Hardware IP security and trust

CERN Document Server

Bhunia, Swarup; Tehranipoor, Mark

2017-01-01

This book provides an overview of current Intellectual Property (IP) based System-on-Chip (SoC) design methodology and highlights how security of IP can be compromised at various stages in the overall SoC design-fabrication-deployment cycle. Readers will gain a comprehensive understanding of the security vulnerabilities of different types of IPs. This book would enable readers to overcome these vulnerabilities through an efficient combination of proactive countermeasures and design-for-security solutions, as well as a wide variety of IP security and trust assessment and validation techniques. This book serves as a single-source of reference for system designers and practitioners for designing secure, reliable and trustworthy SoCs.

The Main Features of and Response to The Current Asian Security Situation

Institute of Scientific and Technical Information of China (English)

Hu; Shisheng

2015-01-01

I.The Main Features of the Current Asian Security Situation The strategic game between China and the United States becomes the most powerful driving force to change the Asian traditional security situation.The United States has tried its best to delay China’s rising pace or"to standardize"China’s rising path by using its huge military advantage and forward military deployment and strengthening its security network of alliance and friends,so as to maintain its dominant position in

Examination of the Current Approaches to State-Level Nuclear Security Evaluation

International Nuclear Information System (INIS)

Kim, Chan; Yim, Mansung; Kim, So Young

2014-01-01

An effective global nuclear materials security system will cover all materials, employ international standards and best practices, and reduce risks by reducing weapons-usable nuclear material stocks and the number of locations where they are found. Such a system must also encourage states to accept peer reviews by outside experts in order to demonstrate that effective security is in place. It is thus critically important to create an integrative framework of state-level evaluation of nuclear security as a basis for measuring the level and progress of international effort to secure and control all nuclear materials. There have been studies to represent state-level nuclear security with a quantitative metric. A prime example is the Nuclear Materials Security Index (NMSI) by the Nuclear Threat Initiative (NTI). Another comprehensive study is the State Level Risk Metric by Texas A and M University (TAMU). This paper examines the current methods with respect to their strengths and weaknesses and identifies the directions for future research to improve upon the existing approaches

Current status of securing Category 1 and 2 radioactive sources in Taiwan

Energy Technology Data Exchange (ETDEWEB)

Cheng, Y-F.; Tsai, C-H. [Atomic Energy Council of Executive Yuan of Taiwan (China)

2014-07-01

For enhancing safe and secure management of Category 1 and 2 radioactive sources against theft or unauthorized removal, AEC (Atomic Energy Council) of Taiwan have been regulating the import/export of the sources ever since 2005, in compliance with the IAEA's (International Atomic Energy Agency) 'Guidance on the Import and Export of Radioactive Sources'. Furthermore in consulting the IAEA Nuclear Security Series No.11 report, administrative regulations on the program of securing the sources have been embodied into AECL's regulatory system since 2012, for the purpose of enforcing medical and non-medical licensees and industrial radiographers to establish their own radioactive source security programs. Regulations require that security functions such as access control, detection, delay, response and communication and security management measures are to be implemented within the programs. This paper is to introduce the current status in implementing the security control measures in Taiwan. (author)

Safe and secure South Africa. Vehicle landmine protection validation testing

CSIR Research Space (South Africa)

Reinecke, JD

2008-11-01

Full Text Available The objective of this paper is to provide an overview of vehicle landmine protection validation testing in South Africa. A short history of validation test standards is given, followed by a summary of current open test standards in general use...

Energy Security of Russia and the EU: Current Legal Problems

International Nuclear Information System (INIS)

Seliverstov, S.

2009-01-01

Security of energy supply is a cornerstone of European energy policy. It receives specific mention both in the Constitution Treaty and in the Lisbon Treaty. Of course, energy and energy-generated revenues are vital for Russia as well. It is a common understanding that Russia and the EU are extremely interdependent in terms of energy. On the one hand, Russia is the strategic energy supplier to the EU as a whole; for some member states Russian supplies represent the only source of the external energy flows. On the other hand, the revenues generated from the west-bound supplies of oil and gas constitute a significant share of the overall export income and of the budget of Russian Federation. Taking the interdependency as a point of departure the present article answers the following questions: What are the differences and the similarities in the European and the Russian approaches towards security of energy supply? Is their understanding of energy security so different? What are the current legal instruments guiding interaction in this sphere? What are the actual trends that could give some indication of how the situation may develop in the future? - While the concepts of 'security of energy supplies' or of 'energy security' are theoretical in nature, the ways the concepts are understood and the legal framework for them directly influences the way they are applied in practice. (author)

78 FR 30319 - Intent to Request Renewal From OMB of One Current Public Collection of Information: Security...

Science.gov (United States)

2013-05-22

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration [Docket No. TSA-2002-11602] Intent to Request Renewal From OMB of One Current Public Collection of Information: Security Programs for..., Transportation Security Administration, 601 South 12th Street, Arlington, VA 20598-6011. FOR FURTHER INFORMATION...

Safeguards and security deficiencies fulfilled through technology development

International Nuclear Information System (INIS)

Smoot, W.

1996-01-01

The Office of Safeguards and Security (OSS) sponsors research and development activities based on identified field and headquarters customer requirements. Annually, a formal solicitation of safeguards and security user needs is conducted. Currently, there are over 300 valid safeguards and security deficiencies that have been identified. These user needs serve as the basis for formulating the OSS Technology Development Program (TDP). Due to budget constraints, the TDP can only address approximately 47% of these needs in FY 1996. This paper will discuss, in a general sense, the current deficiencies and how the TDP is responding to each. Specifically, the paper will highlight technologies in the areas of Material Control and Accounting, Physical Security, and Information Security. A brief discussion of unfulfilled user requirements will also be presented as a catalyst for leveraging available or developing technologies from other similar programs or from private industry

The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures

DEFF Research Database (Denmark)

Armando, Alessandro; Arsac, Wihem; Avanesov, Tigran

2012-01-01

The AVANTSSAR Platform is an integrated toolset for the formal specification and automated validation of trust and security of service-oriented architectures and other applications in the Internet of Services. The platform supports application-level specification languages (such as BPMN and our...

Mammography image assessment; validity and reliability of current scheme

International Nuclear Information System (INIS)

Hill, C.; Robinson, L.

2015-01-01

Mammographers currently score their own images according to criteria set out by Regional Quality Assurance. The criteria used are based on the ‘Perfect, Good, Moderate, Inadequate’ (PGMI) marking criteria established by the National Health Service Breast Screening Programme (NHSBSP) in their Quality Assurance Guidelines of 2006 1 . This document discusses the validity and reliability of the current mammography image assessment scheme. Commencing with a critical review of the literature this document sets out to highlight problems with the national approach to the use of marking schemes. The findings suggest that ‘PGMI’ scheme is flawed in terms of reliability and validity and is not universally applied across the UK. There also appear to be differences in schemes used by trainees and qualified mammographers. Initial recommendations are to be made in collaboration with colleagues within the National Health Service Breast Screening Programme (NHSBSP), Higher Education Centres, College of Radiographers and the Royal College of Radiologists in order to identify a mammography image appraisal scheme that is fit for purpose. - Highlights: • Currently no robust evidence based marking tools in use for the assessment of images in mammography. • Is current system valid, reliable and robust? • How can the current image assessment tool be improved? • Should students and qualified mammographers use the same tool? • What marking criteria are available for image assessment?

Energy Security of Russia and the EU: Current Legal Problems

Energy Technology Data Exchange (ETDEWEB)

Seliverstov, S.

2009-07-01

Security of energy supply is a cornerstone of European energy policy. It receives specific mention both in the Constitution Treaty and in the Lisbon Treaty. Of course, energy and energy-generated revenues are vital for Russia as well. It is a common understanding that Russia and the EU are extremely interdependent in terms of energy. On the one hand, Russia is the strategic energy supplier to the EU as a whole; for some member states Russian supplies represent the only source of the external energy flows. On the other hand, the revenues generated from the west-bound supplies of oil and gas constitute a significant share of the overall export income and of the budget of Russian Federation. Taking the interdependency as a point of departure the present article answers the following questions: What are the differences and the similarities in the European and the Russian approaches towards security of energy supply? Is their understanding of energy security so different? What are the current legal instruments guiding interaction in this sphere? What are the actual trends that could give some indication of how the situation may develop in the future? - While the concepts of 'security of energy supplies' or of 'energy security' are theoretical in nature, the ways the concepts are understood and the legal framework for them directly influences the way they are applied in practice. (author)

Designing, Capturing and Validating History-Sensitive Security Policies for Distributed Systems

DEFF Research Database (Denmark)

Hernandez, Alejandro Mario; Nielson, Flemming; Nielson, Hanne Riis

2011-01-01

has the capability of combining both history-sensitive and future-sensitive policies, providing even more flexibility and power. Moreover, we propose a global Logic for reasoning about the systems designed with this language. We show how the Logic can be used to validate the combination of security...... this approach with history-based components, as is traditional in reference-monitor-based approaches to mandatory access control. Our developments are performed in an Aspect-oriented coordination language, aiming to describe the Bell-LaPadula policy as elegantly as possible. Furthermore, the resulting language...

Workshop on Current Issues in Predictive Approaches to Intelligence and Security Analytics: Fostering the Creation of Decision Advantage through Model Integration and Evaluation

Energy Technology Data Exchange (ETDEWEB)

Sanfilippo, Antonio P.

2010-05-23

The increasing asymmetric nature of threats to the security, health and sustainable growth of our society requires that anticipatory reasoning become an everyday activity. Currently, the use of anticipatory reasoning is hindered by the lack of systematic methods for combining knowledge- and evidence-based models, integrating modeling algorithms, and assessing model validity, accuracy and utility. The workshop addresses these gaps with the intent of fostering the creation of a community of interest on model integration and evaluation that may serve as an aggregation point for existing efforts and a launch pad for new approaches.

Developing measures of food and nutrition security within an Australian context.

Science.gov (United States)

Archer, Claire; Gallegos, Danielle; McKechnie, Rebecca

2017-10-01

To develop a measure of food and nutrition security for use among an Australian population that measures all pillars of food security and to establish its content validity. The study consisted of two phases. Phase 1 involved focus groups with experts working in the area of food security. Data were assessed using content analysis and results informed the development of a draft tool. Phase 2 consisted of a series of three online surveys using the Delphi technique. Findings from each survey were used to establish content validity and progressively modify the tool until consensus was reached for all items. Australia. Phase 1 focus groups involved twenty-five experts working in the field of food security, who were attending the Dietitians Association of Australia National Conference, 2013. Phase 2 included twenty-five experts working in food security, who were recruited via email. Findings from Phase 1 supported the need for an Australian-specific tool and highlighted the failure of current tools to measure across all pillars of food security. Participants encouraged the inclusion of items to measure barriers to food acquisition and the previous single item to enable comparisons with previous data. Phase 2 findings informed the selection and modification of items for inclusion in the final tool. The results led to the development of a draft tool to measure food and nutrition security, and supported its content validity. Further research is needed to validate the tool among the Australian population and to establish inter- and intra-rater reliability.

NS [Nuclear Safety] update. Current safety and security activities and developments taking place in the Department of Nuclear Safety and Security, Issue no. 12, September 2009

International Nuclear Information System (INIS)

2009-09-01

The current issue presents information about the following topics: Nuclear Security Report 2009; G8 Nuclear Safety and Security Group (NSSG); Uranium Production Site Appraisal Team (UPSAT); New Entrant Nuclear Power Programmes Safety Guide on the Establishment of the Safety Infrastructure (DS424)

Maternal sensitivity and infant attachment security in Korea: cross-cultural validation of the Strange Situation.

Science.gov (United States)

Jin, Mi Kyoung; Jacobvitz, Deborah; Hazen, Nancy; Jung, Sung Hoon

2012-01-01

The present study sought to analyze infant and maternal behavior both during the Strange Situation Procedure (SSP) and a free play session in a Korean sample (N = 87) to help understand whether mother-infant attachment relationships are universal or culture-specific. Distributions of attachment classifications in the Korean sample were compared with a cross-national sample. Behavior of mothers and infants following the two separation episodes in the SSP, including mothers' proximity to their infants and infants' approach to the caregiver, was also observed, as was the association between maternal sensitivity observed during free play session and infant security. The percentage of Korean infants classified as secure versus insecure mirrored the global distribution, however, only one Korean baby was classified as avoidant. Following the separation episodes in the Strange Situation, Korean mothers were more likely than mothers in Ainsworth's Baltimore sample to approach their babies immediately and sit beside them throughout the reunion episodes, even when their babies were no longer distressed. Also, Korean babies less often approached their mothers during reunions than did infants in the Baltimore sample. Finally, the link between maternal sensitivity and infant security was significant. The findings support the idea that the basic secure base function of attachment is universal and the SSP is a valid measure of secure attachment, but cultural differences in caregiving may result in variations in how this function is manifested.

Official Position of the American Academy of Clinical Neuropsychology Social Security Administration Policy on Validity Testing: Guidance and Recommendations for Change.

Science.gov (United States)

Chafetz, M D; Williams, M A; Ben-Porath, Y S; Bianchini, K J; Boone, K B; Kirkwood, M W; Larrabee, G J; Ord, J S

2015-01-01

The milestone publication by Slick, Sherman, and Iverson (1999) of criteria for determining malingered neurocognitive dysfunction led to extensive research on validity testing. Position statements by the National Academy of Neuropsychology and the American Academy of Clinical Neuropsychology (AACN) recommended routine validity testing in neuropsychological evaluations. Despite this widespread scientific and professional support, the Social Security Administration (SSA) continued to discourage validity testing, a stance that led to a congressional initiative for SSA to reevaluate their position. In response, SSA commissioned the Institute of Medicine (IOM) to evaluate the science concerning the validation of psychological testing. The IOM concluded that validity assessment was necessary in psychological and neuropsychological examinations (IOM, 2015 ). The AACN sought to provide independent expert guidance and recommendations concerning the use of validity testing in disability determinations. A panel of contributors to the science of validity testing and its application to the disability process was charged with describing why the disability process for SSA needs improvement, and indicating the necessity for validity testing in disability exams. This work showed how the determination of malingering is a probability proposition, described how different types of validity tests are appropriate, provided evidence concerning non-credible findings in children and low-functioning individuals, and discussed the appropriate evaluation of pain disorders typically seen outside of mental consultations. A scientific plan for validity assessment that additionally protects test security is needed in disability determinations and in research on classification accuracy of disability decisions.

Operational validation - current status and opportunities for improvement

International Nuclear Information System (INIS)

Davey, E.

2002-01-01

The design of nuclear plant systems and operational practices is based on the application of multiple defenses to minimize the risk of occurrence of safety and production challenges and upsets. With such an approach, the effectiveness of individual or combinations of design and operational features in preventing upset challenges should be known. A longstanding industry concern is the adverse impact errors in human performance can have on plant safety and production. To minimize the risk of error occurrence, designers and operations staff routinely employ multiple design and operational defenses. However, the effectiveness of individual or combinations of defensive features in minimizing error occurrence are generally only known in a qualitative sense. More importantly, the margins to error or upset occurrence provided by combinations of design or operational features are generally not characterized during design or operational validation. This paper provides some observations and comments on current validation practice as it relates to operational human performance concerns. The paper also discusses opportunities for future improvement in validation practice in terms of the resilience of validation results to operating changes and characterization of margins to safety or production challenge. (author)

Shared Solar. Current Landscape, Market Potential, and the Impact of Federal Securities Regulation

Energy Technology Data Exchange (ETDEWEB)

Feldman, David [National Renewable Energy Laboratory (NREL), Golden, CO (United States); Brockway, Anna M. [U.S. Department of Energy, Washington, DC (United States); Ulrich, Elaine [U.S. Department of Energy, Washington, DC (United States); Margolis, Robert [National Renewable Energy Laboratory (NREL), Golden, CO (United States)

2015-04-07

This report provides a high-level overview of the current U.S. shared solar landscape, the impact that a given shared solar program’s structure has on requiring federal securities oversight, as well as an estimate of market potential for U.S. shared solar deployment.

Fine-Grained Forward-Secure Signature Schemes without Random Oracles

DEFF Research Database (Denmark)

Camenisch, Jan; Koprowski, Maciej

2006-01-01

We propose the concept of fine-grained forward-secure signature schemes. Such signature schemes not only provide nonrepudiation w.r.t. past time periods the way ordinary forward-secure signature schemes do but, in addition, allow the signer to specify which signatures of the current time period...... remain valid when revoking the public key. This is an important advantage if the signer produces many signatures per time period as otherwise the signer would have to re-issue those signatures (and possibly re-negotiate the respective messages) with a new key.Apart from a formal model for fine......-grained forward-secure signature schemes, we present practical schemes and prove them secure under the strong RSA assumption only, i.e., we do not resort to the random oracle model to prove security. As a side-result, we provide an ordinary forward-secure scheme whose key-update time is significantly smaller than...

Investments of Banks in Securities: the Essence and Development Trends under Current Conditions

Directory of Open Access Journals (Sweden)

Ekaterina Vladimirovna Mazikova

2015-12-01

Full Text Available The implementation of modern banking activities involves the realization of investments. Investment is a complex discussion economic category, characterized by a number of features. The types and forms of investment are manifold and can be transformed with account of the state of the economy and the level of development of industrial relations. The faster growth of the financial sector in the economy has stipulated the development of financial investment. Banks as financial and lending institutions actively make financial investments in securities. Banks’ investment in securities pursues a number of purposes which determine the selection of securities for investment and their quality. The article identified the targets of bank investments in securities and their development trends under current conditions on the basis of the analysis of the actual data for 2010–2014. Negative revaluation and the actual decrease in the value of corporate securities of Russian issuers reduce their commercial appeal. Banks refuse to speculate on the stock market in favor of the securities that ensure liquidity. Banks’ investments aim to purchasing securities from the Lombard List of the Bank of Russia in order to obtain loans and participate in the repo transactions. Thus, during the analyzed period, banks’ investments in securities transformed from systemically important assets that generate substantial profit into the mechanism that provides liquidity. It should be noted that a significant part of investment resources of Russian banks services the debt obligations of Russia’s Government. The article also identified a trend of banks’ increasing investment in the participation portfolios of subsidiaries and associated joint stock companies. The official data of the Central Bank of the Russian Federation (Bank of Russia [15], and the Federal State Statistics Service [14] were used as the information base for the study

Shared Solar. Current Landscape, Market Potential, and the Impact of Federal Securities Regulation

Energy Technology Data Exchange (ETDEWEB)

Feldman, David [National Renewable Energy Lab. (NREL), Golden, CO (United States); Brockway, Anna M. [Office of Energy Efficiency and Renewable Energy (EERE), Washington, DC (United States); Ulrich, Elaine [Office of Energy Efficiency and Renewable Energy (EERE), Washington, DC (United States); Margolis, Robert [National Renewable Energy Lab. (NREL), Golden, CO (United States)

2015-04-01

This report provides a high-level overview of the current U.S. shared solar landscape and the impact that a given shared solar program’s structure has on requiring federal securities oversight, as well as an estimate of market potential for U.S. shared solar deployment.

The Informatics Security Cost of Distributed Applications

Directory of Open Access Journals (Sweden)

Ion IVAN

2010-01-01

Full Text Available The objective, necessity, means and estimated efficiency of information security cost modeling are presented. The security requirements of distributed informatics applications are determined. Aspects regarding design, development and implementation are established. Influence factors for informatics security are presented and their correlation is analyzed. The costs associated to security processes are studied. Optimal criteria for informatics security are established. The security cost of the informatics application for validating organizational identifiers is determined using theoretical assumptions made for cost models. The conclusions highlight the validity of research results and offer perspectives for future research.

The Current State of the International Security System

OpenAIRE

Ивашов, Леонид Григорьевич

2013-01-01

The author examines the modern geopolitical world and assesses the threats to Russia’s security. These threats are demonstrated to be hitched to the goals of the US National Strategy and, in particular, to the US plans on deployment of anti-ballistic missile system. The author argues that in this situation the mainstay of Russia’s foreign policy should become “security through cooperation.”Key words: international security, anti-ballistic missile, preemptive war, geopolitical centers, UN Secu...

ICT security curriculum or how to respond to current global challenges

Directory of Open Access Journals (Sweden)

Marian Silviu Poboroniuc

2017-01-01

Full Text Available The paper presents some results obtained through the implementation of the Erasmus LLP “SALEIE” (Strategic Alignment of Electrical and Information Engineering in European Higher Education Institutions. The aim of the project was to bring together experts from European universities to enhance the competitiveness of Electrical and Information Engineering (EIE education within Europe, especially in relation to modern global technical challenges and to provide higher education models in a few EIE fields in accordance with these challenges. One of the outcomes of the project was a new ICT (Information and Computer Technology Security curriculum for bachelor and master levels. The research methodology comprised such stages as: identifying the most important current global challenges, conducting a survey related to existing EIE programs in order to establish the top-level criteria for an EIE curriculum, analyzing the results of the survey, obtaining the industry feedback related to technical and non-technical skills required for the specific field, and proposing a new curriculum for ICT Security programmes to respond to the modern technical challenges and to meet the needs of the industry, students, academics and graduates. As future work we will focus on stakeholder assessment in the EIE field and, based on the resulting feedback, on improving the ICT Security curriculum.

Model-based security testing

OpenAIRE

Schieferdecker, Ina; Großmann, Jürgen; Schneider, Martin

2012-01-01

Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security...

Economic security of the Russian Federation: current status, level and threats

Directory of Open Access Journals (Sweden)

V. V. Grigoryeva

2017-01-01

Full Text Available The problems of national and economic security maintenanceis aggravating in modern conditions of globalization and international competition related to controlof market channels, technological, information and natural resources.Today Russia is making all efforts to protect its position on the world stage and improve the lives of its citizens.Despite the worsening of the present economic, political and social differences in the world, the Russian Federation has its own national interests, which can be possible to fulfill only on the basis of sustainable development of the national economic security system.The latter traditionally determines the ability of the state economic system to maintain normal conditions for the national economy functioning and the population activity. The national economic securitystabilitycan be estimated only by the application of elaborate tools of the economic development indicators analysis and the threshold values examinationaimed at the determination of the quality characteristic of actual and the most successful model of the economic activity.The analysis of the current Russian economic situation showed the presence of some serious problems existing in the national economy. The economic security level of Russia, having a tendency to increase in the period of 1998-2013, has been sharply reduced to critical points since 2014. So, it is necessary to take some measures to restructure the system of economic security of the state. Based on the research it was identified the list of the most dangerous threats to the modern Russian economy, which includes: low level of the country industrial production; the economy dependence on goods import and raw materials export; low living standards of the population; the rapid growth of the shadow economy and corruption; the lack of civil science and innovationdevelopment. The main strategic directions for economic security levelincrease in Russia today and in the future are aimed at

Economic security of modern Russia: the current state and prospects

Directory of Open Access Journals (Sweden)

Karanina Elena

2018-01-01

Full Text Available In the conditions of instability of the world economy and the introduction of sanctions against Russia by a number of countries, the problem of ensuring national economic security has become particularly relevant. This topic also has a high scientific, practical and social significance, as it allows to identify possible gaps in the economic security of modern Russia and timely develop mechanisms to eliminate them to protect the national interests of the state. The purpose of this article is to determine the state and prospects of improving the economic security of modern Russia. This can be achieved by solving the following tasks: review of existing methods to evaluate the economic security of country, conduct a SWOT analysis of economic security of modern Russia, the development of suggestions for its improvement. This research analyzes various aspects of the economic security of modern Russia. As a result, the author developed an integrated method to ensuring the economic security of the country, as well as a matrix of economic security within this method. The way of increase of economic security of modern Russia is offered. Thus, to overcome the threats for the economic security of modern Russia, it is necessary to implement the recommendations developed by the authors, including the establishment of their own production and the construction of an innovatively oriented model of the economy. This will ensure the economic security of modern Russia and its stable development in the future.

Improving Control System Security through the Evaluation of Current Trends in Computer Security Research

Energy Technology Data Exchange (ETDEWEB)

Rolston

2005-03-01

At present, control system security efforts are primarily technical and reactive in nature. What has been overlooked is the need for proactive efforts, focused on the IT security research community from which new threats might emerge. Evaluating cutting edge IT security research and how it is evolving can provide defenders with valuable information regarding what new threats and tools they can anticipate in the future. Only known attack methodologies can be blocked, and there is a gap between what is known to the general security community and what is being done by cutting edge researchers --both those trying to protect systems and those trying to compromise them. The best security researchers communicate with others in their field; they know what cutting edge research is being done; what software can be penetrated via this research; and what new attack techniques and methodologies are being circulated in the black hat community. Standardization of control system applications, operating systems, and networking protocols is occurring at a rapid rate, following a path similar to the standardization of modern IT networks. Many attack methodologies used on IT systems can be ported over to the control system environment with little difficulty. It is extremely important to take advantage of the lag time between new research, its use on traditional IT networks, and the time it takes to port the research over for use on a control system network. Analyzing nascent trends in IT security and determining their applicability to control system networks provides significant information regarding defense mechanisms needed to secure critical infrastructure more effectively. This work provides the critical infrastructure community with a better understanding of how new attacks might be launched, what layers of defense will be needed to deter them, how the attacks could be detected, and how their impact could be limited.

Health Information System Role-Based Access Control Current Security Trends and Challenges.

Science.gov (United States)

de Carvalho Junior, Marcelo Antonio; Bandiera-Paiva, Paulo

2018-01-01

This article objective is to highlight implementation characteristics, concerns, or limitations over role-based access control (RBAC) use on health information system (HIS) using industry-focused literature review of current publishing for that purpose. Based on the findings, assessment for indication of RBAC is obsolete considering HIS authorization control needs. We have selected articles related to our investigation theme "RBAC trends and limitations" in 4 different sources related to health informatics or to the engineering technical field. To do so, we have applied the following search query string: "Role-Based Access Control" OR "RBAC" AND "Health information System" OR "EHR" AND "Trends" OR "Challenges" OR "Security" OR "Authorization" OR "Attacks" OR "Permission Assignment" OR "Permission Relation" OR "Permission Mapping" OR "Constraint". We followed PRISMA applicable flow and general methodology used on software engineering for systematic review. 20 articles were selected after applying inclusion and exclusion criteria resulting contributions from 10 different countries. 17 articles advocate RBAC adaptations. The main security trends and limitations mapped were related to emergency access, grant delegation, and interdomain access control. Several publishing proposed RBAC adaptations and enhancements in order to cope current HIS use characteristics. Most of the existent RBAC studies are not related to health informatics industry though. There is no clear indication of RBAC obsolescence for HIS use.

Current state in the research on electronic monitoring systems for the security and flow of objects and individuals

Directory of Open Access Journals (Sweden)

Man Dietrich Marcela

2017-01-01

Full Text Available This paper sets forth the current state of security systems in prisons from Romania and around the world, particularly aiming electronic systems of monitoring the flow of people, materials control and perimeter security, focusing on the research results concluded by motion detection tests and devices. The currently used systems were observed in order to put an analysis of the methodology together and implement and perfect these systems in protected areas. The protection of citizens must be performed to the extent that is allowed by the legislation.

37 CFR 1.419 - Display of currently valid control number under the Paperwork Reduction Act.

Science.gov (United States)

2010-07-01

... 37 Patents, Trademarks, and Copyrights 1 2010-07-01 2010-07-01 false Display of currently valid... UNITED STATES PATENT AND TRADEMARK OFFICE, DEPARTMENT OF COMMERCE GENERAL RULES OF PRACTICE IN PATENT CASES International Processing Provisions General Information § 1.419 Display of currently valid control...

Coverage of the Test of Memory Malingering, Victoria Symptom Validity Test, and Word Memory Test on the Internet: is test security threatened?

Science.gov (United States)

Bauer, Lyndsey; McCaffrey, Robert J

2006-01-01

In forensic neuropsychological settings, maintaining test security has become critically important, especially in regard to symptom validity tests (SVTs). Coaching, which can entail providing patients or litigants with information about the cognitive sequelae of head injury, or teaching them test-taking strategies to avoid detection of symptom dissimulation has been examined experimentally in many research studies. Emerging evidence supports that coaching strategies affect psychological and neuropsychological test performance to differing degrees depending on the coaching paradigm and the tests administered. The present study sought to examine Internet coverage of SVTs because it is potentially another source of coaching, or information that is readily available. Google searches were performed on the Test of Memory Malingering, the Victoria Symptom Validity Test, and the Word Memory Test. Results indicated that there is a variable amount of information available about each test that could threaten test security and validity should inappropriately interested parties find it. Steps that could be taken to improve this situation and limitations to this exploration are discussed.

Automatic address validation and health record review to identify homeless Social Security disability applicants.

Science.gov (United States)

Erickson, Jennifer; Abbott, Kenneth; Susienka, Lucinda

2018-06-01

Homeless patients face a variety of obstacles in pursuit of basic social services. Acknowledging this, the Social Security Administration directs employees to prioritize homeless patients and handle their disability claims with special care. However, under existing manual processes for identification of homelessness, many homeless patients never receive the special service to which they are entitled. In this paper, we explore address validation and automatic annotation of electronic health records to improve identification of homeless patients. We developed a sample of claims containing medical records at the moment of arrival in a single office. Using address validation software, we reconciled patient addresses with public directories of homeless shelters, veterans' hospitals and clinics, and correctional facilities. Other tools annotated electronic health records. We trained random forests to identify homeless patients and validated each model with 10-fold cross validation. For our finished model, the area under the receiver operating characteristic curve was 0.942. The random forest improved sensitivity from 0.067 to 0.879 but decreased positive predictive value to 0.382. Presumed false positive classifications bore many characteristics of homelessness. Organizations could use these methods to prompt early collection of information necessary to avoid labor-intensive attempts to reestablish contact with homeless individuals. Annually, such methods could benefit tens of thousands of patients who are homeless, destitute, and in urgent need of assistance. We were able to identify many more homeless patients through a combination of automatic address validation and natural language processing of unstructured electronic health records. Copyright © 2018. Published by Elsevier Inc.

Securing collaborative environments

Energy Technology Data Exchange (ETDEWEB)

Agarwal, Deborah [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States); Jackson, Keith [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States); Thompson, Mary [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States)

2002-05-16

The diverse set of organizations and software components involved in a typical collaboratory make providing a seamless security solution difficult. In addition, the users need support for a broad range of frequency and locations for access to the collaboratory. A collaboratory security solution needs to be robust enough to ensure that valid participants are not denied access because of its failure. There are many tools that can be applied to the task of securing collaborative environments and these include public key infrastructure, secure sockets layer, Kerberos, virtual and real private networks, grid security infrastructure, and username/password. A combination of these mechanisms can provide effective secure collaboration capabilities. In this paper, we discuss the requirements of typical collaboratories and some proposals for applying various security mechanisms to collaborative environments.

Validation Test Results for Orthogonal Probe Eddy Current Thruster Inspection System

Science.gov (United States)

Wincheski, Russell A.

2007-01-01

Recent nondestructive evaluation efforts within NASA have focused on an inspection system for the detection of intergranular cracking originating in the relief radius of Primary Reaction Control System (PCRS) Thrusters. Of particular concern is deep cracking in this area which could lead to combustion leakage in the event of through wall cracking from the relief radius into an acoustic cavity of the combustion chamber. In order to reliably detect such defects while ensuring minimal false positives during inspection, the Orthogonal Probe Eddy Current (OPEC) system has been developed and an extensive validation study performed. This report describes the validation procedure, sample set, and inspection results as well as comparing validation flaws with the response from naturally occuring damage.

The Current Status of the Economic Security of Poltava Region

Directory of Open Access Journals (Sweden)

Bondarevska Olha M.

2017-12-01

Full Text Available The status of economic security of Poltava region in 2012–2016 was analyzed, the analysis was conducted using the developed methodology for assessing economic security of region, which is based on the joint use of indicative and functional methods. In order to assess the status of economic security of region, a system of indicators, divided by economic security components, has been formed using functional approach. The information-analytical provision of assessment has been formed using statistical information on the socio-economic development of the region. The influence of factors of destabilizing and destimulative nature on the status of economic security of the region has been researched. It has been concluded that the economic security of Poltava region is unsatisfactory, despite the existence of some positive tendencies, which at present are not sustainable.

Validating eddy current array probes for inspecting steam generator tubes

International Nuclear Information System (INIS)

Sullivan, S.P.; Cecco, V.S.; Obrutsky, L.S.

1997-01-01

A CANDU nuclear reactor was shut down for over one year because steam generator (SG) tubes had failed with outer diameter stress-corrosion cracking (ODSCC) in the U-bend section. Novel, single-pass eddy current transmit-receive probes, denoted as C3, were successful in detecting all significant cracks so that the cracked tubes could be plugged and the unit restarted. Significant numbers of tubes with SCC were removed from a SG in order to validate the results of the new probe. Results from metallurgical examinations were used to obtain probability-of-detection (POD) and sizing accuracy plots to quantify the performance of this new inspection technique. Though effective, the above approach of relying on tubes removed from a reactor is expensive, in terms of both economic and radiation-exposure costs. This led to a search for more affordable methods to validate inspection techniques and procedures. Methods are presented for calculating POD curves based on signal-to-noise studies using field data. Results of eddy current scans of tubes with laboratory-induced ODSCC are presented with associated POD curves. These studies appear promising in predicting realistic POD curves for new inspection technologies. They are being used to qualify an improved eddy current array probe in preparation for field use. (author)

User Modelling Validation over the Security Awareness of Digital Natives

Directory of Open Access Journals (Sweden)

Vasileios Gkioulos

2017-07-01

Full Text Available Young generations make extensive use of mobile devices, such as smart-phones, tablets and laptops, for a variety of daily tasks with potentially critical impact, while the number of security breaches via portable devices increases exponentially. A plethora of security risks associated with these devices are induced by design shortcomings and vulnerabilities related to user behavior. Therefore, deploying suitable risk treatments requires the investigation of how security experts perceive the digital natives (young people, born in the digital era, when utilizing their user behavior models in the design and analysis of related systems. In this article, we present the results of a survey performed across a multinational sample of security professionals, in comparison to our earlier study over the security awareness of digital natives. Through this study, we seek to identify divergences between user behavior and the conceptual user-models that security experts utilise in their professional tasks. Our results indicate that the experts understanding over the user behaviour does not follow a solidified user-model, while influences from personal perceptions and randomness are also noticeable.

SecurID

CERN Multimedia

Now called RSA SecurID, SecurID is a mechanism developed by Security Dynamics that allows two-factor authentication for a user on a network resource. It works on the principle of the unique password mode, based on a shared secret. Every sixty seconds, the component generates a new six-digit token on the screen. The latter comes from the current time (internal clock) and the seed (SecurID private key that is available on the component, and is also from the SecurID server). During an authentication request, the SecurID server will check the entered token by performing exactly the same calculation as that performed by your component. The server knows the two information required for this calculation: the current time and the seed of your component. Access is allowed if the token calculated by the server matches the token you specified.

Why SCADA security is NOT like Computer Centre Security

CERN Multimedia

CERN. Geneva

2014-01-01

Today, the industralized world lives in symbiosis with control systems (aka SCADA systems): it depends on power distribution, oil production, public transport, automatic production lines. While the convenience is at hand, still too many control systems are designed without any security in mind, lack basic security protections, and are not even robust enough to withstand basic attacks. The Stuxnet worm attacking Siemens PLCs in 2010 was another close call. Attackers currently enjoy hacking control systems, and aim to switch lights off. This presentation shall recap the current situation and discuss the differences (or not) between computer center cyber-security and control system cyber-security.

Current Concerns in Validity Theory.

Science.gov (United States)

Kane, Michael

Validity is concerned with the clarification and justification of the intended interpretations and uses of observed scores. It has not been easy to formulate a general methodology set of principles for validation, but progress has been made, especially as the field has moved from relatively limited criterion-related models to sophisticated…

Service Oriented Architecture in Network Security - a novel Organisation in Security Systems

OpenAIRE

Hilker, Michael; Schommer, Christoph

2008-01-01

Current network security systems are a collection of various security components, which are directly installed in the operating system. These check the whole node for suspicious behaviour. Armouring intrusions e.g. have the ability to hide themselves from being checked. We present in this paper an alternative organisation of security systems. The node is completely virtualized with current virtualization systems so that the operating system with applications and the security system is disting...

Information Security Governance: When Compliance Becomes More Important than Security

OpenAIRE

Tan , Terence C. C.; Ruighaver , Anthonie B.; Ahmad , Atif

2010-01-01

International audience; Current security governance is often based on a centralized decision making model and still uses an ineffective 20th century risk management approach to security. This approach is relatively simple to manage since it needs almost no security governance below the top enterprise level where most decisions are made. However, while there is a role for more corporate governance, new regulations, and improved codes of best practice to address current weak organizational secu...

Enterprise security IT security solutions : concepts, practical experiences, technologies

CERN Document Server

Fumy, Walter

2013-01-01

Addressing IT managers and staff, as well as CIOs and other executives dealing with corporate IT security, this book provides a broad knowledge on the major security issues affecting today's corporations and organizations, and presents state-of-the-art concepts and current trends for securing an enterprise.Areas covered include information security management, network and system security, identity and access management (IAM), authentication (including smart card based solutions and biometrics), and security certification. In-depth discussion of relevant technologies and standards (including cr

General Potential-Current Model and Validation for Electrocoagulation

International Nuclear Information System (INIS)

Dubrawski, Kristian L.; Du, Codey; Mohseni, Madjid

2014-01-01

A model relating potential and current in continuous parallel plate iron electrocoagulation (EC) was developed for application in drinking water treatment. The general model can be applied to any EC parallel plate system relying only on geometric and tabulated input variables without the need of system-specific experimentally derived constants. For the theoretical model, the anode and cathode were vertically divided into n equipotential segments in a single pass, upflow, and adiabatic EC reactor. Potential and energy balances were simultaneously solved at each vertical segment, which included the contribution of ionic concentrations, solution temperature and conductivity, cathodic hydrogen flux, and gas/liquid ratio. We experimentally validated the numerical model with a vertical upflow EC reactor using a 24 cm height 99.99% pure iron anode divided into twelve 2 cm segments. Individual experimental currents from each segment were summed to determine total current, and compared with the theoretically derived value. Several key variables were studied to determine their impact on model accuracy: solute type, solute concentration, current density, flow rate, inter-electrode gap, and electrode surface condition. Model results were in good agreement with experimental values at cell potentials of 2-20 V (corresponding to a current density range of approximately 50-800 A/m 2 ), with mean relative deviation of 9% for low flow rate, narrow electrode gap, polished electrodes, and 150 mg/L NaCl. Highest deviation occurred with a large electrode gap, unpolished electrodes, and Na 2 SO 4 electrolyte, due to parasitic H 2 O oxidation and less than unity current efficiency. This is the first general model which can be applied to any parallel plate EC system for accurate electrochemical voltage or current prediction

The DUNDRUM-1 structured professional judgment for triage to appropriate levels of therapeutic security: retrospective-cohort validation study.

LENUS (Irish Health Repository)

Flynn, Grainne

2011-01-01

The assessment of those presenting to prison in-reach and court diversion services and those referred for admission to mental health services is a triage decision, allocating the patient to the appropriate level of therapeutic security. This is a critical clinical decision. We set out to improve on unstructured clinical judgement. We collated qualitative information and devised an 11 item structured professional judgment instrument for this purpose then tested for validity.

