

    A sensor system capable of medical, safety and security monitoring in avionic and other environments (e.g. homes) is examined. For application inside an aircraft cabin, the system relies on an optical cellular network that connects each seat to a server and uses a set of database applications to process data related to passengers' health, safety and security status. Health monitoring typically encompasses electrocardiogram, pulse oximetry and blood pressure, body temperature and respiration rate while safety and security monitoring is related to the standard flight attendance duties, such as cabin preparation for take-off, landing, flight in regions of turbulence, etc. In contrast to previous related works, this article focuses on the system's modules (medical and safety sensors and associated hardware), the database applications used for the overall control of the monitoring function and the potential use of the system for security applications. Further tests involving medical, safety and security sensing performed in an real A340 mock-up set-up are also described and reference is made to the possible use of the sensing system in alternative environments and applications, such as health monitoring within other means of transport (e.g. trains or small passenger sea vessels) as well as for remotely located home users, over a wired Ethernet network or the Internet.

  4. Investigation of a Markov Model for Computer System Security Threats

    Directory of Open Access Journals (Sweden)

    Alexey A. A. Magazev

    2017-01-01

    Full Text Available In this work, a model for computer system security threats formulated in terms of Markov processes is investigated. In the framework of this model the functioning of the computer system is considered as a sequence of failures and recovery actions which appear as results of information security threats acting on the system. We provide a detailed description of the model: the explicit analytical formulas for the probabilities of computer system states at any arbitrary moment of time are derived, some limiting cases are discussed, and the long-run dynamics of the system is analysed. The dependence of the security state probability (i.e. the state for which threats are absent on the probabilities of threats is separately investigated. In particular, it is shown that this dependence is qualitatively different for odd and even moments of time. For instance, in the case of one threat the security state probability demonstrates non-monotonic dependence on the probability of threat at even moments of time; this function admits at least one local minimum in its domain of definition. It is believed that the mentioned feature is important because it allows to locate the most dangerous areas of threats where the security state probability can be lower then the permissible level. Finally, we introduce an important characteristic of the model, called the relaxation time, by means of which we construct the permitting domain of the security parameters. Also the prospects of the received results application to the problem of finding the optimal values of the security parameters is discussed.

  5. A New Operating System for Security Tagged Architecture Hardware in Support of Multiple Independent Levels of Security (MILS) Compliant System

    Science.gov (United States)

    2014-04-01

    of services that includes multitasking , inter-task communication, and dynamic memory allocation. The bulk of RTEMS is written in both the Ada and C...rtems_initialize_start_multitasking initiates multitasking and applications can start executing. Approved for Public Release; Distribution Unlimited. 29 3.2.2 Problems in RTEMS...or email address. 6. Security Misconfiguration - Security misconfiguration occurs when the attacker gains unauthorized access because the system

  6. SecureCPS: Defending a nanosatellite cyber-physical system

    Science.gov (United States)

    Forbes, Lance; Vu, Huy; Udrea, Bogdan; Hagar, Hamilton; Koutsoukos, Xenofon D.; Yampolskiy, Mark

    2014-06-01

    Recent inexpensive nanosatellite designs employ maneuvering thrusters, much as large satellites have done for decades. However, because a maneuvering nanosatellite can threaten HVAs on-­orbit, it must provide a level of security typically reserved for HVAs. Securing nanosatellites with maneuvering capability is challenging due to extreme cost, size, and power constraints. While still in the design process, our low-­cost SecureCPS architecture promises to dramatically improve security, to include preempting unknown binaries and detecting abnormal behavior. SecureCPS also applies to a broad class of cyber-­physical systems (CPS), such as aircraft, cars, and trains. This paper focuses on Embry-­Riddle's ARAPAIMA nanosatellite architecture, where we assume any off-­the-­shelf component could be compromised by a supply chain attack.1 Based on these assumptions, we have used Vanderbilt's Cyber Physical -­ Attack Description Language (CP-­ADL) to represent realistic attacks, analyze how these attacks propagate in the ARAPAIMA architecture, and how to defeat them using the combination of a low-­cost Root of Trust (RoT) Module, Global InfoTek's Advanced Malware Analysis System (GAMAS), and Anomaly Detection by Machine Learning (ADML).2 Our most recent efforts focus on refining and validating the design of SecureCPS.

  7. Ensuring system security through formal software evaluation

    Energy Technology Data Exchange (ETDEWEB)

    Howell, J A; Fuyat, C [Los Alamos National Lab., NM (United States); Elvy, M [Marble Associates, Boston, MA (United States)

    1992-01-01

    With the increasing use of computer systems and networks to process safeguards information in nuclear facilities, the issue of system and data integrity is receiving worldwide attention. Among the many considerations are validation that the software performs as intended and that the information is adequately protected. Such validations are often requested of the Safeguards Systems Group of the Los Alamos National Laboratory. This paper describes our methodology for performing these software evaluations.

  8. IT Security Support for Spaceport Command and Control System

    Science.gov (United States)

    McLain, Jeffrey

    2013-01-01

    During the fall 2013 semester, I worked at the Kennedy Space Center as an IT Security Intern in support of the Spaceport Command and Control System under the guidance of the IT Security Lead Engineer. Some of my responsibilities included assisting with security plan documentation collection, system hardware and software inventory, and malicious code and malware scanning. Throughout the semester, I had the opportunity to work on a wide range of security related projects. However, there are three projects in particular that stand out. The first project I completed was updating a large interactive spreadsheet that details the SANS Institutes Top 20 Critical Security Controls. My task was to add in all of the new commercial of the shelf (COTS) software listed on the SANS website that can be used to meet their Top 20 controls. In total, there are 153 unique security tools listed by SANS that meet one or more of their 20 controls. My second project was the creation of a database that will allow my mentor to keep track of the work done by the contractors that report to him in a more efficient manner by recording events as they occur throughout the quarter. Lastly, I expanded upon a security assessment of the Linux machines being used on center that I began last semester. To do this, I used a vulnerability and configuration tool that scans hosts remotely through the network and presents the user with an abundance of information detailing each machines configuration. The experience I gained from working on each of these projects has been invaluable, and I look forward to returning in the spring semester to continue working with the IT Security team.

  9. Proceedings of the 1. international conference on CANDU fuel handling systems

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    1997-12-31

    Besides information on fuel loading and handling systems for CANDU and PHWR reactors, the 25 papers in these proceedings also include some on dry storage, modification to fuel strings at Bruce A, and on the SLAR (spacer location and repositioning) system for finding and moving garter springs. The individual papers have been abstracted separately.

  10. Proceedings of the 1. international conference on CANDU fuel handling systems

    International Nuclear Information System (INIS)

    1996-01-01

    Besides information on fuel loading and handling systems for CANDU and PHWR reactors, the 25 papers in these proceedings also include some on dry storage, modification to fuel strings at Bruce A, and on the SLAR (spacer location and repositioning) system for finding and moving garter springs. The individual papers have been abstracted separately

  11. The ESPRIT project CAFE : high security digital payment systems

    NARCIS (Netherlands)

    Boly, J.P.; Bosselaers, A.; Cramer, R.; Michelsen, R.; Mjølsnes, S.F.; Muller, F.; Pedersen, T.P.; Pfitzmann, B.; Rooij, de P.; Schoenmakers, B.; Schunter, M.; Vallée, L.; Waidner, M.; Gollmann, D.

    1994-01-01

    CAFE (“Conditional Access for Europe”) is an ongoing project in the European Community's ESPRIT program. The goal of CAFE is to develop innovative systems for conditional access, and in particular, digital payment systems. An important aspect of CAFE is high security of all parties concerned, with

  12. Security analysis of socio-technical physical systems

    NARCIS (Netherlands)

    Lenzini, Gabriele; Mauw, Sjouke; Ouchani, Samir

    2015-01-01

    Recent initiatives that evaluate the security of physical systems with objects as assets and people as agents – here called socio-technical physical systems – have limitations: their agent behavior is too simple, they just estimate feasibility and not the likelihood of attacks, or they do estimate

  13. Modeling of Integrated Security Systems in Higher Education

    Directory of Open Access Journals (Sweden)

    Iskandar Maratovich Azhmuhamedov

    2013-06-01

    Full Text Available It is proposed the model, which takes into account the main features of the integrated system of information security: weak structure, bad formal description, fuzzy description of the status of system components and the relationships between them. Adequacy of the model is tested on the example of Astrakhan State Technical University.

  14. The threat nets approach to information system security risk analysis

    NARCIS (Netherlands)

    Mirembe, Drake

    2015-01-01

    The growing demand for healthcare services is motivating hospitals to strengthen outpatient case management using information systems in order to serve more patients using the available resources. Though the use of information systems in outpatient case management raises patient data security

  15. The process matters: cyber security in industrial control systems

    NARCIS (Netherlands)

    Hadziosmanovic, D.

    2014-01-01

    An industrial control system (ICS) is a computer system that controls industrial processes such as power plants, water and gas distribution, food production, etc. Since cyber-attacks on an ICS may have devastating consequences on human lives and safety in general, the security of ICS is important.