Assessing the internal validity of a household survey-based food security measure adapted for use in Iran

Directory of Open Access Journals (Sweden)

Sadeghizadeh Atefeh

2009-06-01

Full Text Available Abstract Background The prevalence of food insecurity is an indicator of material well-being in an area of basic need. The U.S. Food Security Module has been adapted for use in a wide variety of cultural and linguistic settings around the world. We assessed the internal validity of the adapted U.S. Household Food Security Survey Module to measure adult and child food insecurity in Isfahan, Iran, using statistical methods based on the Rasch measurement model. Methods The U.S. Household Food Security Survey Module was translated into Farsi and after adaptation, administered to a representative sample. Data were provided by 2,004 randomly selected households from all sectors of the population of Isfahan, Iran, during 2005. Results 53.1 percent reported that their food had run out at some time during the previous 12 months and they did not have money to buy more, while 26.7 percent reported that an adult had cut the size of a meal or skipped a meal because there was not enough money for food, and 7.2 percent reported that an adult did not eat for a whole day because there was not enough money for food. The severity of the items in the adult scale, estimated under Rasch-model assumptions, covered a range of 6.65 logistic units, and those in the child scale 11.68 logistic units. Most Item-infit statistics were near unity, and none exceeded 1.20. Conclusion The range of severity of items provides measurement coverage across a wide range of severity of food insecurity for both adults and children. Both scales demonstrated acceptable levels of internal validity, although several items should be improved. The similarity of the response patterns in the Isfahan and the U.S. suggests that food insecurity is experienced, managed, and described similarly in the two countries.

Construct validity-Current issues and recommendations for future hand hygiene research.

Science.gov (United States)

Neo, Jun Rong Jeffrey

2017-05-01

Health care-associated infection is a leading cause of morbidity and mortality. Hand hygiene is widely regarded as an effective prevention strategy. Often, hand hygiene research is designed and conducted by health care practitioners who may lack formal training in research methods, particularly in the area of social science. In a research context, a construct is a concept that can be measured or observed in some way. A construct can be directly or indirectly measured. For example, height can be directly measured by centimeters, whereas depression can be indirectly measured by a scale of 20 items. Every construct needs to be operationalized by measure(s) to make it a variable. Hence, construct validity refers to the degree of fit between the construct of interest and its operational measure. However, issues with construct validity often weaken the translation from construct to measure(s). This article will (1) describe the common threats to construct validity pertaining to hand hygiene research, (2) identify practical limitations in current research design, and (3) provide recommendations to improve construct validity in future hand hygiene research. By understanding how construct validity may affect hand hygiene research design, there is great potential to improve the validity of future hand hygiene research findings. Copyright © 2017 Association for Professionals in Infection Control and Epidemiology, Inc. Published by Elsevier Inc. All rights reserved.

Security for grids

Energy Technology Data Exchange (ETDEWEB)

Humphrey, Marty; Thompson, Mary R.; Jackson, Keith R.

2005-08-14

Securing a Grid environment presents a distinctive set of challenges. This paper groups the activities that need to be secured into four categories: naming and authentication; secure communication; trust, policy, and authorization; and enforcement of access control. It examines the current state of the art in securing these processes and introduces new technologies that promise to meet the security requirements of Grids more completely.

NS [Nuclear Safety] update. Current safety and security activities and developments taking place in the Department of Nuclear Safety and Security. Issue no. 4, June 2007

International Nuclear Information System (INIS)

2007-04-01

allow a broad discussion and to form a consolidated opinion. This should apply to requests for assistance from recipient states as well from donor states/organizations. Participation in the RSTCG is based on competencies and responsibilities. Currently the following divisions/sections within the IAEA's Department of Nuclear Safety and Security with responsibilities related to the control and management of radioactive sources are represented: Division of Radiation, Transport and Waste Safety with responsibilities in radiation safety related to sealed radioactive sources, Division of Nuclear Fuel Cycle and Waste Technology, with responsibilities in recovery, conditioning, storage and/or repatriation and Office of Nuclear Security with responsibilities in the protection against malicious acts (through the whole life cycle of sources)

International Nuclear Security Education Network (INSEN): Promoting nuclear security education

International Nuclear Information System (INIS)

Muhamad Samudi Yasir

2013-01-01

Full-text: The need for human resource development programmes in nuclear security was underlined at several International Atomic Energy Agency (IAEA) General Conferences and Board of Governors Meetings. Successive IAEA Nuclear Security Plans, the most recent of which was agreed by the Board of Governors in September 2009, give high priority to assisting States in establishing educational programmes in nuclear security in order to ensure the sustainability of nuclear security improvements. The current Nuclear Security Plan 1 covering 2010-2013 emphasizes on the importance of considering existing capacities at international, regional and national levels while designing nuclear security academic programmes. In the course of implementing the Plan, the IAEA developed a guide entitled Educational Programme in Nuclear Security (IAEA Nuclear Security Series No. 12) that consists of a model of a MAster of Science (M.Sc.) and a Certificate Programme in Nuclear Security. This guide was aims at assisting universities or other educational institutes to developed academic programmes in nuclear security. Independently, some universities already offered academic programmes covering some areas of nuclear security, while other universities have asked the IAEA to support the implementation of these programmes. In order to better address current and future request for assistance in this area, the IAEA establish a collaboration network-International Nuclear Security Education Network (INSEN), among universities who are providing nuclear security education or who are interested in starting an academic programme/ course(s) in nuclear security. Universiti Kebangsaan Malaysia (UKM) is a first local university became a member of INSEN since the beginning of the establishment. (author)

NS [Nuclear Safety] update. Current safety and security activities and developments taking place in the Department of Nuclear Safety and Security, Issue no. 11, June 2009

International Nuclear Information System (INIS)

2009-06-01

The current issue presents information about the following topics: Nuclear Safety Review for the Year 2008; Feedback from IRS Topical Studies and Events Applied to Safety Standards; Education and Training Programmes at the IAEA Department of Nuclear Safety and Security; Peer Review of Operational Safety Performance (PROSPER)

Validation of Finite-Element Models of Persistent-Current Effects in Nb3Sn Accelerator Magnets

International Nuclear Information System (INIS)

Wang, X.; Ambrosio, G.; Chlachidze, G.; Collings, E. W.; Dietderich, D. R.; DiMarco, J.; Felice, H.; Ghosh, A. K.; Godeke, A.; Gourlay, S. A.; Marchevsky, M.; Prestemon, S. O.; Sabbi, G.; Sumption, M. D.; Velev, G. V.; Xu, X.; Zlobin, A. V.

2015-01-01

Persistent magnetization currents are induced in superconducting filaments during the current ramping in magnets. The resulting perturbation to the design magnetic field leads to field quality degradation, in particular at low field where the effect is stronger relative to the main field. The effects observed in NbTi accelerator magnets were reproduced well with the critical-state model. However, this approach becomes less accurate for the calculation of the persistent-current effects observed in Nb 3 Sn accelerator magnets. Here a finite-element method based on the measured strand magnetization is validated against three state-of-art Nb3Sn accelerator magnets featuring different subelement diameters, critical currents, magnet designs and measurement temperatures. The temperature dependence of the persistent-current effects is reproduced. Based on the validated model, the impact of conductor design on the persistent current effects is discussed. The performance, limitations and possible improvements of the approach are also discussed

Safe current injection strategies for a STATCOM under asymmetrical grid faults

DEFF Research Database (Denmark)

Rodriguez, Pedro; Medeiros, Gustavo; Luna, Alvaro

2010-01-01

This paper explores different strategies to set the reference current of a STATCOM under unbalanced grid voltage conditions and determines the maximum deliverable reactive power in each case to guarantee the injected current is permanently within the STATCOM secure operation limits. The paper...... presents a comprehensive derivation of the proposed STATCOM control strategies to set the reactive current reference under unbalanced grid faults, together with an extensive evaluation using simulation and experimental results from a low-scale laboratory setup in order to verify and validate the dynamic...

Security Inequalities in North America: Reassessing Regional Security Complex Theory

Directory of Open Access Journals (Sweden)

Richard Kilroy

2017-12-01

Full Text Available This article re-evaluates earlier work done by the authors on Regional Security Complex Theory (RSCT in North America, using sectoral analysis initially developed by Buzan and Waever, but also adding the variables of institutions, identity, and interests. These variables are assessed qualitatively in the contemporary context on how they currently impress upon the process of securitization within sectoral relations between Canada, Mexico, and the United States. The article reviews the movement from bilateral security relations between these states to the development of a trilateral response to regional security challenges post- 9/11. It further addresses the present period and what appears to be a security process derailed by recent political changes and security inequalities, heightened by the election of Donald Trump in 2016. The article argues that while these three states initially evinced a convergence of regional security interests after 9/11, which did create new institutional responses, under the current conditions, divergence in political interests and security inequalities have reduced the explanatory power of RSCT in North America. Relations between states in North American are becoming less characterized by the role of institutions and interests and more by identity politics in the region.

Marketing Plan for Demonstration and Validation Assets

Energy Technology Data Exchange (ETDEWEB)

None, None

2008-05-30

The National Security Preparedness Project (NSPP), is to be sustained by various programs, including technology demonstration and evaluation (DEMVAL). This project assists companies in developing technologies under the National Security Technology Incubator program (NSTI) through demonstration and validation of technologies applicable to national security created by incubators and other sources. The NSPP also will support the creation of an integrated demonstration and validation environment. This report documents the DEMVAL marketing and visibility plan, which will focus on collecting information about, and expanding the visibility of, DEMVAL assets serving businesses with national security technology applications in southern New Mexico.

The DUNDRUM-1 structured professional judgment for triage to appropriate levels of therapeutic security: retrospective-cohort validation study

Directory of Open Access Journals (Sweden)

O'Neill Conor

2011-03-01

Full Text Available Abstract Background The assessment of those presenting to prison in-reach and court diversion services and those referred for admission to mental health services is a triage decision, allocating the patient to the appropriate level of therapeutic security. This is a critical clinical decision. We set out to improve on unstructured clinical judgement. We collated qualitative information and devised an 11 item structured professional judgment instrument for this purpose then tested for validity. Methods All those assessed following screening over a three month period at a busy remand committals prison (n = 246 were rated in a retrospective cohort design blind to outcome. Similarly, all those admitted to a mental health service from the same prison in-reach service over an overlapping two year period were rated blind to outcome (n = 100. Results The 11 item scale had good internal consistency (Cronbach's alpha = 0.95 and inter-rater reliability. The scale score did not correlate with the HCR-20 'historical' score. For the three month sample, the receiver operating characteristic area under the curve (AUC for those admitted to hospital was 0.893 (95% confidence interval 0.843 to 0.943. For the two year sample, AUC distinguished at each level between those admitted to open wards, low secure units or a medium/high secure service. Open wards v low secure units AUC = 0.805 (95% CI 0.680 to 0.930; low secure v medium/high secure AUC = 0.866, (95% CI 0.784 to 0.949. Item to outcome correlations were significant for all 11 items. Conclusions The DUNDRUM-1 triage security scale and its items performed to criterion levels when tested against the real world outcome. This instrument can be used to ensure consistency in decision making when deciding who to admit to secure forensic hospitals. It can also be used to benchmark admission thresholds between services and jurisdictions. In this study we found some divergence between assessed need and actual placement

The DUNDRUM-1 structured professional judgment for triage to appropriate levels of therapeutic security: retrospective-cohort validation study

Science.gov (United States)

2011-01-01

Background The assessment of those presenting to prison in-reach and court diversion services and those referred for admission to mental health services is a triage decision, allocating the patient to the appropriate level of therapeutic security. This is a critical clinical decision. We set out to improve on unstructured clinical judgement. We collated qualitative information and devised an 11 item structured professional judgment instrument for this purpose then tested for validity. Methods All those assessed following screening over a three month period at a busy remand committals prison (n = 246) were rated in a retrospective cohort design blind to outcome. Similarly, all those admitted to a mental health service from the same prison in-reach service over an overlapping two year period were rated blind to outcome (n = 100). Results The 11 item scale had good internal consistency (Cronbach's alpha = 0.95) and inter-rater reliability. The scale score did not correlate with the HCR-20 'historical' score. For the three month sample, the receiver operating characteristic area under the curve (AUC) for those admitted to hospital was 0.893 (95% confidence interval 0.843 to 0.943). For the two year sample, AUC distinguished at each level between those admitted to open wards, low secure units or a medium/high secure service. Open wards v low secure units AUC = 0.805 (95% CI 0.680 to 0.930); low secure v medium/high secure AUC = 0.866, (95% CI 0.784 to 0.949). Item to outcome correlations were significant for all 11 items. Conclusions The DUNDRUM-1 triage security scale and its items performed to criterion levels when tested against the real world outcome. This instrument can be used to ensure consistency in decision making when deciding who to admit to secure forensic hospitals. It can also be used to benchmark admission thresholds between services and jurisdictions. In this study we found some divergence between assessed need and actual placement. This provides fertile

Design of the national health security preparedness index.

Science.gov (United States)

Uzun Jacobson, Evin; Inglesby, Tom; Khan, Ali S; Rajotte, James C; Burhans, Robert L; Slemp, Catherine C; Links, Jonathan M

2014-01-01

The importance of health security in the United States has been highlighted by recent emergencies such as the H1N1 influenza pandemic, Superstorm Sandy, and the Boston Marathon bombing. The nation's health security remains a high priority today, with federal, state, territorial, tribal, and local governments, as well as nongovernment organizations and the private sector, engaging in activities that prevent, protect, mitigate, respond to, and recover from health threats. The Association of State and Territorial Health Officials (ASTHO), through a cooperative agreement with the Centers for Disease Control and Prevention (CDC) Office of Public Health Preparedness and Response (OPHPR), led an effort to create an annual measure of health security preparedness at the national level. The collaborative released the National Health Security Preparedness Index (NHSPI(™)) in December 2013 and provided composite results for the 50 states and for the nation as a whole. The Index results represent current levels of health security preparedness in a consistent format and provide actionable information to drive decision making for continuous improvement of the nation's health security. The overall 2013 National Index result was 7.2 on the reported base-10 scale, with areas of greater strength in the domains of health surveillance, incident and information management, and countermeasure management. The strength of the Index relies on the interdependencies of the many elements in health security preparedness, making the sum greater than its parts. Moving forward, additional health security-related disciplines and measures will be included alongside continued validation efforts.

Climate change and food security in Tanzania: analysis of current ...

African Journals Online (AJOL)

A review of literature was conducted in order to identify knowledge gaps in climate change and food security research in Tanzania. The review focused on published literature covering the past 20 years addressing climate change effects on various components of the food security. The review of literature reveals, among ...

Secure File Allocation and Caching in Large-scale Distributed Systems

DEFF Research Database (Denmark)

Di Mauro, Alessio; Mei, Alessandro; Jajodia, Sushil

2012-01-01

In this paper, we present a file allocation and caching scheme that guarantees high assurance, availability, and load balancing in a large-scale distributed file system that can support dynamic updates of authorization policies. The scheme uses fragmentation and replication to store files with hi......-balancing, and reducing delay of read operations. The system offers a trade-off-between performance and security that is dynamically tunable according to the current level of threat. We validate our mechanisms with extensive simulations in an Internet-like network.......In this paper, we present a file allocation and caching scheme that guarantees high assurance, availability, and load balancing in a large-scale distributed file system that can support dynamic updates of authorization policies. The scheme uses fragmentation and replication to store files with high...... security requirements in a system composed of a majority of low-security servers. We develop mechanisms to fragment files, to allocate them into multiple servers, and to cache them as close as possible to their readers while preserving the security requirement of the files, providing load...

31 CFR 306.100 - Transferable securities.

Science.gov (United States)

2010-07-01

... SERVICE, DEPARTMENT OF THE TREASURY BUREAU OF THE PUBLIC DEBT GENERAL REGULATIONS GOVERNING U.S... recognize valid judicial proceedings affecting the ownership of or interest in transferable securities, upon... established. 10 10 Title in a finder claiming ownership of a registered security will not be recognized. A...

Security Vulnerability Profiles of NASA Mission Software: Empirical Analysis of Security Related Bug Reports

Science.gov (United States)

Goseva-Popstojanova, Katerina; Tyo, Jacob P.; Sizemore, Brian

2017-01-01

NASA develops, runs, and maintains software systems for which security is of vital importance. Therefore, it is becoming an imperative to develop secure systems and extend the current software assurance capabilities to cover information assurance and cybersecurity concerns of NASA missions. The results presented in this report are based on the information provided in the issue tracking systems of one ground mission and one flight mission. The extracted data were used to create three datasets: Ground mission IVV issues, Flight mission IVV issues, and Flight mission Developers issues. In each dataset, we identified the software bugs that are security related and classified them in specific security classes. This information was then used to create the security vulnerability profiles (i.e., to determine how, why, where, and when the security vulnerabilities were introduced) and explore the existence of common trends. The main findings of our work include:- Code related security issues dominated both the Ground and Flight mission IVV security issues, with 95 and 92, respectively. Therefore, enforcing secure coding practices and verification and validation focused on coding errors would be cost effective ways to improve mission's security. (Flight mission Developers issues dataset did not contain data in the Issue Category.)- In both the Ground and Flight mission IVV issues datasets, the majority of security issues (i.e., 91 and 85, respectively) were introduced in the Implementation phase. In most cases, the phase in which the issues were found was the same as the phase in which they were introduced. The most security related issues of the Flight mission Developers issues dataset were found during Code Implementation, Build Integration, and Build Verification; the data on the phase in which these issues were introduced were not available for this dataset.- The location of security related issues, as the location of software issues in general, followed the Pareto

Real time test bed development for power system operation, control and cyber security

Science.gov (United States)

Reddi, Ram Mohan

The operation and control of the power system in an efficient way is important in order to keep the system secure, reliable and economical. With advancements in smart grid, several new algorithms have been developed for improved operation and control. These algorithms need to be extensively tested and validated in real time before applying to the real electric power grid. This work focuses on the development of a real time test bed for testing and validating power system control algorithms, hardware devices and cyber security vulnerability. The test bed developed utilizes several hardware components including relays, phasor measurement units, phasor data concentrator, programmable logic controllers and several software tools. Current work also integrates historian for power system monitoring and data archiving. Finally, two different power system test cases are simulated to demonstrate the applications of developed test bed. The developed test bed can also be used for power system education.

Security research roadmap; Security-tutkimuksen roadmap

Energy Technology Data Exchange (ETDEWEB)

Naumanen, M.; Rouhiainen, V. (eds.)

2006-02-15

Requirements for increasing security have arisen in Europe after highly visible and tragic events in Madrid and in London. While responsibility for security rests largely with the national activities, the EU has also started planning a research area .Space and security. as a part of the 7th Framework Programme. As the justification for this research area it has been presented that technology alone can not assure security, but security can not be assured without the support of technology. Furthermore, the justification highlights that security and military research are becoming ever closer. The old separation between civil and military research is decreasing, because it has been noticed that both areas are nowadays utilising the same knowledge. In Finland, there is already now noteworthy entrepreneurship related to security. Although some of the companies are currently only operating in Finland, others are already international leaders in their area. The importance of the security area is increasing and remarkable potential for new growth business areas can already be identified. This however also requires an increase in research efforts. VTT has a broad range of security research ongoing in many technology areas. The main areas have been concentrating on public safety and security, but VTT is participating also in several research projects related to the defence technology. For identifying and defining in more detail the expertise and research goals, the Security research roadmap was developed. The roadmap identified three particularly significant areas related to security. The assurance of critical infrastructure emphasises the protection of energy networks, information networks, water supply, traffic and transport, and obviously also the citizens. For assuring the activities of entrepreneurship, significant areas include the security of production and services, the security of sites and assets, and information security for embedded systems. The most important

Cloud security mechanisms

OpenAIRE

2014-01-01

Cloud computing has brought great benefits in cost and flexibility for provisioning services. The greatest challenge of cloud computing remains however the question of security. The current standard tools in access control mechanisms and cryptography can only partly solve the security challenges of cloud infrastructures. In the recent years of research in security and cryptography, novel mechanisms, protocols and algorithms have emerged that offer new ways to create secure services atop cloud...

IoT security with one-time pad secure algorithm based on the double memory technique

Science.gov (United States)

Wiśniewski, Remigiusz; Grobelny, Michał; Grobelna, Iwona; Bazydło, Grzegorz

2017-11-01

Secure encryption of data in Internet of Things is especially important as many information is exchanged every day and the number of attack vectors on IoT elements still increases. In the paper a novel symmetric encryption method is proposed. The idea bases on the one-time pad technique. The proposed solution applies double memory concept to secure transmitted data. The presented algorithm is considered as a part of communication protocol and it has been initially validated against known security issues.

Internal validity of a household food security scale is consistent among diverse populations participating in a food supplement program in Colombia.

Science.gov (United States)

Hackett, Michelle; Melgar-Quinonez, Hugo; Uribe, Martha C Alvarez

2008-05-23

We assessed the validity of a locally adapted Colombian Household Food Security Scale (CHFSS) used as a part of the 2006 evaluation of the food supplement component of the Plan for Improving Food and Nutrition in Antioquia, Colombia (MANA - Plan Departamental de Seguridad Alimentaria y Nutricional de Antioquia). Subjects included low-income families with pre-school age children in MANA that responded affirmatively to at least one CHFSS item (n = 1,319). Rasch Modeling was used to evaluate the psychometric characteristics of the items through measure and INFIT values. Differences in CHFSS performance were assessed by area of residency, socioeconomic status and number of children enrolled in MANA. Unidimensionality of a scale by group was further assessed using Differential Item Functioning (DIF). Most CHFSS items presented good fitness with most INFIT values within the adequate range of 0.8 to 1.2. Consistency in item measure values between groups was found for all but two items in the comparison by area of residency. Only two adult items exhibited DIF between urban and rural households. The results indicate that the adapted CHFSS is a valid tool to assess the household food security of participants in food assistance programs like MANA.

Model-Based Security Testing

Directory of Open Access Journals (Sweden)

Ina Schieferdecker

2012-02-01

Full Text Available Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.

Recent Advances in Simulation of Eddy Current Testing of Tubes and Experimental Validations

Science.gov (United States)

Reboud, C.; Prémel, D.; Lesselier, D.; Bisiaux, B.

2007-03-01

Eddy current testing (ECT) is widely used in iron and steel industry for the inspection of tubes during manufacturing. A collaboration between CEA and the Vallourec Research Center led to the development of new numerical functionalities dedicated to the simulation of ECT of non-magnetic tubes by external probes. The achievement of experimental validations led us to the integration of these models into the CIVA platform. Modeling approach and validation results are discussed here. A new numerical scheme is also proposed in order to improve the accuracy of the model.

Social Security reform: evaluating current proposals. Latest results of the EBRI-SSASIM2 policy simulation model.

Science.gov (United States)

Copeland, C; VanDerhei, J; Salisbury, D L

1999-06-01

The present Social Security program has been shown to be financially unsustainable in the future without modification to the current program. The purpose of this Issue Brief, EBRI's fourth in a series on Social Security reform, is threefold: to illustrate new features of the EBRI-SSASIM2 policy simulation model not available in earlier EBRI publications, to expand quantitative analysis to specific proposals, and to evaluate the uncertainty involved in proposals that rely on equity investment. This analysis compares the Gregg/Breaux-Kolbe/Stenholm (GB-KS) and Moynihan/Kerrey proposals with three generic or "traditional" reforms: increasing taxes, reducing benefits, and/or increasing the retirement age. Both proposals would create individual accounts by "carving out" funds from current Social Security payroll taxes. This analysis also examines other proposed changes that would "add on" to existing Social Security funds through the use of general revenue transfers and/or investment in the equities market. President Clinton has proposed a general revenue transfer and the collective investment of some of the OASDI trust fund assets in equities. Reps. Archer and Shaw have proposed a general revenue tax credit to establish individual accounts that would be invested partially in the equities markets. When comparing Social Security reform proposals that would specifically alter benefit levels, the Moynihan/Kerrey bill compares quite favorably with the other proposals in both benefit levels and payback ratios, when individuals elect to use the individual account option. In contrast, the GB-KS bills do not compare quite as favorably for their benefit levels, but do compare favorably in terms of payback ratios. An important comparison in these bills is the administrative costs of managing the individual accounts, since benefits can be lowered by up to 23 percent when going from the assumed low to high administrative costs. Moreover, allowing individuals to decide whether to

Human factors in network security

OpenAIRE

Jones, Francis B.

1991-01-01

Human factors, such as ethics and education, are important factors in network information security. This thesis determines which human factors have significant influence on network security. Those factors are examined in relation to current security devices and procedures. Methods are introduced to evaluate security effectiveness by incorporating the appropriate human factors into network security controls

Current status of validation for robotic surgery simulators - a systematic review.

Science.gov (United States)

Abboudi, Hamid; Khan, Mohammed S; Aboumarzouk, Omar; Guru, Khurshid A; Challacombe, Ben; Dasgupta, Prokar; Ahmed, Kamran

2013-02-01

To analyse studies validating the effectiveness of robotic surgery simulators. The MEDLINE(®), EMBASE(®) and PsycINFO(®) databases were systematically searched until September 2011. References from retrieved articles were reviewed to broaden the search. The simulator name, training tasks, participant level, training duration and evaluation scoring were extracted from each study. We also extracted data on feasibility, validity, cost-effectiveness, reliability and educational impact. We identified 19 studies investigating simulation options in robotic surgery. There are five different robotic surgery simulation platforms available on the market. In all, 11 studies sought opinion and compared performance between two different groups; 'expert' and 'novice'. Experts ranged in experience from 21-2200 robotic cases. The novice groups consisted of participants with no prior experience on a robotic platform and were often medical students or junior doctors. The Mimic dV-Trainer(®), ProMIS(®), SimSurgery Educational Platform(®) (SEP) and Intuitive systems have shown face, content and construct validity. The Robotic Surgical SimulatorTM system has only been face and content validated. All of the simulators except SEP have shown educational impact. Feasibility and cost-effectiveness of simulation systems was not evaluated in any trial. Virtual reality simulators were shown to be effective training tools for junior trainees. Simulation training holds the greatest potential to be used as an adjunct to traditional training methods to equip the next generation of robotic surgeons with the skills required to operate safely. However, current simulation models have only been validated in small studies. There is no evidence to suggest one type of simulator provides more effective training than any other. More research is needed to validate simulated environments further and investigate the effectiveness of animal and cadaveric training in robotic surgery. © 2012 BJU

Mobile platform security

CERN Document Server

Asokan, N; Dmitrienko, Alexandra

2013-01-01

Recently, mobile security has garnered considerable interest in both the research community and industry due to the popularity of smartphones. The current smartphone platforms are open systems that allow application development, also for malicious parties. To protect the mobile device, its user, and other mobile ecosystem stakeholders such as network operators, application execution is controlled by a platform security architecture. This book explores how such mobile platform security architectures work. We present a generic model for mobile platform security architectures: the model illustrat

Shared Solar: Current Landscape, Market Potential, and the Impact of Federal Securities Regulation; NREL (National Renewable Energy Laboratory)

Energy Technology Data Exchange (ETDEWEB)

None

2015-05-27

This presentation provides a high-level overview of the current U.S. shared solar landscape, the impact that a given shared solar program's structure has on requiring federal securities oversight, as well as an estimate of market potential for U.S. shared solar deployment.

Threat modeling designing for security

CERN Document Server

Shostack, Adam

2014-01-01

Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies. Systems secur

NS [Nuclear Safety] update. Current safety and security activities and developments taking place in the Department of Nuclear Safety and Security, Issue no. 10, March 2009

International Nuclear Information System (INIS)

2009-03-01

The current issue contains information about the following meetings: Application of the Code of Conduct on the Safety of Research Reactors (the 'Code'). Environmental Modelling for Radiation Safety (EMRAS II); Convention on the Safety of Spent Fuel Management and on the Safety of Radioactive Waste Management (the Joint Convention). The document also gives an overview on International Nuclear Security Advisory Service (INSServ)

Incorporating User-oriented Security into CC

DEFF Research Database (Denmark)

Sharp, Robin

2009-01-01

Current versions of the Common Criteria concentrate very heavily on technical security issues which are relevant for the design of secure systems. This approach largely ignores a number of questions which can have great significance for whether or not the system can be operated securely in an env...... not currently dealt with in CC. Tentative proposals for extensions to the current classes of SFRs will be made on the basis of the analysis of the case....

Global food and fibre security threatened by current inefficiencies in fungal identification

Science.gov (United States)

2016-01-01

Fungal pathogens severely impact global food and fibre crop security. Fungal species that cause plant diseases have mostly been recognized based on their morphology. In general, morphological descriptions remain disconnected from crucially important knowledge such as mating types, host specificity, life cycle stages and population structures. The majority of current fungal species descriptions lack even the most basic genetic data that could address at least some of these issues. Such information is essential for accurate fungal identifications, to link critical metadata and to understand the real and potential impact of fungal pathogens on production and natural ecosystems. Because international trade in plant products and introduction of pathogens to new areas is likely to continue, the manner in which fungal pathogens are identified should urgently be reconsidered. The technologies that would provide appropriate information for biosecurity and quarantine already exist, yet the scientific community and the regulatory authorities are slow to embrace them. International agreements are urgently needed to enforce new guidelines for describing plant pathogenic fungi (including key DNA information), to ensure availability of relevant data and to modernize the phytosanitary systems that must deal with the risks relating to trade-associated plant pathogens. This article is part of the themed issue ‘Tackling emerging fungal threats to animal health, food security and ecosystem resilience’. PMID:28080994

Security issues in mobile NFC devices

CERN Document Server

Roland, Michael

2015-01-01

This work provides an assessment of the current state of near field communication (NFC) security, it reports on new attack scenarios, and offers concepts and solutions to overcome any unresolved issues. The work describes application-specific security aspects of NFC based on exemplary use-case scenarios and uses these to focus on the interaction with NFC tags and on card emulation. The current security architectures of NFC-enabled cellular phones are evaluated with regard to the identified security aspects.

Reliability and validity of a short form household food security scale in a Caribbean community

Directory of Open Access Journals (Sweden)

Mahabir Deepak

2004-06-01

Full Text Available Abstract Background We evaluated the reliability and validity of the short form household food security scale in a different setting from the one in which it was developed. Methods The scale was interview administered to 531 subjects from 286 households in north central Trinidad in Trinidad and Tobago, West Indies. We evaluated the six items by fitting item response theory models to estimate item thresholds, estimating agreement among respondents in the same households and estimating the slope index of income-related inequality (SII after adjusting for age, sex and ethnicity. Results Item-score correlations ranged from 0.52 to 0.79 and Cronbach's alpha was 0.87. Item responses gave within-household correlation coefficients ranging from 0.70 to 0.78. Estimated item thresholds (standard errors from the Rasch model ranged from -2.027 (0.063 for the 'balanced meal' item to 2.251 (0.116 for the 'hungry' item. The 'balanced meal' item had the lowest threshold in each ethnic group even though there was evidence of differential functioning for this item by ethnicity. Relative thresholds of other items were generally consistent with US data. Estimation of the SII, comparing those at the bottom with those at the top of the income scale, gave relative odds for an affirmative response of 3.77 (95% confidence interval 1.40 to 10.2 for the lowest severity item, and 20.8 (2.67 to 162.5 for highest severity item. Food insecurity was associated with reduced consumption of green vegetables after additionally adjusting for income and education (0.52, 0.28 to 0.96. Conclusions The household food security scale gives reliable and valid responses in this setting. Differing relative item thresholds compared with US data do not require alteration to the cut-points for classification of 'food insecurity without hunger' or 'food insecurity with hunger'. The data provide further evidence that re-evaluation of the 'balanced meal' item is required.

Studies in Income Distribution. Estimation of Social Security Taxes on the March Current Population Survey. No. 4.

Science.gov (United States)

Bridges, Benjamin, Jr.; Johnston, Mary P.

The impact of the tax-transfer system on the distribution of income among economic units is the subject of a number of studies by the Office of Research and Statistics of the Social Security Administration. One of the most important data sources for the work is the Census Bureau's March Current Population Survey (CPS). To conduct such studies, the…

Implementation of Learning Organization Components in Ardabil Social Security Hospital

Directory of Open Access Journals (Sweden)

Azadeh Zirak

2015-06-01

Full Text Available This study aimed to investigate the implementation of learning organization characteristics based on Marquardt systematic model in Ardabil Social Security Hospital. The statistical population of this research was 234 male and female employees of Ardabil Social Security Hospital. For data collection, Marquardt questionnaire was used in the present study which its validity and reliability had been confirmed. Statistical analysis of hypotheses based on independent samples t-test showed that learning organization characteristics were used more than average level in some subsystems of Marquardt model and there was a significant difference between current position and excellent position based on learning organization characteristic application. According to the research findings, more attention should be paid to the subsystems of learning organization establishment and balanced development of these subsystems.

The corporate security professional

DEFF Research Database (Denmark)

Petersen, Karen Lund

2013-01-01

In our age of globalization and complex threat environments, every business is called upon to manage security. This tendency is reflected in the fact that a wide range of businesses increasingly think about security in broad terms and strive to translate national security concerns into corporate...... speech. This article argues that the profession of the security manager has become central for understanding how the relationship between national and corporate security is currently negotiated. The national security background of most private sector security managers makes the corporate security...... professional inside the company a powerful hybrid agent. By zooming in on the profession and the practice of national security inside companies, the article raises questions about where to draw the line between corporate security and national security along with the political consequences of the constitution...

Concept for Energy Security Matrix

International Nuclear Information System (INIS)

Kisel, Einari; Hamburg, Arvi; Härm, Mihkel; Leppiman, Ando; Ots, Märt

2016-01-01

The following paper presents a discussion of short- and long-term energy security assessment methods and indicators. The aim of the current paper is to describe diversity of approaches to energy security, to structure energy security indicators used by different institutions and papers, and to discuss several indicators that also play important role in the design of energy policy of a state. Based on this analysis the paper presents a novel Energy Security Matrix that structures relevant energy security indicators from the aspects of Technical Resilience and Vulnerability, Economic Dependence and Political Affectability for electricity, heat and transport fuel sectors. Earlier publications by different authors have presented energy security assessment methodologies that use publicly available indicators from different databases. Current paper challenges viability of some of these indicators and introduces new indicators that would deliver stronger energy security policy assessments. Energy Security Matrix and its indicators are based on experiences that the authors have gathered as high-level energy policymakers in Estonia, where all different aspects of energy security can be observed. - Highlights: •Energy security should be analysed in technical, economic and political terms; •Energy Security Matrix provides a framework for energy security analyses; •Applicability of Matrix is limited due to the lack of statistical data and sensitivity of output.

Internal validity of a household food security scale is consistent among diverse populations participating in a food supplement program in Colombia

Directory of Open Access Journals (Sweden)

Melgar-Quinonez Hugo

2008-05-01

Full Text Available Abstract Objective We assessed the validity of a locally adapted Colombian Household Food Security Scale (CHFSS used as a part of the 2006 evaluation of the food supplement component of the Plan for Improving Food and Nutrition in Antioquia, Colombia (MANA – Plan Departamental de Seguridad Alimentaria y Nutricional de Antioquia. Methods Subjects included low-income families with pre-school age children in MANA that responded affirmatively to at least one CHFSS item (n = 1,319. Rasch Modeling was used to evaluate the psychometric characteristics of the items through measure and INFIT values. Differences in CHFSS performance were assessed by area of residency, socioeconomic status and number of children enrolled in MANA. Unidimensionality of a scale by group was further assessed using Differential Item Functioning (DIF. Results Most CHFSS items presented good fitness with most INFIT values within the adequate range of 0.8 to 1.2. Consistency in item measure values between groups was found for all but two items in the comparison by area of residency. Only two adult items exhibited DIF between urban and rural households. Conclusion The results indicate that the adapted CHFSS is a valid tool to assess the household food security of participants in food assistance programs like MANA.

Survey of current technologies of security management for distributed information systems; Bunsangata joho system no security iji kanri hoshiki no genjo

Energy Technology Data Exchange (ETDEWEB)

Matsui, S [Central Research Institute of Electric Power Industry, Tokyo (Japan)

1997-05-01

The latest situation of the security management for a distributed information system was examined and systematically summarized to indicate the management design in future. This paper describes the threat of the distributed information system to security, the risk for confidentiality, integrity, and availability due to the threat, and the measures to be taken. The basic technology of security management is classified into the `user certification to prevent an incorrect access` and the `encipherment to prevent data from being used incorrectly.` The technology for certification has been almost completed. It can be securely done using an expendable password or IC card system. In Internet, multiple enciphering technologies for constructing a virtual private network that can secure the almost the same security as for a private network can be used. In an electronic mail, the enciphering technology can also be used easily. The tool that manages the security of very many servers, clients, and networks is in the initial stage. 16 refs., 1 fig., 5 tabs.

Advances and current state of the security and privacy in electronic health records: survey from a social perspective.

Science.gov (United States)

Tejero, Antonio; de la Torre, Isabel

2012-10-01

E-Health systems are experiencing an impulse in these last years, when many medical agencies began to include digital solutions into their platforms. Electronic Health Records (EHRs) are one of the most important improvements, being in its most part a patient-oriented tool. To achieve a completely operational EHR platform, security and privacy problems have to be resolved, due to the importance of the data included within these records. But given all the different methods to address security and privacy, they still remain in most cases as an open issue. This paper studies existing and proposed solutions included in different scenarios, in order to offer an overview of the current state in EHR systems. Bibliographic material has been obtained mainly from MEDLINE and SCOPUS sources, and over 30 publications have been analyzed. Many EHR platforms are being developed, but most of them present weaknesses when they are opened to the public. These architectures gain significance when they cover all the requisites related to security and privacy.

Security threads: effective security devices in the past, present, and future

Science.gov (United States)

Wolpert, Gary R.

2002-04-01

Security threads were first used to secure banknotes in the mid 1800's. The key to their anti-counterfeiting success was the fact that by being embedded in the paper, they became an integral part of the banknote substrate. Today, all major currencies still utilize this effective security feature. Technological developments have allowed security threads to evolve from a feature authenticated by only visual means to devices that incorporate both visual and machine detectable components. When viewed from the perspective of a thread being a carrier of various security technologies and the fact that they can be incorporated into the core substrate of banknotes, documents, labels, packaging and some high valued articles, it is clear that security threads will remain as effective security devices well into the future. This paper discusses a brief historical background of security threads, current visual and machine authentication technologies incorporated into threads today and a look to the future of threads as effective security devices.

Measuring Short-term Energy Security

Energy Technology Data Exchange (ETDEWEB)

NONE

2011-07-01

Ensuring energy security has been at the centre of the IEA mission since its inception, following the oil crises of the early 1970s. While the security of oil supplies remains important, contemporary energy security policies must address all energy sources and cover a comprehensive range of natural, economic and political risks that affect energy sources, infrastructures and services. In response to this challenge, the IEA is currently developing a Model Of Short-term Energy Security (MOSES) to evaluate the energy security risks and resilience capacities of its member countries. The current version of MOSES covers short-term security of supply for primary energy sources and secondary fuels among IEA countries. It also lays the foundation for analysis of vulnerabilities of electricity and end-use energy sectors. MOSES contains a novel approach to analysing energy security, which can be used to identify energy security priorities, as a starting point for national energy security assessments and to track the evolution of a country's energy security profile. By grouping together countries with similar 'energy security profiles', MOSES depicts the energy security landscape of IEA countries. By extending the MOSES methodology to electricity security and energy services in the future, the IEA aims to develop a comprehensive policy-relevant perspective on global energy security. This Brochure provides and overview of the analysis and results. Readers interested in an in-depth discussion of methodology are referred to the MOSES Working Paper.

Security in the nuclear medicine department

International Nuclear Information System (INIS)

Bassingham, S.; Gane, J.; Chan, P.S.; Heenan, S.; Gulliver, N.; McVey, J.

2005-01-01

The current threat from terrorism highlights the need for awareness of adequate security of radioactive sources by health bodies to prevent the opportunistic access to, theft of. or accidental loss of sources, together with stringent security measures in place to prevent the international misuse of radioactive sources as a weapon by unauthorised access. This presentation discusses the processes undertaken to ensure the safety and security of radioactive materials within the nuclear medicine department in line with current regulations and guidelines. These include risk assessments, security systems, audit trails, restricted access and personnel background checks

Software Security and the "Building Security in Maturity" Model

CERN Document Server

CERN. Geneva

2011-01-01

Using the framework described in my book "Software Security: Building Security In" I will discuss and describe the state of the practice in software security. This talk is peppered with real data from the field, based on my work with several large companies as a Cigital consultant. As a discipline, software security has made great progress over the last decade. Of the sixty large-scale software security initiatives we are aware of, thirty-two---all household names---are currently included in the BSIMM study. Those companies among the thirty-two who graciously agreed to be identified include: Adobe, Aon, Bank of America, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, Google, Intel, Intuit, McKesson, Microsoft, Nokia, QUALCOMM, Sallie Mae, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, VMware, and Wells Fargo. The BSIMM was created by observing and analyzing real-world data from thirty-two leading software security initiatives. The BSIMM can...