  16. From control system security indices to attack identifiability

    NARCIS (Netherlands)

    Herdeiro Teixeira, A.M.; Sandberg, H

    2016-01-01

    In this paper, we investigate detectability and identifiability of attacks on linear dynamical systems that are subjected to external disturbances. We generalize a concept for a security index, which was previously introduced for static systems. The index exactly quantifies the resources

  17. Security analysis of electronic voting and online banking systems

    OpenAIRE

    Tjøstheim, Thomas

    2007-01-01

    The main focus of this dissertation is on security analysis of electronic voting and online banking systems. Six papers form the basis of the thesis and include the following topics: a model for analysis of voting systems, a case study where we apply the proposed model, a new scheme for remote electronic voting, and three case studies of commercial online banking solutions in Norway.

  18. Improving Reliability, Security, and Efficiency of Reconfigurable Hardware Systems (Habilitation)

    NARCIS (Netherlands)

    Ziener, Daniel

    2017-01-01

    In this treatise,  my research on methods to improve efficiency, reliability, and security of reconfigurable hardware systems, i.e., FPGAs, through partial dynamic reconfiguration is outlined. The efficiency of reconfigurable systems can be improved by loading optimized data paths on-the-fly on an

  19. Training programs for the systems approach to nuclear security

    International Nuclear Information System (INIS)

    Ellis, D.

    2005-01-01

    Full text: In support of United States Government (USG) and International Atomic Energy Agency (IAEA) nuclear security programs, Sandia National Laboratories (SNL) has advocated and practiced a risk-based, systematic approach to nuclear security. The risk equation has been developed and implemented as the basis for a performance-based methodology for the design and evaluation of physical protection systems against a design basis threat (DBT) for theft and sabotage of nuclear and/or radiological materials. Integrated systems must include technology, people, and the man-machine interface. A critical aspect of the human element is training on the systems-approach for all the stakeholders in nuclear security. Current training courses and workshops have been very beneficial but are still rather limited in scope. SNL has developed two primary international classes - the international training course on the physical protection of nuclear facilities and materials, and the design basis threat methodology workshop. SNL is also completing the development of three new courses that will be offered and presented in the near term. They are vital area identification methodology focused on nuclear power plants to aid in their protection against radiological sabotage, insider threat analysis methodology and protection schemes, and security foundations for competent authority and facility operator stakeholders who are not security professionals. In the long term, we envision a comprehensive nuclear security curriculum that spans policy and technology, regulators and operators, introductory and expert levels, classroom and laboratory/field, and local and offsite training options. This training curriculum will be developed in concert with a nuclear security series of guidance documents that is expected to be forthcoming from the IAEA. It is important to note that while appropriate implementation of systems based on such training and documentation can improve the risk reduction, such a

  20. The Need for an Informational Systems Approach to Security

    Directory of Open Access Journals (Sweden)

    José María Díaz Nafría

    2011-03-01

    Full Text Available Different senses of security and its related assumptions, methodologies and contexts are analyzed by first reviewing the liberalistic notions of security and trust, unveiling, on the one hand, the contradictions exhibited between discourse and practice; on the other hand, the historical strategy of concentration of power behind the liberalistic doctrines. The weakness, limits and implications of the liberalistic notions and methods on security and trust are inquired, and subsequently a genuine horizon of security as sustainable and general procurement of positive freedom is advocated. The CyberSyn project successfully implemented in Chile, but tragically and prematurely ending under the hard power in the 9/11 of 1973, serves as model of the posed system approach to security. However, the system model is actualized and completed with elements of the general theory of information in virtue of: the increased complexity of societal systems, its ultimate global dimension, its biospherical closure, the increase of information assets and processes, and some epistemological boundaries. These reasons also set the need of keeping – beside the system approach – a critical and ethical stance.

  1. IT Security Support for the Spaceport Command Control System Development

    Science.gov (United States)

    Varise, Brian

    2014-01-01

    My job title is IT Security support for the Spaceport Command & Control System Development. As a cyber-security analyst it is my job to ensure NASA's information stays safe from cyber threats, such as, viruses, malware and denial-of-service attacks by establishing and enforcing system access controls. Security is very important in the world of technology and it is used everywhere from personal computers to giant networks ran by Government agencies worldwide. Without constant monitoring analysis, businesses, public organizations and government agencies are vulnerable to potential harmful infiltration of their computer information system. It is my responsibility to ensure authorized access by examining improper access, reporting violations, revoke access, monitor information request by new programming and recommend improvements. My department oversees the Launch Control System and networks. An audit will be conducted for the LCS based on compliance with the Federal Information Security Management Act (FISMA) and The National Institute of Standards and Technology (NIST). I recently finished analyzing the SANS top 20 critical controls to give cost effective recommendations on various software and hardware products for compliance. Upon my completion of this internship, I will have successfully completed my duties as well as gain knowledge that will be helpful to my career in the future as a Cyber Security Analyst.

  2. Cold Vacuum Dryer (CVD) Facility Security System Design Description. System 54

    International Nuclear Information System (INIS)

    WHITEHURST, R.

    2000-01-01

    This system design description (SDD) addresses the Cold Vacuum Drying (CVD) Facility security system. The system's primary purpose is to provide reasonable assurance that breaches of security boundaries are detected and assessment information is provided to protective force personnel. In addition, the system is utilized by Operations to support reduced personnel radiation goals and to provide reasonable assurance that only authorized personnel are allowed to enter designated security areas

  3. System and Network Security Acronyms and Abbreviations

    Science.gov (United States)

    2009-09-01

    Product Labeling SPML™ Service Provisioning Markup Language™ SPP-ICS System Protection Profile for Industrial Control Systems SQL Structured Query...UTM unified threat management UUID Universally Unique Identifier UWB ultrawideband V VB Visual Basic VB.NET Visual Basic .NET VBA Visual

  4. Computer Security for the Computer Systems Manager.

    Science.gov (United States)

    1982-12-01

    power sources essential to system availabilit y. Environsental degradation can cause system collapse or simply make the arer uncomforable work in...attack (civil disobedience, military as- sault, arson, locting, sabotage, vanlilism) * fire • smoke, dust, and dirt intrusion * bursting water pipes

  5. Verification of Security Policy Enforcement in Enterprise Systems

    Science.gov (United States)

    Gupta, Puneet; Stoller, Scott D.

    Many security requirements for enterprise systems can be expressed in a natural way as high-level access control policies. A high-level policy may refer to abstract information resources, independent of where the information is stored; it controls both direct and indirect accesses to the information; it may refer to the context of a request, i.e., the request’s path through the system; and its enforcement point and enforcement mechanism may be unspecified. Enforcement of a high-level policy may depend on the system architecture and the configurations of a variety of security mechanisms, such as firewalls, host login permissions, file permissions, DBMS access control, and application-specific security mechanisms. This paper presents a framework in which all of these can be conveniently and formally expressed, a method to verify that a high-level policy is enforced, and an algorithm to determine a trusted computing base for each resource.

  6. Cyber Security Risk Assessment for the KNICS Safety Systems

    International Nuclear Information System (INIS)

    Lee, C. K.; Park, G. Y.; Lee, Y. J.; Choi, J. G.; Kim, D. H.; Lee, D. Y.; Kwon, K. C.

    2008-01-01

    In the Korea Nuclear I and C Systems Development (KNICS) project the platforms for plant protection systems are developed, which function as a reactor shutdown, actuation of engineered safety features and a control of the related equipment. Those are fully digitalized through the use of safety-grade programmable logic controllers (PLCs) and communication networks. In 2006 the Regulatory Guide 1.152 (Rev. 02) was published by the U.S. NRC and it describes the application of a cyber security to the safety systems in the Nuclear Power Plant (NPP). Therefore it is required that the new requirements are incorporated into the developed platforms to apply to NPP, and a cyber security risk assessment is performed. The results of the assessment were input for establishing the cyber security policies and planning the work breakdown to incorporate them

  7. An Overview of Android Operating System and Its Security Features

    OpenAIRE

    Rajinder Singh

    2014-01-01

    Android operating system is one of the most widely used operating system these days. Android Operating System is mainly divided into four main layers: the kernel, libraries, application framework and applications. Its kernel is based on Linux. Linux kernel is used to manage core system services such as virtual memory, networking, drivers, and power management. In these paper different features of architecture of Android OS as well security features of Android OS are discussed.

  8. Secure Data Transfer Guidance for Industrial Control and SCADA Systems

    Energy Technology Data Exchange (ETDEWEB)

    Mahan, Robert E.; Fluckiger, Jerry D.; Clements, Samuel L.; Tews, Cody W.; Burnette, John R.; Goranson, Craig A.; Kirkham, Harold

    2011-09-01

    This document was developed to provide guidance for the implementation of secure data transfer in a complex computational infrastructure representative of the electric power and oil and natural gas enterprises and the control systems they implement. For the past 20 years the cyber security community has focused on preventative measures intended to keep systems secure by providing a hard outer shell that is difficult to penetrate. Over time, the hard exterior, soft interior focus changed to focus on defense-in-depth adding multiple layers of protection, introducing intrusion detection systems, more effective incident response and cleanup, and many other security measures. Despite much larger expenditures and more layers of defense, successful attacks have only increased in number and severity. Consequently, it is time to re-focus the conventional approach to cyber security. While it is still important to implement measures to keep intruders out, a new protection paradigm is warranted that is aimed at discovering attempted or real compromises as early as possible. Put simply, organizations should take as fact that they have been, are now, or will be compromised. These compromises may be intended to steal information for financial gain as in the theft of intellectual property or credentials that lead to the theft of financial resources, or to lie silent until instructed to cause physical or electronic damage and/or denial of services. This change in outlook has been recently confirmed by the National Security Agency [19]. The discovery of attempted and actual compromises requires an increased focus on monitoring events by manual and/or automated log monitoring, detecting unauthorized changes to a system's hardware and/or software, detecting intrusions, and/or discovering the exfiltration of sensitive information and/or attempts to send inappropriate commands to ICS/SCADA (Industrial Control System/Supervisory Control And Data Acquisition) systems.