MODEL-BASED SECURITY ENGINEERING OF SOA SYSTEM USING SECURITY INTENT DSL

OpenAIRE

Muhammad Qaiser Saleem; Jafreezal Jaafar; Mohd Fadzil Hassan

2011-01-01

Currently most of the enterprises are using SOA and web services technologies to build their web information system. They are using MDA principles for design and development of WIS and using UML as a modelling language for business process modelling. Along with the increased connectivity in SOA environment, security risks rise exponentially. Security is not defined during the early phases of development and left onto developer. Properly configuring security requirements in SOA applications is...

Secure Path Selection under Random Fading

Directory of Open Access Journals (Sweden)

Furqan Jameel

2017-05-01

Full Text Available Application-oriented Wireless Sensor Networks (WSNs promises to be one of the most useful technologies of this century. However, secure communication between nodes in WSNs is still an unresolved issue. In this context, we propose two protocols (i.e. Optimal Secure Path (OSP and Sub-optimal Secure Path (SSP to minimize the outage probability of secrecy capacity in the presence of multiple eavesdroppers. We consider dissimilar fading at the main and wiretap link and provide detailed evaluation of the impact of Nakagami-m and Rician-K factors on the secrecy performance of WSNs. Extensive simulations are performed to validate our findings. Although the optimal scheme ensures more security, yet the sub-optimal scheme proves to be a more practical approach to secure wireless links.

Ensuring energy security in ASEAN countries: Current trends and major challenges

Science.gov (United States)

Senderov, Sergey; Vorobev, Sergey

2018-01-01

The paper discusses the issues of formation of future challenges to energy security of the ASEAN countries in the period up to 2035. The article gives examples of strategic threats to the energy security of Russia. The opportunities to meet future demand for primary energy for individual countries of ASEAN and the whole region are discussed.

Security leader insights for information protection lessons and strategies from leading security professionals

CERN Document Server

Fahy, Bob

2014-01-01

How do you, as a busy security executive or manager, stay current with evolving issues, familiarize yourself with the successful practices of your peers, and transfer this information to build a knowledgeable, skilled workforce the times now demand? With Security Leader Insights for Information Protection, a collection of timeless leadership best practices featuring insights from some of the nation's most successful security practitioners, you can. This book can be used as a quick and effective resource to bring your security staff up to speed on security's role in information protection. I

Information security in academic libraries: the role of the librarian in planning and introducing institutional policies

Directory of Open Access Journals (Sweden)

Juliana Soares Lima

2017-04-01

Full Text Available This study presents a short discussion about the role of the librarian as a mediator at planning, developing and implementing an Information Security Policy in Academic Libraries, by working together with professionals in the field of Information Technology. It also discusses the main virtual threats and some risks that are prone to infect computers in libraries. Based on the current legislation and on some normative documents about information security, it is confirmed the importance of the librarian take part in the main decision-making related to information security, such as planning a consistent Information Security Policy which be able to see the specific needs of Academic Libraries as institutions prone to cyberattacks. The main topics and guidelines to carry out an Information Security Policy are presented based on the results that were obtained through an action research, by visiting libraries to fill in application forms and to compose reports whose content was analyzed. Finally, the study concludes that Information Security Policy must be validated by managers of sectors or departments which the Academic Library is hierarchically subordinate to.

Securing your Site in Development and Beyond

Energy Technology Data Exchange (ETDEWEB)

Akopov, Mikhail S.

2018-01-04

Why wait until production deployment, or even staging and testing deployment to identify security vulnerabilities? Using tools like Burp Suite, you can find security vulnerabilities before they creep up on you. Prevent cross-site scripting attacks, and establish a firmer trust between your website and your client. Verify that Apache/Nginx have the correct SSL Ciphers set. We explore using these tools and more to validate proper Apache/Nginx configurations, and to be compliant with modern configuration standards as part of the development cycle. Your clients can use tools like https://securityheaders.io and https://ssllabs.com to get a graded report on your level of compliance with OWASP Secure Headers Project and SSLLabs recommendations. Likewise, you should always use the same sites to validate your configurations. Burp Suite will find common misconfigurations and will also perform more thorough security testing of your applications. In this session you will see examples of vulnerabilities that were detected early on, as well has how to integrate these practices into your daily workflow.

Transforming Security Screening With Biometrics

National Research Council Canada - National Science Library

Hearnsberger, Brian J

2003-01-01

... and identity theft to dramatically improve physical security. Today, biometric technology could be implemented to transform physical security by enhancing screening procedures currently in use at U.S...

Static validation of licence conformance policies

DEFF Research Database (Denmark)

Hansen, Rene Rydhof; Nielson, Flemming; Nielson, Hanne Riis

2008-01-01

Policy conformance is a security property gaining importance due to commercial interest like Digital Rights Management. It is well known that static analysis can be used to validate a number of more classical security policies, such as discretionary and mandatory access control policies, as well...... as communication protocols using symmetric and asymmetric cryptography. In this work we show how to develop a Flow Logic for validating the conformance of client software with respect to a licence conformance policy. Our approach is sufficiently flexible that it extends to fully open systems that can admit new...

Improved verification methods for OVI security ink

Science.gov (United States)

Coombs, Paul G.; Markantes, Tom

2000-04-01

Together, OVP Security Pigment in OVI Security Ink, provide an excellent method of overt banknote protection. The effective use of overt security feature requires an educated public. The rapid rise in computer-generated counterfeits indicates that consumers are not as educate das to banknote security features as they should be. To counter the education issue, new methodologies have been developed to improve the validation of banknotes using the OVI ink feature itself. One of the new methods takes advantage of the overt nature of the product's optically variable effect. Another method utilizes the unique optical interference characteristics provided by the OVP platelets.

International Nuclear Security

Energy Technology Data Exchange (ETDEWEB)

Doyle, James E. [Los Alamos National Laboratory

2012-08-14

This presentation discusses: (1) Definitions of international nuclear security; (2) What degree of security do we have now; (3) Limitations of a nuclear security strategy focused on national lock-downs of fissile materials and weapons; (4) What do current trends say about the future; and (5) How can nuclear security be strengthened? Nuclear security can be strengthened by: (1) More accurate baseline inventories; (2) Better physical protection, control and accounting; (3) Effective personnel reliability programs; (4) Minimize weapons-usable materials and consolidate to fewer locations; (5) Consider local threat environment when siting facilities; (6) Implement pledges made in the NSS process; and (7) More robust interdiction, emergency response and special operations capabilities. International cooperation is desirable, but not always possible.

Nuclear security

International Nuclear Information System (INIS)

1991-12-01

This paper reports that despite their crucial importance to national security, safeguards at the Department of Energy's (DOE) weapons facilities may be falling short. DOE security inspections have identified many weaknesses, including poor performance by members of DOE's security force, poor accountability for quantities of nuclear materials, and the inability of personnel to locate documents containing classified information. About 13 percent of the 2,100 identified weakness resulted in DOE inspectors giving out unsatisfactory security ratings; another 38 percent led to marginal ratings. In addition, DOE's centralized safeguards and security information tracking system lacks current data on whether DOE field offices have corrected the identified weaknesses. Without reliable information, DOE has no way of knowing whether timely action was taken to correct problems, nor can it determine whether weaknesses are systematic. DOE has tried to minimize the impact of these security weaknesses at its facilities by establishing multiple layers of protection measures and instituting interim and compensatory measures for identified weaknesses. DOE is planning enhancements to the centralized tracking system that should improve its reliability and increase its effectiveness

A Security Checklist for ERP Implementations

Science.gov (United States)

Hughes, Joy R.; Beer, Robert

2007-01-01

The EDUCAUSE/Internet2 Computer and Network Security Task Force consulted with IT security professionals on campus about concerns with the current state of security in enterprise resource planning (ERP) systems. From these conversations, it was clear that security issues generally fell into one of two areas: (1) It has become extremely difficult…

Convergence of Corporate and Information Security

OpenAIRE

Syed; Rahman, M.; Donahue, Shannon E.

2010-01-01

As physical and information security boundaries have become increasingly blurry many organizations are experiencing challenges with how to effectively and efficiently manage security within the corporate. There is no current standard or best practice offered by the security community regarding convergence; however many organizations such as the Alliance for Enterprise Security Risk Management (AESRM) offer some excellent suggestions for integrating a converged security program. This paper rep...

Security Information System Digital Simulation

OpenAIRE

Tao Kuang; Shanhong Zhu

2015-01-01

The study built a simulation model for the study of food security information system relay protection. MATLAB-based simulation technology can support the analysis and design of food security information systems. As an example, the food security information system fault simulation, zero-sequence current protection simulation and transformer differential protection simulation are presented in this study. The case studies show that the simulation of food security information system relay protect...

Latvian Security and Defense Policy within the Twenty-First Century Security Environment

Directory of Open Access Journals (Sweden)

Rublovskis Raimonds

2014-12-01

Full Text Available The aim of this paper is to analyze fundamental factors which form and profoundly shape security and defense policy of the Republic of Latvia. One can argue that historical background, geographical location, common institutional history within the former Soviet Union, the Russia factor, the relative smallness of the territory of state and the population, the ethnic composition of the population, the low density of the population and rather limited financial and manpower resources available for the defense of the Republic of Latvia are the key factors of influence on the state security and defense policy. The core principles of the security and defense policy of Latvia are the membership in powerful global military alliance of NATO and bilateral strategic partnership with the United States. However, security and defense cooperation among the three Baltic States as well as enhanced cooperation within the Baltic-Nordic framework is seen as an important supplementary factor for the increased security of the Republic of Latvia. Latvia has developed a sustainable legal and institutional framework in order to contribute to state security and defense; however, security challenges and significant changes within the global security environment of the twenty-first century will further challenge the ability of the Republic of Latvia to sustain its current legal framework, and more importantly, current institutional structure of Latvian security and defense architecture. Significant internal and external challenges will impact the fundamental pillars of Latvian security and defense policy, such as American strategic shift to the Pacific, and lack of political will to increase defense budgets in European part of NATO. It has to be clear that very independence, security and defense of the Republic of Latvia depend on the ability of NATO to remain an effective organization with timely and efficient decision-making, and the ability of the United States to remain

Information security principles and practice

CERN Document Server

Stamp, Mark

2011-01-01

Now updated-your expert guide to twenty-first century information security Information security is a rapidly evolving field. As businesses and consumers become increasingly dependent on complex multinational information systems, it is more imperative than ever to protect the confidentiality and integrity of data. Featuring a wide array of new information on the most current security issues, this fully updated and revised edition of Information Security: Principles and Practice provides the skills and knowledge readers need to tackle any information security challenge. Taking a pract

Health Information Security in Hospitals: the Application of Security Safeguards.

Science.gov (United States)

Mehraeen, Esmaeil; Ayatollahi, Haleh; Ahmadi, Maryam

2016-02-01

A hospital information system has potentials to improve the accessibility of clinical information and the quality of health care. However, the use of this system has resulted in new challenges, such as concerns over health information security. This paper aims to assess the status of information security in terms of administrative, technical and physical safeguards in the university hospitals. This was a survey study in which the participants were information technology (IT) managers (n=36) who worked in the hospitals affiliated to the top ranked medical universities (university A and university B). Data were collected using a questionnaire. The content validity of the questionnaire was examined by the experts and the reliability of the questionnaire was determined using Cronbach's coefficient alpha (α=0.75). The results showed that the administrative safeguards were arranged at a medium level. In terms of the technical safeguards and the physical safeguards, the IT managers rated them at a strong level. According to the results, among three types of security safeguards, the administrative safeguards were assessed at the medium level. To improve it, developing security policies, implementing access control models and training users are recommended.

Validation of a Residual Stress Measurement Method by Swept High-Frequency Eddy Currents

International Nuclear Information System (INIS)

Lee, C.; Shen, Y.; Lo, C. C. H.; Nakagawa, N.

2007-01-01

This paper reports on a swept high-frequency eddy current (SHFEC) measurement method developed for electromagnetic nondestructive characterization of residual stresses in shot peened aerospace materials. In this approach, we regard shot-peened surfaces as modified surface layers of varying conductivity, and determine the conductivity deviation profile by inversion of the SHFEC data. The SHFEC measurement system consists of a pair of closely matched printed-circuit-board coils driven by laboratory instrument under software control. This provides improved sensitivity and high frequency performance compared to conventional coils, so that swept frequency EC measurements up to 50 MHz can be made to achieve the smallest skin depth of 80 μm for nickel-based superalloys. We devised a conductivity profile inversion procedure based on the laterally uniform multi-layer theory of Cheng, Dodd and Deeds. The main contribution of this paper is the methodology validation. Namely, the forward and inverse models were validated against measurements on artificial layer specimens consisting of metal films with different conductivities placed on a metallic substrate. The inversion determined the film conductivities which were found to agree with those measured using the direct current potential drop (DCPD) method

Validation of a Residual Stress Measurement Method by Swept High-Frequency Eddy Currents

Science.gov (United States)

Lee, C.; Shen, Y.; Lo, C. C. H.; Nakagawa, N.

2007-03-01

This paper reports on a swept high-frequency eddy current (SHFEC) measurement method developed for electromagnetic nondestructive characterization of residual stresses in shot peened aerospace materials. In this approach, we regard shot-peened surfaces as modified surface layers of varying conductivity, and determine the conductivity deviation profile by inversion of the SHFEC data. The SHFEC measurement system consists of a pair of closely matched printed-circuit-board coils driven by laboratory instrument under software control. This provides improved sensitivity and high frequency performance compared to conventional coils, so that swept frequency EC measurements up to 50 MHz can be made to achieve the smallest skin depth of 80 μm for nickel-based superalloys. We devised a conductivity profile inversion procedure based on the laterally uniform multi-layer theory of Cheng, Dodd and Deeds. The main contribution of this paper is the methodology validation. Namely, the forward and inverse models were validated against measurements on artificial layer specimens consisting of metal films with different conductivities placed on a metallic substrate. The inversion determined the film conductivities which were found to agree with those measured using the direct current potential drop (DCPD) method.

Privacy vs security

CERN Document Server

Stalla-Bourdillon, Sophie; Ryan, Mark D

2014-01-01

Securing privacy in the current environment is one of the great challenges of today's democracies. Privacy vs. Security explores the issues of privacy and security and their complicated interplay, from a legal and a technical point of view. Sophie Stalla-Bourdillon provides a thorough account of the legal underpinnings of the European approach to privacy and examines their implementation through privacy, data protection and data retention laws. Joshua Philips and Mark D. Ryan focus on the technological aspects of privacy, in particular, on today's attacks on privacy by the simple use of today'

FlySec: a risk-based airport security management system based on security as a service concept

Science.gov (United States)

Kyriazanos, Dimitris M.; Segou, Olga E.; Zalonis, Andreas; Thomopoulos, Stelios C. A.

2016-05-01

Complementing the ACI/IATA efforts, the FLYSEC European H2020 Research and Innovation project (http://www.fly-sec.eu/) aims to develop and demonstrate an innovative, integrated and end-to-end airport security process for passengers, enabling a guided and streamlined procedure from the landside to airside and into the boarding gates, and offering for an operationally validated innovative concept for end-to-end aviation security. FLYSEC ambition turns through a well-structured work plan into: (i) innovative processes facilitating risk-based screening; (ii) deployment and integration of new technologies and repurposing existing solutions towards a risk-based Security paradigm shift; (iii) improvement of passenger facilitation and customer service, bringing security as a real service in the airport of tomorrow;(iv) achievement of measurable throughput improvement and a whole new level of Quality of Service; and (v) validation of the results through advanced "in-vitro" simulation and "in-vivo" pilots. On the technical side, FLYSEC achieves its ambitious goals by integrating new technologies on video surveillance, intelligent remote image processing and biometrics combined with big data analysis, open-source intelligence and crowdsourcing. Repurposing existing technologies is also in the FLYSEC objectives, such as mobile application technologies for improved passenger experience and positive boarding applications (i.e. services to facilitate boarding and landside/airside way finding) as well as RFID for carry-on luggage tracking and quick unattended luggage handling. In this paper, the authors will describe the risk based airport security management system which powers FLYSEC intelligence and serves as the backend on top of which FLYSEC's front end technologies reside for security services management, behaviour and risk analysis.

Cloud Computing Security: A Survey

Directory of Open Access Journals (Sweden)

Issa M. Khalil

2014-02-01

Full Text Available Cloud computing is an emerging technology paradigm that migrates current technological and computing concepts into utility-like solutions similar to electricity and water systems. Clouds bring out a wide range of benefits including configurable computing resources, economic savings, and service flexibility. However, security and privacy concerns are shown to be the primary obstacles to a wide adoption of clouds. The new concepts that clouds introduce, such as multi-tenancy, resource sharing and outsourcing, create new challenges to the security community. Addressing these challenges requires, in addition to the ability to cultivate and tune the security measures developed for traditional computing systems, proposing new security policies, models, and protocols to address the unique cloud security challenges. In this work, we provide a comprehensive study of cloud computing security and privacy concerns. We identify cloud vulnerabilities, classify known security threats and attacks, and present the state-of-the-art practices to control the vulnerabilities, neutralize the threats, and calibrate the attacks. Additionally, we investigate and identify the limitations of the current solutions and provide insights of the future security perspectives. Finally, we provide a cloud security framework in which we present the various lines of defense and identify the dependency levels among them. We identify 28 cloud security threats which we classify into five categories. We also present nine general cloud attacks along with various attack incidents, and provide effectiveness analysis of the proposed countermeasures.

NS [Nuclear Safety] update. Current safety and security activities and developments taking place in the Department of Nuclear Safety and Security, Issue no. 8, September 2008

International Nuclear Information System (INIS)

2008-09-01

The current issue presents information about the following activities: 1) International Workshops on Denial of Shipments raise awareness of suppliers, recipients, regulators, carriers/consignors and international organizations of the problems relating to denials of radioactive shipments to determine effective measures to prevent or reduce the instances of shipment denials and delays. 2) Communication and knowledge Management in the Department of Nuclear Safety and Security (NS). 3) Nuclear Security at the Beijing Olympics - an excellent example of the IAEA's work in protecting large scale public events. 4) The Incident and Emergency Centre's Participation in the ConvEx 3 Exercise, 9-10 July 2008, which took place at the Laguna Verde nuclear power plant in Mexico. During the 43 hour long exercise, the Incident and Emergency Centre (IEC) was fully activated. Staff members participating in the exercise represented different departments within the IAEA and the diversity of their knowledge and experience ensured an effective response

On the Statistical Validation of Technical Analysis

Directory of Open Access Journals (Sweden)

Rosane Riera Freire

2007-06-01

Full Text Available Technical analysis, or charting, aims on visually identifying geometrical patterns in price charts in order to antecipate price "trends". In this paper we revisit the issue of thecnical analysis validation which has been tackled in the literature without taking care for (i the presence of heterogeneity and (ii statistical dependence in the analyzed data - various agglutinated return time series from distinct financial securities. The main purpose here is to address the first cited problem by suggesting a validation methodology that also "homogenizes" the securities according to the finite dimensional probability distribution of their return series. The general steps go through the identification of the stochastic processes for the securities returns, the clustering of similar securities and, finally, the identification of presence, or absence, of informatinal content obtained from those price patterns. We illustrate the proposed methodology with a real data exercise including several securities of the global market. Our investigation shows that there is a statistically significant informational content in two out of three common patterns usually found through technical analysis, namely: triangle, rectangle and head and shoulders.

Human Factors in Coast Guard Computer Security - An Analysis of Current Awareness and Potential Techniques to Improve Security Program Viability

National Research Council Canada - National Science Library

Whalen, Timothy

2001-01-01

.... As such, our ability to ensure the security of those systems is also increasing in import. Traditional information security measures tend to be system-oriented and often fail to address the human element that is critical to system success...

Securing the Global Airspace System Via Identity-Based Security

Science.gov (United States)

Ivancic, William D.

2015-01-01

Current telecommunications systems have very good security architectures that include authentication and authorization as well as accounting. These three features enable an edge system to obtain access into a radio communication network, request specific Quality-of-Service (QoS) requirements and ensure proper billing for service. Furthermore, the links are secure. Widely used telecommunication technologies are Long Term Evolution (LTE) and Worldwide Interoperability for Microwave Access (WiMAX) This paper provides a system-level view of network-centric operations for the global airspace system and the problems and issues with deploying new technologies into the system. The paper then focuses on applying the basic security architectures of commercial telecommunication systems and deployment of federated Authentication, Authorization and Accounting systems to provide a scalable, evolvable reliable and maintainable solution to enable a globally deployable identity-based secure airspace system.

Insulator Contamination Forecasting Based on Fractal Analysis of Leakage Current

Directory of Open Access Journals (Sweden)

Bing Luo

2012-07-01

Full Text Available In this paper, an artificial pollution test is carried out to study the leakage current of porcelain insulators. Fractal theory is adopted to extract the characteristics hidden in leakage current waveforms. Fractal dimensions of the leakage current for the security, forecast and danger zones are analyzed under four types of degrees of contamination. The mean value and the standard deviation of the fractal dimension in the forecast zone are calculated to characterize the differences. The analysis reveals large differences in the fractal dimension of leakage current under different contamination discharge stages and degrees. The experimental and calculation results suggest that the fractal dimension of a leakage current waveform can be used as a new indicator of the discharge process and contamination degree of insulators. The results provide new methods and valid indicators for forecasting contamination flashovers.

Cyber Security Awareness and Its Impact on Employee’s Behavior

OpenAIRE

Li, Ling; Xu, Li; He, Wu; Chen, Yong; Chen, Hong

2016-01-01

Part 3: Security and Privacy Issues; International audience; This paper proposes a model that extends the Protection Motivation Theory to validate the relationships among peer behavior, cue to action, and employees’ action experience of cyber security, threat perception, response perception, and employee’s cyber security behavior. The findings of the study suggest that the influence from peer behavior and employees action experience of cyber security is an important factor for improving cyber...

Student Experiential Opportunities in National Security Careers

Energy Technology Data Exchange (ETDEWEB)

None, None

2007-12-31

This report documents student experiential opportunities in national security careers as part of the National Security Preparedness Project (NSPP), being performed under a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This report includes a brief description of how experiential opportunities assist students in the selection of a career and a list of opportunities in the private sector and government. The purpose of the NSPP is to promote national security technologies through business incubation, technology demonstration and validation, and workforce development. Workforce development activities will facilitate the hiring of students to work with professionals in both the private and public sectors, as well as assist in preparing a workforce for careers in national security. The goal of workforce development under the NSPP grant is to assess workforce needs in national security and implement strategies to develop the appropriate workforce.

Breaking the cyber-security dilemma: aligning security needs and removing vulnerabilities.

Science.gov (United States)

Dunn Cavelty, Myriam

2014-09-01

Current approaches to cyber-security are not working. Rather than producing more security, we seem to be facing less and less. The reason for this is a multi-dimensional and multi-faceted security dilemma that extends beyond the state and its interaction with other states. It will be shown how the focus on the state and "its" security crowds out consideration for the security of the individual citizen, with detrimental effects on the security of the whole system. The threat arising from cyberspace to (national) security is presented as possible disruption to a specific way of life, one building on information technologies and critical functions of infrastructures, with relatively little consideration for humans directly. This non-focus on people makes it easier for state actors to militarize cyber-security and (re-)assert their power in cyberspace, thereby overriding the different security needs of human beings in that space. Paradoxically, the use of cyberspace as a tool for national security, both in the dimension of war fighting and the dimension of mass-surveillance, has detrimental effects on the level of cyber-security globally. A solution out of this dilemma is a cyber-security policy that is decidedly anti-vulnerability and at the same time based on strong considerations for privacy and data protection. Such a security would have to be informed by an ethics of the infosphere that is based on the dignity of information related to human beings.

Ontario Hydro looks at security

International Nuclear Information System (INIS)

Green, B.J.; Kee, B.

1995-01-01

Ontario Hydro operates 20 CANDU reactors on three different sites. Since 1984, a review of security arrangements on all the sites has taken place on a five-yearly basis. The review process for 1995 is outlined. The three objectives were as follows: to assess current security threats and risks to the stations; to assess the adequacy of the existing programme to protect against current threats; by comparing the security programme against those of comparable entities to establish benchmarks for good practice as a basis for improvements at Ontario Hydro. Valuable insights gained through the review are listed. These could be useful to other utilities. (UK)

Deterministic secure communication protocol without using entanglement

OpenAIRE

Cai, Qing-yu

2003-01-01

We show a deterministic secure direct communication protocol using single qubit in mixed state. The security of this protocol is based on the security proof of BB84 protocol. It can be realized with current technologies.

Distributed security framework for modern workforce

Energy Technology Data Exchange (ETDEWEB)

Balatsky, G.; Scherer, C. P., E-mail: gbalatsky@lanl.gov, E-mail: scherer@lanl.gov [Los Alamos National Laboratory, Los Alamos, NM (United States)

2014-07-01

Safe and sustainable nuclear power production depends on strict adherence to nuclear security as a necessary prerequisite for nuclear power. This paper considers the current challenges for nuclear security, and proposes a conceptual framework to address those challenges. We identify several emerging factors that affect nuclear security: 1. Relatively high turnover rates in the nuclear workforce compared to the earlier years of the nuclear industry, when nuclear workers were more likely to have secure employment, a lifelong career at one company, and retirement on a pension plan. 2. Vulnerabilities stemming from the ubiquitous presence of modern electronics and their patterns of use by the younger workforce. 3. Modern management practices, including outsourcing and short-term contracting (which relates to number 1 above). In such a dynamic and complex environment, nuclear security personnel alone cannot effectively guarantee adequate security. We propose that one solution to this emerging situation is a distributed security model in which the components of nuclear security become the responsibility of each and every worker at a nuclear facility. To implement this model, there needs to be a refurbishment of current workforce training and mentoring practices. The paper will present an example of distributed security framework model, and how it may look in practice. (author)

Distributed security framework for modern workforce

International Nuclear Information System (INIS)

Balatsky, G.; Scherer, C. P.

2014-01-01

Safe and sustainable nuclear power production depends on strict adherence to nuclear security as a necessary prerequisite for nuclear power. This paper considers the current challenges for nuclear security, and proposes a conceptual framework to address those challenges. We identify several emerging factors that affect nuclear security: 1. Relatively high turnover rates in the nuclear workforce compared to the earlier years of the nuclear industry, when nuclear workers were more likely to have secure employment, a lifelong career at one company, and retirement on a pension plan. 2. Vulnerabilities stemming from the ubiquitous presence of modern electronics and their patterns of use by the younger workforce. 3. Modern management practices, including outsourcing and short-term contracting (which relates to number 1 above). In such a dynamic and complex environment, nuclear security personnel alone cannot effectively guarantee adequate security. We propose that one solution to this emerging situation is a distributed security model in which the components of nuclear security become the responsibility of each and every worker at a nuclear facility. To implement this model, there needs to be a refurbishment of current workforce training and mentoring practices. The paper will present an example of distributed security framework model, and how it may look in practice. (author)

Masters in Nuclear Security

International Nuclear Information System (INIS)

Rickwood, Peter

2013-01-01

Continuing global efforts to improve the security of nuclear and other radioactive material against the threat of malicious acts are being assisted by a new initiative, the development of a corps of professional experts to strengthen nuclear security. The IAEA, the European Commission, universities, research institutions and other bodies working in collaboration have established an International Nuclear Security Education Network (INSEN). In 2011, six European academic institutions, the Vienna University of Technology, the Brandenburg University of Applied Sciences, the Demokritos National Centre for Scientific Research in Greece, the Reactor Institute Delft of the Delft University of Technology in the Netherlands, the University of Oslo, and the University of Manchester Dalton Nuclear Institute, started developing a European Master of Science Programme in Nuclear Security Management. In March 2013, the masters project was inaugurated when ten students commenced studies at the Brandenburg University of Applied Sciences in Germany for two weeks. In April, they moved to the Delft University of Technology in the Netherlands for a further two weeks of studies. The pilot programme consists of six teaching sessions in different academic institutions. At the inauguration in Delft, IAEA Director General Yukiya Amano commended this effort to train a new generation of experts who can help to improve global nuclear security. ''It is clear that we will need a new generation of policy-makers and nuclear professionals - people like you - who will have a proper understanding of the importance of nuclear security,'' Mr. Amano told students and faculty members. ''The IAEA's goal is to support the development of such programmes on a global basis,'' said David Lambert, Senior Training Officer in the IAEA's Office of Nuclear Security. ''An existing postgraduate degree programme focused on nuclear security at Naif Arab University for Security Sciences (NAUSS) is currently supported by

Routing architecture and security for airborne networks

Science.gov (United States)

Deng, Hongmei; Xie, Peng; Li, Jason; Xu, Roger; Levy, Renato

2009-05-01

Airborne networks are envisioned to provide interconnectivity for terrestial and space networks by interconnecting highly mobile airborne platforms. A number of military applications are expected to be used by the operator, and all these applications require proper routing security support to establish correct route between communicating platforms in a timely manner. As airborne networks somewhat different from traditional wired and wireless networks (e.g., Internet, LAN, WLAN, MANET, etc), security aspects valid in these networks are not fully applicable to airborne networks. Designing an efficient security scheme to protect airborne networks is confronted with new requirements. In this paper, we first identify a candidate routing architecture, which works as an underlying structure for our proposed security scheme. And then we investigate the vulnerabilities and attack models against routing protocols in airborne networks. Based on these studies, we propose an integrated security solution to address routing security issues in airborne networks.

Fit for purpose? Validation of a conceptual framework for personal recovery with current mental health consumers.

Science.gov (United States)

Bird, Victoria; Leamy, Mary; Tew, Jerry; Le Boutillier, Clair; Williams, Julie; Slade, Mike

2014-07-01

Mental health services in the UK, Australia and other Anglophone countries have moved towards supporting personal recovery as a primary orientation. To provide an empirically grounded foundation to identify and evaluate recovery-oriented interventions, we previously published a conceptual framework of personal recovery based on a systematic review and narrative synthesis of existing models. Our objective was to test the validity and relevance of this framework for people currently using mental health services. Seven focus groups were conducted with 48 current mental health consumers in three NHS trusts across England, as part of the REFOCUS Trial. Consumers were asked about the meaning and their experience of personal recovery. Deductive and inductive thematic analysis applying a constant comparison approach was used to analyse the data. The analysis aimed to explore the validity of the categories within the conceptual framework, and to highlight any areas of difference between the conceptual framework and the themes generated from new data collected from the focus groups. Both the inductive and deductive analysis broadly validated the conceptual framework, with the super-ordinate categories Connectedness, Hope and optimism, Identity, Meaning and purpose, and Empowerment (CHIME) evident in the analysis. Three areas of difference were, however, apparent in the inductive analysis. These included practical support; a greater emphasis on issues around diagnosis and medication; and scepticism surrounding recovery. This study suggests that the conceptual framework of personal recovery provides a defensible theoretical base for clinical and research purposes which is valid for use with current consumers. However, the three areas of difference further stress the individual nature of recovery and the need for an understanding of the population and context under investigation. © The Royal Australian and New Zealand College of Psychiatrists 2014.

Indirection and computer security.

Energy Technology Data Exchange (ETDEWEB)

Berg, Michael J.

2011-09-01

The discipline of computer science is built on indirection. David Wheeler famously said, 'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. We propose that every computer security vulnerability is yet another problem created by the indirections in system designs and that focusing on the indirections involved is a better way to design, evaluate, and compare security solutions. We are not proposing that indirection be avoided when solving problems, but that understanding the relationships between indirections and vulnerabilities is key to securing computer systems. Using this perspective, we analyze common vulnerabilities that plague our computer systems, consider the effectiveness of currently available security solutions, and propose several new security solutions.

The role of space in the security and defence policy of Turkey. A change in outlook: Security in space versus security from space

OpenAIRE

Ercan, C.; Kale, I.

2017-01-01

Space and security domains are strongly related with each other. Nowadays, space is an indispensable part of security and defence policy, and it is increasingly becoming a critical infrastructure for strategic Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR) systems. However, space is vulnerable itself to the new space threats. This study reviews the current and near future space role in Turkey's security and defence policy and aims to address...

Nuclear security. Improving correction of security deficiencies at DOE's weapons facilities

International Nuclear Information System (INIS)

Wells, James E.; Cannon, Doris E.; Fenzel, William F.; Lightner, Kenneth E. Jr.; Curtis, Lois J.; DuBois, Julia A.; Brown, Gail W.; Trujillo, Charles S.; Tumler, Pamela K.

1992-11-01

deficiencies have problems that limit the effectiveness of DOE's oversight. Also, DOE's review of contractors' plans to correct deficiencies is sometimes untimely, potentially resulting in prolonged security risks. Finally, some DOE field offices' validation of corrective actions was inadequate

Materialism and food security.

Science.gov (United States)

Allen, M W; Wilson, M

2005-12-01

The present studies examined if materialists have an elevated concern about food availability, presumably stemming from a general survival security motivation. Study 1 found that materialists set a greater life goal of food security, and reported more food insecurity during their childhood. Materialists reported less present-day food insecurity. Study 2 revealed that materialists stored/hoarded more food at home, and that obese persons endorsed materialism more than low/normal weight persons. Study 3 found that experimentally decreasing participants' feelings of survival security (via a mortality salience manipulation) led to greater endorsement of materialism, food security as goal, and using food for emotional comfort. The results imply that materialists overcame the food insecurity of their childhood by making food security a top life goal, but that materialists' current concerns about food security may not wholly stem from genuine threats to their food supply.

Security problem on arbitrated quantum signature schemes

International Nuclear Information System (INIS)

Choi, Jeong Woon; Chang, Ku-Young; Hong, Dowon

2011-01-01

Many arbitrated quantum signature schemes implemented with the help of a trusted third party have been developed up to now. In order to guarantee unconditional security, most of them take advantage of the optimal quantum one-time encryption based on Pauli operators. However, in this paper we point out that the previous schemes provide security only against a total break attack and show in fact that there exists an existential forgery attack that can validly modify the transmitted pair of message and signature. In addition, we also provide a simple method to recover security against the proposed attack.

Security problem on arbitrated quantum signature schemes

Energy Technology Data Exchange (ETDEWEB)

Choi, Jeong Woon [Emerging Technology R and D Center, SK Telecom, Kyunggi 463-784 (Korea, Republic of); Chang, Ku-Young; Hong, Dowon [Cryptography Research Team, Electronics and Telecommunications Research Institute, Daejeon 305-700 (Korea, Republic of)

2011-12-15

Many arbitrated quantum signature schemes implemented with the help of a trusted third party have been developed up to now. In order to guarantee unconditional security, most of them take advantage of the optimal quantum one-time encryption based on Pauli operators. However, in this paper we point out that the previous schemes provide security only against a total break attack and show in fact that there exists an existential forgery attack that can validly modify the transmitted pair of message and signature. In addition, we also provide a simple method to recover security against the proposed attack.

Towards Formal Validation of Trust and Security of the Internet of Services

DEFF Research Database (Denmark)

Carbone, Roberto; Minea, Marius; Mödersheim, Sebastian Alexander

2011-01-01

Service designers and developers, while striving to meet the requirements posed by application scenarios, have a hard time to assess the trust and security impact of an option, a minor change, a combination of functionalities, etc., due to the subtle and unforeseeable situations and behaviors...... techniques to efficiently tackle industrial-size problems. The formal verification of trust and security of the Internet of Services will significantly boost its development and public acceptance....

NS [Nuclear Safety] update. Current safety and security activities and developments taking place in the Department of Nuclear Safety and Security, Issue no. 15, February 2011

International Nuclear Information System (INIS)

2011-02-01

The current issue presents information about the following topics: Supporting radiation protection in medicine. Wano's pre-startup support. One stop for incident and emergency communications. Emergency preparedness in IAEA Member States. Sophisticated On-Site Nuclide Identification (RanidSONNI). Over land, sea and air: safe and secure transport of radioactive material. INES at 20: Success from simplicity. IAEA and Ibero-American Forum - strengthening ties. Highlights of the 54th IAEA General Conference, 20-24 September 2010. Highlights of the International conference on Challenges faced by TSOs. Department of Nuclear Safety programme highlights

Attachment Security Balances Perspectives: Effects of Security Priming on Highly Optimistic and Pessimistic Explanatory Styles.

Science.gov (United States)

Deng, Yanhe; Yan, Mengge; Chen, Henry; Sun, Xin; Zhang, Peng; Zeng, Xianglong; Liu, Xiangping; Lye, Yue

2016-01-01

Highly optimistic explanatory style (HOES) and highly pessimistic explanatory style (HPES) are two maladaptive ways to explain the world and may have roots in attachment insecurity. The current study aims to explore the effects of security priming - activating supportive representations of attachment security - on ameliorating these maladaptive explanatory styles. 57 participants with HOES and 57 participants with HPES were randomized into security priming and control conditions. Their scores of overall optimistic attribution were measured before and after priming. Security priming had a moderating effect: the security primed HOES group exhibited lower optimistic attribution, while the security primed HPES group evinced higher scores of optimistic attribution. Furthermore, the security primed HOES group attributed positive outcomes more externally, while the security primed HPES group attributed successful results more internally. The results support the application of security priming interventions on maladaptive explanatory styles. Its potential mechanism and directions for future study are also discussed.

Personal health record systems and their security protection.

Science.gov (United States)

Win, Khin Than; Susilo, Willy; Mu, Yi

2006-08-01

The objective of this study is to analyze the security protection of personal health record systems. To achieve this we have investigated different personal health record systems, their security functions, and security issues. We have noted that current security mechanisms are not adequate and we have proposed some security mechanisms to tackle these problems.

Factor structure of the Essen Climate Evaluation Schema measure of social climate in a UK medium-security setting.

Science.gov (United States)

Milsom, Sophia A; Freestone, Mark; Duller, Rachel; Bouman, Marisa; Taylor, Celia

2014-04-01

Social climate has an influence on a number of treatment-related factors, including service users' behaviour, staff morale and treatment outcomes. Reliable assessment of social climate is, therefore, beneficial within forensic mental health settings. The Essen Climate Evaluation Schema (EssenCES) has been validated in forensic mental health services in the UK and Germany. Preliminary normative data have been produced for UK high-security national health services and German medium-security and high-security services. We aim to validate the use of the EssenCES scale (English version) and provide preliminary normative data in UK medium-security hospital settings. The EssenCES scale was completed in a medium-security mental health service as part of a service-wide audit. A total of 89 patients and 112 staff completed the EssenCES. The three-factor structure of the EssenCES and its internal construct validity were maintained within the sample. Scores from this medium-security hospital sample were significantly higher than those from earlier high-security hospital data, with three exceptions--'patient cohesion' according to the patients and 'therapeutic hold' according to staff and patients. Our data support the use of the EssenCES scale as a valid measure for assessing social climate within medium-security hospital settings. Significant differences between the means of high-security and medium-security service samples imply that degree of security is a relevant factor affecting the ward climate and that in monitoring quality of secure services, it is likely to be important to apply different scores to reflect standards. Copyright © 2013 John Wiley & Sons, Ltd.

Measuring relational security in forensic mental health services.

Science.gov (United States)

Chester, Verity; Alexander, Regi T; Morgan, Wendy

2017-12-01

Aims and method Relational security is an important component of care and risk assessment in mental health services, but the utility of available measures remains under-researched. This study analysed the psychometric properties of two relational security tools, the See Think Act (STA) scale and the Relational Security Explorer (RSE). Results The STA scale had good internal consistency and could highlight differences between occupational groups, whereas the RSE did not perform well as a psychometric measure. Clinical implications The measures provide unique and complimentary perspectives on the quality of relational security within secure services, but have some limitations. Use of the RSE should be restricted to its intended purpose; to guide team discussions about relational security, and services should refrain from collecting and aggregating this data. Until further research validates their use, relational security measurement should be multidimensional and form part of a wider process of service quality assessment.

Measuring relational security in forensic mental health services

Science.gov (United States)

Chester, Verity; Alexander, Regi T.; Morgan, Wendy

2017-01-01

Aims and method Relational security is an important component of care and risk assessment in mental health services, but the utility of available measures remains under-researched. This study analysed the psychometric properties of two relational security tools, the See Think Act (STA) scale and the Relational Security Explorer (RSE). Results The STA scale had good internal consistency and could highlight differences between occupational groups, whereas the RSE did not perform well as a psychometric measure. Clinical implications The measures provide unique and complimentary perspectives on the quality of relational security within secure services, but have some limitations. Use of the RSE should be restricted to its intended purpose; to guide team discussions about relational security, and services should refrain from collecting and aggregating this data. Until further research validates their use, relational security measurement should be multidimensional and form part of a wider process of service quality assessment. PMID:29234515

Summary Report on Unconditionally Secure Protocols

DEFF Research Database (Denmark)

Damgård, Ivan Bjerre; Salvail, Louis; Cachin, Christian

This document describes the state of the art snd some of the main open problems in the area of unconditionally secure cryptographic protocols. The most essential part of a cryptographic protocol is not its being secure. Imagine a cryptographic protocol which is secure, but where we do not know...... that it is secure. Such a protocol would do little in providing security. When all comes to all, cryptographic security is done for the sake of people, and the essential part of security is for people what it has always been, namely to feel secure. To feel secure employing a given cryptographic protocol we need...... to know that is is secure. I.e. we need a proof that it is secure. Today the proof of security of essentially all practically employed cryptographic protocols relies on computational assumptions. To prove that currently employed ways to communicate securely over the Internet are secure we e.g. need...

Security Shift in Future Network Architectures

OpenAIRE

Hartog, T.; Schotanus, H.A.; Verkoelen, C.A.A.

2010-01-01

In current practice military communication infrastructures are deployed as stand-alone networked information systems. Network-Enabled Capabilities (NEC) and combined military operations lead to new requirements which current communication architectures cannot deliver. This paper informs IT architects, information architects and security specialists about the separation of network and information security, the consequences of this shift and our view on future communication infrastructures in d...

While working around security

DEFF Research Database (Denmark)

Mathiasen, Niels Raabjerg; Bødker, Susanne; Petersen, Marianne Graves

This paper describes our work at two levels. First of all the paper discusses how users of IT deal with issues of IT security in their everyday life. Secondly, we discuss how the kind of understanding of IT security that comes out of careful analyses of use confronts the ways in which usable...... IT security is established in the literature. Recent literature has called for better conceptual models as a starting point for improving IT security. In contrast to such models we propose to dress up designers by helping them better understand the work that goes into everyday security. The result...... is a methodological toolbox that helps address and design for usable and useful IT security. We deploy examples of analyses and design, carried out by ourselves and by others to fine-tune our design perspective; in particular we use examples from three current research projects....

Cross-cultural adaptation and validation of the Behcet's Disease Current Activity Form in Korea.

Science.gov (United States)

Choi, Hyo Jin; Seo, Mi Ryoung; Ryu, Hee Jung; Baek, Han Joo

2015-09-01

This study was undertaken to perform a cross-cultural adaptation of the Behcet's Disease Current Activity Form (BDCAF, version 2006) questionnaire to the Korean language and to evaluate its reliability and validity in a population of Korean patients with Behcet's disease (BD). A cross-cultural study was conducted among patients with BD who attended our rheumatology clinic between November 2012 and March 2013. There were 11 males and 35 females in the group. The mean age of the participants was 48.5 years and the mean disease duration was 6.4 years. The first BDCAF questionnaire was completed on arrival and the second assessment was performed 20 minutes later by a different physician. The test-retest reliability was analyzed by computing κ statistics. Kappa scores of > 0.6 indicated a good agreement. To assess the validity, we compared the total BDCAF score with the patient's/clinician's perception of disease activity and the Korean version of the Behcet's Disease Quality of Life (BDQOL). For the test-retest reliability, good agreements were achieved on items such as headache, oral/genital ulceration, erythema, skin pustules, arthralgia, nausea/vomiting/abdominal pain, and diarrhea with altered/frank blood per rectum. Moderate agreement was observed for eye and nervous system involvement. We achieved a fair agreement for arthritis and major vessel involvement. Significant correlations were obtained between the total BDCAF score with the BDQOL and the patient's/clinician's perception of disease activity p < 0.05). The Korean version of the BDCAF is a reliable and valid instrument for measuring current disease activity in Korean BD patients.

Threats to the National Economic Security of Ukraine at the Current Stage

Directory of Open Access Journals (Sweden)

Kuharskaya Natalia A.

2017-04-01

Full Text Available It is substantiated that the most important factor of the national economic security of the country is to match both the economic and the industrial relations systems to the economic development of the country. The article provides detailed consideration of the particularities of occurrence of threats to the national economic security of Ukraine by allocating seven major structural blocks, in which threats were not overcome during the years of independence, and some of them even became intensified: 1 institutional sphere; 2 social sphere; 3 financial sphere; 4 shadowing and corruptness of economy; 5 a high level of physical wear and tear of fixed assets and of the production infrastructure; 6 de-industrialization of economy; 7 innovative development. The main components of the national economic security, which would assist in overcoming these threats, have been developed.

Evaluation and field validation of Eddy-Current array probes for steam generator tube inspection

International Nuclear Information System (INIS)

Dodd, C.V.; Pate, J.R.

1996-07-01

The objective of the Improved Eddy-Current ISI for Steam Generator Tubing program is to upgrade and validate eddy-current inspections, including probes, instrumentation, and data processing techniques for inservice inspection of new, used, and repaired steam generator tubes; to improve defect detection, classification, and characterization as affected by diameter and thickness variations, denting, probe wobble, tube sheet, tube supports, copper and sludge deposits, even when defect types and other variables occur in combination; to transfer this advanced technology to NRC's mobile NDE laboratory and staff. This report describes the design of specialized high-speed 16-coil eddy-current array probes. Both pancake and reflection coils are considered. Test results from inspections using the probes in working steam generators are given. Computer programs developed for probe calculations are also supplied

Security and Network Operations [video

OpenAIRE

Myrick, Matthew

2012-01-01

Senior Security Engineer, Matthew Myrick discusses the current cyber threats that we are all facing, the five W's (who, what, when, where, and how) of cyber security, past and present cyber-attack trends, and ways you can help protect yourself and your enterprise from cyber-attack.

CryptosFS: Fast Cryptographic Secure NFS

OpenAIRE

O'Shanahan, Declan

2000-01-01

The issue of security in file-systems is as relevant today as when the first file system was developed. Current file system implementations rely heavily on centralised security mechanisms such as access control lists. The problem of security in file systems was made more complicated by the introduction of remote access to files. Storing information on a remote server has the potential to introduce additional security weaknesses into the file system model. The client, the commun...

Considerations on the selection and prioritization of information security solutions

Directory of Open Access Journals (Sweden)

Maria Cristina RĂDULESCU

2016-05-01

Full Text Available This paper provides a set of guidelines that can be used for prescribing a methodology or a detailed process for selecting and prioritizing security projects or solutions. It is based on the idea that costs of security solutions should be justified by their contribution to ensuring adequate protection of information resources in the organization which implements them. The article reviews general issues of security risks and costs, arguing the need for explicit consideration of information resources security requirements in order to validate decisions concerning security projects implementation. In such an approach, security requirements of information resources are used as a reference system to quantify the benefits and limitations of security solutions defined as alternative or complementary responses to certain security risks as their implementation faces budget constraints.

Draft secure medical database standard.

Science.gov (United States)

Pangalos, George

2002-01-01

Medical database security is a particularly important issue for all Healthcare establishments. Medical information systems are intended to support a wide range of pertinent health issues today, for example: assure the quality of care, support effective management of the health services institutions, monitor and contain the cost of care, implement technology into care without violating social values, ensure the equity and availability of care, preserve humanity despite the proliferation of technology etc.. In this context, medical database security aims primarily to support: high availability, accuracy and consistency of the stored data, the medical professional secrecy and confidentiality, and the protection of the privacy of the patient. These properties, though of technical nature, basically require that the system is actually helpful for medical care and not harmful to patients. These later properties require in turn not only that fundamental ethical principles are not violated by employing database systems, but instead, are effectively enforced by technical means. This document reviews the existing and emerging work on the security of medical database systems. It presents in detail the related problems and requirements related to medical database security. It addresses the problems of medical database security policies, secure design methodologies and implementation techniques. It also describes the current legal framework and regulatory requirements for medical database security. The issue of medical database security guidelines is also examined in detailed. The current national and international efforts in the area are studied. It also gives an overview of the research work in the area. The document also presents in detail the most complete to our knowledge set of security guidelines for the development and operation of medical database systems.

Current Methods for Evaluation of Physical Security System Effectiveness.

Science.gov (United States)

1981-05-01

nuclear fuel system installation in a - articular way. These entities are thereby identified as more or less significant targets for the security...These publications use non-standard definitions for some safe- guards terms, which is an unfortunate distraction . None of the publications we...when the participant reaches his objective. If this requires more than one time step, he may be distracted by changed circumstances before he completes

International Nuclear Security Education Network (INSEN) and the Nuclear Security Training and Support Centre (NSSC) Network

International Nuclear Information System (INIS)

Nikonov, Dmitriy

2013-01-01

International Nuclear Security Education Network established in 2010: A partnership between the IAEA and universities, research institutions and other stakeholders - •Promotion of nuclear security education; • Development of educational materials; • Professional development for faculty members; • Collaborative research and resource sharing. Currently over 90 members from 38 member states. Mission: to enhance global nuclear security by developing, sharing and promoting excellence in nuclear security education. Nuclear Security Support Centre: Primary objectives are: • Develop human resources through the implementation of a tailored training programme; • Develop a network of experts; • Provide technical support for lifecycle equipment management and scientific support for the detection of and the response to nuclear security events

THz and Security Applications

CERN Document Server

Sizov, Fedir; Detectors, Sources and Associated Electronics for THz Applications

2014-01-01

These proceedings comprise invited papers from highly experienced researchers in THz technology and security applications. THz detection of explosives represents one of the most appealing technologies to have recently emerged in dealing with terrorist attacks encountered by civil security and military forces throughout the world. Discussed are the most advanced technologies and developments, the various points of operational strength and weaknesses as well as are suggestions and predictions the best technological solutions to  overcome current operational limits.  The current status of various levels of cooling in THz detectors, sources and associated electronics are also addressed. The goal was to provide a clear view on the current technologies available and the required advances needed in order to achieve more efficient systems. This goal was outlined in part by establishing the baseline of current uncertainty estimations in physics-based modelling and the identification of key areas which require additi...

Who's (Still) Above the Social Security Payroll Tax Cap?

OpenAIRE

Nicole Woo; Janelle Jones; John Schmitt

2012-01-01

The Social Security payroll tax cap is the earnings level above which no further Social Security taxes are collected. The cap is currently at $110,100, though legislation has been introduced in Congress to apply the Social Security payroll tax to earnings above $250,000 (but not between the current cap and this level). This issue brief updates earlier work, finding that 5.8 percent of workers would be affected if the Social Security cap were eliminated entirely and 1.4 percent would be affect...

Security, Extremism and Education: Safeguarding or Surveillance?

Science.gov (United States)

Davies, Lynn

2016-01-01

This article analyses how education is positioned in the current concerns about security and extremism. This means firstly examining the different meanings of security (national, human and societal) and who provides security for whom. Initially, a central dilemma is acknowledged: that schooling appears to be simultaneously irrelevant to the huge…

Validation of Computer Models for Homeland Security Purposes

International Nuclear Information System (INIS)

Schweppe, John E.; Ely, James; Kouzes, Richard T.; McConn, Ronald J.; Pagh, Richard T.; Robinson, Sean M.; Siciliano, Edward R.; Borgardt, James D.; Bender, Sarah E.; Earnhart, Alison H.

2005-01-01

At Pacific Northwest National Laboratory, we are developing computer models of radiation portal monitors for screening vehicles and cargo. Detailed models of the radiation detection equipment, vehicles, cargo containers, cargos, and radioactive sources have been created. These are used to determine the optimal configuration of detectors and the best alarm algorithms for the detection of items of interest while minimizing nuisance alarms due to the presence of legitimate radioactive material in the commerce stream. Most of the modeling is done with the Monte Carlo code MCNP to describe the transport of gammas and neutrons from extended sources through large, irregularly shaped absorbers to large detectors. A fundamental prerequisite is the validation of the computational models against field measurements. We describe the first step of this validation process, the comparison of the models to measurements with bare static sources

Secure Enclaves: An Isolation-centric Approach for Creating Secure High Performance Computing Environments

Energy Technology Data Exchange (ETDEWEB)

Aderholdt, Ferrol [Tennessee Technological Univ., Cookeville, TN (United States); Caldwell, Blake A. [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Hicks, Susan Elaine [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Koch, Scott M. [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Naughton, III, Thomas J. [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Pelfrey, Daniel S. [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Pogge, James R [Tennessee Technological Univ., Cookeville, TN (United States); Scott, Stephen L [Tennessee Technological Univ., Cookeville, TN (United States); Shipman, Galen M. [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Sorrillo, Lawrence [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)

2017-01-01

High performance computing environments are often used for a wide variety of workloads ranging from simulation, data transformation and analysis, and complex workflows to name just a few. These systems may process data at various security levels but in so doing are often enclaved at the highest security posture. This approach places significant restrictions on the users of the system even when processing data at a lower security level and exposes data at higher levels of confidentiality to a much broader population than otherwise necessary. The traditional approach of isolation, while effective in establishing security enclaves poses significant challenges for the use of shared infrastructure in HPC environments. This report details current state-of-the-art in virtualization, reconfigurable network enclaving via Software Defined Networking (SDN), and storage architectures and bridging techniques for creating secure enclaves in HPC environments.

A case for avoiding security-enhanced HTTP tools to improve security for Web-based applications

Energy Technology Data Exchange (ETDEWEB)

Wood, B.

1996-03-01

This paper describes some of the general weaknesses of the current popular Hypertext Transmission Protocol (HTTP) security standards and products in an effort to show that these standards are not appealing for many applications. The author will then show how one can treat HTTP browsers and servers as untrusted elements in the network so that one can rely on other mechanisms to achieve better overall security than can be attained through today`s security-enhanced HTTP tools.

Reforming the South African social security adjudication system: innovative experiences from South African non-social security jurisdictions

OpenAIRE

Nyenti, MAT

2016-01-01

There is currently no uniform social security dispute resolution system in South Africa due to the piecemeal fashion in which schemes were established or protection against individual risks regulated. The result is that each statute provides for its own dispute resolution institution(s) and processes. There are also various gaps and challenges in the current social security dispute resolution systems, some of these relating to the uncoordinated and fragmented nature of the system; inaccessibi...

Secure Wireless Sensor Networks: Problems and Solutions

Directory of Open Access Journals (Sweden)

Fei Hu

2003-08-01

Full Text Available As sensor networks edge closer towards wide-spread deployment, security issues become a central concern. So far, the main research focus has been on making sensor networks feasible and useful, and less emphasis was placed on security. This paper analyzes security challenges in wireless sensor networks and summarizes key issues that should be solved for achieving the ad hoc security. It gives an overview of the current state of solutions on such key issues as secure routing, prevention of denial-of-service and key management service. We also present some secure methods to achieve security in wireless sensor networks. Finally we present our integrated approach to securing sensor networks.

CORBASec Used to Secure Distributed Aerospace Propulsion Simulations

Science.gov (United States)

Blaser, Tammy M.

2003-01-01

The NASA Glenn Research Center and its industry partners are developing a Common Object Request Broker (CORBA) Security (CORBASec) test bed to secure their distributed aerospace propulsion simulations. Glenn has been working with its aerospace propulsion industry partners to deploy the Numerical Propulsion System Simulation (NPSS) object-based technology. NPSS is a program focused on reducing the cost and time in developing aerospace propulsion engines. It was developed by Glenn and is being managed by the NASA Ames Research Center as the lead center reporting directly to NASA Headquarters' Aerospace Technology Enterprise. Glenn is an active domain member of the Object Management Group: an open membership, not-for-profit consortium that produces and manages computer industry specifications (i.e., CORBA) for interoperable enterprise applications. When NPSS is deployed, it will assemble a distributed aerospace propulsion simulation scenario from proprietary analytical CORBA servers and execute them with security afforded by the CORBASec implementation. The NPSS CORBASec test bed was initially developed with the TPBroker Security Service product (Hitachi Computer Products (America), Inc., Waltham, MA) using the Object Request Broker (ORB), which is based on the TPBroker Basic Object Adaptor, and using NPSS software across different firewall products. The test bed has been migrated to the Portable Object Adaptor architecture using the Hitachi Security Service product based on the VisiBroker 4.x ORB (Borland, Scotts Valley, CA) and on the Orbix 2000 ORB (Dublin, Ireland, with U.S. headquarters in Waltham, MA). Glenn, GE Aircraft Engines, and Pratt & Whitney Aircraft are the initial industry partners contributing to the NPSS CORBASec test bed. The test bed uses Security SecurID (RSA Security Inc., Bedford, MA) two-factor token-based authentication together with Hitachi Security Service digital-certificate-based authentication to validate the various NPSS users. The test

The IEA Model of Short-term Energy Security

Energy Technology Data Exchange (ETDEWEB)

NONE

2011-07-01

Ensuring energy security has been at the centre of the IEA mission since its inception, following the oil crises of the early 1970s. While the security of oil supplies remains important, contemporary energy security policies must address all energy sources and cover a comprehensive range of natural, economic and political risks that affect energy sources, infrastructures and services. In response to this challenge, the IEA is currently developing a Model Of Short-term Energy Security (MOSES) to evaluate the energy security risks and resilience capacities of its member countries. The current version of MOSES covers short-term security of supply for primary energy sources and secondary fuels among IEA countries. It also lays the foundation for analysis of vulnerabilities of electricity and end-use energy sectors. MOSES contains a novel approach to analysing energy security, which can be used to identify energy security priorities, as a starting point for national energy security assessments and to track the evolution of a country's energy security profile. By grouping together countries with similar 'energy security profiles', MOSES depicts the energy security landscape of IEA countries. By extending the MOSES methodology to electricity security and energy services in the future, the IEA aims to develop a comprehensive policy-relevant perspective on global energy security. This Working Paper is intended for readers who wish to explore the MOSES methodology in depth; there is also a brochure which provides an overview of the analysis and results.

48 CFR 352.239-72 - Security requirements for Federal information technology resources.

Science.gov (United States)

2010-10-01

..., Security Self-Assessment Guide for Information Technology Systems and FIPS 200, on an annual basis. (C) HHS... basis, the Contractor shall provide to the Contracting Officer verification that the IT-SP remains valid... Contracting Officer verification that the IT-SC&A remains valid. Evidence of a valid system accreditation...

Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

Energy Technology Data Exchange (ETDEWEB)

Hadley, Mark D.; Clements, Samuel L.

2009-01-01

Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets are considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.

Health Security and Risk Aversion.

Science.gov (United States)

Herington, Jonathan

2016-09-01

Health security has become a popular way of justifying efforts to control catastrophic threats to public health. Unfortunately, there has been little analysis of the concept of health security, nor the relationship between health security and other potential aims of public health policy. In this paper I develop an account of health security as an aversion to risky policy options. I explore three reasons for thinking risk avoidance is a distinctly worthwhile aim of public health policy: (i) that security is intrinsically valuable, (ii) that it is necessary for social planning and (iii) that it is an appropriate response to decision-making in contexts of very limited information. Striking the right balance between securing and maximizing population health thus requires a substantive, and hitherto unrecognized, value judgment. Finally, I critically evaluate the current health security agenda in light of this new account of the concept and its relationship to the other aims of public health policy. © 2016 John Wiley & Sons Ltd.

Social Security Funds Clamor for Reform

Institute of Scientific and Technical Information of China (English)

郑秉文

2008-01-01

This paper analyzed the institutional deficiencies inherent in China’s social security system based on a dissection of various social security fund violations. It holds that the unscientific design in social security system is the root cause for social security fund violations, which is reflected in low level of social security unification, irrational investment system and legislative loopholes etc. Currently, China’s social security funds are facing risks in management and in system; The key of risk control lies in the reforming of the overall framework of social security system through the following aspects: 1) readjust the unified account system structure to raise the level of unification; 2) reform funds investment system to boost ROI; 3) speeding up legislative to regulate the administrative costs and the behaviors of its entities.

Implementation Support of Security Design Patterns Using Test Templates

Directory of Open Access Journals (Sweden)

Masatoshi Yoshizawa

2016-06-01

Full Text Available Security patterns are intended to support software developers as the patterns encapsulate security expert knowledge. However, these patterns may be inappropriately applied because most developers are not security experts, leading to threats and vulnerabilities. Here we propose a support method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, consisting of an “aspect test template” to observe the internal processing and a “test case template”. Providing design information creates a test from the test template with a tool. Because our test template is reusable, it can easily perform a test to validate a security design pattern. In an experiment involving four students majoring in information sciences, we confirm that our method can realize an effective test, verify pattern applications, and support pattern implementation.

The study on network security based on software engineering

Science.gov (United States)

Jia, Shande; Ao, Qian

2012-04-01

Developing a SP is a sensitive task because the SP itself can lead to security weaknesses if it is not conform to the security properties. Hence, appropriate techniques are necessary to overcome such problems. These techniques must accompany the policy throughout its deployment phases. The main contribution of this paper is then, the proposition of three of these activities: validation, test and multi-SP conflict management. Our techniques are inspired by the well established techniques of the software engineering for which we have found some similarities with the security domain.

Securing social media in the enterprise

CERN Document Server

Dalziel, Henry

2015-01-01

Securing Social Media in the Enterprise is a concise overview of the security threats posed by the use of social media sites and apps in enterprise network environments. Social media sites and apps are now a ubiquitous presence within enterprise systems and networks, and are vulnerable to a wide range of digital systems attacks. This brief volume provides security professionals and network systems administrators a much-needed dive into the most current threats, detection techniques, and defenses for these attacks, and provides a roadmap for best practices to secure and manage social media wi

Analysis of operations and cyber security policies for a system of cooperating Flexible Alternating Current Transmission System (FACTS) devices.

Energy Technology Data Exchange (ETDEWEB)

Phillips, Laurence R.; Tejani, Bankim; Margulies, Jonathan; Hills, Jason L.; Richardson, Bryan T.; Baca, Micheal J.; Weiland, Laura

2005-12-01

Flexible Alternating Current Transmission Systems (FACTS) devices are installed on electric power transmission lines to stabilize and regulate power flow. Power lines protected by FACTS devices can increase power flow and better respond to contingencies. The University of Missouri Rolla (UMR) is currently working on a multi-year project to examine the potential use of multiple FACTS devices distributed over a large power system region in a cooperative arrangement in which the FACTS devices work together to optimize and stabilize the regional power system. The report describes operational and security challenges that need to be addressed to employ FACTS devices in this way and recommends references, processes, technologies, and policies to address these challenges.

Unconditionally secure commitment in position-based quantum cryptography.

Science.gov (United States)

Nadeem, Muhammad

2014-10-27

A new commitment scheme based on position-verification and non-local quantum correlations is presented here for the first time in literature. The only credential for unconditional security is the position of committer and non-local correlations generated; neither receiver has any pre-shared data with the committer nor does receiver require trusted and authenticated quantum/classical channels between him and the committer. In the proposed scheme, receiver trusts the commitment only if the scheme itself verifies position of the committer and validates her commitment through non-local quantum correlations in a single round. The position-based commitment scheme bounds committer to reveal valid commitment within allocated time and guarantees that the receiver will not be able to get information about commitment unless committer reveals. The scheme works for the commitment of both bits and qubits and is equally secure against committer/receiver as well as against any third party who may have interests in destroying the commitment. Our proposed scheme is unconditionally secure in general and evades Mayers and Lo-Chau attacks in particular.

Security careers skills, compensation, and career paths

CERN Document Server

Walker, Stephen W

2014-01-01

The third edition of Security Careers is the authoritative reference for current job descriptions and pay practices of security, compliance, ethics, environmental, health and safety occupations. The job descriptions and compensation ranges in this report are drawn from research from the Foushée Group, which has been conducting this research since 1980. Security Careers includes more than 75 job descriptions for security-related positions, which range from the entry-level security guard to the top global corporate executive. It also provides four years of compensation trend data to give a th

Data-Driven Security-Constrained OPF

DEFF Research Database (Denmark)

Thams, Florian; Halilbasic, Lejla; Pinson, Pierre

2017-01-01

considerations, while being less conservative than current approaches. Our approach can be scalable for large systems, accounts explicitly for power system security, and enables the electricity market to identify a cost-efficient dispatch avoiding redispatching actions. We demonstrate the performance of our......In this paper we unify electricity market operations with power system security considerations. Using data-driven techniques, we address both small signal stability and steady-state security, derive tractable decision rules in the form of line flow limits, and incorporate the resulting constraints...... in market clearing algorithms. Our goal is to minimize redispatching actions, and instead allow the market to determine the most cost-efficient dispatch while considering all security constraints. To maintain tractability of our approach we perform our security assessment offline, examining large datasets...

Lecture 13: Control System Cyber Security

CERN Multimedia

CERN. Geneva

2013-01-01

Today, the industralized world lives in symbiosis with control systems: it depends on power distribution, oil production, public transport, automatic production lines. While the convenience is at hand, still too many control systems are designed without any security in mind, lack basic security protections, and are not even robust enough to withstand basic attacks. The Stuxnet worm attacking Siemens PLCs in 2010 was another close call. Attackers currently enjoy hacking control systems, and aim to switch lights off. This presentation shall recap the current situation and outline why the presenter is still waiting for a change in paradigm. Stefan Lüders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Being initially developer of a common safety system used in all four experiments at the Large Hadron Collider, he gathered expertise in cyber-security issues of control systems. Consequently in 2004, he took over responsibilities in securing CERN's accelerator and...

National Security Technology Incubator Business Plan

Energy Technology Data Exchange (ETDEWEB)

None, None

2007-12-31

This document contains a business plan for the National Security Technology Incubator (NSTI), developed as part of the National Security Preparedness Project (NSPP) and performed under a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This business plan describes key features of the NSTI, including the vision and mission, organizational structure and staffing, services, evaluation criteria, marketing strategies, client processes, a budget, incubator evaluation criteria, and a development schedule. The purpose of the NSPP is to promote national security technologies through business incubation, technology demonstration and validation, and workforce development. The NSTI will focus on serving businesses with national security technology applications by nurturing them through critical stages of early development. The vision of the NSTI is to be a successful incubator of technologies and private enterprise that assist the NNSA in meeting new challenges in national safety, security, and protection of the homeland. The NSTI is operated and managed by the Arrowhead Center, responsible for leading the economic development mission of New Mexico State University (NMSU). The Arrowhead Center will recruit business with applications for national security technologies recruited for the NSTI program. The Arrowhead Center and its strategic partners will provide business incubation services, including hands-on mentoring in general business matters, marketing, proposal writing, management, accounting, and finance. Additionally, networking opportunities and technology development assistance will be provided.

Security Concerns and Countermeasures in Network Coding Based Communications Systems

DEFF Research Database (Denmark)

Talooki, Vahid; Bassoli, Riccardo; Roetter, Daniel Enrique Lucani

2015-01-01

key protocol types, namely, state-aware and stateless protocols, specifying the benefits and disadvantages of each one of them. We also present the key security assumptions of network coding (NC) systems as well as a detailed analysis of the security goals and threats, both passive and active......This survey paper shows the state of the art in security mechanisms, where a deep review of the current research and the status of this topic is carried out. We start by introducing network coding and its variety applications in enhancing current traditional networks. In particular, we analyze two....... This paper also presents a detailed taxonomy and a timeline of the different NC security mechanisms and schemes reported in the literature. Current proposed security mechanisms and schemes for NC in the literature are classified later. Finally a timeline of these mechanism and schemes is presented....

Secure quantum key distribution

Science.gov (United States)

Lo, Hoi-Kwong; Curty, Marcos; Tamaki, Kiyoshi

2014-08-01

Secure communication is crucial in the Internet Age, and quantum mechanics stands poised to revolutionize cryptography as we know it today. In this Review, we introduce the motivation and the current state of the art of research in quantum cryptography. In particular, we discuss the present security model together with its assumptions, strengths and weaknesses. After briefly introducing recent experimental progress and challenges, we survey the latest developments in quantum hacking and countermeasures against it.

Secure cloud computing

CERN Document Server

Jajodia, Sushil; Samarati, Pierangela; Singhal, Anoop; Swarup, Vipin; Wang, Cliff

2014-01-01

This book presents a range of cloud computing security challenges and promising solution paths. The first two chapters focus on practical considerations of cloud computing. In Chapter 1, Chandramouli, Iorga, and Chokani describe the evolution of cloud computing and the current state of practice, followed by the challenges of cryptographic key management in the cloud. In Chapter 2, Chen and Sion present a dollar cost model of cloud computing and explore the economic viability of cloud computing with and without security mechanisms involving cryptographic mechanisms. The next two chapters addres

Unconditionally Secure Quantum Signatures

Directory of Open Access Journals (Sweden)

Ryan Amiri

2015-08-01

Full Text Available Signature schemes, proposed in 1976 by Diffie and Hellman, have become ubiquitous across modern communications. They allow for the exchange of messages from one sender to multiple recipients, with the guarantees that messages cannot be forged or tampered with and that messages also can be forwarded from one recipient to another without compromising their validity. Signatures are different from, but no less important than encryption, which ensures the privacy of a message. Commonly used signature protocols—signatures based on the Rivest–Adleman–Shamir (RSA algorithm, the digital signature algorithm (DSA, and the elliptic curve digital signature algorithm (ECDSA—are only computationally secure, similar to public key encryption methods. In fact, since these rely on the difficulty of finding discrete logarithms or factoring large primes, it is known that they will become completely insecure with the emergence of quantum computers. We may therefore see a shift towards signature protocols that will remain secure even in a post-quantum world. Ideally, such schemes would provide unconditional or information-theoretic security. In this paper, we aim to provide an accessible and comprehensive review of existing unconditionally securesecure signature schemes for signing classical messages, with a focus on unconditionally secure quantum signature schemes.

Intra-site Secure Transport Vehicle test and evaluation

International Nuclear Information System (INIS)

Scott, S.

1995-01-01

In the past many DOE and DoD facilities involved in handling nuclear material realized a need to enhance the safely and security for movement of sensitive materials within their facility, or ''intra-site''. There have been prior efforts to improve on-site transportation; however, there remains a requirement for enhanced on-site transportation at a number of facilities. The requirements for on-site transportation are driven by security, safety, and operational concerns. The Intra-site Secure Transport Vehicle (ISTV) was designed to address these concerns specifically for DOE site applications with a standardized vehicle design. This paper briefly reviews the ISTV design features providing significant enhancement of onsite transportation safety and security, and also describes the test and evaluation activities either complete of underway to validate the vehicle design and operation

Nuclear energy technology transfer: the security barriers

International Nuclear Information System (INIS)

Rinne, R.L.

1975-08-01

The problems presented by security considerations to the transfer of nuclear energy technology are examined. In the case of fusion, the national security barrier associated with the laser and E-beam approaches is discussed; for fission, the international security requirements, due to the possibility of the theft or diversion of special nuclear materials or sabotage of nuclear facilities, are highlighted. The paper outlines the nuclear fuel cycle and terrorist threat, examples of security barriers, and the current approaches to transferring technology. (auth)

FORWARD: DESERTIFICATION IN THE MEDITERRANEAN REGION: A SECURITY ISSUE

Science.gov (United States)

The Workshop focused on two basic concepts: security and desertification and their linkages. Since the end of the Cold War, traditional security concepts based on national sovereignty and territorial security have increasingly been brought under review. Currently, a broader defin...

Household food security in Isfahan based on current population survey adapted questionnaire

Directory of Open Access Journals (Sweden)

Morteza Rafiei

2013-01-01

Full Text Available Background: Food security is a state in which all people at every time have physical and economic access to adequate food to obviate nutritional needs and live a healthy and active life. Therefore, this study was performed to quantitatively evaluate the household food security in Esfahan using the localized version of US Household Food Security Survey Module (US HFSSM. Methods: This descriptive cross-sectional study was performed in year 2006 on 3000 households of Esfahan. The study instrument used in this work is 18-item US food security module, which is developed into a localized 15-item questionnaire. This study is performed in two stages of families with no children (under 18 years old and families with children over 18 years old. Results: The results showed that item severity coefficient, ratio of responses given by households and item infit and outfit coefficient in adult′s and children′s questionnaire respectively. According to obtained data, scale score of +3 in adults group is described as determination limit of slight food insecurity and +6 is stated as the limit for severe food insecurity. For children′s group, scale score of +2 is defined to be the limit of slight food insecurity and +5 is the determination limit of severe food insecurity. Conclusions: The main hypothesis of this survey analysis is based on the raw scale score of USFSSM The item of "lack of enough money for buying food" (item 2 and the item of "lack of balanced meal" (3 rd item have the lowest severity coefficient. Then, the ascending rate of item severity continues in first item, 4 th item and keeps increasing into 10 th item.

Sensor data security level estimation scheme for wireless sensor networks.

Science.gov (United States)

Ramos, Alex; Filho, Raimir Holanda

2015-01-19

Due to their increasing dissemination, wireless sensor networks (WSNs) have become the target of more and more sophisticated attacks, even capable of circumventing both attack detection and prevention mechanisms. This may cause WSN users, who totally trust these security mechanisms, to think that a sensor reading is secure, even when an adversary has corrupted it. For that reason, a scheme capable of estimating the security level (SL) that these mechanisms provide to sensor data is needed, so that users can be aware of the actual security state of this data and can make better decisions on its use. However, existing security estimation schemes proposed for WSNs fully ignore detection mechanisms and analyze solely the security provided by prevention mechanisms. In this context, this work presents the sensor data security estimator (SDSE), a new comprehensive security estimation scheme for WSNs. SDSE is designed for estimating the sensor data security level based on security metrics that analyze both attack prevention and detection mechanisms. In order to validate our proposed scheme, we have carried out extensive simulations that show the high accuracy of SDSE estimates.

Analyzing security protocols in hierarchical networks

DEFF Research Database (Denmark)

Zhang, Ye; Nielson, Hanne Riis

2006-01-01

Validating security protocols is a well-known hard problem even in a simple setting of a single global network. But a real network often consists of, besides the public-accessed part, several sub-networks and thereby forms a hierarchical structure. In this paper we first present a process calculus...... capturing the characteristics of hierarchical networks and describe the behavior of protocols on such networks. We then develop a static analysis to automate the validation. Finally we demonstrate how the technique can benefit the protocol development and the design of network systems by presenting a series...

Peak misdetection in heart-beat-based security : Characterization and tolerance

NARCIS (Netherlands)

Seepers, Robert M; Strydis, Christos; Peris-Lopez, Pedro; Sourdis, Ioannis; De Zeeuw, Chris I

The Inter-Pulse-Interval (IPI) of heart beats has previously been suggested for security in mobile health (mHealth) applications. In IPI-based security, secure communication is facilitated through a security key derived from the time difference between heart beats. However, there currently exists no

Reforming the South African Social Security Adjudication System: Innovative Experiences from South African Non-Social Security Jurisdictions

Directory of Open Access Journals (Sweden)

Mathias Ashu Tako Nyenti

2016-08-01

Full Text Available There is currently no uniform social security dispute resolution system in South Africa due to the piecemeal fashion in which schemes were established or protection against individual risks regulated. The result is that each statute provides for its own dispute resolution institution(s and processes. There are also various gaps and challenges in the current social security dispute resolution systems, some of these relating to the uncoordinated and fragmented nature of the system; inaccessibility of some social security institutions; inappropriateness of some current appeal institutions; the lack of a systematic approach in establishing appeal institutions; a limited scope of jurisdiction and powers of adjudication institutions; inconsistencies in review and/or appeal provisions in various laws; an unavailability of alternative dispute resolution procedures; and an absence of institutional independence of adjudication institutions or forums. The system is therefore in need of reform. In developing an appropriate system, much can be learned from innovative experiences in comparative South African non-social security jurisdictions on the establishment of effective and efficient dispute resolution frameworks. Dispute resolution systems in the labour relations, business competition regulation and consumer protection jurisdictions have been established to realise the constitutional rights of their users (especially the rights of access to justice, to a fair trial and to just administrative action. They thus provide a benchmark for the development of the South African social security dispute resolution system.

Current state of commercial radiation detection equipment for homeland security applications

International Nuclear Information System (INIS)

Klann, R.T.; Shergur, J.; Mattesich, G.

2009-01-01

With the creation of the U.S. Department of Homeland Security (DHS) came the increased concern that terrorist groups would attempt to manufacture and use an improvised nuclear device or radiological dispersal device. As such, a primary mission of DHS is to protect the public against the use of these devices and to assist state and local responders in finding, locating, and identifying these types of devices and materials used to manufacture these devices. This assistance from DHS to state and local responders comes in the form of grant money to procure radiation detection equipment. In addition to this grant program, DHS has supported the development of American National Standards Institute standards for radiation detection equipment and has conducted testing of commercially available instruments. This paper identifies the types and kinds of commercially available equipment that can be used to detect and identify radiological material - for use in traditional search applications as well as primary and secondary screening of personnel, vehicles, and cargo containers. In doing so, key considerations for the conduct of operations are described as well as critical features of the instruments for specific applications. The current state of commercial instruments is described for different categories of detection equipment including personal radiation detectors, radioisotope identifiers, man-portable detection equipment, and radiation portal monitors. In addition, emerging technologies are also discussed, such as spectroscopic detectors and advanced spectroscopic portal monitors

Simplified Threshold RSA with Adaptive and Proactive Security

DEFF Research Database (Denmark)

Almansa Guerra, Jesus Fernando; Damgård, Ivan Bjerre; Nielsen, Jesper Buus

2006-01-01

We present the currently simplest, most efficient, optimally resilient, adaptively secure, and proactive threshold RSA scheme. A main technical contribution is a new rewinding strategy for analysing threshold signature schemes. This new rewinding strategy allows to prove adaptive security...... of a proactive threshold signature scheme which was previously assumed to be only statically secure. As a separate contribution we prove that our protocol is secure in the UC framework....

Algorithm Validation of the Current Profile Reconstruction of EAST Based on Polarimeter/Interferometer

International Nuclear Information System (INIS)

Qian Jinping; Ren Qilong; Wan Baonian; Liu Haiqin; Zeng Long; Luo Zhengping; Chen Dalong; Shi Tonghui; Sun Youwen; Shen Biao; Xiao Bingjia; Lao, L. L.; Hanada, K.

2015-01-01

The method of plasma current profile reconstruction using the polarimeter/interferometer (POINT) data from a simulated equilibrium is explored and validated. It is shown that the safety factor (q) profile can be generally reconstructed from the external magnetic and POINT data. The reconstructed q profile is found to reasonably agree with the initial equilibriums. Comparisons of reconstructed q and density profiles using the magnetic data and the POINT data with 3%, 5% and 10% random errors are investigated. The result shows that the POINT data could be used to a reasonably accurate determination of the q profile. (fusion engineering)

Cross-cultural adaptation and validation of the Behcet’s Disease Current Activity Form in Korea

Science.gov (United States)

Choi, Hyo Jin; Seo, Mi Ryoung; Ryu, Hee Jung; Baek, Han Joo

2015-01-01

Background/Aims: This study was undertaken to perform a cross-cultural adaptation of the Behcet’s Disease Current Activity Form (BDCAF, version 2006) questionnaire to the Korean language and to evaluate its reliability and validity in a population of Korean patients with Behcet’s disease (BD). Methods: A cross-cultural study was conducted among patients with BD who attended our rheumatology clinic between November 2012 and March 2013. There were 11 males and 35 females in the group. The mean age of the participants was 48.5 years and the mean disease duration was 6.4 years. The first BDCAF questionnaire was completed on arrival and the second assessment was performed 20 minutes later by a different physician. The test-retest reliability was analyzed by computing κ statistics. Kappa scores of > 0.6 indicated a good agreement. To assess the validity, we compared the total BDCAF score with the patient’s/clinician’s perception of disease activity and the Korean version of the Behcet’s Disease Quality of Life (BDQOL). Results: For the test-retest reliability, good agreements were achieved on items such as headache, oral/genital ulceration, erythema, skin pustules, arthralgia, nausea/vomiting/abdominal pain, and diarrhea with altered/frank blood per rectum. Moderate agreement was observed for eye and nervous system involvement. We achieved a fair agreement for arthritis and major vessel involvement. Significant correlations were obtained between the total BDCAF score with the BDQOL and the patient’s/clinician’s perception of disease activity p < 0.05). Conclusions: The Korean version of the BDCAF is a reliable and valid instrument for measuring current disease activity in Korean BD patients. PMID:26354066

How Secure Is Your Radiology Department? Mapping Digital Radiology Adoption and Security Worldwide.