  9. SECURING DIGITIZED LIBRARY CIRCULATORY SYSTEM | Olaniyi ...

    African Journals Online (AJOL)

    Journal Home > Vol 35, No 3 (2016) > ... Despite the potential benefits of Information and Communication Technology (ICT) in library automation, ... The widespread application of the developed system on smart library circulation unit would ...

  10. Shared Electronic Health Record Systems: Key Legal and Security Challenges.

    Science.gov (United States)

    Christiansen, Ellen K; Skipenes, Eva; Hausken, Marie F; Skeie, Svein; Østbye, Truls; Iversen, Marjolein M

    2017-11-01

    Use of shared electronic health records opens a whole range of new possibilities for flexible and fruitful cooperation among health personnel in different health institutions, to the benefit of the patients. There are, however, unsolved legal and security challenges. The overall aim of this article is to highlight legal and security challenges that should be considered before using shared electronic cooperation platforms and health record systems to avoid legal and security "surprises" subsequent to the implementation. Practical lessons learned from the use of a web-based ulcer record system involving patients, community nurses, GPs, and hospital nurses and doctors in specialist health care are used to illustrate challenges we faced. Discussion of possible legal and security challenges is critical for successful implementation of shared electronic collaboration systems. Key challenges include (1) allocation of responsibility, (2) documentation routines, (3) and integrated or federated access control. We discuss and suggest how challenges of legal and security aspects can be handled. This discussion may be useful for both current and future users, as well as policy makers.

  11. SCPR: Secure Crowdsourcing-Based Parking Reservation System

    Directory of Open Access Journals (Sweden)

    Changsheng Wan

    2017-01-01

    Full Text Available The crowdsourcing-based parking reservation system is a new computing paradigm, where private owners can rent their parking spots out. Security is the main concern for parking reservation systems. However, current schemes cannot provide user privacy protection for drivers and have no key agreement functions, resulting in a lot of security problems. Moreover, current schemes are typically based on the time-consuming bilinear pairing and not suitable for real-time applications. To solve these security and efficiency problems, we present a novel security protocol with user privacy called SCPR. Similar to protocols of this field, SCPR can authenticate drivers involved in the parking reservation system. However, different from other well-known approaches, SCPR uses pseudonyms instead of real identities for providing user privacy protection for drivers and designs a novel pseudonym-based key agreement protocol. Finally, to reduce the time cost, SCPR designs several novel cryptographic algorithms based on the algebraic signature technique. By doing so, SCPR can satisfy a number of security requirements and enjoy high efficiency. Experimental results show SCPR is feasible for real world applications.

  12. Training programs for the systems approach to nuclear security

    International Nuclear Information System (INIS)

    Ellis, Doris E.

    2005-01-01

    In support of the US Government and the International Atomic Energy Agency (IAEA) Nuclear Security Programmes, Sandia National Laboratories (SNL) has advocated and practiced a risk-based, systematic approach to nuclear security. The risk equation has been implemented as the basis for a performance methodology for the design and evaluation of Physical Protection Systems against a Design Basis Threat (DBT) for theft or sabotage of nuclear and/or radiological materials. Since integrated systems must include people as well as technology and the man-machine interface, a critical aspect of the human element is to train all stakeholders in nuclear security on the systems approach. Current training courses have been beneficial but are still limited in scope. SNL has developed two primary international courses and is completing development of three new courses that will be offered and presented in the near term. In the long-term, SNL envisions establishing a comprehensive nuclear security training curriculum that will be developed along with a series of forthcoming IAEA Nuclear Security Series guidance documents.

  13. Advances in network systems architectures, security, and applications

    CERN Document Server

    Awad, Ali; Furtak, Janusz; Legierski, Jarosław

    2017-01-01

    This book provides the reader with a comprehensive selection of cutting–edge algorithms, technologies, and applications. The volume offers new insights into a range of fundamentally important topics in network architectures, network security, and network applications. It serves as a reference for researchers and practitioners by featuring research contributions exemplifying research done in the field of network systems. In addition, the book highlights several key topics in both theoretical and practical aspects of networking. These include wireless sensor networks, performance of TCP connections in mobile networks, photonic data transport networks, security policies, credentials management, data encryption for network transmission, risk management, live TV services, and multicore energy harvesting in distributed systems. .

  14. Integrating security in a group oriented distributed system

    Science.gov (United States)

    Reiter, Michael; Birman, Kenneth; Gong, LI

    1992-01-01

    A distributed security architecture is proposed for incorporation into group oriented distributed systems, and in particular, into the Isis distributed programming toolkit. The primary goal of the architecture is to make common group oriented abstractions robust in hostile settings, in order to facilitate the construction of high performance distributed applications that can tolerate both component failures and malicious attacks. These abstractions include process groups and causal group multicast. Moreover, a delegation and access control scheme is proposed for use in group oriented systems. The focus is the security architecture; particular cryptosystems and key exchange protocols are not emphasized.

  15. Process Control System Cyber Security Standards - An Overview

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans; V Stanley Scown; Rolf Carlson; Shabbir Shamsuddin; George Shaw; Jeff Dagle; Paul W Oman; Jeannine Schmidt

    2005-10-01

    The use of cyber security standards can greatly assist in the protection of critical infrastructure by providing guidelines and requisite imperatives in the implementation of computer-controlled systems. These standards are most effective when the engineers and operators using the standards understand what each of the standards addresses and does not address. This paper provides a review and comparison of ten documents dealing with control system cyber security. It is not meant to be a complete treatment of all applicable standards; rather, this is an exemplary analysis showing the benefits of comparing and contrasting differing documents.

  16. Security model for picture archiving and communication systems.

    Science.gov (United States)

    Harding, D B; Gac, R J; Reynolds, C T; Romlein, J; Chacko, A K

    2000-05-01

    The modern information revolution has facilitated a metamorphosis of health care delivery wrought with the challenges of securing patient sensitive data. To accommodate this reality, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). While final guidance has not fully been resolved at this time, it is up to the health care community to develop and implement comprehensive security strategies founded on procedural, hardware and software solutions in preparation for future controls. The Virtual Radiology Environment (VRE) Project, a landmark US Army picture archiving and communications system (PACS) implemented across 10 geographically dispersed medical facilities, has addressed that challenge by planning for the secure transmission of medical images and reports over their local (LAN) and wide area network (WAN) infrastructure. Their model, which is transferable to general PACS implementations, encompasses a strategy of application risk and dataflow identification, data auditing, security policy definition, and procedural controls. When combined with hardware and software solutions that are both non-performance limiting and scalable, the comprehensive approach will not only sufficiently address the current security requirements, but also accommodate the natural evolution of the enterprise security model.

  17. Cryptanalysis of a chaotic secure communication system

    International Nuclear Information System (INIS)

    Alvarez, G.; Montoya, F.; Romera, M.; Pastor, G.

    2003-01-01

    Recently a chaotic encryption system has been proposed by P. Garcia et al. It represents an improvement over an algorithm previously presented by some of the same authors. In this Letter, several weaknesses of the new cryptosystem are pointed out and four successful cryptanalytic attacks are described

  18. Automated Analysis of Security in Networking Systems

    DEFF Research Database (Denmark)

    Buchholtz, Mikael

    2004-01-01

    such networking systems are modelled in the process calculus LySa. On top of this programming language based formalism an analysis is developed, which relies on techniques from data and control ow analysis. These are techniques that can be fully automated, which make them an ideal basis for tools targeted at non...

  19. Cyber Security of Industrial Control Systems

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Paske, B.J. te

    2015-01-01

    Our society and its citizens depend on the undisturbed functioning of (critical) infrastructures and their services. Crucial processes in most critical infrastructures, and in many other organisations, rely on the correct and undisturbed functioning of Industrial Control Systems (ICS). A failure of

  20. The application of algorithm in taxi security system

    Science.gov (United States)

    Luo, Chengyu

    2017-08-01

    With the booming of the society and economy today, Taxis and private cars have gradually become one of the most popular tools in transportation for their low price and convenience. However, because of the breakdown in the security system, a few accidents occurred due to the illegal taxi. The unreliable security management has attributed to the lack of trust in taxi companies and relevant regulatory authorities, which considered to be the reason why people are worried about it. Accordingly, we put forward a design for a taxi security system, making use of modern technology such as NFC, iBeacon, GPS combined with algorithms, automatically recognize the taxi we take, and reflecting basic information of taxi and driver on our mobile phone.

  1. Derived virtual devices: a secure distributed file system mechanism

    Science.gov (United States)

    VanMeter, Rodney; Hotz, Steve; Finn, Gregory

    1996-01-01

    This paper presents the design of derived virtual devices (DVDs). DVDs are the mechanism used by the Netstation Project to provide secure shared access to network-attached peripherals distributed in an untrusted network environment. DVDs improve Input/Output efficiency by allowing user processes to perform I/O operations directly from devices without intermediate transfer through the controlling operating system kernel. The security enforced at the device through the DVD mechanism includes resource boundary checking, user authentication, and restricted operations, e.g., read-only access. To illustrate the application of DVDs, we present the interactions between a network-attached disk and a file system designed to exploit the DVD abstraction. We further discuss third-party transfer as a mechanism intended to provide for efficient data transfer in a typical NAP environment. We show how DVDs facilitate third-party transfer, and provide the security required in a more open network environment.

  2. Distributed Secure Coordinated Control for Multiagent Systems Under Strategic Attacks.

    Science.gov (United States)

    Feng, Zhi; Wen, Guanghui; Hu, Guoqiang

    2017-05-01

    This paper studies a distributed secure consensus tracking control problem for multiagent systems subject to strategic cyber attacks modeled by a random Markov process. A hybrid stochastic secure control framework is established for designing a distributed secure control law such that mean-square exponential consensus tracking is achieved. A connectivity restoration mechanism is considered and the properties on attack frequency and attack length rate are investigated, respectively. Based on the solutions of an algebraic Riccati equation and an algebraic Riccati inequality, a procedure to select the control gains is provided and stability analysis is studied by using Lyapunov's method.. The effect of strategic attacks on discrete-time systems is also investigated. Finally, numerical examples are provided to illustrate the effectiveness of theoretical analysis.

  3. A Layered Decision Model for Cost-Effective System Security

    Energy Technology Data Exchange (ETDEWEB)

    Wei, Huaqiang; Alves-Foss, James; Soule, Terry; Pforsich, Hugh; Zhang, Du; Frincke, Deborah A.

    2008-10-01

    System security involves decisions in at least three areas: identification of well-defined security policies, selection of cost-effective defence strategies, and implementation of real-time defence tactics. Although choices made in each of these areas affect the others, existing decision models typically handle these three decision areas in isolation. There is no comprehensive tool that can integrate them to provide a single efficient model for safeguarding a network. In addition, there is no clear way to determine which particular combinations of defence decisions result in cost-effective solutions. To address these problems, this paper introduces a Layered Decision Model (LDM) for use in deciding how to address defence decisions based on their cost-effectiveness. To validate the LDM and illustrate how it is used, we used simulation to test model rationality and applied the LDM to the design of system security for an e-commercial business case.

  4. CRITICAL INFORMATION INFRASTRUCTURE SECURITY - NETWORK INTRUSION DETECTION SYSTEMS

    Directory of Open Access Journals (Sweden)

    Cristea DUMITRU

    2011-12-01

    Full Text Available Critical Information Infrastructure security will always be difficult to ensure, just because of the features that make it irreplaceable tor other critical infrastructures normal operation. It is decentralized, interconnected interdependent, controlled by multiple actors (mainly private and incorporating diverse types of technologies. It is almost axiomatic that the disruption of the Critical Information Infrastructure affects systems located much farther away, and the cyber problems have direct consequences on the real world. Indeed the Internet can be used as a multiplier in order to amplify the effects of an attack on some critical infrastructures. Security challenges increase with the technological progress. One of the last lines of defense which comes to complete the overall security scheme of the Critical Information Infrastructure is represented by the Network Intrusion Detection Systems.

  5. Securing Our Future. Proceedings of the Conference on Children--Our Future (Kuala Lumpur, Malaysia, November 19-21, 1991).

    Science.gov (United States)

    Chiam, Heng Keng, Ed.

    These proceedings report the results of 10 years of ongoing research by the Malaysian Child Development Project to develop and implement measures to study the cognitive, language, and socioemotional development of Malaysian preschool children. Part 1 of the report contains opening speeches delivered by conference organizers and dignitaries. Part 2…

  6. Method for Determining the Sensitivity of a Physical Security System.

    Energy Technology Data Exchange (ETDEWEB)

    Speed, Ann [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Gauthier, John H. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Hoffman, Matthew John [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Wachtel, Amanda [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Kittinger, Robert Scott [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Munoz-Ramos, Karina [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2017-05-23

    Modern systems, such as physical security systems, are often designed to involve complex interactions of technological and human elements. Evaluation of the performance of these systems often overlooks the human element. A method is proposed here to expand the concept of sensitivity—as denoted by d’—from signal detection theory (Green & Swets 1966; Macmillan & Creelman 2005), which came out of the field of psychophysics, to cover not only human threat detection but also other human functions plus the performance of technical systems in a physical security system, thereby including humans in the overall evaluation of system performance. New in this method is the idea that probabilities of hits (accurate identification of threats) and false alarms (saying “threat” when there is not one), which are used to calculate d’ of the system, can be applied to technologies and, furthermore, to different functions in the system beyond simple yes-no threat detection. At the most succinct level, the method returns a single number that represents the effectiveness of a physical security system; specifically, the balance between the handling of actual threats and the distraction of false alarms. The method can be automated, and the constituent parts revealed, such that given an interaction graph that indicates the functional associations of system elements and the individual probabilities of hits and false alarms for those elements, it will return the d’ of the entire system as well as d’ values for individual parts. The method can also return a measure of the response bias* of the system. One finding of this work is that the d’ for a physical security system can be relatively poor in spite of having excellent d’s for each of its individual functional elements.

  7. Secure Border Gateway Protocol and the External Routing Intrusion Detection System

    National Research Council Canada - National Science Library

    Kent, Stephen

    2000-01-01

    .... The Secure BGP projects designed a secure, scalable, deployable architecture (S-BGP) for an authorization and authentication system that addresses most of the security problems associated with BGP...

  8. Function allocation in distributed safeguards and security systems

    International Nuclear Information System (INIS)

    Barlich, G.L.

    1991-01-01

    Computerized distributed systems are being used to collect and manage data for activities such as nuclear materials accounting, process control, laboratory coordination, and security. Poor choices made in allocating functions to individual processors can make a system unusable by burdening machines with excessive network retrievals and updates. During system design phases, data allocation algorithms based on operation frequencies, field sizes, security information, and reliability requirements can be applied in sensitivity studies to mathematically ensure processor efficiency. The Los Alamos Network Design System (NDS) implements such an allocation algorithm. The authors analyzed a large, existing distributed system to test the cost functions and to compare actual network problems with NDS results. Several common configurations were also designed and studied using the software. From these studies, some basic principles for allocating functions emerged. In this paper recommendations for function allocation in generic systems and related design options are discussed

  9. Proceedings of the international topical meeting on remote systems and robotics in hostile environments

    International Nuclear Information System (INIS)

    Anon.

    1987-01-01

    This book contains the proceedings of the International Topical Meeting on Remote Systems and Robotics in Hostile Environments. It is organized under the following sessions: Worldwide Applications Overview; Operating Mobile Systems; Sensors and Control Systems; Space Applications; Reactor Operations and Surveillance; Remote Equipment for Hazardous Operations; Future Mobile System; Mining and Construction Operations; Special Applications; Hot Cell Applications; Processing; Reactor Operations and Maintenance; Decontamination and Waste Handling; Remote Handling Development and Demonstration

  10. Virtual-Reality training system for nuclear security

    International Nuclear Information System (INIS)

    Nonaka, Nobuyuki

    2012-01-01

    At the Integrated Support Center for Nuclear Nonproliferation and Nuclear Security (ISCN) of the Japan Atomic Energy Agency, the virtual reality (VR) training system is under development for providing a practical training environment to implement experience-oriented and interactive lessons on nuclear security for wide range of participants in human resource development assistance program mainly to Asian emerging nuclear-power countries. This system electrically recreates and visualizes nuclear facilities and training conditions in stereoscopic (3D) view on a large-scale display (CAVE system) as virtual reality training facility (VR facility) and it provides training participants with effective environments to learn installation and layout of security equipment in the facility testing and verifying visually the protection performances under various situations such as changes in day-night lighting and weather conditions, which may lead to practical exercise in the design and evaluation of the physical protection system. This paper introduces basic concept of the system and outline of training programs as well as featured aspects in using the VR technology for the nuclear security. (author)

  11. Secure Control Systems for the Energy Sector

    Energy Technology Data Exchange (ETDEWEB)

    Smith, Rhett [Schweitzer Engineering Lab., Inc., Alpharetta, GA (United States); Stewart, John [Tennessee Valley Authority, Knoxville, TN (United States); Chavez, Adrian [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2014-10-22

    The Padlock Project is an alliance between Tennessee Valley Authority (TVA), Sandia National Laboratories (SNL), and Schweitzer Engineering Laboratories Inc. (SEL). SEL is the prime contractor on the Padlock project. Rhett Smith (SEL) is the project director and Adrian Chaves (SNL) and John Stewart (TVA) are principle investigators. SEL is the world’s leader in microprocessor-based electronic equipment for protecting electric power systems. The Tennessee Valley Authority, a corporation owned by the U.S. government, provides electricity for 9 million people in parts of seven southeastern states at prices below the national average. TVA, which receives no taxpayer money and makes no profits, also provides flood control, navigation and land management for the Tennessee River system and assists utilities, and state and local governments with economic development.