Science.gov (United States)

Stites, Mark; Pianykh, Oleg S

2016-04-01

Despite the long history of digital radiology, one of its most critical aspects--information security--still remains extremely underdeveloped and poorly standardized. To study the current state of radiology security, we explored the worldwide security of medical image archives. Using the DICOM data-transmitting standard, we implemented a highly parallel application to scan the entire World Wide Web of networked computers and devices, locating open and unprotected radiology servers. We used only legal and radiology-compliant tools. Our security-probing application initiated a standard DICOM handshake to remote computer or device addresses, and then assessed their security posture on the basis of handshake replies. The scan discovered a total of 2774 unprotected radiology or DICOM servers worldwide. Of those, 719 were fully open to patient data communications. Geolocation was used to analyze and rank our findings according to country utilization. As a result, we built maps and world ranking of clinical security, suggesting that even the most radiology-advanced countries have hospitals with serious security gaps. Despite more than two decades of active development and implementation, our radiology data still remains insecure. The results provided should be applied to raise awareness and begin an earnest dialogue toward elimination of the problem. The application we designed and the novel scanning approach we developed can be used to identify security breaches and to eliminate them before they are compromised.

Tele-Lab IT-Security: an Architecture for an online virtual IT Security Lab

Directory of Open Access Journals (Sweden)

Christoph Meinel

2008-05-01

Full Text Available Recently, Awareness Creation in terms of IT security has become a big thing – not only for enterprises. Campaigns for pupils try to highlight the importance of IT security even in the user’s early years. Common practices in security education – as seen in computer science courses at universities – mainly consist of literature and lecturing. In the best case, the teaching facility offers practical courses in a dedicated isolated computer lab. Additionally, there are some more or less interactive e-learning applications around. Most existing offers can do nothing more than impart theoretical knowledge or basic information. They all lack of possibilities to provide practical experience with security software or even hacker tools in a realistic environment. The only exceptions are the expensive and hard-to-maintain dedicated computer security labs. Those can only be provided by very few organizations. Tele-Lab IT-Security was designed to offer hands-on experience exercises in IT security without the need of additional hardware or maintenance expenses. The existing implementation of Tele-Lab even provides access to the learning environment over the Internet – and thus can be used anytime and anywhere. The present paper describes the extended architecture on which the current version of the Tele-Lab server is built.

Fisk-based criteria to support validation of detection methods for drinking water and air.

Energy Technology Data Exchange (ETDEWEB)

MacDonell, M.; Bhattacharyya, M.; Finster, M.; Williams, M.; Picel, K.; Chang, Y.-S.; Peterson, J.; Adeshina, F.; Sonich-Mullin, C.; Environmental Science Division; EPA

2009-02-18

This report was prepared to support the validation of analytical methods for threat contaminants under the U.S. Environmental Protection Agency (EPA) National Homeland Security Research Center (NHSRC) program. It is designed to serve as a resource for certain applications of benchmark and fate information for homeland security threat contaminants. The report identifies risk-based criteria from existing health benchmarks for drinking water and air for potential use as validation targets. The focus is on benchmarks for chronic public exposures. The priority sources are standard EPA concentration limits for drinking water and air, along with oral and inhalation toxicity values. Many contaminants identified as homeland security threats to drinking water or air would convert to other chemicals within minutes to hours of being released. For this reason, a fate analysis has been performed to identify potential transformation products and removal half-lives in air and water so appropriate forms can be targeted for detection over time. The risk-based criteria presented in this report to frame method validation are expected to be lower than actual operational targets based on realistic exposures following a release. Note that many target criteria provided in this report are taken from available benchmarks without assessing the underlying toxicological details. That is, although the relevance of the chemical form and analogues are evaluated, the toxicological interpretations and extrapolations conducted by the authoring organizations are not. It is also important to emphasize that such targets in the current analysis are not health-based advisory levels to guide homeland security responses. This integrated evaluation of chronic public benchmarks and contaminant fate has identified more than 200 risk-based criteria as method validation targets across numerous contaminants and fate products in drinking water and air combined. The gap in directly applicable values is

Secure authentication of classical messages with single photons

International Nuclear Information System (INIS)

Tian-Yin, Wang; Qiao-Yan, Wen; Fu-Chen, Zhu

2009-01-01

This paper proposes a scheme for secure authentication of classical messages with single photons and a hashed function. The security analysis of this scheme is also given, which shows that anyone cannot forge valid message authentication codes (MACs). In addition, the lengths of the authentication key and the MACs are invariable and shorter, in comparison with those presented authentication schemes. Moreover, quantum data storage and entanglement are not required in this scheme. Therefore, this scheme is more efficient and economical. (general)

Evaluating pay-as-you-go social security systems

OpenAIRE

Bachmann, Andreas; Wüthrich, Kaspar

2013-01-01

This paper proposes a new method for welfare analysis of unfunded social security systems. Based on an overlapping generations model with endogenous labor supply, we derive a formula for the evaluation of existing pay-as-you-go social security systems that depends on impulse response functions and projected growth rates only. We propose an implementation strategy based on reduced form estimates of a VAR model that is valid under weak assumptions about the deep structure of the model. Our meth...

SCPR: Secure Crowdsourcing-Based Parking Reservation System

Directory of Open Access Journals (Sweden)

Changsheng Wan

2017-01-01

Full Text Available The crowdsourcing-based parking reservation system is a new computing paradigm, where private owners can rent their parking spots out. Security is the main concern for parking reservation systems. However, current schemes cannot provide user privacy protection for drivers and have no key agreement functions, resulting in a lot of security problems. Moreover, current schemes are typically based on the time-consuming bilinear pairing and not suitable for real-time applications. To solve these security and efficiency problems, we present a novel security protocol with user privacy called SCPR. Similar to protocols of this field, SCPR can authenticate drivers involved in the parking reservation system. However, different from other well-known approaches, SCPR uses pseudonyms instead of real identities for providing user privacy protection for drivers and designs a novel pseudonym-based key agreement protocol. Finally, to reduce the time cost, SCPR designs several novel cryptographic algorithms based on the algebraic signature technique. By doing so, SCPR can satisfy a number of security requirements and enjoy high efficiency. Experimental results show SCPR is feasible for real world applications.

Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations

OpenAIRE

Brubaker, Chad; Jana, Suman; Ray, Baishakhi; Khurshid, Sarfraz; Shmatikov, Vitaly

2014-01-01

Modern network security rests on the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. Distributed systems, mobile and desktop applications, embedded devices, and all of secure Web rely on SSL/TLS for protection against network attacks. This protection critically depends on whether SSL/TLS clients correctly validate X.509 certificates presented by servers during the SSL/TLS handshake protocol.

NS [Nuclear Safety] update. Current safety and security activities and developments taking place in the Department of Nuclear Safety and Security, Issue no. 9, December 2008

International Nuclear Information System (INIS)

2008-12-01

The current issue presents information about the following activities: 1) IRRS Lessons Learned Workshop held on 3-5 November 2008, Seville. The main purpose of the workshop was to provide information to interested Member States regarding the IRRS, to discuss their experiences and lessons learned from the regulatory review conducted at the CSN and to explore further improvements in the planning and implementation of the IRRS, including the establishment of a network of experts from regulatory authorities. 2) Highlights of the 52 General Conference. 3) The 2008 IAEA General Conference welcomed the endorsement of the new International Nuclear and Radiological Event Scale (INES) User's Manual. 4) Safety and Security Infrastructure for Countries Embarking on Nuclear Power Programmes

Communication security in open health care networks.

Science.gov (United States)

Blobel, B; Pharow, P; Engel, K; Spiegel, V; Krohn, R

1999-01-01

Fulfilling the shared care paradigm, health care networks providing open systems' interoperability in health care are needed. Such communicating and co-operating health information systems, dealing with sensitive personal medical information across organisational, regional, national or even international boundaries, require appropriate security solutions. Based on the generic security model, within the European MEDSEC project an open approach for secure EDI like HL7, EDIFACT, XDT or XML has been developed. The consideration includes both securing the message in an unsecure network and the transport of the unprotected information via secure channels (SSL, TLS etc.). Regarding EDI, an open and widely usable security solution has been specified and practically implemented for the examples of secure mailing and secure file transfer (FTP) via wrapping the sensitive information expressed by the corresponding protocols. The results are currently prepared for standardisation.

Enabling secure and privacy preserving communications in smart grids

CERN Document Server

Li, Hongwei

2014-01-01

This brief focuses on the current research on security and privacy preservation in smart grids. Along with a review of the existing works, this brief includes fundamental system models, possible frameworks, useful performance, and future research directions. It explores privacy preservation demand response with adaptive key evolution, secure and efficient Merkle tree based authentication, and fine-grained keywords comparison in the smart grid auction market. By examining the current and potential security and privacy threats, the author equips readers to understand the developing issues in sma

Some security strategies for smart cards

Energy Technology Data Exchange (ETDEWEB)

Ros, F [Gemalto, St Cyr en Val, BP 6021, 45060 Orlans Cedex (France); Harba, R [LESI, Polytech' Orlans-LESI, 12 rue de Blois, 45067 Orleans Cedex 2 (France)

2007-07-15

This paper details current developments at Gemalto in the field of security. It focuses on two different security processes for ID cards. The first one consists in adding observable security features in the ID image to allow quick visual verification and serves mainly to detect counterfeit attempts. The second consists in watermarking ID images during the pre personalization step by a secret key stored in the chip. The interest of the different approaches is demonstrated with several real ID images.

Sensor Based Framework for Secure Multimedia Communication in VANET

Science.gov (United States)

Rahim, Aneel; Khan, Zeeshan Shafi; Bin Muhaya, Fahad T.; Sher, Muhammad; Kim, Tai-Hoon

2010-01-01

Secure multimedia communication enhances the safety of passengers by providing visual pictures of accidents and danger situations. In this paper we proposed a framework for secure multimedia communication in Vehicular Ad-Hoc Networks (VANETs). Our proposed framework is mainly divided into four components: redundant information, priority assignment, malicious data verification and malicious node verification. The proposed scheme jhas been validated with the help of the NS-2 network simulator and the Evalvid tool. PMID:22163462

Security management of next generation telecommunications networks and services

CERN Document Server

Jacobs, Stuart

2014-01-01

This book will cover network management security issues and currently available security mechanisms by discussing how network architectures have evolved into the contemporary NGNs which support converged services (voice, video, TV, interactive information exchange, and classic data communications). It will also analyze existing security standards and their applicability to securing network management. This book will review 21st century security concepts of authentication, authorization, confidentiality, integrity, nonrepudiation, vulnerabilities, threats, risks, and effective approaches to enc

A computer literacy scale for newly enrolled nursing college students: development and validation.

Science.gov (United States)

Lin, Tung-Cheng

2011-12-01

Increasing application and use of information systems and mobile technologies in the healthcare industry require increasing nurse competency in computer use. Computer literacy is defined as basic computer skills, whereas computer competency is defined as the computer skills necessary to accomplish job tasks. Inadequate attention has been paid to computer literacy and computer competency scale validity. This study developed a computer literacy scale with good reliability and validity and investigated the current computer literacy of newly enrolled students to develop computer courses appropriate to students' skill levels and needs. This study referenced Hinkin's process to develop a computer literacy scale. Participants were newly enrolled first-year undergraduate students, with nursing or nursing-related backgrounds, currently attending a course entitled Information Literacy and Internet Applications. Researchers examined reliability and validity using confirmatory factor analysis. The final version of the developed computer literacy scale included six constructs (software, hardware, multimedia, networks, information ethics, and information security) and 22 measurement items. Confirmatory factor analysis showed that the scale possessed good content validity, reliability, convergent validity, and discriminant validity. This study also found that participants earned the highest scores for the network domain and the lowest score for the hardware domain. With increasing use of information technology applications, courses related to hardware topic should be increased to improve nurse problem-solving abilities. This study recommends that emphases on word processing and network-related topics may be reduced in favor of an increased emphasis on database, statistical software, hospital information systems, and information ethics.

National Security Technology Incubator Evaluation Process

Energy Technology Data Exchange (ETDEWEB)

None, None

2007-12-31

This report describes the process by which the National Security Technology Incubator (NSTI) will be evaluated. The technology incubator is being developed as part of the National Security Preparedness Project (NSPP), funded by a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This report includes a brief description of the components, steps, and measures of the proposed evaluation process. The purpose of the NSPP is to promote national security technologies through business incubation, technology demonstration and validation, and workforce development. The NSTI will focus on serving businesses with national security technology applications by nurturing them through critical stages of early development. An effective evaluation process of the NSTI is an important step as it can provide qualitative and quantitative information on incubator performance over a given period. The vision of the NSTI is to be a successful incubator of technologies and private enterprise that assist the NNSA in meeting new challenges in national safety and security. The mission of the NSTI is to identify, incubate, and accelerate technologies with national security applications at various stages of development by providing hands-on mentoring and business assistance to small businesses and emerging or growing companies. To achieve success for both incubator businesses and the NSTI program, an evaluation process is essential to effectively measure results and implement corrective processes in the incubation design if needed. The evaluation process design will collect and analyze qualitative and quantitative data through performance evaluation system.

75 FR 28777 - Information Collection; Financial Information Security Request Form

Science.gov (United States)

2010-05-24

... Collection; Financial Information Security Request Form AGENCY: Forest Service, USDA. ACTION: Notice; Request... currently approved information collection; Financial Information Security Request Form. DATES: Comments must... Standard Time, Monday through Friday. SUPPLEMENTARY INFORMATION: Title: Financial Information Security...

Information risk and security modeling

Science.gov (United States)

Zivic, Predrag

2005-03-01

This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

Security culture for nuclear facilities

Science.gov (United States)

Gupta, Deeksha; Bajramovic, Edita

2017-01-01

Natural radioactive elements are part of our environment and radioactivity is a natural phenomenon. There are numerous beneficial applications of radioactive elements (radioisotopes) and radiation, starting from power generation to usages in medical, industrial and agriculture applications. But the risk of radiation exposure is always attached to operational workers, the public and the environment. Hence, this risk has to be assessed and controlled. The main goal of safety and security measures is to protect human life, health, and the environment. Currently, nuclear security considerations became essential along with nuclear safety as nuclear facilities are facing rapidly increase in cybersecurity risks. Therefore, prevention and adequate protection of nuclear facilities from cyberattacks is the major task. Historically, nuclear safety is well defined by IAEA guidelines while nuclear security is just gradually being addressed by some new guidance, especially the IAEA Nuclear Security Series (NSS), IEC 62645 and some national regulations. At the overall level, IAEA NSS 7 describes nuclear security as deterrence and detection of, and response to, theft, sabotage, unauthorized access, illegal transfer or other malicious acts involving nuclear, other radioactive substances and their associated facilities. Nuclear security should be included throughout nuclear facilities. Proper implementation of a nuclear security culture leads to staff vigilance and a high level of security posture. Nuclear security also depends on policy makers, regulators, managers, individual employees and members of public. Therefore, proper education and security awareness are essential in keeping nuclear facilities safe and secure.

Land tenure in China: Legal, actual and perceived security

NARCIS (Netherlands)

Ma, Xianlei; Heerink, N.; Feng, S.; Shi, X.

2015-01-01

This paper examines the magnitudes of legal security, actual security and perceived security of farmland tenure, and the causes of currently prevailing land tenure insecurity in rural China. Two farm household surveys conducted in the northwest of Gansu province in 2010 and in the northeast of

Food security governance: a systematic literature review

NARCIS (Netherlands)

Candel, J.J.L.

2014-01-01

The role of governance has been receiving increasing attention from food security scholars in recent years. However, in spite of the recognition that governance matters, current knowledge of food security governance is rather fragmented. To provide some clarity in the debate about the role of

Privacy and security disclosures on telecardiology websites

NARCIS (Netherlands)

Dubbeld, L.

2006-01-01

This article discusses telemedicine providers¿ online privacy and security disclosures. It presents the results of an exploratory study of a number of telecardiology companies¿ Web sites, providing insight in some of the current strategies towards data protection and information security in the

Measuring Human Performance within Computer Security Incident Response Teams

Energy Technology Data Exchange (ETDEWEB)

McClain, Jonathan T. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Silva, Austin Ray [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Avina, Glory Emmanuel [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Forsythe, James C. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

2015-09-01

Human performance has become a pertinen t issue within cyber security. However, this research has been stymied by the limited availability of expert cyber security professionals. This is partly attributable to the ongoing workload faced by cyber security professionals, which is compound ed by the limited number of qualified personnel and turnover of p ersonnel across organizations. Additionally, it is difficult to conduct research, and particularly, openly published research, due to the sensitivity inherent to cyber ope rations at most orga nizations. As an alternative, the current research has focused on data collection during cyb er security training exercises. These events draw individuals with a range of knowledge and experience extending from seasoned professionals to recent college gradu ates to college students. The current paper describes research involving data collection at two separate cyber security exercises. This data collection involved multiple measures which included behavioral performance based on human - machine transactions and questionnaire - based assessments of cyber security experience.

Security Requirements Management in Software Product Line Engineering

Science.gov (United States)

Mellado, Daniel; Fernández-Medina, Eduardo; Piattini, Mario

Security requirements engineering is both a central task and a critical success factor in product line development due to the complexity and extensive nature of product lines. However, most of the current product line practices in requirements engineering do not adequately address security requirements engineering. Therefore, in this chapter we will propose a security requirements engineering process (SREPPLine) driven by security standards and based on a security requirements decision model along with a security variability model to manage the variability of the artefacts related to security requirements. The aim of this approach is to deal with security requirements from the early stages of the product line development in a systematic way, in order to facilitate conformance with the most relevant security standards with regard to the management of security requirements, such as ISO/IEC 27001 and ISO/IEC 15408.

A Layered Trust Information Security Architecture

Science.gov (United States)

de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

2014-01-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

A layered trust information security architecture.

Science.gov (United States)

de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

2014-12-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

A Layered Trust Information Security Architecture

Directory of Open Access Journals (Sweden)

Robson de Oliveira Albuquerque

2014-12-01

Full Text Available Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

Food and nutrition security indicators: A review

OpenAIRE

Pangaribowo, Evita Hanie; Gerber, Nicolas; Torero, Maximo

2013-01-01

As the problems of food and nutrition insecurity are currently more complex, identifying and choosing relevant indicators is crucial. This paper identifies the need to go beyond the state-of-the-art because current FNS indicators do not account for the short-term economic shocks which have been identified as key factors for food and nutrition security. As the nature of food and nutrition security status is different between short- term and long-term causes, there is a need to differentiate be...

Sensor Data Security Level Estimation Scheme for Wireless Sensor Networks

Science.gov (United States)

Ramos, Alex; Filho, Raimir Holanda

2015-01-01

Due to their increasing dissemination, wireless sensor networks (WSNs) have become the target of more and more sophisticated attacks, even capable of circumventing both attack detection and prevention mechanisms. This may cause WSN users, who totally trust these security mechanisms, to think that a sensor reading is secure, even when an adversary has corrupted it. For that reason, a scheme capable of estimating the security level (SL) that these mechanisms provide to sensor data is needed, so that users can be aware of the actual security state of this data and can make better decisions on its use. However, existing security estimation schemes proposed for WSNs fully ignore detection mechanisms and analyze solely the security provided by prevention mechanisms. In this context, this work presents the sensor data security estimator (SDSE), a new comprehensive security estimation scheme for WSNs. SDSE is designed for estimating the sensor data security level based on security metrics that analyze both attack prevention and detection mechanisms. In order to validate our proposed scheme, we have carried out extensive simulations that show the high accuracy of SDSE estimates. PMID:25608215

Sensor Data Security Level Estimation Scheme for Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Alex Ramos

2015-01-01

Full Text Available Due to their increasing dissemination, wireless sensor networks (WSNs have become the target of more and more sophisticated attacks, even capable of circumventing both attack detection and prevention mechanisms. This may cause WSN users, who totally trust these security mechanisms, to think that a sensor reading is secure, even when an adversary has corrupted it. For that reason, a scheme capable of estimating the security level (SL that these mechanisms provide to sensor data is needed, so that users can be aware of the actual security state of this data and can make better decisions on its use. However, existing security estimation schemes proposed for WSNs fully ignore detection mechanisms and analyze solely the security provided by prevention mechanisms. In this context, this work presents the sensor data security estimator (SDSE, a new comprehensive security estimation scheme for WSNs. SDSE is designed for estimating the sensor data security level based on security metrics that analyze both attack prevention and detection mechanisms. In order to validate our proposed scheme, we have carried out extensive simulations that show the high accuracy of SDSE estimates.

DIFFiCULTIES FOR THE CONCEPTUALIZATION OF SECURITY AND DEFENSE

Directory of Open Access Journals (Sweden)

JAIME GARCÍA COVARRUBIAS

2017-12-01

Full Text Available The purpose of this essay is to assist to make clear the current confusion when conceptualizing Security and Defense, a fact that impacts the production of educational plans and programs in this issues, taking at the same time a position regarding these concepts. In fact, one of the reasons in the theoretical arena of this difficulty is the existence of a grey zone between each of them, that impacts the security planning process that somehow looses its most important feature, that is, to be clear, precise and focused. To achieve this objective, a relationship between democracy and security is settled, and then differences between both of them will be established. After that, an analysis between “real security” and the one perceived, as well as between effects and conditions will be done in order to conclude that National Security integrates the different sectors’ securities and is vital for the prevailing of the State and its citizens, while citizen security is oriented toward the individuals and must not be confused with National Security. Also, that Defense is another sector of Security, and finally that governments must understood that there will be an space between the current situation or objective security and the perception of how the people believe to live.

Information Security and Integrity Systems

Science.gov (United States)

1990-01-01

Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

Validation of streamflow measurements made with M9 and RiverRay acoustic Doppler current profilers

Science.gov (United States)

Boldt, Justin A.; Oberg, Kevin A.

2015-01-01

The U.S. Geological Survey (USGS) Office of Surface Water (OSW) previously validated the use of Teledyne RD Instruments (TRDI) Rio Grande (in 2007), StreamPro (in 2006), and Broadband (in 1996) acoustic Doppler current profilers (ADCPs) for streamflow (discharge) measurements made by the USGS. Two new ADCPs, the SonTek M9 and the TRDI RiverRay, were first used in the USGS Water Mission Area programs in 2009. Since 2009, the OSW and USGS Water Science Centers (WSCs) have been conducting field measurements as part of their stream-gaging program using these ADCPs. The purpose of this paper is to document the results of USGS OSW analyses for validation of M9 and RiverRay ADCP streamflow measurements. The OSW required each participating WSC to make comparison measurements over the range of operating conditions in which the instruments were used until sufficient measurements were available. The performance of these ADCPs was evaluated for validation and to identify any present and potential problems. Statistical analyses of streamflow measurements indicate that measurements made with the SonTek M9 ADCP using firmware 2.00–3.00 or the TRDI RiverRay ADCP using firmware 44.12–44.15 are unbiased, and therefore, can continue to be used to make streamflow measurements in the USGS stream-gaging program. However, for the M9 ADCP, there are some important issues to be considered in making future measurements. Possible future work may include additional validation of streamflow measurements made with these instruments from other locations in the United States and measurement validation using updated firmware and software.

Can Medicaid Claims Validly Ascertain Foster Care Status?

Science.gov (United States)

Raghavan, Ramesh; Brown, Derek S; Allaire, Benjamin T

2017-08-01

Medicaid claims have been used to identify populations of children in foster care in the current literature; however, the ability of such an approach to validly ascertain a foster care population is unknown. This study linked children in the National Survey of Child and Adolescent Well-Being-I to their Medicaid claims from 36 states using their Social Security numbers. Using this match, we examined discordance between caregiver report of foster care placement and the foster care eligibility code contained in the child's Medicaid claims. Only 73% of youth placed in foster care for at least a year displayed a Medicaid code for foster care eligibility. Half of all youth coming into contact with child welfare displayed discordance between caregiver report and Medicaid claims. Children with emergency department utilization, and those in primary care case management health insurance arrangements, had the highest odds of accurate ascertainment. The use of Medicaid claims to identify a cohort of children in foster care results in high rates of underascertainment. Supplementing administrative data with survey data is one way to enhance validity of ascertainment.

Sensor Based Framework for Secure Multimedia Communication in VANET

Directory of Open Access Journals (Sweden)

Tai-Hoon Kim

2010-11-01

Full Text Available Secure multimedia communication enhances the safety of passengers by providing visual pictures of accidents and danger situations. In this paper we proposed a framework for secure multimedia communication in Vehicular Ad-Hoc Networks (VANETs. Our proposed framework is mainly divided into four components: redundant information, priority assignment, malicious data verification and malicious node verification. The proposed scheme jhas been validated with the help of the NS-2 network simulator and the Evalvid tool.

Data Leakage Prevention for Secure Cross-Domain Information Exchange

OpenAIRE

Nordbotten, Nils Agne; Engelstad, Paal E.; Kongsgård, Kyrre Wahl; Haakseth, Raymond; Mancini, Federico

2017-01-01

Cross-domain information exchange is an increasingly important capability for conducting efficient and secure operations, both within coalitions and within single nations. A data guard is a common cross-domain sharing solution that inspects the security labels of exported data objects and validates that they are such that they can be released according to policy. While we see that guard solutions can be implemented with high assurance, we find that obtaining an equivalent level of assurance i...

Econometric modeling of the balance of social security Brazil

OpenAIRE

Isaac Figueiredo de Sousa

2009-01-01

This work aims to build models using econometrics techniques to explain the components of the balance of Social Security System, or in other words, the net value of tax revenues and the benefit values of the General Regime of Social Security. These models were subjected to statistic validations indicated in the theoretical reference of econometrics, to apply the method of ordinary least square from the classic model of linear regression. From an increasing longevity and the gradual decr...

Accelerate China’s Social Security Legislation

Institute of Scientific and Technical Information of China (English)

王延中

2008-01-01

Since the financial crisis in Asia in 1997, China’s social security system has undergone continual reform and readjustment, and has proved to be an integral part of government efforts to perfect the socialist market economy as well as in building a socialist harmonious society. Although social security construction has achieved certain results, it has also left a lot of problems. With the rapid growth of China’s economy and revenue, people from all walks of life are putting ever-increasing demands on the social security system; therefore, the construction of a sound social security system suited to China’s current situation still remains an arduous task. In this article, the author have reviewed the 10 years development of China’s social security system, analyzed problems and challenges and proposed its suggestions.

Security analysis of cyber-physical system

Science.gov (United States)

Li, Bo; Zhang, Lichen

2017-05-01

In recent years, Cyber-Physical System (CPS) has become an important research direction of academic circles and scientific and technological circles at home and abroad, is considered to be following the third wave of world information technology after the computer, the Internet. PS is a multi-dimensional, heterogeneous, deep integration of open systems, Involving the computer, communication, control and other disciplines of knowledge. As the various disciplines in the research theory and methods are significantly different, so the application of CPS has brought great challenges. This paper introduces the definition and characteristics of CPS, analyzes the current situation of CPS, analyzes the security threats faced by CPS, and gives the security solution for security threats. It also discusses CPS-specific security technology, to promote the healthy development of CPS in information security.

RFID security a lightweight paradigm

CERN Document Server

Khattab, Ahmed; Amini, Esmaeil; Bayoumi, Magdy

2017-01-01

This book provides a comprehensive treatment of security in the widely adopted, Radio Frequency Identification (RFID) technology. The authors present the fundamental principles of RFID cryptography in a manner accessible to a broad range of readers, enabling them to improve their RFID security design. This book also offers the reader a range of interesting topics portraying the current state-of-the-art in RFID technology and how it can be integrated with today’s Internet of Things (IoT) vision. The authors describe a first-of-its-kind, lightweight symmetric authenticated encryption cipher called Redundant Bit Security (RBS), which enables significant, multi-faceted performance improvements compared to existing cryptosystems. This book is a must-read for anyone aiming to overcome the constraints of practical implementation in RFID security technologies.

Risk to Water Security on Small Islands

Science.gov (United States)

Holding, S. T.; Allen, D. M.

2013-12-01

The majority of fresh water available on small islands is shallow groundwater that forms a freshwater lens. Freshwater lenses are generally limited in extent and as such are vulnerable to many stressors that impact water security. These include stressors related to climate change, such as sea level rise, as well as those related to human impacts, such as contamination. Traditionally, water security assessments have focussed on indicators that provide a snapshot of the current condition. However, recent work suggests that in order to effectively manage the water system, it is also important to consider uncertain future impacts to the system by evaluating how different stressors might impact water security. In this study, a framework for assessing risk to water security was developed and tested on Andros Island in The Bahamas. The assessment comprises two main components that characterise the water system: numerical modelling studies and a hazard survey. A baseline numerical model of the freshwater lens throughout Andros Island was developed to simulate the morphology of the freshwater lens and estimate the freshwater resources currently available. The model was prepared using SEAWAT, a density-dependent flow and solute transport code. Various stressors were simulated in the model to evaluate the response of the freshwater lens to predicted future shifts in climate patterns, sea level rise, and changes in water use. A hazard survey was also conducted on the island to collect information related to the storage of contaminants, sanitation infrastructure, waste disposal practices and groundwater abstraction rates. The results of the survey form a geo-spatial database of the location and associated hazards to the freshwater lens. The resulting risk framework provides a ranking of overall risk to water security based on information from the numerical modelling and hazard survey. The risk framework is implemented in a Geographic Information System (GIS) and provides a map

Implementation of Learning Organization Components in Ardabil Social Security Hospital

OpenAIRE

Azadeh Zirak

2015-01-01

This study aimed to investigate the implementation of learning organization characteristics based on Marquardt systematic model in Ardabil Social Security Hospital. The statistical population of this research was 234 male and female employees of Ardabil Social Security Hospital. For data collection, Marquardt questionnaire was used in the present study which its validity and reliability had been confirmed. Statistical analysis of hypotheses based on independent samples t-test showed that lear...

Uncertainty estimates of purity measurements based on current information: toward a "live validation" of purity methods.

Science.gov (United States)

Apostol, Izydor; Kelner, Drew; Jiang, Xinzhao Grace; Huang, Gang; Wypych, Jette; Zhang, Xin; Gastwirt, Jessica; Chen, Kenneth; Fodor, Szilan; Hapuarachchi, Suminda; Meriage, Dave; Ye, Frank; Poppe, Leszek; Szpankowski, Wojciech

2012-12-01

To predict precision and other performance characteristics of chromatographic purity methods, which represent the most widely used form of analysis in the biopharmaceutical industry. We have conducted a comprehensive survey of purity methods, and show that all performance characteristics fall within narrow measurement ranges. This observation was used to develop a model called Uncertainty Based on Current Information (UBCI), which expresses these performance characteristics as a function of the signal and noise levels, hardware specifications, and software settings. We applied the UCBI model to assess the uncertainty of purity measurements, and compared the results to those from conventional qualification. We demonstrated that the UBCI model is suitable to dynamically assess method performance characteristics, based on information extracted from individual chromatograms. The model provides an opportunity for streamlining qualification and validation studies by implementing a "live validation" of test results utilizing UBCI as a concurrent assessment of measurement uncertainty. Therefore, UBCI can potentially mitigate the challenges associated with laborious conventional method validation and facilitates the introduction of more advanced analytical technologies during the method lifecycle.

Developing a Security Metrics Scorecard for Healthcare Organizations.

Science.gov (United States)

Elrefaey, Heba; Borycki, Elizabeth; Kushniruk, Andrea

2015-01-01

In healthcare, information security is a key aspect of protecting a patient's privacy and ensuring systems availability to support patient care. Security managers need to measure the performance of security systems and this can be achieved by using evidence-based metrics. In this paper, we describe the development of an evidence-based security metrics scorecard specific to healthcare organizations. Study participants were asked to comment on the usability and usefulness of a prototype of a security metrics scorecard that was developed based on current research in the area of general security metrics. Study findings revealed that scorecards need to be customized for the healthcare setting in order for the security information to be useful and usable in healthcare organizations. The study findings resulted in the development of a security metrics scorecard that matches the healthcare security experts' information requirements.

A Secure Localization Approach against Wormhole Attacks Using Distance Consistency

Directory of Open Access Journals (Sweden)

Lou Wei

2010-01-01

Full Text Available Wormhole attacks can negatively affect the localization in wireless sensor networks. A typical wormhole attack can be launched by two colluding attackers, one of which sniffs packets at one point in the network and tunnels them through a wired or wireless link to another point, and the other relays them within its vicinity. In this paper, we investigate the impact of the wormhole attack on the localization and propose a novel distance-consistency-based secure localization scheme against wormhole attacks, which includes three phases of wormhole attack detection, valid locators identification and self-localization. The theoretical model is further formulated to analyze the proposed secure localization scheme. The simulation results validate the theoretical results and also demonstrate the effectiveness of our proposed scheme.

Secure IP mobility management for VANET

CERN Document Server

Taha, Sanaa

2013-01-01

This brief presents the challenges and solutions for VANETs' security and privacy problems occurring in mobility management protocols including Mobile IPv6 (MIPv6), Proxy MIPv6 (PMIPv6), and Network Mobility (NEMO). The authors give an overview of the concept of the vehicular IP-address configurations as the prerequisite step to achieve mobility management for VANETs, and review the current security and privacy schemes applied in the three mobility management protocols. Throughout the brief, the authors propose new schemes and protocols to increase the security of IP addresses within VANETs in

Objective and Essential Elements of a State's Nuclear Security Regime. Nuclear Security Fundamentals

International Nuclear Information System (INIS)

2013-01-01

The possibility that nuclear material or other radioactive material could be used for criminal purposes or intentionally used in an unauthorized manner cannot be ruled out in the current global situation. States have responded to this risk by engaging in a collective commitment to strengthen the protection and control of such material and to respond effectively to nuclear security events. States have agreed to strengthen existing instruments and have established new international legal instruments to enhance nuclear security worldwide. Nuclear security is fundamental in the management of nuclear technologies and in applications where nuclear material or other radioactive material is used or transported. Through its nuclear security programme, the IAEA supports States to establish, maintain and sustain an effective nuclear security regime. The IAEA has adopted a comprehensive approach to nuclear security. This recognizes that an effective national nuclear security regime builds on: the implementation of relevant international legal instruments; information protection; physical protection; material accounting and control; detection of and response to trafficking in such material; national response plans; and contingency measures. With its Nuclear Security Series, the IAEA aims to assist States in implementing and sustaining such a regime in a coherent and integrated manner. The IAEA Nuclear Security Series comprises: Nuclear Security Fundamentals, which include the objective and essential elements of a State's nuclear security regime; Recommendations; Implementing Guides; and Technical Guidance. Each State carries the full responsibility for nuclear security. Specifically, each State has the responsibility to provide for the security of nuclear material and other radioactive material and their associated facilities and activities; to ensure the security of such material in use, storage, or in transport; to combat illicit trafficking and the inadvertent movement of

The importance of effective catheter securement.

Science.gov (United States)

Fisher, Jayne

This article examines the importance of securing/fixing indwelling urinary catheters. The Oxford English dictionary interlinks the two words-'secure' and 'fix'-as having the same meaning. To secure the catheter should not be confused with 'support', whereby the weight of the urine drainage bag is supported with the use of velcro straps or a sleeve. The author introduces the need for the concept of this practice to be at the forefront of nurses' minds in all settings, and this is demonstrated through the use of case studies. Current guidance in this area is reviewed, as well as the problems that can arise when catheters are not secured properly and the available products for health professionals to use.

ESCAPE. Energy Security and ClimAte Policy Evaluation

International Nuclear Information System (INIS)

Kessels, J.R.; Bakker, S.J.A.

2005-05-01

Climate change and energy supply security policy are currently not integrated in most countries, despite possible synergies. The ESCAPE approach suggests that linking climate change policy with security of energy supply could improve climate change policy at both a national and international level. The report explores the interaction between policies of energy security and climate change and the options of inclusion of energy security issues into national and international post-2012 climate negotiations. It emphasises the importance of the US in this regard and takes a close look at US energy policy documents. It appears that current US energy policy is not directed towards reducing its reliance on imported fossil fuel, even though the government has a strong preference for this. This study shows that measures to reduce import dependency are mostly synergetic with climate policy and gives some options that can be implemented. On an international level, linkages of energy security into post-2012 climate policy may be possible in sectoral bottom-up approaches or technology frameworks. As well, inclusion of a security of supply criterion in international emission trading instruments may provide potential benefits

Securing Cloud - The Quantum Way

OpenAIRE

Pandya, Marmik

2015-01-01

Confidentiality, Integrity, and Availability are basic goals of security architecture. To ensure CIA, many authentication scheme has been introduced in several years. Currently deployment of Public Key Infrastructure (PKI) is a most significant solution. PKI involving exchange key using certificates via a public channel to a authenticate users in the cloud infrastructure. It is exposed to widespread security threats such as eavesdropping, the man in the middle attack, masquerade et al. Quantu...

Application Security Automation

Science.gov (United States)

Malaika, Majid A.

2011-01-01

With today's high demand for online applications and services running on the Internet, software has become a vital component in our lives. With every revolutionary technology comes challenges unique to its characteristics; for online applications, security is one huge concern and challenge. Currently, there are several schemes that address…

Computer-Aided Sensor Development Focused on Security Issues.

Science.gov (United States)

Bialas, Andrzej

2016-05-26

The paper examines intelligent sensor and sensor system development according to the Common Criteria methodology, which is the basic security assurance methodology for IT products and systems. The paper presents how the development process can be supported by software tools, design patterns and knowledge engineering. The automation of this process brings cost-, quality-, and time-related advantages, because the most difficult and most laborious activities are software-supported and the design reusability is growing. The paper includes a short introduction to the Common Criteria methodology and its sensor-related applications. In the experimental section the computer-supported and patterns-based IT security development process is presented using the example of an intelligent methane detection sensor. This process is supported by an ontology-based tool for security modeling and analyses. The verified and justified models are transferred straight to the security target specification representing security requirements for the IT product. The novelty of the paper is to provide a patterns-based and computer-aided methodology for the sensors development with a view to achieving their IT security assurance. The paper summarizes the validation experiment focused on this methodology adapted for the sensors system development, and presents directions of future research.

The "School Safety & Security Questionnaire": Middle Grades Students' Perceptions of Safety at School

Science.gov (United States)

Miller, Janice Williams; Nickell, Linda K.

2008-01-01

This study presents the development and basic psychometric characteristics of the "School Safety and Security Questionnaire" (SSSQ). This new measure was constructed to assess middle grade students' perceptions of safety and security during the school year. The content validity of the theoretically-based instrument was assessed and the measure was…

A platform for secure, safe, and sustainable logistics

NARCIS (Netherlands)

Hofman, W.J.; Bastiaansen, H.J.M.; Berg, J. van den; Pruksasri, P.

2012-01-01

In the current society, logistics is faced with at least two bigchallenges. The first challenge considers safety and security measurements dealing with terrorism, smuggling, and related security accidents with a high societal impact. The second challenge is to meet sustainability requirements

Indicators for energy security

International Nuclear Information System (INIS)

Kruyt, Bert; Van Vuuren, D.P.; De Vries, H.J.M.; Groenenberg, H.

2009-01-01

The concept of energy security is widely used, yet there is no consensus on its precise interpretation. In this research, we have provided an overview of available indicators for long-term security of supply (SOS). We distinguished four dimensions of energy security that relate to the availability, accessibility, affordability and acceptability of energy and classified indicators for energy security according to this taxonomy. There is no one ideal indicator, as the notion of energy security is highly context dependent. Rather, applying multiple indicators leads to a broader understanding. Incorporating these indicators in model-based scenario analysis showed accelerated depletion of currently known fossil resources due to increasing global demand. Coupled with increasing spatial discrepancy between consumption and production, international trade in energy carriers is projected to have increased by 142% in 2050 compared to 2008. Oil production is projected to become increasingly concentrated in a few countries up to 2030, after which production from other regions diversifies the market. Under stringent climate policies, this diversification may not occur due to reduced demand for oil. Possible benefits of climate policy include increased fuel diversity and slower depletion of fossil resources. (author)

Japan as a Paradigm for U.S. Homeland Security

National Research Council Canada - National Science Library

Ruth, Allen C

2006-01-01

...) is in full swing and the United States is engaged around the world. These factors provide valid reasons for the United States to research other countries' homeland security paradigms to provide a contrast in methods of combating terrorism...

Human Factors in Coast Guard Computer Security - An Analysis of Current Awareness and Potential Techniques to Improve Security Program Viability

National Research Council Canada - National Science Library

Whalen, Timothy

2001-01-01

.... This thesis attempts to identify both the susceptibility of Coast Guard information systems to human factors-based security risks and possible means for increasing user awareness of those risks...

Cyber/Physical Security Vulnerability Assessment Integration

International Nuclear Information System (INIS)

MacDonald, Douglas G.; Key, Brad; Clements, Samuel L.; Hutton, William J.; Craig, Philip A.; Patrick, Scott W.; Crawford, Cary E.

2011-01-01

This internally funded Laboratory-Directed R and D project by the Pacific Northwest National Laboratory, in conjunction with QinetiQ North America, is intended to identify and properly assess areas of overlap (and interaction) in the vulnerability assessment process between cyber security and physical protection. Existing vulnerability analysis (VA) processes and software tools exist, and these are heavily utilized in the determination of predicted vulnerability within the physical and cyber security domains. These determinations are normally performed independently of one another, and only interact on a superficial level. Both physical and cyber security subject matter experts have come to realize that though the various interactive elements exist, they are not currently quantified in most periodic security assessments. This endeavor aims to evaluate both physical and cyber VA techniques and provide a strategic approach to integrate the interdependent relationships of each into a single VA capability. This effort will also transform the existing suite of software currently utilized in the physical protection world to more accurately quantify the risk associated with a blended attack scenario. Performance databases will be created to support the characterization of the cyber security elements, and roll them into prototype software tools. This new methodology and software capability will enable analysts to better identify and assess the overall risk during a vulnerability analysis.

A platform for secure, safe, and sustainable logistics

NARCIS (Netherlands)

Hofman, W.; Bastiaansen, H.; Van den Berg, J.; Pruksasri, P.

2012-01-01

In the current society, logistics is faced with at least two big challenges. The first challenge considers safety and security measurements dealing with terrorism, smuggling, and related security accidents with a high societal impact. The second challenge is to meet sustainability requirements

Maritime Security – The Need for a Global Agreement

OpenAIRE

Dinos Stasinopoulos

2003-01-01

This note reviews US maritime security measures, outlines work carried out by international organisations and then frames maritime security within the wider context of maritime trade. Finally, it suggests the development of a Global Agreement linking security and other maritime trade-related issues. The initiative for such an agreement should be undertaken by the EU only if current International Maritime Organisation (IMO) efforts fail to produce a maritime security framework with binding req...

Computer Security: better code, fewer problems

CERN Multimedia

Stefan Lueders, Computer Security Team

2016-01-01

The origin of many security incidents is negligence or unintentional mistakes made by web developers or programmers. In the rush to complete the work, due to skewed priorities, or just to ignorance, basic security principles can be omitted or forgotten.   The resulting vulnerabilities lie dormant until the evil side spots them and decides to hit hard. Computer security incidents in the past have put CERN’s reputation at risk due to websites being defaced with negative messages about the Organization, hash files of passwords being extracted, restricted data exposed… And it all started with a little bit of negligence! If you check out the Top 10 web development blunders, you will see that the most prevalent mistakes are: Not filtering input, e.g. accepting “<“ or “>” in input fields even if only a number is expected.  Not validating that input: you expect a birth date? So why accept letters? &...

Global security and the impacts in nuclear matter control: Nuclear Security Summit 2016

International Nuclear Information System (INIS)

Lima, Martonio Mont’Alverne Barreto; Barreto, Midred Cavalcante

2017-01-01

Due to the current international security instability, especially resulting from traffic and nuclear terrorism threat proliferation, the Nuclear Security Summits were conceived with the objective of increasing the cooperation between States, institutions and international organisms, as well as conducting a global community in following the guidelines and action plans which have produced curious results such as the reduction and the removal of enriched uranium in some countries, the reinforcement of safeguard installations that store radioactive materials and the establishment of Excellence Centers, qualification, training and technological development in the fight against nuclear weaponry traffic. (author)

Global security and the impacts in nuclear matter control: Nuclear Security Summit 2016

Energy Technology Data Exchange (ETDEWEB)

Lima, Martonio Mont’Alverne Barreto; Barreto, Midred Cavalcante, E-mail: barreto@unifor.br, E-mail: midredcb@hotmail.com [Universidade de Fortaleza (UNIFOR), CE (Brazil)

2017-07-01

Due to the current international security instability, especially resulting from traffic and nuclear terrorism threat proliferation, the Nuclear Security Summits were conceived with the objective of increasing the cooperation between States, institutions and international organisms, as well as conducting a global community in following the guidelines and action plans which have produced curious results such as the reduction and the removal of enriched uranium in some countries, the reinforcement of safeguard installations that store radioactive materials and the establishment of Excellence Centers, qualification, training and technological development in the fight against nuclear weaponry traffic. (author)

Architecture and Knowledge-Driven Self-Adaptive Security in Smart Space

Directory of Open Access Journals (Sweden)

Antti Evesti

2013-03-01

Full Text Available Dynamic and heterogeneous smart spaces cause challenges for security because it is impossible to anticipate all the possible changes at design-time. Self-adaptive security is an applicable solution for this challenge. This paper presents an architectural approach for security adaptation in smart spaces. The approach combines an adaptation loop, Information Security Measuring Ontology (ISMO and a smart space security-control model. The adaptation loop includes phases to monitor, analyze, plan and execute changes in the smart space. The ISMO offers input knowledge for the adaptation loop and the security-control model enforces dynamic access control policies. The approach is novel because it defines the whole adaptation loop and knowledge required in each phase of the adaptation. The contributions are validated as a part of the smart space pilot implementation. The approach offers reusable and extensible means to achieve adaptive security in smart spaces and up-to-date access control for devices that appear in the space. Hence, the approach supports the work of smart space application developers.

The ultimate security bounds of quantum key distribution protocols

International Nuclear Information System (INIS)

Nikolopoulos, G.M.; Alber, G.

2005-01-01

Full text: Quantum key distribution (QKD) protocols exploit quantum correlations in order to establish a secure key between two legitimate users. Recent work on QKD has revealed a remarkable link between quantum and secret correlations. In this talk we report on recent results concerning the ultimate upper security bounds of various QKD schemes (i.e., the maximal disturbance up to which the two legitimate users share quantum correlations) under the assumption of general coherent attacks. In particular, we derive an analytic expression for the ultimate upper security bound of QKD schemes that use two mutually unbiased bases. As long as the two legitimate users focus on the sifted key and treat each pair of data independently during the post processing, our results are valid for arbitrary dimensions of the information carriers. The bound we have derived is well below the predictions of optimal cloning machines. The possibility of extraction of a secret key beyond entanglement distillation is also discussed. In the case of qutrits we argue that any eavesdropping strategy is equivalent to a symmetric one. For higher dimensions, however, such equivalence is generally no longer valid. (author)

Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations.

Science.gov (United States)

Brubaker, Chad; Jana, Suman; Ray, Baishakhi; Khurshid, Sarfraz; Shmatikov, Vitaly

2014-01-01

Modern network security rests on the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. Distributed systems, mobile and desktop applications, embedded devices, and all of secure Web rely on SSL/TLS for protection against network attacks. This protection critically depends on whether SSL/TLS clients correctly validate X.509 certificates presented by servers during the SSL/TLS handshake protocol. We design, implement, and apply the first methodology for large-scale testing of certificate validation logic in SSL/TLS implementations. Our first ingredient is "frankencerts," synthetic certificates that are randomly mutated from parts of real certificates and thus include unusual combinations of extensions and constraints. Our second ingredient is differential testing: if one SSL/TLS implementation accepts a certificate while another rejects the same certificate, we use the discrepancy as an oracle for finding flaws in individual implementations. Differential testing with frankencerts uncovered 208 discrepancies between popular SSL/TLS implementations such as OpenSSL, NSS, CyaSSL, GnuTLS, PolarSSL, MatrixSSL, etc. Many of them are caused by serious security vulnerabilities. For example, any server with a valid X.509 version 1 certificate can act as a rogue certificate authority and issue fake certificates for any domain, enabling man-in-the-middle attacks against MatrixSSL and GnuTLS. Several implementations also accept certificate authorities created by unauthorized issuers, as well as certificates not intended for server authentication. We also found serious vulnerabilities in how users are warned about certificate validation errors. When presented with an expired, self-signed certificate, NSS, Safari, and Chrome (on Linux) report that the certificate has expired-a low-risk, often ignored error-but not that the connection is insecure against a man-in-the-middle attack. These results demonstrate that automated adversarial testing with frankencerts

Guidelines for computer security in general practice.

Science.gov (United States)

Schattner, Peter; Pleteshner, Catherine; Bhend, Heinz; Brouns, Johan

2007-01-01

As general practice becomes increasingly computerised, data security becomes increasingly important for both patient health and the efficient operation of the practice. To develop guidelines for computer security in general practice based on a literature review, an analysis of available information on current practice and a series of key stakeholder interviews. While the guideline was produced in the context of Australian general practice, we have developed a template that is also relevant for other countries. Current data on computer security measures was sought from Australian divisions of general practice. Semi-structured interviews were conducted with general practitioners (GPs), the medical software industry, senior managers within government responsible for health IT (information technology) initiatives, technical IT experts, divisions of general practice and a member of a health information consumer group. The respondents were asked to assess both the likelihood and the consequences of potential risks in computer security being breached. The study suggested that the most important computer security issues in general practice were: the need for a nominated IT security coordinator; having written IT policies, including a practice disaster recovery plan; controlling access to different levels of electronic data; doing and testing backups; protecting against viruses and other malicious codes; installing firewalls; undertaking routine maintenance of hardware and software; and securing electronic communication, for example via encryption. This information led to the production of computer security guidelines, including a one-page summary checklist, which were subsequently distributed to all GPs in Australia. This paper maps out a process for developing computer security guidelines for general practice. The specific content will vary in different countries according to their levels of adoption of IT, and cultural, technical and other health service factors. Making

Outsourcing as a Mean of Service for Security Provision

Directory of Open Access Journals (Sweden)

D.I. Persanov

2012-03-01

Full Text Available The article highlights the implementation of outsourcing as a mean of service for security provision. Analysis is performed to describe the current issues affecting the management decision in favor of outsourcing. Investigation covers the processes of physical, information and economical security. The main recommendations to use outsourcing for security provision are described in the conclusion.

Optimization of airport security lanes

Science.gov (United States)

Chen, Lin

2018-05-01

Current airport security management system is widely implemented all around the world to ensure the safety of passengers, but it might not be an optimum one. This paper aims to seek a better security system, which can maximize security while minimize inconvenience to passengers. Firstly, we apply Petri net model to analyze the steps where the main bottlenecks lie. Based on average tokens and time transition, the most time-consuming steps of security process can be found, including inspection of passengers' identification and documents, preparing belongings to be scanned and the process for retrieving belongings back. Then, we develop a queuing model to figure out factors affecting those time-consuming steps. As for future improvement, the effective measures which can be taken include transferring current system as single-queuing and multi-served, intelligently predicting the number of security checkpoints supposed to be opened, building up green biological convenient lanes. Furthermore, to test the theoretical results, we apply some data to stimulate the model. And the stimulation results are consistent with what we have got through modeling. Finally, we apply our queuing model to a multi-cultural background. The result suggests that by quantifying and modifying the variance in wait time, the model can be applied to individuals with various habits customs and habits. Generally speaking, our paper considers multiple affecting factors, employs several models and does plenty of calculations, which is practical and reliable for handling in reality. In addition, with more precise data available, we can further test and improve our models.

Internet of Cloud: Security and Privacy issues

OpenAIRE

Cook, Allan; Robinson, Michael; Ferrag, Mohamed Amine; Maglaras, Leandros A.; He, Ying; Jones, Kevin; Janicke, Helge

2017-01-01

The synergy between the cloud and the IoT has emerged largely due to the cloud having attributes which directly benefit the IoT and enable its continued growth. IoT adopting Cloud services has brought new security challenges. In this book chapter, we pursue two main goals: 1) to analyse the different components of Cloud computing and the IoT and 2) to present security and privacy problems that these systems face. We thoroughly investigate current security and privacy preservation solutions th...

Security, privacy and trust in cloud systems

CERN Document Server

Nepal, Surya

2013-01-01

The book compiles technologies for enhancing and provisioning security, privacy and trust in cloud systems based on Quality of Service requirements. It is a timely contribution to a field that is gaining considerable research interest, momentum, and provides a comprehensive coverage of technologies related to cloud security, privacy and trust. In particular, the book includes - Cloud security fundamentals and related technologies to-date, with a comprehensive coverage of evolution, current landscape, and future roadmap. - A smooth organization with introductory, advanced and specialist content

[Security Management in Clinical Laboratory Departments and Facilities: Current Status and Issues].

Science.gov (United States)

Ishida, Haku; Nakamura, Junji; Yoshida, Hiroshi; Koike, Masaru; Inoue, Yuji

2014-11-01

We conducted a questionnaire survey regarding the current activities for protecting patients' privacy and the security of information systems (IS) related to the clinical laboratory departments of university hospitals, certified training facilities for clinical laboratories, and general hospitals in Yamaguchi Prefecture. The response rate was 47% from 215 medical institutions, including three commercial clinical laboratory centers. The results showed that there were some differences in management activities among facilities with respect to continuing education, the documentation or regulation of operational management for paper records, electronic information, remaining samples, genetic testing, and laboratory information for secondary use. They were suggested to be caused by differences in functions between university and general hospitals, differences in the scale of hospitals, or whether or not hospitals have received accreditation or ISO 15189. Regarding the IS, although the majority of facilities had sufficiently employed the access control to IS, there was some room for improvement in the management of special cases such as VIPs and patients with HIV infection. Furthermore, there were issues regarding the login method for computers shared by multiple staff, the showing of the names of personnel in charge of reports, and the risks associated with direct connections to systems and the Internet and the use of portable media such as USB memory sticks. These results indicated that further efforts are necessary for each facility to continue self-assessment and make improvements.

Military veterans and Social Security.

Science.gov (United States)

Olsen, Anya

There are 9.4 million military veterans receiving Social Security benefits, which means that almost one out of every four adult Social Security beneficiaries has served in the United States military. In addition, veterans and their families make up almost 40 percent of the adult Social Security beneficiary population. Policymakers are particularly interested in military veterans and their families and have provided them with benefits through several government programs, including Social Security credits, home loan guarantees, and compensation and pension payments through the Department of Veterans Affairs. It is therefore important to understand the economic and demographic characteristics of this population. Information in this article is based on data from the March 2004 Current Population Survey, a large, nationally representative survey of U.S. households. Veterans are overwhelmingly male compared with all adult Social Security beneficiaries who are more evenly split between males and females. Military veterans receiving Social Security are more likely to be married and to have finished high school compared with all adult Social Security beneficiaries, and they are less likely to be poor or near poor than the overall beneficiary population. Fourteen percent of veterans receiving Social Security benefits have income below 150 percent of poverty, while 25 percent of all adult Social Security beneficiaries are below this level. The higher economic status among veterans is also reflected in the relatively high Social Security benefits they receive. The number of military veterans receiving Social Security benefits will remain high over the next few decades, while their make-up and characteristics will change. In particular, the number of Vietnam War veterans who receive Social Security will increase in the coming decades, while the number of veterans from World War II and the Korean War will decline.

Secure and Efficient Routable Control Systems

Energy Technology Data Exchange (ETDEWEB)

Edgar, Thomas W.; Hadley, Mark D.; Manz, David O.; Winn, Jennifer D.

2010-05-01

This document provides the methods to secure routable control system communication in the electric sector. The approach of this document yields a long-term vision for a future of secure communication, while also providing near term steps and a roadmap. The requirements for the future secure control system environment were spelled out to provide a final target. Additionally a survey and evaluation of current protocols was used to determine if any existing technology could achieve this goal. In the end a four-step path was described that brought about increasing requirement completion and culminates in the realization of the long term vision.

Interdisciplinary research and trans-disciplinary validity claims

CERN Document Server

Gethmann, C F; Hanekamp, G; Kaiser, M; Kamp, G; Lingner, S; Quante, M; Thiele, F

2015-01-01

Interdisciplinarity has seemingly become a paradigm for modern and meaningful research. Clearly, the interdisciplinary modus of deliberation enables to unfold relevant but quite different disciplinary perspectives to the reflection of broader scientific questions or societal problems. However, whether the comprehensive results of interdisciplinary reflection prove to be valid or to be acceptable in trans-disciplinary terms depends upon certain preconditions, which have to be fulfilled for securing scientific quality and social trust in advisory contexts. The present book is written by experts and practitioners of interdisciplinary research and policy advice. It analyses topical and methodological approaches towards interdisciplinarity, starting with the current role of scientific research in society. The volume continues with contributions to the issues of knowledge and acting and to trans-disciplinary deliberation. The final conclusions address the scientific system as substantial actor itself as well as the...

Global food and fibre security threatened by current inefficiencies in fungal identification

NARCIS (Netherlands)

Crous, Pedro W.; Groenewald, Johannes Z.; Slippers, Bernard; Wingfield, Michael J.

2016-01-01

Fungal pathogens severely impact global food and fibre crop security. Fungal species that cause plant diseases have mostly been recognized based on their morphology. In general, morphological descriptions remain disconnected from crucially important knowledge such as mating types, host specificity,

75 FR 65511 - Employee Benefits Security Administration; Submission for OMB Review

Science.gov (United States)

2010-10-25

... DEPARTMENT OF LABOR Office of the Secretary Employee Benefits Security Administration; Submission...--Employee Benefits Security Administration (EBSA), Office of Management and Budget, Room 10235, Washington...: Employee Benefits Security Administration. Type of Review: Extension without change of a currently approved...

Potential risks and threats to international security

Directory of Open Access Journals (Sweden)

Iurie RICHICINSCHI

2016-12-01

Full Text Available Today we can ascertain with certainty that in the early part of the 21st century, the challenges addressed to the current security environment tend to become increasingly diffuse, less predictable and multidimensional, being both a feature of external security, as well as an internal one and, of course, becoming an indispensable part of security policies and strategies. Therefore, the need for international cooperation as a foundation for the stability of the security environment has increased. It should provide a sense of trust and peace by ensuring the absence of danger both for the individual and for the community to which he belongs.

Design and implementation of a secure workflow system based on PKI/PMI

Science.gov (United States)

Yan, Kai; Jiang, Chao-hui

2013-03-01

As the traditional workflow system in privilege management has the following weaknesses: low privilege management efficiency, overburdened for administrator, lack of trust authority etc. A secure workflow model based on PKI/PMI is proposed after studying security requirements of the workflow systems in-depth. This model can achieve static and dynamic authorization after verifying user's ID through PKC and validating user's privilege information by using AC in workflow system. Practice shows that this system can meet the security requirements of WfMS. Moreover, it can not only improve system security, but also ensures integrity, confidentiality, availability and non-repudiation of the data in the system.

ICT security- aspects important for nuclear facilities

International Nuclear Information System (INIS)

Thunem, Atoosa P-J.

2005-09-01

Rapid application growth of complex Information and Communication Technologies (ICT) in every society and state infrastructure as well as industry has revealed vulnerabilities that eventually have given rise to serious security breaches. These vulnerabilities together with the course of the breaches from cause to consequence are gradually about to convince the field experts that ensuring the security of ICT-driven systems is no longer possible by only relying on the fundaments of computer science, IT, or telecommunications. Appropriating knowledge from other disciplines is not only beneficial, but indeed very necessary. At the same time, it is a common observation today that ICT-driven systems are used everywhere, from the nuclear, aviation, commerce and healthcare domains to camera-equipped web-enabled cellular phones. The increasing interdisciplinary and inter-sectoral aspects of ICT security worldwide have been providing updated and useful information to the nuclear domain, as one of the emerging users of ICT-driven systems. Nevertheless, such aspects have also contributed to new and complicated challenges, as ICT security for the nuclear domain is in a much more delicate manner than for any other domains related to the concept of safety, at least from the public standpoint. This report addresses some important aspects of ICT security that need to be considered at nuclear facilities. It deals with ICT security and the relationship between security and safety from a rather different perspective than usually observed and applied. The report especially highlights the influence on the security of ICT-driven systems by all other dependability factors, and on that basis suggests a framework for ICT security profiling, where several security profiles are assumed to be valid and used in parallel for each ICT-driven system, sub-system or unit at nuclear facilities. The report also covers a related research topic of the Halden Project with focus on cyber threats and

Restricted access processor - An application of computer security technology

Science.gov (United States)

Mcmahon, E. M.

1985-01-01

This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

Security Management and Safeguards Office

Science.gov (United States)

Bewley, Nathaniel M.

2004-01-01

The Security Management and Safeguards Office at NASA is here to keep the people working in a safe environment. They also are here to protect the buildings and documents from sabotage, espionage, and theft. During the summer of 2004, I worked with Richard Soppet in Physical Security. While I was working here I helped out with updating the map that we currently use at NASA Glenn Research Center, attended meetings for homeland security, worked with the security guards and the locksmith. The meetings that I attended for homeland security talked about how to protect ourselves before something happened, they told us to always be on the guard and look for anything suspicious, and the different ways that terrorist groups operate. When I was with the security guards I was taught how to check someone into the base, showed how to use a radar gun, observed a security guard make a traffic stop for training and was with them while they patrolled NASA Glenn Research Center to make sure things were running smooth and no one was in danger. When I was with the lock smith I was taught how to make keys and locks for the employees here at NASA. The lock smith also showed me that he had inventory cabinets of files that show how many keys were out to people and who currently has access to the rooms that they keys were made for. I also helped out the open house at NASA Glenn Research Center. I helped out by showing the Army Reserves, and Brook Park's SWAT team where all the main events were going to take place a week before the open house was going to begin. Then during the open house I helped out by making sure people had there IDS, checked through there bags, and handed out a map to them that showed where the different activities were going to take place. So the main job here at NASA Glenn Research Center for the Security Management and Safeguards Office is to make sure that nothing is stolen, sabotaged, and espionaged. Also most importantly make sure all the employees here at NASA are

Security dimension of the Canada-EU relationship

Directory of Open Access Journals (Sweden)

O. M. Antokhiv­Skolozdra

2014-05-01

In particular, it defines that the Canadian Government accepted the fact of strengthening the security part of the European Union activity in a reserved manner, as it could cause decrease in influence of this North American State in Euro­Atlantic area. It outlines the main directions of cooperation, scrutinizes institutional mechanisms of interaction and emphasizes the key challenges of security dimension of bilateral relations.  It deals with the peculiarities of Canada’s participation in military and civil actions under the auspices of the European Union and stresses that the limited military potential of Ottawa makes its effective participation in bilateral cooperation with the European partners less possible. It stresses the adherence of priority in relations between Canada and the United States in security sphere and underlines the significant role of the North Atlantic Treaty Organization in its interaction on the security and defense issues between Canada and the European Union. It emphasizes that the official Ottawa insists on NATO playing the leading role in providing security in Euro­Atlantic area. It illustrates, however, that due to a number of reasons, in particular, lack of initiative in advancing European security and defense policy, the Canadian Government on current stage don’t present particular interest in activating interaction with their European partners in this sphere. It depicts also that Canada and the European Union have started developing cooperation outside ESDP on domestic security, in particular, on struggle against organized crime and other challenges of current society, which has encouraged institutionalization in relationship of the European Union and the Europol.

A Secure Simplification of the PKMv2 Protocol in IEEE 802.16e-2005

DEFF Research Database (Denmark)

Yuksel, Ender; Nielson, Hanne Riis; Nielsen, Christoffer Rosenkilde

2007-01-01

Static analysis is successfully used for automatically validating security properties of classical cryptographic protocols. In this paper, we shall employ the same technique to a modern security protocol for wireless networks, namely the latest version of the Privacy and Key Management protocol...... for IEEE 802.16e, PKMv2. This protocol seems to have an exaggerated mixture of security features. Thus, we iteratively investigate which components are necessary for upholding the security properties and which can be omitted safely. This approach is based on the LySa process calculus and employs...

An Investigation of Secure Remote Instrument Control

Energy Technology Data Exchange (ETDEWEB)

Schissel, D.; Abla, G.; Penaflor, B. [General Atomics, San Diego (United States); Ciarlette, D. [Oak Ridge National Laboratory, Oak Ridge (United States)

2009-07-01

This paper examines the computer science issues associated with secure remote instrumentation control for magnetic fusion experiments. Computer science research into enhancing the ability to scientifically participate in a fusion experiment remotely has been growing in size in an attempt to better address the needs of fusion scientists worldwide. The natural progression of this research is to examine how to move from remote scientific participation to remote hardware control. The vision is to define a gatekeeper software system that will be the only channel of interaction for incoming requests to the experimental site. The role of the gatekeeper is to validate the identification and access privilege of the requester and to insure the validity of the proposed request. The vision for the gatekeeper is that it be a modular system that is simple in design and defined in a way that makes its implementation and operation transparent and obvious. The architecture of the module interface is flexible enough that it can easily allow the future addition of new modules. At the same time, it should be transparent to end-users and allow a high volume of activity so as to not provide a work bottleneck. Appropriate security requires the ability to verify identity (authentication), verify access control (authorization), and validate the appropriateness of requests. The validation process can include provenance and semantic methodologies. The results of the gatekeeper design and initial prototype testing will be presented as well as a discussion on the implication of this research on the operation of fusion experimental machines such as ITER. (authors)

Metaphors for cyber security.

Energy Technology Data Exchange (ETDEWEB)

Moore, Judy Hennessey; Parrott, Lori K.; Karas, Thomas H.

2008-08-01

This report is based upon a workshop, called 'CyberFest', held at Sandia National Laboratories on May 27-30, 2008. Participants in the workshop came from organizations both outside and inside Sandia. The premise of the workshop was that thinking about cyber security from a metaphorical perspective could lead to a deeper understanding of current approaches to cyber defense and perhaps to some creative new approaches. A wide range of metaphors was considered, including those relating to: military and other types of conflict, biological, health care, markets, three-dimensional space, and physical asset protection. These in turn led to consideration of a variety of possible approaches for improving cyber security in the future. From the proposed approaches, three were formulated for further discussion. These approaches were labeled 'Heterogeneity' (drawing primarily on the metaphor of biological diversity), 'Motivating Secure Behavior' (taking a market perspective on the adoption of cyber security measures) and 'Cyber Wellness' (exploring analogies with efforts to improve individual and public health).

Estonian Perceptions of Security: Not Only About Russia and the Refugees

Directory of Open Access Journals (Sweden)

Veebel Viljar

2016-12-01

Full Text Available The current study focuses on the Estonian perceptions of security and on the defence situation both globally and locally. The dynamic results of the public opinion surveys on security risks conducted in Estonia over the last 10 years (2006-2016 will be presented. In addition, to understand whether some of the security risks could be over- or underestimated in Estonia, these results will be compared with the views expressed recently by the World Economic Forum, particularly the Global Risks Report 2016. Also, the arguments why some topics have played or are currently playing key role in the Estonian security perception will be presented and discussed.

Security Frameworks for Machine-to-Machine Devices and Networks

Science.gov (United States)

Demblewski, Michael

Attacks against mobile systems have escalated over the past decade. There have been increases of fraud, platform attacks, and malware. The Internet of Things (IoT) offers a new attack vector for Cybercriminals. M2M contributes to the growing number of devices that use wireless systems for Internet connection. As new applications and platforms are created, old vulnerabilities are transferred to next-generation systems. There is a research gap that exists between the current approaches for security framework development and the understanding of how these new technologies are different and how they are similar. This gap exists because system designers, security architects, and users are not fully aware of security risks and how next-generation devices can jeopardize safety and personal privacy. Current techniques, for developing security requirements, do not adequately consider the use of new technologies, and this weakens countermeasure implementations. These techniques rely on security frameworks for requirements development. These frameworks lack a method for identifying next generation security concerns and processes for comparing, contrasting and evaluating non-human device security protections. This research presents a solution for this problem by offering a novel security framework that is focused on the study of the "functions and capabilities" of M2M devices and improves the systems development life cycle for the overall IoT ecosystem.

A Survey on the Security of Blockchain Systems

OpenAIRE

Li, Xiaoqi; Jiang, Peng; Chen, Ting; Luo, Xiapu; Wen, Qiaoyan

2018-01-01

Since its inception, the blockchain technology has shown promising application prospects. From the initial cryptocurrency to the current smart contract, blockchain has been applied to many fields. Although there are some studies on the security and privacy issues of blockchain, there lacks a systematic examination on the security of blockchain systems. In this paper, we conduct a systematic study on the security threats to blockchain and survey the corresponding real attacks by examining popu...

ErasuCrypto: A Light-weight Secure Data Deletion Scheme for Solid State Drives

Directory of Open Access Journals (Sweden)

Liu Chen

2017-01-01

Full Text Available Securely deleting invalid data from secondary storage is critical to protect users’ data privacy against unauthorized accesses. However, secure deletion is very costly for solid state drives (SSDs, which unlike hard disks do not support in-place update. When applied to SSDs, both erasure-based and cryptography-based secure deletion methods inevitably incur large amount of valid data migrations and/or block erasures, which not only introduce extra latency and energy consumption, but also harm SSD lifetime.

Security Theories of Third World

Directory of Open Access Journals (Sweden)

Alexandra Victorovna Khudaykulova

2016-12-01

Full Text Available This article analyzes the security studies in the “Third World”. The evolution of the conceptual apparatus in the field of security studies and in the understanding of the “Third World” is given. The author provides us an analysis of the security issues in the so-called “post-colonial” countries in the years of “cold war” and in the post-bipolar period, defines the domain of security for the developing world and the current agenda. Particular attention is paid to the analysis of the security concepts of the late XX century - the “security of the person”, “securitization”, “humanitarian intervention” - which are of particular concern to countries of the “Third World”. An alternative format of the “Third World” in the categories of postmodern, modern and premodern worlds is given, the term of “non-Westphalian” state is used as well. Basic characteristics of the “Third World” in the socio-economic and political spheres are provided. The author emphasizes that the state of security of the “Third World” is fundamentally different from that of the developed Western countries, since most threats in non-Western countries, does not come from the outside, but from within. Accordingly, the non-Western security theory does not focus exclusively on military issues and explore a wide range of issues of civil nature - economic, political, social, environmental and development challenges, as well as poverty and underdevelopment.

Computer-Aided Sensor Development Focused on Security Issues

Directory of Open Access Journals (Sweden)

Andrzej Bialas

2016-05-01

Full Text Available The paper examines intelligent sensor and sensor system development according to the Common Criteria methodology, which is the basic security assurance methodology for IT products and systems. The paper presents how the development process can be supported by software tools, design patterns and knowledge engineering. The automation of this process brings cost-, quality-, and time-related advantages, because the most difficult and most laborious activities are software-supported and the design reusability is growing. The paper includes a short introduction to the Common Criteria methodology and its sensor-related applications. In the experimental section the computer-supported and patterns-based IT security development process is presented using the example of an intelligent methane detection sensor. This process is supported by an ontology-based tool for security modeling and analyses. The verified and justified models are transferred straight to the security target specification representing security requirements for the IT product. The novelty of the paper is to provide a patterns-based and computer-aided methodology for the sensors development with a view to achieving their IT security assurance. The paper summarizes the validation experiment focused on this methodology adapted for the sensors system development, and presents directions of future research.

SecureCPS: Defending a nanosatellite cyber-physical system

Science.gov (United States)

Forbes, Lance; Vu, Huy; Udrea, Bogdan; Hagar, Hamilton; Koutsoukos, Xenofon D.; Yampolskiy, Mark

2014-06-01

Recent inexpensive nanosatellite designs employ maneuvering thrusters, much as large satellites have done for decades. However, because a maneuvering nanosatellite can threaten HVAs on-­orbit, it must provide a level of security typically reserved for HVAs. Securing nanosatellites with maneuvering capability is challenging due to extreme cost, size, and power constraints. While still in the design process, our low-­cost SecureCPS architecture promises to dramatically improve security, to include preempting unknown binaries and detecting abnormal behavior. SecureCPS also applies to a broad class of cyber-­physical systems (CPS), such as aircraft, cars, and trains. This paper focuses on Embry-­Riddle's ARAPAIMA nanosatellite architecture, where we assume any off-­the-­shelf component could be compromised by a supply chain attack.1 Based on these assumptions, we have used Vanderbilt's Cyber Physical -­ Attack Description Language (CP-­ADL) to represent realistic attacks, analyze how these attacks propagate in the ARAPAIMA architecture, and how to defeat them using the combination of a low-­cost Root of Trust (RoT) Module, Global InfoTek's Advanced Malware Analysis System (GAMAS), and Anomaly Detection by Machine Learning (ADML).2 Our most recent efforts focus on refining and validating the design of SecureCPS.

Composing Alternatives to a National Security Language Policy

Science.gov (United States)

Wible, Scott

2009-01-01

President Bush's National Security Language Initiative focuses narrowly on gearing language education to security and military needs. English educators should work with their counterparts in foreign language departments to promote a broader view, one that encourages study of the multiple language groups that currently exist within the United…

Information security in SCADA systems in nuclear power plants

International Nuclear Information System (INIS)

Satyamurty, S.A.V.

2013-01-01

Few decades back most of the I and C systems are Hardwired based. With the developments in digital electronics, micro processors and micro controllers, the I and C systems are becoming more and more Computer based. Though it brought convenience to the designer, comfort to the operator in the form of better GUI, it also brought many challenges in the form of information security. The talk covers the typical I and C design using SCADA systems, the challenges, typical problems faced and the need for information security. The talk illustrates various security measures to be implemented in the design, development and testing stages. These security measures have to be taken both in the development environment and deployment environment. Verification and validation of computer based system is very important. Configuration change management is very essential for smooth running of the plant. The talk illustrates the various measures need to be taken. (author)

Strategy and management of network security at KEK

International Nuclear Information System (INIS)

Kiyoharu Hashimoto; Teiji Nakamura; Hitoshi Hirose, Yukio Karita; Youhei Morita; Soh Suzuki; Fukuko Yuasa

2001-01-01

Recently the troubles related to the network security have often occurred at KEK. According to their security policy, the authors have started the strategy against the daily attacks. It consists of two fundamental things; the monitoring and the access control. To monitor the network, the authors have installed the intrusion detection system and have managed it since 1998. For the second thing, the authors arranged three categories to classify all hosts (about 5000 hosts) at KEK according to their security level. To realize these three categories, the authors filter the incoming packet from outside KEK whether it has a SYN flag or not. The network monitoring and the access control produced good effects in keeping the security level high. Since 2000 the authors have started the transition of LAN from shared-media network to switched network. Now almost part of LAN was re-configured and in this new LAN 10 Mbps 100 Mbps/1Gbps Ethernet are supported. Currently the authors are planning further speedup (10 Gbps) and redundancy of network. Not only LAN but also WAN, network speed will be upgraded to 10 Gbps thanks to the strong promotion of IT by Japanese government. In this very high speed network, the authors' current strategy will be affected and again the network security becomes a big issue. The authors describe the experiences in practice of the current strategy and management know-how together with the discussion on the new strategy

Information Security Risk Assessment in Hospitals.

Science.gov (United States)

Ayatollahi, Haleh; Shagerdi, Ghazal

2017-01-01

To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies.

Security personnel training using a computer-based game

International Nuclear Information System (INIS)

Ralph, J.; Bickner, L.

1987-01-01

Security personnel training is an integral part of a total physical security program, and is essential in enabling security personnel to perform their function effectively. Several training tools are currently available for use by security supervisors, including: textbook study, classroom instruction, and live simulations. However, due to shortcomings inherent in each of these tools, a need exists for the development of low-cost alternative training methods. This paper discusses one such alternative: a computer-based, game-type security training system. This system would be based on a personal computer with high-resolution graphics. Key features of this system include: a high degree of realism; flexibility in use and maintenance; high trainee motivation; and low cost

A Complex Systems Approach to More Resilient Multi-Layered Security Systems

Energy Technology Data Exchange (ETDEWEB)

Brown, Nathanael J. K. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Jones, Katherine A. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Bandlow, Alisa [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Nozick, Linda Karen [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Waddell, Lucas [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Levin, Drew [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Whetzel, Jonathan [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

2016-09-01

In July 2012, protestors cut through security fences and gained access to the Y-12 National Security Complex. This was believed to be a highly reliable, multi-layered security system. This report documents the results of a Laboratory Directed Research and Development (LDRD) project that created a consistent, robust mathematical framework using complex systems analysis algorithms and techniques to better understand the emergent behavior, vulnerabilities and resiliency of multi-layered security systems subject to budget constraints and competing security priorities. Because there are several dimensions to security system performance and a range of attacks that might occur, the framework is multi-objective for a performance frontier to be estimated. This research explicitly uses probability of intruder interruption given detection (P_I) as the primary resilience metric. We demonstrate the utility of this framework with both notional as well as real-world examples of Physical Protection Systems (PPSs) and validate using a well-established force-on-force simulation tool, Umbra.

Security Requirements for New Threats at International Airports

Directory of Open Access Journals (Sweden)

Gabriel Nowacki

2018-03-01

Full Text Available The paper refers to security requirements for new threats international airports, taking specifically into consideration current challenges within processing of passengers, in light of types of current major threats, in a way ensuring positive passenger experience within their journey. In addition, within the scope of this paper, presented initial outcome of study research among professional aviation stakeholder?s environment, on current threats in the area of security and protection of airport infrastructure. The airports are a very demanding environment: seasonal traffic, fluctuating passenger volumes and last minute changes mean there is a lot of flexibility required in order to meet specific needs of airport authorities and their clients or the passengers (Dolnik, 2009. Therefore, security in aviation sector has been a big issue for civil aviation authorities, as airports are susceptible targets for terrorist attacks. The list of incidents is extensive and gets longer every year despite strict security measures. Within decades, aviation has become the backbone of our global economy bringing people to business, tourists to vacation destinations and products to markets. Statistically flying remains the safest mode of travelling compared to other modes of transportation. However, simultaneously terrorists and criminals continue in their quest to explore new ways of disrupting air transportation and the challenge to secure airports and airline assets remain real. This calls for greater awareness of security concerns in the aviation sector. The key element, how to protects against terrorist modus operandi, is to stay ahead of recent threats, incidents and breaches occurring worldwide. It requires implementation of effective data sharing systems, in order to proactively monitor potential risks and vulnerabilities within different type of aviation ecosystems.

INFORMATION SYSTEM SECURITY (CYBER SECURITY

Directory of Open Access Journals (Sweden)

Muhammad Siddique Ansari

2016-03-01

Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers

Formal Specification and Validation of Secure Connection Establishment in a Generic Access Network Scenario

DEFF Research Database (Denmark)

Fleischer, Paul; Kristensen, Lars Michael

2008-01-01

The Generic Access Network (GAN) architecture is defined by the 3rd Generation Partnership Project (3GPP), and allows telephone services, such as SMS and voice-calls, to be accessed via generic IP networks. The main usage of this is to allow mobile phones to use WiFi in addition to the usual GSM...... network. The GAN specification relies on the Internet Protocol Security layer (IPSec) and the Internet Key Exchange protocol (IKEv2) to provide encryption across IP networks, and thus avoid compromising the security of the telephone networks. The detailed usage of these two Internet protocols (IPSec...