  12. Civitas: Toward a Secure Voting System

    Science.gov (United States)

    2008-05-01

    voting, we believe that remote vot- ing is the right problem to solve. One of our goals was therefore to strike a reasonable compromise between enabling...versions of this work. References [1] Ben Adida . Advances in Cryptographic Voting Systems. PhD thesis, MIT, Aug. 2006. [2] Roberto Araújo, Sébastien...3] Association for Computing Machinery. SIG elections. http://www.acm.org/sigs/elections, 2007. [4] Jonathan Bannet, David W. Price , Algis Rudys

  13. Emerging Security Mechanisms for Medical Cyber Physical Systems.

    Science.gov (United States)

    Kocabas, Ovunc; Soyata, Tolga; Aktas, Mehmet K

    2016-01-01

    The following decade will witness a surge in remote health-monitoring systems that are based on body-worn monitoring devices. These Medical Cyber Physical Systems (MCPS) will be capable of transmitting the acquired data to a private or public cloud for storage and processing. Machine learning algorithms running in the cloud and processing this data can provide decision support to healthcare professionals. There is no doubt that the security and privacy of the medical data is one of the most important concerns in designing an MCPS. In this paper, we depict the general architecture of an MCPS consisting of four layers: data acquisition, data aggregation, cloud processing, and action. Due to the differences in hardware and communication capabilities of each layer, different encryption schemes must be used to guarantee data privacy within that layer. We survey conventional and emerging encryption schemes based on their ability to provide secure storage, data sharing, and secure computation. Our detailed experimental evaluation of each scheme shows that while the emerging encryption schemes enable exciting new features such as secure sharing and secure computation, they introduce several orders-of-magnitude computational and storage overhead. We conclude our paper by outlining future research directions to improve the usability of the emerging encryption schemes in an MCPS.

  14. Audit program for physical security systems at nuclear power plants

    International Nuclear Information System (INIS)

    Minichino, C.

    1982-01-01

    Licensees of nuclear power plants conduct audits of their physical security systems to meet the requirements of 10 CFR 73, Physical Protection of Plants and Materials. Section 73.55, Requirements for physical Protection of Licensed Activities in Nuclear Power Reactors Against Radiological Sabotage, requires that the security programs be reviewed at least every 12 months, that the audit be conducted by individuals independent of both security management and security supervision, and that the audit program review all aspects of the physical security system: hardware, personnel, and operational and maintenance procedures. This report contains information for the Nuclear Regulatory Commission (NRC) and for the licensees of nuclear power reactors who carry out these comprehensive audits. Guidance on the overall management of the audit function includes organizational structure and issues concerning the auditors who perform the review: qualifications, independence, due professional care, and standards. Guidance in the audit program includes purpose and scope of the audit, planning, techniques, post-audit procedures, reporting, and follow-up

  15. Secure authentication system that generates seed from biometric information.

    Science.gov (United States)

    Kim, Yeojin; Ahn, Jung-Ho; Byun, Hyeran

    2005-02-10

    As biometric recognition techniques are gradually improved, the stability of biometric authentication systems are enhanced. Although bioinformation has properties that make it resistant to fraud, biometric authentication systems are not immune to hacking. We show a secure biometric authentication system (1) to guarantee the integrity of biometric information by mixing data by use of a biometric key and (2) to raise recognition rates by use of bimodal biometrics.

  16. Social Security System in India: An International Comparative Analysis

    OpenAIRE

    Jha, Rupak Kumar; Bhattacharyya, Surajit

    2010-01-01

    This paper examines selected components of social security system in India and compares them with their OECD counterparts. Historically, the Indian policy makers have viewed the pension system as a welfare measure and therefore, it lacks in financial professionalism, diversification, and in the belief that pension funds can also be treated as an asset. The Indian system is biased towards the organized formal sector as workers in this sector are benefitted with the provisions under various lab...

  17. An Online Evaluation of Operating Reserve for System Security

    OpenAIRE

    Le-Ren Chang-Chien; Yin-Juin Lin; Chin-Chung Wu

    2007-01-01

    Utilities use operating reserve for frequency regulation.To ensure that the operating frequency and system security are well maintained, the operating grid codes always specify that the reserve quantity and response rate should meet some prescribed levels. This paper proposes a methodology to evaluate system's contingency reserve for an isolated power network. With the presented algorithm to estimate system's frequency response characteristic, an online allocation of contingency reserve would...

  18. Development of Food Security Information System Based on Business Intelligence in Food Security Agency, Ministry of Agriculture, Indonesia

    OpenAIRE

    Hendrawaty, Manise; Harisno, Harisno

    2014-01-01

    Food is the main basic need of human, because of that fulfillment of human need of food has to be fulfilled. So it can fulfill that need, then government institution, Food Security Agency (BKP) is formed so it can monitor fulfillment of food need of society. The goals of this writing are to develop food security information system that provides dashboard facility based on business intelligence, to develop food security information system that can give fast, precise and real time information a...

  19. Agricultural biogas systems. Quality and security

    International Nuclear Information System (INIS)

    Serafimova, K.

    2007-01-01

    This article takes a look at agricultural biogas installations and how improved basic conditions and incentives offered by industry and commerce are showing initial effects. The author is of the opinion that more dynamics in the market are necessary in order to allow contributions to be made to the protection of the climate whilst creating value locally at the same time. The article reviews the current market situation and examines questions which are to be answered in the quality assurance area for agricultural biogas systems in Switzerland. Co-fermentation is proposed as a standard technology. Market development, plant locations and plant management aspects are discussed.

  20. Practical Applications of Intelligent Systems : Proceedings of the Sixth International Conference on Intelligent Systems and Knowledge Engineering

    CERN Document Server

    Li, Tianrui

    2012-01-01

    Proceedings of The Sixth International Conference on Intelligent System and Knowledge Engineering presents selected papers from the conference ISKE 2011, held December 15-17 in Shanghai, China. This proceedings doesn’t only examine original research and approaches in the broad areas of intelligent systems and knowledge engineering, but also present new methodologies and practices in intelligent computing paradigms. The book introduces the current scientific and technical advances in the fields of artificial intelligence, machine learning, pattern recognition, data mining, information retrieval, knowledge-based systems, knowledge representation and reasoning, multi-agent systems, natural-language processing, etc. Furthermore, new computing methodologies are presented, including cloud computing, service computing and pervasive computing with traditional intelligent methods. The proceedings will be beneficial for both researchers and practitioners who want to utilize intelligent methods in their specific res...

  1. ENVIRONMENTAL PROBLEM SOLVING WITH GEOGRAPHIC INFORMATION SYSTEMS: 1994 AND 1999 CONFERENCE PROCEEDINGS

    Science.gov (United States)

    These two national conferences, held in Cincinnati, Ohio in 1994 and 1999, addressed the area of environmental problem solving with Geographic Information Systems. This CD-ROM is a compilation of the proceedings in PDF format. The emphasis of the conference presentations were on ...

  2. Review of Lean Construction Conference Proceedings and Relationship to the Toyota Production System Framework

    Science.gov (United States)

    Jacobs, Gideon Francois

    2010-01-01

    The objective of this study was to align the International Group of Lean Construction (IGLC) conference proceedings against the Toyota Production System (TPS) to determine how well research themes in construction studies align with the TPS framework. Factories around the world that have implemented the TPS framework have experienced impressive…

  3. Implementation of a security system in the radiotherapy process

    International Nuclear Information System (INIS)

    Orellana Salas, A.; Melgar Perez, J.; Arrocha Aceveda, J. F.

    2011-01-01

    Systems of work within the field of health are complex. Even the most routine activities involving chain and coordinate a number of actions to be developed by different professionals of different specialties. These systems often fail due to a combination of small errors along the process, each insufficient to cause an accident. We must ensure safe systems of work for each process we are involved, so it is essential to implement security systems to evaluate and find the vulnerabilities in all phases of the process. In the Service of Radio Physics and Radiation Protection of Punta de Europa Hospital has implemented a security system for radiotherapy process after the analysis and evaluation of the safety culture of the Service.

  4. A Secure System Architecture for Measuring Instruments in Legal Metrology

    Directory of Open Access Journals (Sweden)

    Daniel Peters

    2015-03-01

    Full Text Available Embedded systems show the tendency of becoming more and more connected. This fact combined with the trend towards the Internet of Things, from which measuring instruments are not immune (e.g., smart meters, lets one assume that security in measuring instruments will inevitably play an important role soon. Additionally, measuring instruments have adopted general-purpose operating systems to offer the user a broader functionality that is not necessarily restricted towards measurement alone. In this paper, a flexible software system architecture is presented that addresses these challenges within the framework of essential requirements laid down in the Measuring Instruments Directive of the European Union. This system architecture tries to eliminate the risks general-purpose operating systems have by wrapping them, together with dedicated applications, in secure sandboxes, while supervising the communication between the essential parts and the outside world.

  5. A security analysis of the Dutch electronic patient record system

    NARCIS (Netherlands)

    van 't Noordende, G.

    2010-01-01

    In this article, we analyze the security architecture of the Dutch Electronic Patient Dossier (EPD) system. Intended as a national infrastructure for exchanging medical patient records among authorized parties (particularly, physicians), the EPD has to address a number of requirements, ranging from

  6. Security in the Dutch electronic patient record system

    NARCIS (Netherlands)

    van 't Noordende, G.

    2010-01-01

    In this article, we analyze the security architecture of the Dutch Electronic Patient Dossier (EPD) system. Intended as a mandatory infrastructure for exchanging medical records of most if not all patients in the Netherlands among authorized parties (particularly, physicians), the EPD has to address

  7. Security challenges for cooperative and interconnected mobility systems

    NARCIS (Netherlands)

    Bijlsma, T.; Kievit, S. de; Sluis, H.J.D. van de; Nunen, E. van; Passchier, I.; Luiijf, H.A.M.