Reducing food wastage, improving food security? An inventory study on stakeholders’ perspectives and the current state

NARCIS (Netherlands)

Tielens, J.; Candel, J.J.L.

2014-01-01

This study is concerned with the relation between food wastage reduction and the improvement of food security. The central question of this inventory study is to what extent interventions to reduce food wastage are effective contributions for food security, in particular for local access in

Learning with Security

Science.gov (United States)

Jokela, Paivi; Karlsudd, Peter

2007-01-01

The current higher education, both distance education and traditional campus courses, relies more and more on modern information and communication technologies (ICT). The use of computer systems and networks results in a wide range of security issues that must be dealt with in order to create a safe learning environment. In this work, we study the…

Security Techniques for the Electronic Health Records.

Science.gov (United States)

Kruse, Clemens Scott; Smith, Brenna; Vanderlinden, Hannah; Nealand, Alexandra

2017-08-01

The privacy of patients and the security of their information is the most imperative barrier to entry when considering the adoption of electronic health records in the healthcare industry. Considering current legal regulations, this review seeks to analyze and discuss prominent security techniques for healthcare organizations seeking to adopt a secure electronic health records system. Additionally, the researchers sought to establish a foundation for further research for security in the healthcare industry. The researchers utilized the Texas State University Library to gain access to three online databases: PubMed (MEDLINE), CINAHL, and ProQuest Nursing and Allied Health Source. These sources were used to conduct searches on literature concerning security of electronic health records containing several inclusion and exclusion criteria. Researchers collected and analyzed 25 journals and reviews discussing security of electronic health records, 20 of which mentioned specific security methods and techniques. The most frequently mentioned security measures and techniques are categorized into three themes: administrative, physical, and technical safeguards. The sensitive nature of the information contained within electronic health records has prompted the need for advanced security techniques that are able to put these worries at ease. It is imperative for security techniques to cover the vast threats that are present across the three pillars of healthcare.

Research on resistance characteristics of YBCO tape under short-time DC large current impact

Science.gov (United States)

Zhang, Zhifeng; Yang, Jiabin; Qiu, Qingquan; Zhang, Guomin; Lin, Liangzhen

2017-06-01

Research of the resistance characteristics of YBCO tape under short-time DC large current impact is the foundation of the developing DC superconducting fault current limiter (SFCL) for voltage source converter-based high voltage direct current system (VSC-HVDC), which is one of the valid approaches to solve the problems of renewable energy integration. SFCL can limit DC short-circuit and enhance the interrupting capabilities of DC circuit breakers. In this paper, under short-time DC large current impacts, the resistance features of naked tape of YBCO tape are studied to find the resistance - temperature change rule and the maximum impact current. The influence of insulation for the resistance - temperature characteristics of YBCO tape is studied by comparison tests with naked tape and insulating tape in 77 K. The influence of operating temperature on the tape is also studied under subcooled liquid nitrogen condition. For the current impact security of YBCO tape, the critical current degradation and top temperature are analyzed and worked as judgment standards. The testing results is helpful for in developing SFCL in VSC-HVDC.

Smart Grid Security. White Paper

Energy Technology Data Exchange (ETDEWEB)

NONE

2011-09-15

One of the biggest concerns for smart grid developers is cyber security due to the reliance on IT communication networks. While the current grid is not immune to energy theft, fraud and malicious cyber-attacks, the smart grid poses new security issues. It is more likely now that theft, malicious attack and fraud will be committed by people working remotely from a laptop several miles away, even in a different country, than someone physically manipulating meters. This makes it difficult to predict where attacks will come from.

FACTAR validation

International Nuclear Information System (INIS)

Middleton, P.B.; Wadsworth, S.L.; Rock, R.C.; Sills, H.E.; Langman, V.J.

1995-01-01

A detailed strategy to validate fuel channel thermal mechanical behaviour codes for use of current power reactor safety analysis is presented. The strategy is derived from a validation process that has been recently adopted industry wide. Focus of the discussion is on the validation plan for a code, FACTAR, for application in assessing fuel channel integrity safety concerns during a large break loss of coolant accident (LOCA). (author)

Security Gaps In Authentication Factor Credentials

Directory of Open Access Journals (Sweden)

Neeraj A. Sharma

2015-08-01

Full Text Available Authentication factors refer to user login credentials that a user supplies to an authentication process for it to decide whether to grant or deny access. While two-factor and three-factor authentication generally provides better security than one-factor authentication the aim of this paper is to review security in individual authentication factor credentials that are in use nowadays. These credentials will be discussed in factor categories knowledge factor possession factor and inherence factor. The paper details current security gaps and some novel approaches to diminish the gaps in these authentication factors. We believe that our recommendations will inspire development of better authentication credentials and systems.

Inhibiting and driving forces for the digitalization of security systems: security officers’ view on the issue

OpenAIRE

Lahtinen, Markus

2007-01-01

This memo reports on factors that drive and inhibit the digitalization of security systems. The reported factors are as follows: Technology-push factors • Need to lower costs on the end-user side, i.e. replacing labour with technology • Perceived convenience and ease-of-use of digital systems • Digital products can be connected to the current enterprise network; enabling an expanding set of security features • Firms holding the IP-capability (IP=Internet Protocol) and not h...

Information Security - A Growing Challenge for Online Business

OpenAIRE

Gabriela GHEORGHE; Ioana LUPASC

2017-01-01

In present, the cyber attack move to a global scale, also the online business cyber threats have the effect of impeding and even huge losses. Security issues currently facing online commerce, online payment systems require finding solutions to improve the security solutions offered by the providers of Business Information solution.

Security analysis of session initiation protocol

OpenAIRE

Dobson, Lucas E.

2010-01-01

Approved for public release; distribution is unlimited The goal of this thesis is to investigate the security of the Session Initiation Protocol (SIP). This was accomplished by researching previously discovered protocol and implementation vulnerabilities, evaluating the current state of security tools and using those tools to discover new vulnerabilities in SIP software. The CVSS v2 system was used to score protocol and implementation vulnerabilities to give them a meaning that was us...

Objective and Essential Elements of a State's Nuclear Security Regime. Nuclear Security Fundamentals (Chinese Edition)

International Nuclear Information System (INIS)

2014-01-01

The possibility that nuclear material or other radioactive material could be used for criminal purposes or intentionally used in an unauthorized manner cannot be ruled out in the current global situation. States have responded to this risk by engaging in a collective commitment to strengthen the protection and control of such material and to respond effectively to nuclear security events. States have agreed to strengthen existing instruments and have established new international legal instruments to enhance nuclear security worldwide. Nuclear security is fundamental in the management of nuclear technologies and in applications where nuclear material or other radioactive material is used or transported. Through its nuclear security programme, the IAEA supports States to establish, maintain and sustain an effective nuclear security regime. The IAEA has adopted a comprehensive approach to nuclear security. This recognizes that an effective national nuclear security regime builds on: the implementation of relevant international legal instruments; information protection; physical protection; material accounting and control; detection of and response to trafficking in such material; national response plans; and contingency measures. With its Nuclear Security Series, the IAEA aims to assist States in implementing and sustaining such a regime in a coherent and integrated manner. The IAEA Nuclear Security Series comprises: Nuclear Security Fundamentals, which include the objective and essential elements of a State's nuclear security regime; Recommendations; Implementing Guides; and Technical Guidance. Each State carries the full responsibility for nuclear security. Specifically, each State has the responsibility to provide for the security of nuclear material and other radioactive material and their associated facilities and activities; to ensure the security of such material in use, storage, or in transport; to combat illicit trafficking and the inadvertent movement of

Objective and Essential Elements of a State's Nuclear Security Regime. Nuclear Security Fundamentals (Arabic Edition)

International Nuclear Information System (INIS)

2014-01-01

The possibility that nuclear material or other radioactive material could be used for criminal purposes or intentionally used in an unauthorized manner cannot be ruled out in the current global situation. States have responded to this risk by engaging in a collective commitment to strengthen the protection and control of such material and to respond effectively to nuclear security events. States have agreed to strengthen existing instruments and have established new international legal instruments to enhance nuclear security worldwide. Nuclear security is fundamental in the management of nuclear technologies and in applications where nuclear material or other radioactive material is used or transported. Through its nuclear security programme, the IAEA supports States to establish, maintain and sustain an effective nuclear security regime. The IAEA has adopted a comprehensive approach to nuclear security. This recognizes that an effective national nuclear security regime builds on: the implementation of relevant international legal instruments; information protection; physical protection; material accounting and control; detection of and response to trafficking in such material; national response plans; and contingency measures. With its Nuclear Security Series, the IAEA aims to assist States in implementing and sustaining such a regime in a coherent and integrated manner. The IAEA Nuclear Security Series comprises: Nuclear Security Fundamentals, which include the objective and essential elements of a State's nuclear security regime; Recommendations; Implementing Guides; and Technical Guidance. Each State carries the full responsibility for nuclear security. Specifically, each State has the responsibility to provide for the security of nuclear material and other radioactive material and their associated facilities and activities; to ensure the security of such material in use, storage, or in transport; to combat illicit trafficking and the inadvertent movement of

Objective and Essential Elements of a State's Nuclear Security Regime. Nuclear Security Fundamentals (Spanish Edition)

International Nuclear Information System (INIS)

2014-01-01

The possibility that nuclear material or other radioactive material could be used for criminal purposes or intentionally used in an unauthorized manner cannot be ruled out in the current global situation. States have responded to this risk by engaging in a collective commitment to strengthen the protection and control of such material and to respond effectively to nuclear security events. States have agreed to strengthen existing instruments and have established new international legal instruments to enhance nuclear security worldwide. Nuclear security is fundamental in the management of nuclear technologies and in applications where nuclear material or other radioactive material is used or transported. Through its nuclear security programme, the IAEA supports States to establish, maintain and sustain an effective nuclear security regime. The IAEA has adopted a comprehensive approach to nuclear security. This recognizes that an effective national nuclear security regime builds on: the implementation of relevant international legal instruments; information protection; physical protection; material accounting and control; detection of and response to trafficking in such material; national response plans; and contingency measures. With its Nuclear Security Series, the IAEA aims to assist States in implementing and sustaining such a regime in a coherent and integrated manner. The IAEA Nuclear Security Series comprises: Nuclear Security Fundamentals, which include the objeurity Fundamentals, which include the objective and essential elements of a State's nuclear security regime; Recommendations; Implementing Guides; and Technical Guidance. Each State carries the full responsibility for nuclear security. Specifically, each State has the responsibility to provide for the security of nuclear material and other radioactive material and their associated facilities and activities; to ensure the security of such material in use, storage, or in transport; to combat illicit

Objective and Essential Elements of a State's Nuclear Security Regime. Nuclear Security Fundamentals (French Edition)

International Nuclear Information System (INIS)

2014-01-01

The possibility that nuclear material or other radioactive material could be used for criminal purposes or intentionally used in an unauthorized manner cannot be ruled out in the current global situation. States have responded to this risk by engaging in a collective commitment to strengthen the protection and control of such material and to respond effectively to nuclear security events. States have agreed to strengthen existing instruments and have established new international legal instruments to enhance nuclear security worldwide. Nuclear security is fundamental in the management of nuclear technologies and in applications where nuclear material or other radioactive material is used or transported. Through its nuclear security programme, the IAEA supports States to establish, maintain and sustain an effective nuclear security regime. The IAEA has adopted a comprehensive approach to nuclear security. This recognizes that an effective national nuclear security regime builds on: the implementation of relevant international legal instruments; information protection; physical protection; material accounting and control; detection of and response to trafficking in such material; national response plans; and contingency measures. With its Nuclear Security Series, the IAEA aims to assist States in implementing and sustaining such a regime in a coherent and integrated manner. The IAEA Nuclear Security Series comprises: Nuclear Security Fundamentals, which include the objective and essential elements of a State's nuclear security regime; Recommendations; Implementing Guides; and Technical Guidance. Each State carries the full responsibility for nuclear security. Specifically, each State has the responsibility to provide for the security of nuclear material and other radioactive material and their associated facilities and activities; to ensure the security of such material in use, storage, or in transport; to combat illicit trafficking and the inadvertent movement of

High-Tech Security Help.

Science.gov (United States)

Flanigan, Robin L.

2000-01-01

Advocates embrace high-tech security measures as necessary to avoid Columbine-style massacres. Critics contend that school systems can go overboard, making students feel less safe and too closely scrutinized. Current electronic, biometric, and computer-mapping devices and school applications are discussed. Vendors are listed. (MLH)

Security and arms control

International Nuclear Information System (INIS)

Kolodziej, E.A.; Morgan, P.M.

1989-01-01

This book attempts to clarify and define selected current issues and problems related to security and arms control from an international perspective. The chapters are organized under the following headings. Conflict and the international system, Nuclear deterrence, Conventional warfare, Subconventional conflict, Arms control and crisis management

Optical security features for plastic card documents

Science.gov (United States)

Hossick Schott, Joachim

1998-04-01

Print-on-demand is currently a major trend in the production of paper based documents. This fully digital production philosophy will likely have ramifications also for the secure identification document market. Here, plastic cards increasingly replace traditionally paper based security sensitive documents such as drivers licenses and passports. The information content of plastic cards can be made highly secure by using chip cards. However, printed and other optical security features will continue to play an important role, both for machine readable and visual inspection. Therefore, on-demand high resolution print technologies, laser engraving, luminescent pigments and laminated features such as holograms, kinegrams or phase gratings will have to be considered for the production of secure identification documents. Very important are also basic optical, surface and material durability properties of the laminates as well as the strength and nature of the adhesion between the layers. This presentation will address some of the specific problems encountered when optical security features such as high resolution printing and laser engraving are to be integrated in the on-demand production of secure plastic card identification documents.

Dual-Level Security based Cyclic18 Steganographic Method and its Application for Secure Transmission of Keyframes during Wireless Capsule Endoscopy.

Science.gov (United States)

Muhammad, Khan; Sajjad, Muhammad; Baik, Sung Wook

2016-05-01

In this paper, the problem of secure transmission of sensitive contents over the public network Internet is addressed by proposing a novel data hiding method in encrypted images with dual-level security. The secret information is divided into three blocks using a specific pattern, followed by an encryption mechanism based on the three-level encryption algorithm (TLEA). The input image is scrambled using a secret key, and the encrypted sub-message blocks are then embedded in the scrambled image by cyclic18 least significant bit (LSB) substitution method, utilizing LSBs and intermediate LSB planes. Furthermore, the cover image and its planes are rotated at different angles using a secret key prior to embedding, deceiving the attacker during data extraction. The usage of message blocks division, TLEA, image scrambling, and the cyclic18 LSB method results in an advanced security system, maintaining the visual transparency of resultant images and increasing the security of embedded data. In addition, employing various secret keys for image scrambling, data encryption, and data hiding using the cyclic18 LSB method makes the data recovery comparatively more challenging for attackers. Experimental results not only validate the effectiveness of the proposed framework in terms of visual quality and security compared to other state-of-the-art methods, but also suggest its feasibility for secure transmission of diagnostically important keyframes to healthcare centers and gastroenterologists during wireless capsule endoscopy.

Social security financing.

Science.gov (United States)

1980-05-01

After nearly 2 years of study, the 1979 Advisory Council on Social Security submitted its findings and recommendations in December. In February the Bulletin published the Executive Summary of the Council's report. Because of the continuing wide public interest in the future of social security financing, the Council's detailed findings and recommendations on that subject are published below. The Council unanimously reports that all current and future beneficiaries can count on receiving the payments to which they are entitled. Among the recommendations it calls for are partial financing with nonpayroll-tax revenues. Suggested changes include hospital insurance (HI) financed through portins of personal and corporate income taxes and a part of the HI insurance payroll tax diverted to cash benefits with the balance of this tax repealed. The Council also recommends that the social security cash benefits program be brought into long-run actuarial balance--with a payroll-tax rate increase in the year 2005. It rejects the idea of a value-added tax as being inflationary. Parenthetical remarks represent additional views of the Council members cited.

Information Security - A Growing Challenge for Online Business

Directory of Open Access Journals (Sweden)

Gabriela GHEORGHE

2017-06-01

Full Text Available In present, the cyber attack move to a global scale, also the online business cyber threats have the effect of impeding and even huge losses. Security issues currently facing online commerce, online payment systems require finding solutions to improve the security solutions offered by the providers of Business Information solution.

Endpoint Security Using Biometric Authentication for Secure Remote Mission Operations

Science.gov (United States)

Donohue, John T.; Critchfield, Anna R.

2000-01-01

We propose a flexible security authentication solution for the spacecraft end-user, which will allow the user to interact over Internet with the spacecraft, its instruments, or with the ground segment from anywhere, anytime based on the user's pre-defined set of privileges. This package includes biometrics authentication products, such as face, voice or fingerprint recognition, authentication services and procedures, such as: user registration and verification over the Internet and user database maintenance, with a configurable schema of spacecraft users' privileges. This fast and reliable user authentication mechanism will become an integral part of end-to-end ground-to-space secure Internet communications and migration from current practice to the future. All modules and services of the proposed package are commercially available and built to the NIST BioAPI standard, which facilitates "pluggability" and interoperability.

Security in a Web 2.0+ World A Standards Based Approach

CERN Document Server

Solari , Carlos Curtis

2010-01-01

Discover how technology is affecting your business, and why typical security mechanisms are failing to address the issue of risk and trust. Security for a Web 2.0+ World looks at the perplexing issues of cyber security, and will be of interest to those who need to know how to make effective security policy decisions to engineers who design ICT systems - a guide to information security and standards in the Web 2.0+ era. It provides an understanding of IT security in the converged world of communications technology based on the Internet Protocol. Many companies are currently applying security mo

A improved Network Security Situation Awareness Model

Directory of Open Access Journals (Sweden)

Li Fangwei

2015-08-01

Full Text Available In order to reflect the situation of network security assessment performance fully and accurately, a new network security situation awareness model based on information fusion was proposed. Network security situation is the result of fusion three aspects evaluation. In terms of attack, to improve the accuracy of evaluation, a situation assessment method of DDoS attack based on the information of data packet was proposed. In terms of vulnerability, a improved Common Vulnerability Scoring System (CVSS was raised and maked the assessment more comprehensive. In terms of node weights, the method of calculating the combined weights and optimizing the result by Sequence Quadratic Program (SQP algorithm which reduced the uncertainty of fusion was raised. To verify the validity and necessity of the method, a testing platform was built and used to test through evaluating 2000 DAPRA data sets. Experiments show that the method can improve the accuracy of evaluation results.

Intelligent Security IT System for Detecting Intruders Based on Received Signal Strength Indicators

Directory of Open Access Journals (Sweden)

Yunsick Sung

2016-10-01

Full Text Available Given that entropy-based IT technology has been applied in homes, office buildings and elsewhere for IT security systems, diverse kinds of intelligent services are currently provided. In particular, IT security systems have become more robust and varied. However, access control systems still depend on tags held by building entrants. Since tags can be obtained by intruders, an approach to counter the disadvantages of tags is required. For example, it is possible to track the movement of tags in intelligent buildings in order to detect intruders. Therefore, each tag owner can be judged by analyzing the movements of their tags. This paper proposes a security approach based on the received signal strength indicators (RSSIs of beacon-based tags to detect intruders. The normal RSSI patterns of moving entrants are obtained and analyzed. Intruders can be detected when abnormal RSSIs are measured in comparison to normal RSSI patterns. In the experiments, one normal and one abnormal scenario are defined for collecting the RSSIs of a Bluetooth-based beacon in order to validate the proposed method. When the RSSIs of both scenarios are compared to pre-collected RSSIs, the RSSIs of the abnormal scenario are about 61% more different compared to the RSSIs of the normal scenario. Therefore, intruders in buildings can be detected by considering RSSI differences.

Social Security and the Evolution of Elderly Poverty

OpenAIRE

Gary V. Engelhardt; Jonathan Gruber

2004-01-01

We use data from the March 1968-2001 Current Population Surveys to document the evolution of elderly poverty over this time period, and to assess the causal role of the Social Security program in reducing poverty rates. We develop an instrumental variable approach that relies on the large increase in benefits for birth cohorts from 1885 through 1916, and the subsequent decline and flattening of real benefits growth due to the Social Securing 'notch', to estimate of Social Security on elderly ...

Overview of Accelerator Applications for Security and Defense

Science.gov (United States)

Antolak, Arlyn J.

Particle accelerators play a key role in a broad set of defense and security applications, including war-fighter and asset protection, cargo inspection, nonproliferation, materials characterization, and stockpile stewardship. Accelerators can replace the high activity radioactive sources that pose a security threat to developing a radiological dispersal device, and, can be used to produce isotopes for medical, industrial, and research purposes. An overview of current and emerging accelerator technologies relevant to addressing the needs of defense and security is presented.

Design and Analysis of Optimization Algorithms to Minimize Cryptographic Processing in BGP Security Protocols.

Science.gov (United States)

Sriram, Vinay K; Montgomery, Doug

2017-07-01

The Internet is subject to attacks due to vulnerabilities in its routing protocols. One proposed approach to attain greater security is to cryptographically protect network reachability announcements exchanged between Border Gateway Protocol (BGP) routers. This study proposes and evaluates the performance and efficiency of various optimization algorithms for validation of digitally signed BGP updates. In particular, this investigation focuses on the BGPSEC (BGP with SECurity extensions) protocol, currently under consideration for standardization in the Internet Engineering Task Force. We analyze three basic BGPSEC update processing algorithms: Unoptimized, Cache Common Segments (CCS) optimization, and Best Path Only (BPO) optimization. We further propose and study cache management schemes to be used in conjunction with the CCS and BPO algorithms. The performance metrics used in the analyses are: (1) routing table convergence time after BGPSEC peering reset or router reboot events and (2) peak-second signature verification workload. Both analytical modeling and detailed trace-driven simulation were performed. Results show that the BPO algorithm is 330% to 628% faster than the unoptimized algorithm for routing table convergence in a typical Internet core-facing provider edge router.

CONSIDERATIONS REGARDING THE 21st CENTURY’s HIGH QUALITY SECURITY CONCEPT

Directory of Open Access Journals (Sweden)

Eugen SITEANU

2017-12-01

Full Text Available The present paper is devoted to qualitative security which today has to become a topic issue of world security. The opinions regarding the 21st century’s security concept are contradictory since people have different understandings and perceptions of security, respectively insecurity, and do not agree to analyze the security concept as a function of the system. Our take is that implementation of some new security concepts should aim an analysis and understanding of security in an integrating view, in order to make the most comprehensive security environment possible. Therefore, we do believe that it is necessary to define the concept of high quality security, which is translated in our current paper.

Advanced verification methods for OVI security ink

Science.gov (United States)

Coombs, Paul G.; McCaffery, Shaun F.; Markantes, Tom

2006-02-01

OVI security ink +, incorporating OVP security pigment* microflakes, enjoys a history of effective document protection. This security feature provides not only first-line recognition by the person on the street, but also facilitates machine-readability. This paper explores the evolution of OVI reader technology from proof-of-concept to miniaturization. Three different instruments have been built to advance the technology of OVI machine verification. A bench-top unit has been constructed which allows users to automatically verify a multitude of different banknotes and OVI images. In addition, high speed modules were fabricated and tested in a state of the art banknote sorting machine. Both units demonstrate the ability of modern optical components to illuminate and collect light reflected from the interference platelets within OVI ink. Electronic hardware and software convert and process the optical information in milliseconds to accurately determine the authenticity of the security feature. Most recently, OVI ink verification hardware has been miniaturized and simplified providing yet another platform for counterfeit protection. These latest devices provide a tool for store clerks and bank tellers to unambiguously determine the validity of banknotes in the time period it takes the cash drawer to be opened.

The economic security of power plants

Directory of Open Access Journals (Sweden)

Niedziółka Dorota

2017-01-01

Full Text Available Currently, power plants in Poland have to work in a very uncomfortable situation. Unstable market conditions and frequent changes in the law may have serious adverse consequences for their economic security. Power plants play a very important role in the economy. The effectiveness of their performance affects the activity of all other businesses. Therefore, it is very important to provide a definition of economic security for the power plants’ sector and the factors determining its level. Maintaining economic security will allow energy generation companies to grow in a sustainable way as well as limit operational risk. A precise definition can also be used to create analytical tools for economic security measurement and monitoring. Proper usage of such tools can help energy generation companies sustain their economic security and properly plan their capital expenditures. The article focuses on the definition of economic security in the “micro” context of a separate business unit (enterprise. We also present an analytical model that measures economic security of a company engaged in the production of energy - a company of strategic importance for the national economy. The model uses macroeconomic variables, variables describing prices of raw material and legal / political stability in the country, as well as selected financial indicators. The appliance of conclusions resulting from the model’s implementation will help provide economic security for companies generating energy.

Current Status of the Validation of the Atmospheric Chemistry Instruments on Envisat

Science.gov (United States)

Lecomte, P.; Koopman, R.; Zehner, C.; Laur, H.; Attema, E.; Wursteisen, P.; Snoeij, P.

2003-04-01

Envisat is ESA's advanced Earth observing satellite launched in March 2002 and is designed to provide measurements of the atmosphere, ocean, land and ice over a five-year period. After the launch and the switch-on period, a six-month commissioning phase has taken place for instrument calibration and geophysical validation, concluded with the Envisat Calibration Review held in September 2002. In addition to ESA and its industrial partners in the Envisat consortium, many other companies and research institutes have contributed to the calibration and validation programme under ESA contract as expert support laboratories (ESLs). A major contribution has also been made by the Principal Investigators of approved proposals submitted to ESA in response to a worldwide "Announcement of Opportunity for the Exploitation of the Envisat Data Products" in 1998. Working teams have been formed in which the different participants worked side by side to achieve the objectives of the calibration and validation programme. Validation is a comparison of Envisat level-2 data products and estimates of the different geophysical variables obtained by independent means, the validation instruments. Validation is closely linked to calibration because inconsistencies discovered in the comparison of Envisat Level 2 data products to well-known external instruments can have many different sources, including inaccuracies of the Envisat instrument calibration and the data calibration algorithms. Therefore, initial validation of the geophysical variables has provided feedback to calibration, de-bugging and algorithm improvement. The initial validation phase ended in December 2002 with the Envisat Validation Workshop at which, for a number of products, a final quality statement was given. Full validation of all data products available from the Atmospheric Chemistry Instruments on Envisat (MIPAS, GOMOS and SCIAMACHY) is quite a challenge and therefore it has been decided to adopt a step-wise approach

Securing IoT Devices at CERN

CERN Multimedia

CERN. Geneva

2018-01-01

CERN has more than 1000 Internet of Things (IoT) devices, which are connected to the office network. We have been doing the research to find all vulnerable IoT devices in CERN and mitigated them. We are currently working on detecting IoT devices automatically and, moreover, identifying the manufacturer, model and the running firmware version. This will help the CERN Computer Security Team to spot vulnerable devices and to show the security risks associated with them.

QuickCash: Secure Transfer Payment Systems

Directory of Open Access Journals (Sweden)

Abdulrahman Alhothaily

2017-06-01

Full Text Available Payment systems play a significant role in our daily lives. They are an important driver of economic activities and a vital part of the banking infrastructure of any country. Several current payment systems focus on security and reliability but pay less attention to users’ needs and behaviors. For example, people may share their bankcards with friends or relatives to withdraw money for various reasons. This behavior can lead to a variety of privacy and security issues since the cardholder has to share a bankcard and other sensitive information such as a personal identification number (PIN. In addition, it is commonplace that cardholders may lose their cards, and may not be able to access their accounts due to various reasons. Furthermore, transferring money to an individual who has lost their bankcard and identification information is not a straightforward task. A user-friendly person-to-person payment system is urgently needed to perform secure and reliable transactions that benefit from current technological advancements. In this paper, we propose two secure fund transfer methods termed QuickCash Online and QuickCash Offline to transfer money from peer to peer using the existing banking infrastructure. Our methods provide a convenient way to transfer money quickly, and they do not require using bank cards or any identification card. Unlike other person-to-person payment systems, the proposed methods do not require the receiving entity to have a bank account, or to perform any registration procedure. We implement our QuickCash payment systems and analyze their security strengths and properties.

QuickCash: Secure Transfer Payment Systems

Science.gov (United States)

Alhothaily, Abdulrahman; Alrawais, Arwa; Song, Tianyi; Lin, Bin; Cheng, Xiuzhen

2017-01-01

Payment systems play a significant role in our daily lives. They are an important driver of economic activities and a vital part of the banking infrastructure of any country. Several current payment systems focus on security and reliability but pay less attention to users’ needs and behaviors. For example, people may share their bankcards with friends or relatives to withdraw money for various reasons. This behavior can lead to a variety of privacy and security issues since the cardholder has to share a bankcard and other sensitive information such as a personal identification number (PIN). In addition, it is commonplace that cardholders may lose their cards, and may not be able to access their accounts due to various reasons. Furthermore, transferring money to an individual who has lost their bankcard and identification information is not a straightforward task. A user-friendly person-to-person payment system is urgently needed to perform secure and reliable transactions that benefit from current technological advancements. In this paper, we propose two secure fund transfer methods termed QuickCash Online and QuickCash Offline to transfer money from peer to peer using the existing banking infrastructure. Our methods provide a convenient way to transfer money quickly, and they do not require using bank cards or any identification card. Unlike other person-to-person payment systems, the proposed methods do not require the receiving entity to have a bank account, or to perform any registration procedure. We implement our QuickCash payment systems and analyze their security strengths and properties. PMID:28608846

QuickCash: Secure Transfer Payment Systems.

Science.gov (United States)

Alhothaily, Abdulrahman; Alrawais, Arwa; Song, Tianyi; Lin, Bin; Cheng, Xiuzhen

2017-06-13

Payment systems play a significant role in our daily lives. They are an important driver of economic activities and a vital part of the banking infrastructure of any country. Several current payment systems focus on security and reliability but pay less attention to users' needs and behaviors. For example, people may share their bankcards with friends or relatives to withdraw money for various reasons. This behavior can lead to a variety of privacy and security issues since the cardholder has to share a bankcard and other sensitive information such as a personal identification number (PIN). In addition, it is commonplace that cardholders may lose their cards, and may not be able to access their accounts due to various reasons. Furthermore, transferring money to an individual who has lost their bankcard and identification information is not a straightforward task. A user-friendly person-to-person payment system is urgently needed to perform secure and reliable transactions that benefit from current technological advancements. In this paper, we propose two secure fund transfer methods termed QuickCash Online and QuickCash Offline to transfer money from peer to peer using the existing banking infrastructure. Our methods provide a convenient way to transfer money quickly, and they do not require using bank cards or any identification card. Unlike other person-to-person payment systems, the proposed methods do not require the receiving entity to have a bank account, or to perform any registration procedure. We implement our QuickCash payment systems and analyze their security strengths and properties.

Control Systems Cyber Security Standards Support Activities

Energy Technology Data Exchange (ETDEWEB)

Robert Evans

2009-01-01

The Department of Homeland Security’s Control Systems Security Program (CSSP) is working with industry to secure critical infrastructure sectors from cyber intrusions that could compromise control systems. This document describes CSSP’s current activities with industry organizations in developing cyber security standards for control systems. In addition, it summarizes the standards work being conducted by organizations within the sector and provides a brief listing of sector meetings and conferences that might be of interest for each sector. Control systems cyber security standards are part of a rapidly changing environment. The participation of CSSP in the development effort for these standards has provided consistency in the technical content of the standards while ensuring that information developed by CSSP is included.

National Security Technology Incubation Project Continuation Plan

Energy Technology Data Exchange (ETDEWEB)

None

2008-09-30

This document contains a project continuation plan for the National Security Technology Incubator (NSTI). The plan was developed as part of the National Security Preparedness Project (NSPP) funded by a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This continuation plan describes the current status of NSTI (staffing and clients), long-term goals, strategies, and long-term financial solvency goals.The Arrowhead Center of New Mexico State University (NMSU) is the operator and manager of the NSTI. To realize the NSTI, Arrowhead Center must meet several performance objectives related to planning, development, execution, evaluation, and sustainability. This continuation plan is critical to the success of NSTI in its mission of incubating businesses with security technology products and services.

Status of Educational Efforts in National Security Workforce

Energy Technology Data Exchange (ETDEWEB)

None

2008-03-31

This report documents the status of educational efforts for the preparation of a national security workforce as part of the National Security Preparedness Project, being performed by the Arrowhead Center of New Mexico State University under a DOE/NNSA grant. The need to adequately train and educate a national security workforce is at a critical juncture. Even though there are an increasing number of college graduates in the appropriate fields, many of these graduates choose to work in the private sector because of more desirable salary and benefit packages. This report includes an assessment of the current educational situation for the national security workforce.

Comprehensive Assessment of Industries Economic Security: Regional Aspect

Directory of Open Access Journals (Sweden)

Viktoriya Viktorovna Akberdina

2017-12-01

Full Text Available The article investigates the interaction of the forms of network integration and the development of complimentary production networks in terms of economic security. Currently, the most developed countries are occurring a transition from the industrial society to the information society. The industry 4.0 as the continuous communication at all levels and characterizes the production processes, in which technologies and devices interact automatically in the value-added chain. Under these new conditions, the former types of organizational structures of economic entities are not sufficiently effective. Therefore, there is a need to create new, modern types of organizational structures. One of these types is network structures. Currently, they are becoming characteristic features of the new economy. Regional economic security depends on internal and external threats, which lead to unstable situations. Regional crisis situations are influenced by both macroeconomic crisis processes and local features of economic and social development, as well as the resource potential, geographical location, national and other peculiarities. The article defines the specific characteristics of the regions of the Ural Federal District, as well as the current situation of the regional economy and threats to the region. The authors have evaluated the economic security of complimentary production networks at the regional level. This evaluation has revealed the interconnection between complimentary production networks and the construction industry in the national economy. We have defined the economic security of complimentary production networks and specified the concept of complimentary production networks. The research findings may be applied by organizations as a new perspective of industry using network forms related to economic security

Hardware security and trust design and deployment of integrated circuits in a threatened environment

CERN Document Server

Chaves, Ricardo; Natale, Giorgio; Regazzoni, Francesco

2017-01-01

This book provides a comprehensive introduction to hardware security, from specification to implementation. Applications discussed include embedded systems ranging from small RFID tags to satellites orbiting the earth. The authors describe a design and synthesis flow, which will transform a given circuit into a secure design incorporating counter-measures against fault attacks. In order to address the conflict between testability and security, the authors describe innovative design-for-testability (DFT) computer-aided design (CAD) tools that support security challenges, engineered for compliance with existing, commercial tools. Secure protocols are discussed, which protect access to necessary test infrastructures and enable the design of secure access controllers. Covers all aspects of hardware security including design, manufacturing, testing, reliability, validation and utilization; Describes new methods and algorithms for the identification/detection of hardware trojans; Defines new architectures capable o...

External dimension of Ukraine’s security policy

Directory of Open Access Journals (Sweden)

O. S. Vonsovych

2015-07-01

Full Text Available Investigation of the external dimension of security policy of Ukraine is stipulated for the need to analyse the current state of relations with organizations such as the Organization for Security and Co-operation in Europe and The Collective Security Treaty Organization, and relations within the Common European Security and Defence Policy. Ukraine’s European Integration means inclusion in the global space security with countries that it shares common values and principles. It does not exclude the collaboration with the countries that belong to other systems of collective security in the scope that is appropriate to basic national interests of Ukraine. It is proved that the activities of the OSCE Special Monitoring Mission is an important contribution to the process of peaceful conflict resolution, and helps to develop democratic principles and foundations of foreign policy. It is determined that the further development of the constructive cooperation between the EU advisory mission under CSDP will provide an opportunity to improve and increase the security of national borders from external threats and challenges, and help to accelerate the process of integration into the European security space. The attention is paid to the fact that, taken into consideration the state of relations with Russia, the further cooperation with the Collective Security Treaty Organization (CSTO may adversely affect the overall security situation in Ukraine and lead to further tension with Russia today.

Denial technology, the neglected security element

International Nuclear Information System (INIS)

Mauney, C.H.

1982-01-01

Even though there has been an increased concern over providing adequate security during the past decade, and even though some aspects of existing security systems have been enhanced during this period, much remains to be done to provide that balance which is so necessary to have all elements function as an effective unit. The area that primarily has been neglected is the delay element - the part of the system which makes possible the needed time for the security force to respond after an intrustion is detected and prior to the adversary attaining his desired goal. The purpose of this paper is to address the vulnerabilities of a security system which exist without the proper delay elements and to suggest how current technology can provide, through the use of activated barriers, that needed delay time to bring the system into balance. Security managers desire reliability and effectiveness; plant managers require safety, non-interference with operations, cost considerate capability, and aesthetic application - these characteristics will be addressed in the context of providing the required delay. This paper, hopefully, will set the stage for dialogue between developer and user, yielding a mutally acceptable approach to balanced security protection

Computational Intelligence, Cyber Security and Computational Models

CERN Document Server

Anitha, R; Lekshmi, R; Kumar, M; Bonato, Anthony; Graña, Manuel

2014-01-01

This book contains cutting-edge research material presented by researchers, engineers, developers, and practitioners from academia and industry at the International Conference on Computational Intelligence, Cyber Security and Computational Models (ICC3) organized by PSG College of Technology, Coimbatore, India during December 19–21, 2013. The materials in the book include theory and applications for design, analysis, and modeling of computational intelligence and security. The book will be useful material for students, researchers, professionals, and academicians. It will help in understanding current research trends and findings and future scope of research in computational intelligence, cyber security, and computational models.

A covert authentication and security solution for GMOs.

Science.gov (United States)

Mueller, Siguna; Jafari, Farhad; Roth, Don

2016-09-21

Proliferation and expansion of security risks necessitates new measures to ensure authenticity and validation of GMOs. Watermarking and other cryptographic methods are available which conceal and recover the original signature, but in the process reveal the authentication information. In many scenarios watermarking and standard cryptographic methods are necessary but not sufficient and new, more advanced, cryptographic protocols are necessary. Herein, we present a new crypto protocol, that is applicable in broader settings, and embeds the authentication string indistinguishably from a random element in the signature space and the string is verified or denied without disclosing the actual signature. Results show that in a nucleotide string of 1000, the algorithm gives a correlation of 0.98 or higher between the distribution of the codon and that of E. coli, making the signature virtually invisible. This algorithm may be used to securely authenticate and validate GMOs without disclosing the actual signature. While this protocol uses watermarking, its novelty is in use of more complex cryptographic techniques based on zero knowledge proofs to encode information.

Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model

Science.gov (United States)

Moghaddasi, Hamid; Kamkarhaghighi, Mehran

2016-01-01

Introduction: Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. Background: The “data security models” presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the “needs and improvement” cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Findings: Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Conclusion: Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced. PMID:27857823

Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model.

Science.gov (United States)

Moghaddasi, Hamid; Sajjadi, Samad; Kamkarhaghighi, Mehran

2016-01-01

Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. The "data security models" presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the "needs and improvement" cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced.

What is Security? A perspective on achieving security

Energy Technology Data Exchange (ETDEWEB)

Atencio, Julian J.

2014-05-05

This presentation provides a perspective on achieving security in an organization. It touches upon security as a mindset, ability to adhere to rules, cultivating awareness of the reason for a security mindset, the quality of a security program, willingness to admit fault or acknowledge failure, peer review in security, science as a model that can be applied to the security profession, the security vision, security partnering, staleness in the security program, security responsibilities, and achievement of success over time despite the impossibility of perfection.

Safety and Security at School: A Pedagogical Perspective

Science.gov (United States)

de Waal, Elda; Grosser, M. M.