    2013-01-01

    Software is becoming an important part of the innovation for vehicles. In addition, the systems in vehicles become interconnected and also get external connections, to the internet and Vehicular Ad hoc NETworks (VANETs). These trends form a combined security and safety threat, because recent

  8. Securing a control system: experiences from ISO 27001 implementation

    International Nuclear Information System (INIS)

    Vuppala, V.; Vincent, J.; Kusler, J.; Davidson, K.

    2012-01-01

    Recent incidents of breaches, in control systems in specific and information systems in general, have emphasized the importance of security and operational continuity in achieving the quality objectives of an organization, and the safety of its personnel and infrastructure. However, security and disaster recovery are either completely ignored or given a low priority during the design and development of an accelerator control system, the underlying technologies, and the overlaid applications. This leads to an operational facility that is easy to breach, and difficult to recover. Retrofitting security into a control system becomes much more difficult during operations. In this paper we describe our experiences with implementing ISO/IEC 27001 Standard for information security at the Electronics Department of the National Superconducting Cyclotron Laboratory (NSCL) located on the campus of Michigan State University. We describe our risk assessment methodology, the identified risks, the selected controls, their implementation, and our documentation structure. We also report the current status of the project. We conclude with the challenges faced and the lessons learnt. (authors)

  9. Study on Cyber Security and Threat Evaluation in SCADA Systems

    Science.gov (United States)

    2012-03-01

    125 4.3.2 ISO 27001 , 27002 ............................................................................................ 125 4.3.3...system environments. 4.3.2 ISO 27001 , 27002 The ISO 27001 and 27002 standards ensure proper security processes and technology are implemented in...asset owner, integrators, and vendors. Now it is an independent set of 3 standards which resemble the ISO /IEC 27001 and 27002 standards. ISO /IEC

  10. The Economic Security of Bank: Theoretical Basis and Systemic Approach

    Directory of Open Access Journals (Sweden)

    Gavlovska Nataliia I.

    2017-07-01

    Full Text Available The article analyzes the existing approaches to interpreting the category of «economic security of bank». A author’s own definition of the concept of «economic security of bank» has been proposed, which should be understood as condition of protecting the vital interests of bank, achieved by harmonizing relationships with the entities of external influence and optimizing the internal system processes, thus enabling efficient function as well as development by means of an adaptation mechanism. A number of approaches to understanding the substance of the above concept has been allocated and their main characteristics have been provided. The need to study the specifics of interaction of banking institutions with the external environment in the context of interaction between the State agents and market actors has been underlined. Features of formation of the term of «system» have been defined, three main groups of approaches to interpretation of the term have been provided. A author’s own definition of the concept of «economic security system of bank» has been proposed. A concrete definition of principles for building an economic security system of bank has been provided.

  11. A Review of Cyber-Physical Energy System Security Assessment

    DEFF Research Database (Denmark)

    Rasmussen, Theis Bo; Yang, Guangya; Nielsen, Arne Hejde

    2017-01-01

    Increasing penetration of renewable energy resources (RES) and electrification of services by implementing distributed energy resources (DER) has caused a paradigm shift in the operation of the power system. The controllability of the power system is predicted to be shifted from the generation side...... to the consumption side. This transition entails that the future power system evolves into a complex cyber-physical energy system (CPES) with strong interactions between the power, communication and neighboring energy systems. Current power system security assessment methods are based on centralized computation...

  12. Radiological protection national system. Basic security rules

    International Nuclear Information System (INIS)

    1981-01-01

    This work has been prepared as the first one of a set of standards and regulations that will be enforced to provide the protection of men and the environment against the undesirable effects of ionizing radiations. It establishes, in the first place, the system of dose limits for the country and the principles of its utilization. It takes into account the CIPR's recommendations in this area and the mentioned frame of reference, it establishes further the necessary restrictions for the application of the limits to the professionally exposed workers, as well as to the isolated members of the public and the population in general. In addition it establishes the general conditions to be met for the implementation of radiological protection, among them, the classification of working areas and working conditions as well as the compulsory periodical medical surveillance. (H.D.N.)

  13. Secure Video Surveillance System (SVSS) for unannounced safeguards inspections

    International Nuclear Information System (INIS)

    Galdoz, Erwin G.; Pinkalla, Mark

    2010-01-01

    The Secure Video Surveillance System (SVSS) is a collaborative effort between the U.S. Department of Energy (DOE), Sandia National Laboratories (SNL), and the Brazilian-Argentine Agency for Accounting and Control of Nuclear Materials (ABACC). The joint project addresses specific requirements of redundant surveillance systems installed in two South American nuclear facilities as a tool to support unannounced inspections conducted by ABACC and the International Atomic Energy Agency (IAEA). The surveillance covers the critical time (as much as a few hours) between the notification of an inspection and the access of inspectors to the location in facility where surveillance equipment is installed. ABACC and the IAEA currently use the EURATOM Multiple Optical Surveillance System (EMOSS). This outdated system is no longer available or supported by the manufacturer. The current EMOSS system has met the project objective; however, the lack of available replacement parts and system support has made this system unsustainable and has increased the risk of an inoperable system. A new system that utilizes current technology and is maintainable is required to replace the aging EMOSS system. ABACC intends to replace one of the existing ABACC EMOSS systems by the Secure Video Surveillance System. SVSS utilizes commercial off-the shelf (COTS) technologies for all individual components. Sandia National Laboratories supported the system design for SVSS to meet Safeguards requirements, i.e. tamper indication, data authentication, etc. The SVSS consists of two video surveillance cameras linked securely to a data collection unit. The collection unit is capable of retaining historical surveillance data for at least three hours with picture intervals as short as 1sec. Images in .jpg format are available to inspectors using various software review tools. SNL has delivered two SVSS systems for test and evaluation at the ABACC Safeguards Laboratory. An additional 'proto-type' system remains

  14. APSCOM - 97. Fourth international conference on advances in power system control, operation and management. Proceedings

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    1997-12-31

    The sessions covered are: FALTS devices; intelligent computing advances; protection; voltage security; local forecasting; modelling techniques; security applications; distribution; alternative generation and control; power system analysis; transient stability; substation equipment; genetic algorithm application; a.c. drives; dynamic stability; power flow; new techniques; open access; power developments in China; system stability; protection techniques and devices; harmonics; monitoring and simulation; security assessment; computational techniques; generating costing and control; power control; operation experiences; machines and traction; electrical installations; Hong Kong power systems; power equipment and modelling; control algorithms and operations; and power systems in buildings.

  15. Security Measures in Automated Assessment System for Programming Courses

    Directory of Open Access Journals (Sweden)

    Jana Šťastná

    2015-12-01

    Full Text Available A desirable characteristic of programming code assessment is to provide the learner the most appropriate information regarding the code functionality as well as a chance to improve. This can be hardly achieved in case the number of learners is high (500 or more. In this paper we address the problem of risky code testing and availability of an assessment platform Arena, dealing with potential security risks when providing an automated assessment for a large set of source code. Looking at students’ programs as if they were potentially malicious inspired us to investigate separated execution environments, used by security experts for secure software analysis. The results also show that availability issues of our assessment platform can be conveniently resolved with task queues. A special attention is paid to Docker, a virtual container ensuring no risky code can affect the assessment system security. The assessment platform Arena enables to regularly, effectively and securely assess students' source code in various programming courses. In addition to that it is a motivating factor and helps students to engage in the educational process.

  16. Interdependence of the Electricity Generation System and the Natural Gas System and Implications for Energy Security

    Science.gov (United States)

    2013-05-15

    installation of natural gas generation or cogeneration plants to increase their energy security from the typical three days using diesel supplies to weeks-to...better quantify the regional impact of natural gas for energy security. Modeling and simulation could identify those regions and DoD installations that...Interdependence of the Electricity Generation System and the Natural Gas System and Implications for Energy Security N. Judson 15 May 2013 Prepared for the

  17. Security Challenges in Smart-Grid Metering and Control Systems

    Directory of Open Access Journals (Sweden)

    Xinxin Fan

    2013-07-01

    Full Text Available The smart grid is a next-generation power system that is increasingly attracting the attention of government, industry, and academia. It is an upgraded electricity network that depends on two-way digital communications between supplier and consumer that in turn give support to intelligent metering and monitoring systems. Considering that energy utilities play an increasingly important role in our daily life, smart-grid technology introduces new security challenges that must be addressed. Deploying a smart grid without adequate security might result in serious consequences such as grid instability, utility fraud, and loss of user information and energy-consumption data. Due to the heterogeneous communication architecture of smart grids, it is quite a challenge to design sophisticated and robust security mechanisms that can be easily deployed to protect communications among different layers of the smart grid-infrastructure. In this article, we focus on the communication-security aspect of a smart-grid metering and control system from the perspective of cryptographic techniques, and we discuss different mechanisms to enhance cybersecurity of the emerging smart grid. We aim to provide a comprehensive vulnerability analysis as well as novel insights on the cybersecurity of a smart grid.

  18. AUDITING THE SECURITY OF INFORMATION SYSTEMS WITHIN AN ORGANIZATION

    Directory of Open Access Journals (Sweden)

    STEGĂROIU CARINA-ELENA

    2013-02-01

    Full Text Available The safety provided by a well configured firewall is no excuse for neglecting the standard security procedures;setting up and installing a firewall is the first line of defense and not a full proof solution, auditing being only onecomponent of the system, whilst the other is protecting the resources and when we consider auditing as being theprocess of recording certain events that take place on a computer or within a network, we must come to the conclusionthat this is the only technique that allows us to identify the source of a possible issue within the network.Information security is used as a means to protect the intellectual property rights, whilst the main objective insetting up an information security system is to enlist the confidence of prospective business partners. In accordancewith the legal requisites and the principle of maximizing one’s investment, regardless of the many forms it could take,or the means through which it is stored, transmitted or distributed, information must be protected.Information security is not only a technical problem, but mainly a managerial issue, as the security standard,ISO/IEC 17799 meets the needs of any type of organization, be it public or private, through a series of practices relatedto the management of information security.This paper aims to present the process of taking entry data from a plethora of programs and storing it in acentral location. Due to its flexibility, this process can be a useful auditing instrument, as long as we are familiar withthe way it works and how the events are recorded.

  19. Selected Methods For Increases Reliability The Of Electronic Systems Security

    Directory of Open Access Journals (Sweden)

    Paś Jacek

    2015-11-01

    Full Text Available The article presents the issues related to the different methods to increase the reliability of electronic security systems (ESS for example, a fire alarm system (SSP. Reliability of the SSP in the descriptive sense is a property preservation capacity to implement the preset function (e.g. protection: fire airport, the port, logistics base, etc., at a certain time and under certain conditions, e.g. Environmental, despite the possible non-compliance by a specific subset of elements this system. Analyzing the available literature on the ESS-SSP is not available studies on methods to increase the reliability (several works similar topics but moving with respect to the burglary and robbery (Intrusion. Based on the analysis of the set of all paths in the system suitability of the SSP for the scenario mentioned elements fire events (device critical because of security.

  20. Fairtrade, Food Security and Globalization: Building Alternative Food Systems

    Directory of Open Access Journals (Sweden)

    Martin Calisto Friant

    2016-05-01

    Full Text Available This article examines the politics and practices of Fairtrade certification in order to assess whether this alternative trading system could contribute to innovative solutions for global food security. The analysis begins by assessing the main challenges and problems characterizing the contemporary global food system. It then explores the history, vision and certification standards of the Fairtrade label. In the third section, the results of the impact studies of Fairtrade certification on producer livelihoods are discussed, analyzing the various strengths and weaknesses. Finally the article analyzes whether, and how, the Fairtrade system could positively contribute to improving global food security. To conclude this paper argues that the greatest strength of Fairtrate is not the certification mechanism itself but rather the social and environmental principles it represents. Fairtrade standards could serve to inform broader international policies, which could lead to a sustainable transformation of the global food system.

  1. Evaluation methodologies for security testing biometric systems beyond technological evaluation

    OpenAIRE

    Fernández Saavedra, María Belén

    2013-01-01

    The main objective of this PhD Thesis is the specification of formal evaluation methodologies for testing the security level achieved by biometric systems when these are working under specific contour conditions. This analysis is conducted through the calculation of the basic technical biometric system performance and its possible variations. To that end, the next two relevant contributions have been developed. The first contribution is the definition of two independent biometric performance ...

  2. The enhancement of security in healthcare information systems.

    Science.gov (United States)

    Liu, Chia-Hui; Chung, Yu-Fang; Chen, Tzer-Shyong; Wang, Sheng-De

    2012-06-01

    With the progress and the development of information technology, the internal data in medical organizations have become computerized and are further established the medical information system. Moreover, the use of the Internet enhances the information communication as well as affects the development of the medical information system that a lot of medical information is transmitted with the Internet. Since there is a network within another network, when all networks are connected together, they will form the "Internet". For this reason, the Internet is considered as a high-risk and public environment which is easily destroyed and invaded so that a relevant protection is acquired. Besides, the data in the medical network system are confidential that it is necessary to protect the personal privacy, such as electronic patient records, medical confidential information, and authorization-controlled data in the hospital. As a consequence, a medical network system is considered as a network requiring high security that excellent protections and managerial strategies are inevitable to prevent illegal events and external attacks from happening. This study proposes secure medical managerial strategies being applied to the network environment of the medical organization information system so as to avoid the external or internal information security events, allow the medical system to work smoothly and safely that not only benefits the patients, but also allows the doctors to use it more conveniently, and further promote the overall medical quality. The objectives could be achieved by preventing from illegal invasion or medical information being stolen, protecting the completeness and security of medical information, avoiding the managerial mistakes of the internal information system in medical organizations, and providing the highly-reliable medical information system.

  3. Blockchain Technology: A new secured Electronic Health Record System

    OpenAIRE

    Tamazirt , Lotfi; Alilat , Farid; Agoulmine , Nazim

    2018-01-01

    International audience; Nowadays, health systems are looking for effective ways to manage more patients in a shorter time, and to increase the quality of care through better coordination to provide quick, accurate and non-invasive diagnostics to patients. This paper aims to solve the dependence on trusted third parties by proposing a new management strategy, storage and security in a decentralized network through Blockchain technology. The proposed system also aims to offer a solution to help...

  4. Integrating Security in Real-Time Embedded Systems

    Science.gov (United States)

    2017-04-26

    Operations and Reports (0704-0188), 1215 Jefferson Davis Highway, Suite 1204, Arl ington, VA 22202-4302. Respondents should be aware that... operate without impacting the tinting and safety constraints of the control logic. Besides, the embedded nature of these systems limits the...only during slack times when no other real-time tasks are rwming. We propose to measure the security of the system by means of the achievable periodic

  5. Assessing Children's Appraisals of Security in the Family System: The Development of the Security in the Family System (SIFS) Scales

    Science.gov (United States)

    Forman, Evan M.; Davies, Patrick T.

    2005-01-01

    Background: Although delineating the processes by which children appraise the family as a source of security from their collective experiences in the family subsystem has assumed center stage in many conceptualizations of child development, the dearth of measures of child adaptation in the family system has hindered empirical advances. Therefore,…

  6. Cost and performance analysis of physical security systems

    International Nuclear Information System (INIS)

    Hicks, M.J.; Yates, D.; Jago, W.H.

    1997-01-01

    CPA - Cost and Performance Analysis - is a prototype integration of existing PC-based cost and performance analysis tools: ACEIT (Automated Cost Estimating Integrated Tools) and ASSESS (Analytic System and Software for Evaluating Safeguards and Security). ACE is an existing DOD PC-based tool that supports cost analysis over the full life cycle of a system; that is, the cost to procure, operate, maintain and retire the system and all of its components. ASSESS is an existing DOE PC-based tool for analysis of performance of physical protection systems. Through CPA, the cost and performance data are collected into Excel workbooks, making the data readily available to analysts and decision makers in both tabular and graphical formats and at both the system and subsystem levels. The structure of the cost spreadsheets incorporates an activity-based approach to cost estimation. Activity-based costing (ABC) is an accounting philosophy used by industry to trace direct and indirect costs to the products or services of a business unit. By tracing costs through security sensors and procedures and then mapping the contributions of the various sensors and procedures to system effectiveness, the CPA architecture can provide security managers with information critical for both operational and strategic decisions. The architecture, features and applications of the CPA prototype are presented. 5 refs., 3 figs

  7. Cyber security consideration on I and C system development process

    International Nuclear Information System (INIS)

    Park, Jaek Wan; Park, Jeyun; Kim, Young Ki

    2012-01-01

    Instrumentation and control (I and C) systems in nuclear power plants collect sensor signals installed in plant fields, monitor plant performance and status, and generate signals to control instruments for plant operation and protection. Recently, digital systems of I and C are required to be protected from cyber threats. It has been reported that several plants have been attacked and malfunctioned by outside intruders. To cope with cyber attacks, various studies have been proposed in IT and plant industries. From 2006, regulatory guides and industry standards for cyber security have been published. Therefore, these guides should be strongly considered in the development process of a digital system. Our framework refers to the system development life cycle described in RG 1.152. The main activities of RG 5.71 are included in the framework appropriately. This approach supports the consistent application of system features for cyber security by incorporating the security requirements required in the operation and maintenance phases into the initial phase of development process. It is expected that the application of the framework to a new plant system design may comply with both RG 1.152 and 5.71

  8. Development and Testing of Intelligent Alcohol Transportation Security System

    Directory of Open Access Journals (Sweden)

    Velaphi Msomi

    2018-01-01

    Full Text Available The development and testing of intelligent liquid transportation security system are being reported in this paper. The targeted fluid to be secured was ethanol alcohol and this was due to the theft cases occurring during the transportation of this product from the supplier to the customer. The system was developed such that only the radar level sensor (VEGAPULS 62 might be in contact with the fluid and the rest of the system remained outside the liquid carrying container to be secured. The system was developed such that it reports any abnormal liquid level drop through short message service (SMS. The functioning of the developed system was tested through the use of 1040 L Intermediate Bulk Container (IBC filled with water which was hauled for about 1.5 km. The liquid theft was simulated and the system sent two SMS. The first SMS reported the beginning of water level drop and the second one reported the ending of water level drop. The second SMS reported the amount of liquid that was taken out of the container.

  9. Cyber security consideration on I and C system development process

    Energy Technology Data Exchange (ETDEWEB)

    Park, Jaek Wan; Park, Jeyun; Kim, Young Ki [KAERI, Daejeon (Korea, Republic of)

    2012-10-15

    Instrumentation and control (I and C) systems in nuclear power plants collect sensor signals installed in plant fields, monitor plant performance and status, and generate signals to control instruments for plant operation and protection. Recently, digital systems of I and C are required to be protected from cyber threats. It has been reported that several plants have been attacked and malfunctioned by outside intruders. To cope with cyber attacks, various studies have been proposed in IT and plant industries. From 2006, regulatory guides and industry standards for cyber security have been published. Therefore, these guides should be strongly considered in the development process of a digital system. Our framework refers to the system development life cycle described in RG 1.152. The main activities of RG 5.71 are included in the framework appropriately. This approach supports the consistent application of system features for cyber security by incorporating the security requirements required in the operation and maintenance phases into the initial phase of development process. It is expected that the application of the framework to a new plant system design may comply with both RG 1.152 and 5.71.

  10. National Computer Security Conference (16th) held at Baltimore Convention Center, Baltimore, Maryland on September 20-23, 1993. Proceedings

    Science.gov (United States)

    1993-09-23

    security community; o studies of factors enhancing prosocial behaviour provide insights on how to foster an environment where corporate information is...that describes the steps leading to prosocial behaviour : o People have to notice the emergency or the crime before they can act. Thus security... emotional in the eyes of those present.’ We can address this component of the process by providing a corporate culture which rewards responsible behaviour

  11. Management assessment of tank waste remediation system contractor readiness to proceed with phase 1B privatization

    International Nuclear Information System (INIS)

    Honeyman, J.O.

    1998-01-01

    This Management Assessment of Tank Waste Remediation System (TWRS) Contractor Readiness to Proceed With Phase 1B Privatization documents the processes used to determine readiness to proceed with tank waste treatment technologies from private industry, now known as TWRS privatization. An overall systems approach was applied to develop action plans to support the retrieval and disposal mission of the TWRS Project. The systems and infrastructure required to support the mission are known. Required systems are either in place or plans have been developed to ensure they exist when needed. Since October 1996 a robust system engineering approach to establishing integrated Technical Baselines, work breakdown structures, tank farms organizational structure and configurations, work scope, and costs has become part of the culture within the TWRS Project. An analysis of the programmatic, management, and technical activities necessary to declare readiness to proceed with execution of the mission demonstrates that the system, personnel, and hardware will be on-line and ready to support the private contractors. The systems approach included defining the retrieval and disposal mission requirements and evaluating the readiness of the Project Hanford Management Contract (PHMC) team to support initiation of waste processing by the private contractors in June 2002 and to receive immobilized waste shortly thereafter. The Phase 1 feed delivery requirements from the private contractor Requests for Proposal were reviewed. Transfer piping routes were mapped, existing systems were evaluated, and upgrade requirements were defined

  12. Modeling and Security Threat Assessments of Data Processed in Cloud Based Information Systems

    Directory of Open Access Journals (Sweden)

    Darya Sergeevna Simonenkova

    2016-03-01

    Full Text Available The subject of the research is modeling and security threat assessments of data processed in cloud based information systems (CBIS. This method allow to determine the current security threats of CBIS, state of the system in which vulnerabilities exists, level of possible violators, security properties and to generate recommendations for neutralizing security threats of CBIS.

  13. Modeling, simulation and analysis of a securities settlement system:The case of Central Securities Depository of Mexico

    OpenAIRE

    Muñoz, David F; Palacios, Arturo; Lascurain, Miguel

    2012-01-01

    The Instituto para el Depósito de Valores (INDEVAL) is the Central Securities Depository of Mexico. It is the only Mexican institution authorized to perform, in an integrated manner, the activities of safe-keeping, custody, management, clearing, settlement and transfer of securities. In this article, we report the modeling, simulation and analysis of a new Securities Settlement System (SSS) implemented by INDEVAL, as part of a project for the implementation of a safer and more efficient opera...

  14. Modeling, simulation and analysis of a securities settlement system: the case of Central Securities Depository of Mexico

    OpenAIRE

    Muñoz, David F.; Palacios, Arturo; de Lascurain, Miguel

    2012-01-01

    The Instituto para el Depósito de Valores (INDEVAL) is the Central Securities Depository of Mexico. It is the only Mexican institution authorized to perform, in an integrated manner, the activities of safe-keeping, custody, management, clearing, settlement and transfer of securities. In this article, we report the modeling, simulation and analysis of a new Securities Settlement System (SSS) implemented by INDEVAL, as part of a project for the implementation of a safer and more efficient opera...

  15. Application of the Quality Functional Deployment Method in Mobility Aid Securement System Design

    Science.gov (United States)

    1992-12-01

    The Independent Locking Securement System Project (ILS System Project) is a : successful attempt to respond to the transportation community's need for a : "universal" securement/restraint system that will accommodate most wheeled : mobility aids, inc...

  16. A Stochastic Model for Improving Information Security in Supply Chain Systems

    OpenAIRE

    Ibrahim Al Kattan; Ahmed Al Nunu; Kassem Saleh

    2009-01-01

    This article presents a probabilistic security model for supply chain management systems (SCM) in which the basic goals of security (including confidentiality, integrity, availability and accountability, CIAA) are modeled and analyzed. Consequently, the weak points in system security are identified. A stochastic model using measurable values to describe the information system security of a SCM is introduced. Information security is a crucial and integral part of the network of supply chains. ...

  17. Security analysis of interconnected AC/DC systems

    DEFF Research Database (Denmark)

    Eriksson, Robert

    2015-01-01

    This paper analyses N-1 security in an interconnected ac/dc transmission system using power transfer distribution factors (PTDFs). In the case of a dc converter outage the power needs to be redistributed among the remaining converter to maintain power balance and operation of the dc grid...... any line or transformer limits. Simulations were performed in a model of the Nordic power system where a dc grid is placed on top. The simulation supports the method as a tool to consider transfer limits in the grid to avoid violate the same and increase the security after a converter outage........ The redistribution of power has a sudden effect on the power-flow in the interconnected ac system. This may cause overloading of lines and transformers resulting in disconnection of equipment, and as a consequence cascading failure. The PTDF is used as a method to analyze and avoid violating limits by in the dc...

  18. Management assessment of tank waste remediation system contractor readiness to proceed with phase 1B privatization

    International Nuclear Information System (INIS)

    Certa, P.J.

    1998-01-01

    Readiness to Proceed With Phase 1B Privatization documents the processes used to determine readiness to proceed with tank waste treatment technologies from private industry, now known as TWRS privatization. An overall systems approach was applied to develop action plans to support the retrieval and disposal mission of the TWRS Project. The systems and infrastructure required to support the mission are known. Required systems are either in place or plans have been developed to ensure they exist when needed. Since October 1996 a robust system engineering approach to establishing integrated Technical Baselines, work breakdown structures, tank farms organizational structure and configurations, work scope, and costs has become part of the culture within the TWRS Project. An analysis of the programmatic, management, and technical activities necessary to declare readiness to proceed with execution of the mission demonstrates that the system, personnel, and hardware will be on line and ready to support the private contractors. The systems approach included defining the retrieval and disposal mission requirements and evaluating the readiness of the Project Hanford Management Contract (PHMC) team to support initiation of waste processing by the private contractors in June 2002 and to receive immobilized waste shortly thereafter. The Phase 1 feed delivery requirements from the private contractor Requests for Proposal were reviewed. Transfer piping routes were mapped, existing systems were evaluated, and upgrade requirements were defined

  19. Upgrading the Fermilab fire and security reporting system

    International Nuclear Information System (INIS)

    King, C.; Neswold, R.

    2012-01-01

    Fermilab's home grown fire and security system (known as FIRUS - Fire Incident Reporting and Utility System) is highly reliable and has been used for nearly thirty years. The system has gone through some minor upgrades, however, none of those changes made significant, visible changes. In this paper, we present a major overhaul to the system that is halfway complete. We discuss the use of Apple's OS X for the new GUI (Graphical User Interface), upgrading the servers to use the Erlang programming language and allowing limited access for iOS and Android-based mobile devices. (authors)

  20. Application of the Concept of Intrusion Tolerant System for Evaluating Cyber Security Enhancements

    International Nuclear Information System (INIS)

    Lee, Chanyoung; Seong, Poong Hyun

    2016-01-01

    One of the major problems is that nuclear industry is in very early stage in dealing with cyber security issues. It is because that cyber security has received less attention compared to other safety problems. In addition, late adoption of digital I and C systems has resulted in lower level of cyber security advancements in nuclear industry than ones in other industries. For the cyber security of NPP I and C systems, many regulatory documents, guides and standards were already published. These documents include cyber security plans, methods for cyber security assessments and comprehensive set of security controls. However, methods which can help assess how much security is improved if a specific security control is applied are not included in these documents. Hence, NPP I and C system designers may encounter difficulties when trying to apply security controls with limited structure and cost. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. The extent of cyber security improvement caused by security enhancement was defined as reduction ratio of the failure probability to secure the system from cyber-attack as Eq.1. The concept of 'intrusion tolerant system' was applied to not only prevent cyber-attacks but also limit the extent of damage in this study. For applying the concept of intrusion tolerant system to NPP, the event tree was constructed with some assumptions. Cyber security improvement caused by cyber security enhancement can be estimated as Eq.3. By comparing current system to the enhanced system, it is possible to