2009-01-01

Education law and policy currently focus on broader physical aspects of safety and security at schools, as well as, for example, on pedagogical insecurity such as is caused by discriminatory teaching, but law and policy have yet to pay attention to the overall and far-reaching pedagogical safety and security of learners. By means of a descriptive…

Conducting an information security audit

Directory of Open Access Journals (Sweden)

Prof. Ph.D . Gheorghe Popescu

2008-05-01

Full Text Available The rapid and dramatic advances in information technology (IT in recent years have withoutquestion generated tremendous benefits. At the same time, information technology has created significant,nunprecedented risks to government and to entities operations. So, computer security has become muchmore important as all levels of government and entities utilize information systems security measures toavoid data tampering, fraud, disruptions in critical operations, and inappropriate disclosure of sensitiveinformation. Obviously, uses of computer security become essential in minimizing the risk of malicious attacksfrom individuals and groups, considering that there are many current computer systems with onlylimited security precautions in place.As we already know financial audits are the most common examinations that a business manager en-counters.This is a familiar area for most executives: they know that financial auditors are going to examine the financial records and how those records are used. They may even be familiar with physical securityaudits. However, they are unlikely to be acquainted with information security audits; that is an audit ofhow the confidentiality, availability and integrity of an organization’s information are assured. Any way,if not, they should be, especially that an information security audit is one of the best ways to determine thesecurity of an organization’s information without incurring the cost and other associated damages of a securityincident.

Security of radioactive sources. Interim guidance for comment

International Nuclear Information System (INIS)

2003-06-01

In previous IAEA publications, there have been only rather general security requirements for non-nuclear radioactive material. These requirements were primarily directed to such issues as unintentional exposure to radiation, negligence and inadvertent loss. However, it is clear that more guidance is needed to not only try and prevent further events involving orphan sources, but also to prevent the deliberate attempt to acquire radioactive sources for malevolent purposes. Member States have requested guidance on the type and nature of security measures that might be put in place and on the methodology to be used in choosing such measures. These requests were also endorsed in the findings of the international conference on 'Security of Radioactive Sources' held in March 2003. Practical advice on assessing and implementing security measures complements the general commitments in the proposed Revised Code of Conduct on Safety and Security of radioactive Sources. A Safety Guide entitled 'Safety and Security of Radiation Sources' that, amongst other things, discusses these issues is being drafted. However, it is recognized that guidance material is required before this document will be finalized in order to allow Member States opportunity to put in place appropriate actions and planning to address current issues. Hence the purpose of the current document is to provide advice on security approaches and to allow comment on detailed recommendations for levels of security on radioactive sources that may be incorporated within the Safety Guide. This report is primarily addressed to Regulatory Authorities but it is also intended to provide guidance to manufacturers, suppliers and users of sources. Its objective is to assist Member States in deciding which security measures are needed to ensure consistency with the International Basic Safety Standards and the Revised Code of Conduct for the Safety and Security of Radioactive Sources. It is recognized that there must be a

Machine Learning for Security

CERN Multimedia

CERN. Geneva

2015-01-01

Applied statistics, aka ‘Machine Learning’, offers a wealth of techniques for answering security questions. It’s a much hyped topic in the big data world, with many companies now providing machine learning as a service. This talk will demystify these techniques, explain the math, and demonstrate their application to security problems. The presentation will include how-to’s on classifying malware, looking into encrypted tunnels, and finding botnets in DNS data. About the speaker Josiah is a security researcher with HP TippingPoint DVLabs Research Group. He has over 15 years of professional software development experience. Josiah used to do AI, with work focused on graph theory, search, and deductive inference on large knowledge bases. As rules only get you so far, he moved from AI to using machine learning techniques identifying failure modes in email traffic. There followed digressions into clustered data storage and later integrated control systems. Current ...

Hardware-Assisted System for Program Execution Security of SOC

Directory of Open Access Journals (Sweden)

Wang Xiang

2016-01-01

Full Text Available With the rapid development of embedded systems, the systems’ security has become more and more important. Most embedded systems are at the risk of series of software attacks, such as buffer overflow attack, Trojan virus. In addition, with the rapid growth in the number of embedded systems and wide application, followed embedded hardware attacks are also increasing. This paper presents a new hardware assisted security mechanism to protect the program’s code and data, monitoring its normal execution. The mechanism mainly monitors three types of information: the start/end address of the program of basic blocks; the lightweight hash value in basic blocks and address of the next basic block. These parameters are extracted through additional tools running on PC. The information will be stored in the security module. During normal program execution, the security module is designed to compare the real-time state of program with the information in the security module. If abnormal, it will trigger the appropriate security response, suspend the program and jump to the specified location. The module has been tested and validated on the SOPC with OR1200 processor. The experimental analysis shows that the proposed mechanism can defence a wide range of common software and physical attacks with low performance penalties and minimal overheads.

Handbook of space security policies, applications and programs

CERN Document Server

Hays, Peter; Robinson, Jana; Moura, Denis; Giannopapa, Christina

2015-01-01

Space Security involves the use of space (in particular communication, navigation, earth observation, and electronic intelligence satellites) for military and security purposes on earth and also the maintenance of space (in particular the earth orbits) as safe and secure areas for conducting peaceful activities. The two aspects can be summarized as "space for security on earth" and “the safeguarding of space for peaceful endeavors.” The Handbook will provide a sophisticated, cutting-edge resource on the space security policy portfolio and the associated assets, assisting fellow members of the global space community and other interested policy-making and academic audiences in keeping abreast of the current and future directions of this vital dimension of international space policy. The debate on coordinated space security measures, including relevant 'Transparency and Confidence-Building Measures,' remains at a relatively early stage of development. The book offers a comprehensive description of the variou...

The Importance of the Security Culture in SMEs as Regards the Correct Management of the Security of Their Assets

Directory of Open Access Journals (Sweden)

Antonio Santos-Olmo

2016-07-01

Full Text Available The information society is increasingly more dependent on Information Security Management Systems (ISMSs, and the availability of these kinds of systems is now vital for the development of Small and Medium-Sized Enterprises (SMEs. However, these companies require ISMSs that have been adapted to their special features, and which are optimized as regards the resources needed to deploy and maintain them. This article shows how important the security culture within ISMSs is for SMEs, and how the concept of security culture has been introduced into a security management methodology (MARISMA is a Methodology for “Information Security Management System in SMEs” developed by the Sicaman Nuevas Tecnologías Company, Research Group GSyA and Alarcos of the University of Castilla-La Mancha. for SMEs. This model is currently being directly applied to real cases, thus allowing a steady improvement to be made to its implementation.

17 CFR 270.2a-4 - Definition of “current net asset value” for use in computing periodically the current price of...

Science.gov (United States)

2010-04-01

... value between calculations made as of the close of the New York Stock Exchange on the preceding business... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Definition of âcurrent net... Section 270.2a-4 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) RULES...

IAEA Nuclear Security Human Resource Development Program

International Nuclear Information System (INIS)

Braunegger-Guelich, A.

2009-01-01

The IAEA is at the forefront of international efforts to strengthen the world's nuclear security framework. The current Nuclear Security Plan for 2006-2009 was approved by the IAEA Board of Governors in September 2005. This Plan has three main points of focus: needs assessment, prevention, detection and response. Its overall objective is to achieve improved worldwide security of nuclear and other radioactive material in use, storage and transport, and of their associated facilities. This will be achieved, in particular, through the provision of guidelines and recommendations, human resource development, nuclear security advisory services and assistance for the implementation of the framework in States, upon request. The presentation provides an overview of the IAEA nuclear security human resource development program that is divided into two parts: training and education. Whereas the training program focuses on filling gaps between the actual performance of personnel working in the area of nuclear security and the required competencies and skills needed to meet the international requirements and recommendations described in UN and IAEA documents relating to nuclear security, the Educational Program in Nuclear Security aims at developing nuclear security experts and specialists, at fostering a nuclear security culture and at establishing in this way sustainable knowledge in this field within a State. The presentation also elaborates on the nuclear security computer based learning component and provides insights into the use of human resource development as a tool in achieving the IAEA's long term goal of improving sustainable nuclear security in States. (author)

A Component-Based Approach for Securing Indoor Home Care Applications.

Science.gov (United States)

Agirre, Aitor; Armentia, Aintzane; Estévez, Elisabet; Marcos, Marga

2017-12-26

eHealth systems have adopted recent advances on sensing technologies together with advances in information and communication technologies (ICT) in order to provide people-centered services that improve the quality of life of an increasingly elderly population. As these eHealth services are founded on the acquisition and processing of sensitive data (e.g., personal details, diagnosis, treatments and medical history), any security threat would damage the public's confidence in them. This paper proposes a solution for the design and runtime management of indoor eHealth applications with security requirements. The proposal allows applications definition customized to patient particularities, including the early detection of health deterioration and suitable reaction (events) as well as security needs. At runtime, security support is twofold. A secured component-based platform supervises applications execution and provides events management, whilst the security of the communications among application components is also guaranteed. Additionally, the proposed event management scheme adopts the fog computing paradigm to enable local event related data storage and processing, thus saving communication bandwidth when communicating with the cloud. As a proof of concept, this proposal has been validated through the monitoring of the health status in diabetic patients at a nursing home.

A Study of Cyber Security Activities for Development of Safety-related Controller

Energy Technology Data Exchange (ETDEWEB)

Lee, Myeongkyun; Song, Seunghwan; Yoo, Kwanwoo; Yun, Donghwa [Korea Univ., Seoul (Korea, Republic of)

2014-05-15

Nuclear Power Plant Regulatory guide describes the regulatory requirements to implement cyber security activities to ensure that design and operate to respond to cyber threats that exploited to vulnerability of digital-based technologies associated with safety-related digital instrumentation and control systems at nuclear power plants. Cyber security activities coverage is instrumentation and control systems to perform safety functions and digital-based equipment to use development, test, analysis and asset for instrumentation and control systems. Regulatory guidance is required to the cyber security activities that should be performed in each development phase of safety-related controller. Development organization should establish and implement to cyber security plans for responding to cyber threats throughout each lifecycle phase and the result of the cyber security activities should be generated to the documents. In addition, the independent verification and validation organization should perform simulated penetration test for enhancing response capabilities to cyber security threats and development organization should establish and implement response hardening solutions for the cyber security vulnerabilities identified in the simulated penetration test.

A Study of Cyber Security Activities for Development of Safety-related Controller

International Nuclear Information System (INIS)

Lee, Myeongkyun; Song, Seunghwan; Yoo, Kwanwoo; Yun, Donghwa

2014-01-01

Nuclear Power Plant Regulatory guide describes the regulatory requirements to implement cyber security activities to ensure that design and operate to respond to cyber threats that exploited to vulnerability of digital-based technologies associated with safety-related digital instrumentation and control systems at nuclear power plants. Cyber security activities coverage is instrumentation and control systems to perform safety functions and digital-based equipment to use development, test, analysis and asset for instrumentation and control systems. Regulatory guidance is required to the cyber security activities that should be performed in each development phase of safety-related controller. Development organization should establish and implement to cyber security plans for responding to cyber threats throughout each lifecycle phase and the result of the cyber security activities should be generated to the documents. In addition, the independent verification and validation organization should perform simulated penetration test for enhancing response capabilities to cyber security threats and development organization should establish and implement response hardening solutions for the cyber security vulnerabilities identified in the simulated penetration test

[The concept and measurement of food security].

Science.gov (United States)

Kim, Kirang; Kim, Mi Kyung; Shin, Young Jeon

2008-11-01

During the past two decades, food deprivation and hunger have been recognized to be not just the concerns of only underdeveloped or developing countries, but as problems for many affluent Western nations as well. Many countries have made numerous efforts to define and measure the extent of these problems. Based on these efforts, the theory and practice of food security studies has significantly evolved during the last decades. Thus, this study aims to provide a comprehensive review of the concept and measurement of food security. In this review, we introduce the definition and background of food security, we describe the impact of food insecurity on nutrition and health, we provide its measurements and operational instruments and we discuss its applications and implications. Some practical information for the use of the food security index in South Korea is also presented. Food security is an essential element in achieving a good nutritional and health status and it has an influence to reduce poverty. The information about the current understanding of food security can help scientists, policy makers and program practitioners conduct research and maintain outreach programs that address the issues of poverty and the promotion of food security.

Information security of power enterprises of North-Arctic region

Science.gov (United States)

Sushko, O. P.

2018-05-01

The role of information technologies in providing technological security for energy enterprises is a component of the economic security for the northern Arctic region in general. Applying instruments and methods of information protection modelling of the energy enterprises' business process in the northern Arctic region (such as Arkhenergo and Komienergo), the authors analysed and identified most frequent risks of information security. With the analytic hierarchy process based on weighting factor estimations, information risks of energy enterprises' technological processes were ranked. The economic estimation of the information security within an energy enterprise considers weighting factor-adjusted variables (risks). Investments in information security systems of energy enterprises in the northern Arctic region are related to necessary security elements installation; current operating expenses on business process protection systems become materialized economic damage.

MIGRATORY THREATS TO NATIONAL SECURITY OF UKRAINE: CURRENT CHALLENGES AND WAYS OF REGULATION

Directory of Open Access Journals (Sweden)

Mychailo Romaniuk

2016-11-01

Full Text Available The purpose of the article is to disclose the migratory threats which are connected with external and mass internal inter-regional migrations, which are caused by the annexation of the Crimea and military aggression in Donbas by Russia. Methodological and practical aspects of improving the management of intensive interstate and inter-regional migratory processes, negative consequences of which threaten national security of the country because of hybrid war in Donbas, illegal migration, worsening of the demographic situation, departure of scientists and specialists abroad are described in the article too. The main strategic objective, which consists of maintenance of state sovereignty, territorial integrity of Ukraine, and also integration in European and migratory space, ensuring close to the world standards of quality and length of life, realization of rights and freedoms of citizens, is formulated. Actions and tasks of the state migratory policy, ways and methods of regulation of external migrations of the population are considered. Principal reasons of external migrations of population are identified and analysed. The inwardly-regional, interregional and intergovernmental migrations of population of Ukraine in the years of its state independence (1991- 2014 are analyzed in details. The results of analysis showed that migratory activity goes down on inwardly-regional and interregional levels. Also intensity of exchange of population went down between the regions of country. At the same time Ukraine for years state independence through depopulation processes lost 6,5 million persons, and in the external migratory moving of population of loss made over 1 million persons. The problem of illegal external labour migration is considered. It is noted that illegal migration from Ukraine to the threats to national security in the Law of Ukraine "On the National Security of Ukraine" is not included, and a threat to national security posed by illegal

SecureMA: protecting participant privacy in genetic association meta-analysis.

Science.gov (United States)

Xie, Wei; Kantarcioglu, Murat; Bush, William S; Crawford, Dana; Denny, Joshua C; Heatherly, Raymond; Malin, Bradley A

2014-12-01

Sharing genomic data is crucial to support scientific investigation such as genome-wide association studies. However, recent investigations suggest the privacy of the individual participants in these studies can be compromised, leading to serious concerns and consequences, such as overly restricted access to data. We introduce a novel cryptographic strategy to securely perform meta-analysis for genetic association studies in large consortia. Our methodology is useful for supporting joint studies among disparate data sites, where privacy or confidentiality is of concern. We validate our method using three multisite association studies. Our research shows that genetic associations can be analyzed efficiently and accurately across substudy sites, without leaking information on individual participants and site-level association summaries. Our software for secure meta-analysis of genetic association studies, SecureMA, is publicly available at http://github.com/XieConnect/SecureMA. Our customized secure computation framework is also publicly available at http://github.com/XieConnect/CircuitService. © The Author 2014. Published by Oxford University Press. All rights reserved. For Permissions, please e-mail: journals.permissions@oup.com.

Security Risks: Management and Mitigation in the Software Life Cycle

Science.gov (United States)

Gilliam, David P.

2004-01-01

A formal approach to managing and mitigating security risks in the software life cycle is requisite to developing software that has a higher degree of assurance that it is free of security defects which pose risk to the computing environment and the organization. Due to its criticality, security should be integrated as a formal approach in the software life cycle. Both a software security checklist and assessment tools should be incorporated into this life cycle process and integrated with a security risk assessment and mitigation tool. The current research at JPL addresses these areas through the development of a Sotfware Security Assessment Instrument (SSAI) and integrating it with a Defect Detection and Prevention (DDP) risk management tool.

The Multimodal Assessment of Adult Attachment Security: Developing the Biometric Attachment Test.

Science.gov (United States)

Parra, Federico; Miljkovitch, Raphaële; Persiaux, Gwenaelle; Morales, Michelle; Scherer, Stefan

2017-04-06

Attachment theory has been proven essential for mental health, including psychopathology, development, and interpersonal relationships. Validated psychometric instruments to measure attachment abound but suffer from shortcomings common to traditional psychometrics. Recent developments in multimodal fusion and machine learning pave the way for new automated and objective psychometric instruments for adult attachment that combine psychophysiological, linguistic, and behavioral analyses in the assessment of the construct. The aim of this study was to present a new exposure-based, automatic, and objective adult-attachment assessment, the Biometric Attachment Test (BAT), which exposes participants to a short standardized set of visual and music stimuli, whereas their immediate reactions and verbal responses, captured by several computer sense modalities, are automatically analyzed for scoring and classification. We also aimed to empirically validate two of its assumptions: its capacity to measure attachment security and the viability of using themes as placeholders for rotating stimuli. A total of 59 French participants from the general population were assessed using the Adult Attachment Questionnaire (AAQ), the Adult Attachment Projective Picture System (AAP), and the Attachment Multiple Model Interview (AMMI) as ground truth for attachment security. They were then exposed to three different BAT stimuli sets, whereas their faces, voices, heart rate (HR), and electrodermal activity (EDA) were recorded. Psychophysiological features, such as skin-conductance response (SCR) and Bayevsky stress index; behavioral features, such as gaze and facial expressions; as well as linguistic and paralinguistic features, were automatically extracted. An exploratory analysis was conducted using correlation matrices to uncover the features that are most associated with attachment security. A confirmatory analysis was conducted by creating a single composite effects index and by testing it

Novel Approaches to Enhance Mobile WiMAX Security

Directory of Open Access Journals (Sweden)

Taeshik Shon

2010-01-01

Full Text Available The IEEE 802.16 Working Group on Broadband Wireless Access Standards released IEEE 802.16-2004 which is a standardized technology for supporting broadband and wireless communication with fixed and nomadic access. After the IEEE 802.16-2004 standard, a new advanced and revised standard was released as the IEEE 802.16e-2005 amendment which is foundation of Mobile WiMAX network supporting handover and roaming capabilities. In the area of security aspects, compared to IEEE 802.16-2004, IEEE 802.16e, called Mobile WiMAX, adopts improved security architecture—PKMv2 which includes EAP authentication, AES-based authenticated encryption, and CMAC or HMAC message protection. However, there is no guarantee that PKMv2-based Mobile WiMAX network will not have security flaws. In this paper, we investigate the current Mobile WiMAX security architecture focusing mainly on pointing out new security vulnerabilities such as a disclosure of security context in network entry, a lack of secure communication in network domain, and a necessity of efficient handover supporting mutual authentication. Based on the investigation results, we propose a novel Mobile WiMAX security architecture, called RObust and Secure MobilE WiMAX (ROSMEX, to prevent the new security vulnerabilities.

Exploring a New Security Framework for Remote Patient Monitoring Devices

Directory of Open Access Journals (Sweden)

Brian Ondiege

2017-02-01

Full Text Available Security has been an issue of contention in healthcare. The lack of familiarity and poor implementation of security in healthcare leave the patients’ data vulnerable to attackers. The main issue is assessing how we can provide security in an RPM infrastructure. The findings in literature show there is little empirical evidence on proper implementation of security. Therefore, there is an urgent need in addressing cybersecurity issues in medical devices. Through the review of relevant literature in remote patient monitoring and use of a Microsoft threat modelling tool, we identify and explore current vulnerabilities and threats in IEEE 11073 standard devices to propose a new security framework for remote patient monitoring devices. Additionally, current RPM devices have a limitation on the number of people who can share a single device, therefore, we propose the use of NFC for identification in Remote Patient Monitoring (RPM devices for multi-user environments where we have multiple people sharing a single device to reduce errors associated with incorrect user identification. We finally show how several techniques have been used to build the proposed framework.

Windows Server 2012 vulnerabilities and security

Directory of Open Access Journals (Sweden)

Gabriel R. López

2015-09-01

Full Text Available This investigation analyses the history of the vulnerabilities of the base system Windows Server 2012 highlighting the most critic vulnerabilities given every 4 months since its creation until the current date of the research. It was organized by the type of vulnerabilities based on the classification of the NIST. Next, given the official vulnerabilities of the system, the authors show how a critical vulnerability is treated by Microsoft in order to countermeasure the security flaw. Then, the authors present the recommended security approaches for Windows Server 2012, which focus on the baseline software given by Microsoft, update, patch and change management, hardening practices and the application of Active Directory Rights Management Services (AD RMS. AD RMS is considered as an important feature since it is able to protect the system even though it is compromised using access lists at a document level. Finally, the investigation of the state of the art related to the security of Windows Server 2012 shows an analysis of solutions given by third parties vendors, which offer security products to secure the base system objective of this study. The recommended solution given by the authors present the security vendor Symantec with its successful features and also characteristics that the authors considered that may have to be improved in future versions of the security solution.

A study of authorization architectures for grid security

International Nuclear Information System (INIS)

Pang Yanguang; Sun Gongxing; Pei Erming; Ma Nan

2006-01-01

Grid security is one of key issues in grid computing, while current research focus is put on the grid authorization. There is a brief discussion about the drawback of the common GSI (Grid Security Infrastructure) authorization firstly, then analysis is made on the latest several grid authorization architectures, such as structures, policy descriptions, engines, applications, and finally their features are summarized. (authors)

Research on Issues concerning Social Security for Migrant Workers in Harmonious Society

OpenAIRE

Zhang, Hua

2013-01-01

This article analyzes the status quo of social security for migrant workers in China, and points out that there are deep system and concept reasons for the lack of labor rights and interests security, social security, equality and the right to development, political participation channels for the current migrant workers. This article then expounds the adverse effects of lack of social security for migrant workers on building a harmonious society: the lack of social security for migrant worker...

Security option file - After closure (DOS-AF)

International Nuclear Information System (INIS)

2016-01-01

A first volume presents the context and scope of the Cigeo project, and the scope of this document. It proposes a general presentation of Cigeo, the regulatory framework and standards. It describes the different aspects and components of the security strategy: principles, security functions after closure, objectives of protection, global approach. It proposes a security assessment: objectives, consistency with international practices, assessment steps, scenarios, scenario quantitative assessment. The next part addresses security management. The second volume contains a description of the storage system: site characteristics, types of stored parcels, the future of the installation after its closure. The third volume proposes a security assessment. It addresses the management of risks and uncertainties, describes a scenario of normal evolution and also scenarios of altered evolutions, scenarios of unintentional human intrusion, and what-if type scenarios. The fourth volume reports lessons at the current stage of the project, and gives an overview of important activities from storage design to storage closure

A Case Study on E - Banking Security – When Security Becomes Too Sophisticated for the User to Access Their Information

OpenAIRE

Aaron M. French

2012-01-01

While eBanking security continues to increase in sophistication to protect against threats, the usability of the eBanking decreases resulting in poor security behaviors by the users. The current research evaluates se curity risks and measures taken for eBanking solutions. A case study is presented describing how increased complexity decreases vulnerabilities online but increases vulnerabilities from internal threats and eBanking users

Social Security: a financial appraisal for the median voter.

Science.gov (United States)

Galasso, V

Several explanations have been proposed for why voters continue to support unfunded social security systems. Browning (1975) suggests that the extremely large unfunded pension systems of most democracies depend on the existence of a voting majority composed of middle-aged and older people who fail to fully internalize the cost of financing the system. In fact, when voting, economically rational workers consider only their current and future contributions to the system and their expected pension benefits--not their past contributions, which they regard as sunk costs. If, for a majority of voters, the expected continuation return from social security exceeds the return from alternative assets, an unfunded social security system is politically sustainable. This article explores the validity of Browning's proposition by quantifying the returns that U.S. voters in presidential elections from 1964 to 1996 have obtained, or expect to obtain, from Social Security. Did "investments" in Social Security outperform alternative forms of investment, such as mutual funds or pension funds, for a majority of the voters? What can be expected for the future? The U.S. Social Security system redistributes income within age cohorts on the basis of sex, income, and marital status. To account for some of these features, the median voter is represented by a family unit whose members--a husband who accounts for 70 percent of household earnings and a wife who accounts for 30 percent--make joint economic and voting decisions. Thus, retirement and survival benefits paid out to the spouse of an insured worker can be included in the calculation of Social Security returns. Interval estimates of voters' family incomes from the U.S. Census Bureau were used to obtain the median voter's household earnings. The median voter's age is derived from the ages of those who voted in presidential elections, not from the ages of the entire electorate. The median voter's contributions to Social Security are the

A study to determine influential factors on data security

Directory of Open Access Journals (Sweden)

Naser Azad

2014-01-01

Full Text Available During the past few years, there has been increasing interest in making online transaction. As people become more interested in using internet for their daily business activities such as regular communications, financial transactions, etc., there will be more concerns on security of available data. In fact, data security is the primary concern in today’s online activities. This paper performs an empirical investigation to find important factors influencing data security in Municipality is city of Tehran, Iran. The survey uses factor analysis to find important factors using a questionnaire consist of 29 variables, which were reduced to 22 questions after considering skewness statistics. Cronbach alpha is calculated as 0.86, which validates the questionnaire. The survey detects six factors influencing feasibility study, organizational learning, management strategy, enterprise resource management, process approach and the acceptance.

Increasing the Reliability of Circulation Model Validation: Quantifying Drifter Slip to See how Currents are Actually Moving

Science.gov (United States)

Anderson, T.

2016-02-01

Ocean circulation forecasts can help answer questions regarding larval dispersal, passive movement of injured sea animals, oil spill mitigation, and search and rescue efforts. Circulation forecasts are often validated with GPS-tracked drifter paths, but how accurately do these drifters actually move with ocean currents? Drifters are not only moved by water, but are also forced by wind and waves acting on the exposed buoy and transmitter; this imperfect movement is referred to as drifter slip. The quantification and further understanding of drifter slip will allow scientists to differentiate between drifter imperfections and actual computer model error when comparing trajectory forecasts with actual drifter tracks. This will avoid falsely accrediting all discrepancies between a trajectory forecast and an actual drifter track to computer model error. During multiple deployments of drifters in Nantucket Sound and using observed wind and wave data, we attempt to quantify the slip of drifters developed by the Northeast Fisheries Science Center's (NEFSC) Student Drifters Program. While similar studies have been conducted previously, very few have directly attached current meters to drifters to quantify drifter slip. Furthermore, none have quantified slip of NEFSC drifters relative to the oceanographic-standard "CODE" drifter. The NEFSC drifter archive has over 1000 drifter tracks primarily off the New England coast. With a better understanding of NEFSC drifter slip, modelers can reliably use these tracks for model validation.

Mining social networks and security informatics

CERN Document Server

Özyer, Tansel; Rokne, Jon; Khoury, Suheil

2013-01-01

Crime, terrorism and security are in the forefront of current societal concerns. This edited volume presents research based on social network techniques showing how data from crime and terror networks can be analyzed and how information can be extracted. The topics covered include crime data mining and visualization; organized crime detection; crime network visualization; computational criminology; aspects of terror network analyses and threat prediction including cyberterrorism and the related area of dark web; privacy issues in social networks; security informatics; graph algorithms for soci

Secure Data Service Outsourcing with Untrusted Cloud

OpenAIRE

Xiong, Huijun

2013-01-01

Outsourcing data services to the cloud is a nature fit for cloud usage. However, increasing security and privacy concerns from both enterprises and individuals on their outsourced data inhibit this trend. In this dissertation, we introduce service-centric solutions to address two types of security threats existing in the current cloud environments: semi-honest cloud providers and malicious cloud customers. Our solution aims not only to provide confidentiality and access controllability of out...

Clean and Secure Energy from Coal

Energy Technology Data Exchange (ETDEWEB)

Smith, Philip [Univ. of Utah, Salt Lake City, UT (United States); Davies, Lincoln [Univ. of Utah, Salt Lake City, UT (United States); Kelly, Kerry [Univ. of Utah, Salt Lake City, UT (United States); Lighty, JoAnn [Univ. of Utah, Salt Lake City, UT (United States); Reitze, Arnold [Univ. of Utah, Salt Lake City, UT (United States); Silcox, Geoffrey [Univ. of Utah, Salt Lake City, UT (United States); Uchitel, Kirsten [Univ. of Utah, Salt Lake City, UT (United States); Wendt, Jost [Univ. of Utah, Salt Lake City, UT (United States); Whitty, Kevin [Univ. of Utah, Salt Lake City, UT (United States)

2014-08-31

The University of Utah, through their Institute for Clean and Secure Energy (ICSE), performed research to utilize the vast energy stored in our domestic coal resources and to do so in a manner that will capture CO₂ from combustion from stationary power generation. The research was organized around the theme of validation and uncertainty quantification (V/UQ) through tightly coupled simulation and experimental designs and through the integration of legal, environment, economics and policy issues.

Computer Security: the security marathon, part 2

CERN Multimedia

Computer Security Team

2014-01-01

Do you recall our latest article on the “Security Marathon” (see here) and why it’s wrong to believe that computer security is a sprint, that a quick hack is invulnerable, that quick bug-fixing is sufficient, that plugging security measures on top of existing structures is a good idea, that once you are secure, your life is cosy?   In fact, security is a marathon for us too. Again and again, we have felt comfortable with the security situation at CERN, with dedicated protections deployed on individual hosts, with the security measures deployed by individual service managers, with the attentiveness and vigilance of our users, and with the responsiveness of the Management. Again and again, however, we subsequently detect or receive reports that this is wrong, that protections are incomplete, that security measures are incomplete, that security awareness has dropped. Thus, unfortunately, we often have to go back to square one and address similar issues over and over...

Code Development and Validation Towards Modeling and Diagnosing Current Redistribution in an ITER-Type Superconducting Cable Subject to Current Imbalance

International Nuclear Information System (INIS)

Zani, L.; Gille, P.E.; Gonzales, C.; Kuppel, S.; Torre, A.

2009-01-01

In the framework of ITER magnet R and D activities, a significant number of conductor short-samples or inserts were tested throughout the past decades, either for development on cable layouts or for industrial qualifications. On a certain number of them critical properties degradations were encountered, some of which were identified to be caused by current imbalance between the different strands bundles twisted inside the cable. In order to address the analyses of those samples as reliably as possible, CEA developed a dedicated home code named Coupled Algorithm Resistive Modelling Electrical Network (CARMEN) having basically two specific functionalities: -a first routine which is devoted to compute strand bundles trajectories, with bundles down to the individual strand scale. This point allows to obtain a realistic E(J) law over the full conductor length -a second routine which is devoted to model inter-bundle currents redistribution, taking into account the magnetic field map. It basically makes use of a relevant discrete electrical network with defined sections including E(J) law obtained from the above-mentioned subroutine As a result, the E-J or E-T curves can be calculated and compared to the experimental data, provided adapted inputs on sample features are considered, such as strand contact resistances in joints, inter-bundles resistances or cable geometry. In a first part, the paper describes the different hypotheses that built the code structure, and in a second part, the application to the ITER TFCl insert coil is presented, focusing particularly on the validation of the potential use of the code to stand as a diagnostic tool for currents imbalance probing

Teaching introductory computer security at a Department of Defense university

OpenAIRE

Irvine, Cynthia E.

1997-01-01

The Naval Postgraduate School Center for Information Systems Security (INFOSEC) Studies and Research (NPS CISR) has developed an instructional program in computer security. Its objective is to insure that students not only understand practical aspects of computer security associated with current technology, but also learn the fundamental principles that can be applied to the development of systems for which high confidence in policy enforcement can be achieved. Introduction to Computer Sec...

SAVAH: Source Address Validation with Host Identity Protocol

Science.gov (United States)

Kuptsov, Dmitriy; Gurtov, Andrei

Explosive growth of the Internet and lack of mechanisms that validate the authenticity of a packet source produced serious security and accounting issues. In this paper, we propose validating source addresses in LAN using Host Identity Protocol (HIP) deployed in a first-hop router. Compared to alternative solutions such as CGA, our approach is suitable both for IPv4 and IPv6. We have implemented SAVAH in Wi-Fi access points and evaluated its overhead for clients and the first-hop router.

Modeling and Security Threat Assessments of Data Processed in Cloud Based Information Systems

Directory of Open Access Journals (Sweden)

Darya Sergeevna Simonenkova

2016-03-01

Full Text Available The subject of the research is modeling and security threat assessments of data processed in cloud based information systems (CBIS. This method allow to determine the current security threats of CBIS, state of the system in which vulnerabilities exists, level of possible violators, security properties and to generate recommendations for neutralizing security threats of CBIS.

Human rights or security? Positions on asylum in European Parliament speeches

DEFF Research Database (Denmark)

Frid-Nielsen, Snorre Sylvester

2018-01-01

parties’ general ‘right-left’ preferences, and duration of EU membership. Generally, MEPs from Central and Eastern Europe and the European People's Party take up pro-security stances. Wordfish was effective and valid, confirming the relevance of automated content analysis for studying the EU.......-2014, scaling MEPs along a unidimensional policy space. Debates on asylum predominantly concern positions for or against European Union (EU) security measures. Surprisingly, national party preferences for EU integration were not the dominant factor. The strongest predictors of MEPs' positions are their national...

Privacy-preserving security solution for cloud services

OpenAIRE

L. Malina; J. Hajny; P. Dzurenda; V. Zeman

2015-01-01

We propose a novel privacy-preserving security solution for cloud services. Our solution is based on an efficient non-bilinear group signature scheme providing the anonymous access to cloud services and shared storage servers. The novel solution offers anonymous authenticationfor registered users. Thus, users' personal attributes (age, valid registration, successful payment) can be proven without revealing users' identity, and users can use cloud services without any threat of profiling their...

China's mineral resources security under economic globalization

Energy Technology Data Exchange (ETDEWEB)

Wang, Y. [China University of Mining and Technology, Xuzhou (China). College of Environment and Spatial Informatics

2002-10-01

The concept and intention of mineral resources security are introduced. From the insurance and leverage that mineral resources has on China's socio-economic development, the strength of support, the opportunity and challenge imposed by globalised economy, the effect of mineral resource development on the safety of the eco-environment, the author analyses the basic situation and existing problem of the mineral resources security in China; summarizes the current research situation of mineral resources security and the main tactics which are used to ensure mineral resources security in the developed countries; presents the essence of mineral resources security, the basic principles of research and the problems focused; and points out the research areas and goals that should be strengthened urgently. 15 refs.

Alternative security

International Nuclear Information System (INIS)

Weston, B.H.

1990-01-01

This book contains the following chapters: The Military and Alternative Security: New Missions for Stable Conventional Security; Technology and Alternative Security: A Cherished Myth Expires; Law and Alternative Security: Toward a Just World Peace; Politics and Alternative Security: Toward a More Democratic, Therefore More Peaceful, World; Economics and Alternative Security: Toward a Peacekeeping International Economy; Psychology and Alternative Security: Needs, Perceptions, and Misperceptions; Religion and Alternative Security: A Prophetic Vision; and Toward Post-Nuclear Global Security: An Overview

Security infrastructures: towards the INDECT system security

OpenAIRE

Stoianov, Nikolai; Urueña, Manuel; Niemiec, Marcin; Machník, Petr; Maestro, Gema

2012-01-01

This paper provides an overview of the security infrastructures being deployed inside the INDECT project. These security infrastructures can be organized in five main areas: Public Key Infrastructure, Communication security, Cryptography security, Application security and Access control, based on certificates and smartcards. This paper presents the new ideas and deployed testbeds for these five areas. In particular, it explains the hierarchical architecture of the INDECT PKI...

Real Time MODBUS Transmissions and Cryptography Security Designs and Enhancements of Protocol Sensitive Information

Directory of Open Access Journals (Sweden)

Aamir Shahzad

2015-07-01

Full Text Available Information technology (IT security has become a major concern due to the growing demand for information and massive development of client/server applications for various types of applications running on modern IT infrastructure. How has security been taken into account and which paradigms are necessary to minimize security issues while increasing efficiency, reducing the influence on transmissions, ensuring protocol independency and achieving substantial performance? We have found cryptography to be an absolute security mechanism for client/server architectures, and in this study, a new security design was developed with the MODBUS protocol, which is considered to offer phenomenal performance for future development and enhancement of real IT infrastructure. This study is also considered to be a complete development because security is tested in almost all ways of MODBUS communication. The computed measurements are evaluated to validate the overall development, and the results indicate a substantial improvement in security that is differentiated from conventional methods.

Comparison of Current On-line Payment Technologies

OpenAIRE

Mandadi, Ravi

2006-01-01

The purpose of this thesis work was to make a survey of current on-line payment technologies and find out which are they and how do they work? Compare and analyze them from a security point of view, as well as a usability point of view. What is good? What is bad? What is lacking? To achieve this purpose, an overview of the current on-line payment technologies was acquired through academic books and papers, Internet sites, magazines. Basic cryptographic and security related techniques were stu...

Security Analysis of DTN Architecture and Bundle Protocol Specification for Space-Based Networks

Science.gov (United States)

Ivancic, William D.

2009-01-01

A Delay-Tolerant Network (DTN) Architecture (Request for Comment, RFC-4838) and Bundle Protocol Specification, RFC-5050, have been proposed for space and terrestrial networks. Additional security specifications have been provided via the Bundle Security Specification (currently a work in progress as an Internet Research Task Force internet-draft) and, for link-layer protocols applicable to Space networks, the Licklider Transport Protocol Security Extensions. This document provides a security analysis of the current DTN RFCs and proposed security related internet drafts with a focus on space-based communication networks, which is a rather restricted subset of DTN networks. Note, the original focus and motivation of DTN work was for the Interplanetary Internet . This document does not address general store-and-forward network overlays, just the current work being done by the Internet Research Task Force (IRTF) and the Consultative Committee for Space Data Systems (CCSDS) Space Internetworking Services Area (SIS) - DTN working group under the DTN and Bundle umbrellas. However, much of the analysis is relevant to general store-and-forward overlays.

33 CFR 103.410 - Persons involved in the Area Maritime Security (AMS) Assessment.

Science.gov (United States)

2010-07-01

... to: (a) Knowledge of current security threats and patterns; (b) Recognition and detection of... substances and devices on structures and port services; (g) Port security requirements; (h) Port business... Maritime Security (AMS) Assessment. 103.410 Section 103.410 Navigation and Navigable Waters COAST GUARD...

Challenges to regional security and disarmament measures

International Nuclear Information System (INIS)

Clements, K.P.

1993-01-01

The new agenda for peace is providing an extremely useful road map for current international and regional discussions about new ways and means of securing and maintaining peace and security. It underlines the central role of the United nations Security Council in relation to international conflicts and the maintenance of the peace, but it underlines an increasingly important role of the regional organisations as well. In all, there is a recognition that the end of the cold war has generated possibilities for peace-building that have not existed before. To take advantage of these opportunities requires an enhancement of consultation and dialogue at national, regional and global levels so that all nations and all peoples feel and know that they have a stake in the new peace and security architecture that will govern international relations into the twenty first century

Study on defensive security concepts and policies

International Nuclear Information System (INIS)

1993-01-01

The report begins by describing the background against which the proposal for the study emerged-the welcome developments brought about by the end of the cold war but also the emergence of new threats and the reappearance of long-standing problems. The study proceeds to examine current trends in the international security environment and how they may influence the peaceful settlement of dispute and the effecting of restraint and a defensive orientation in the development, maintenance and use of armed forces. A discussion of the substance and main features of defensive security concepts and policies follows. Existing studies and models designed to eliminate the offensive character of military force postures by effecting a defensive orientation of capabilities are surveyed. In addition, the study discusses political and military aspects of defensive security, pointing out how defensive security differs from those existing models

The Office of Safeguards and Security Nonproliferation Support Program

International Nuclear Information System (INIS)

Desmond, W.J.

1996-01-01

The Nonproliferation Support Program was established in the Department of Energy, Office of Safeguards and Security on october 1, 1995. its mission includes providing assistance to Departmental efforts for improved international material protection, control and accounting programs by coordinating and leveraging domestic safeguards and security policy, practice and experience into the international arena. A major objective of the program is to balance US national security requirements with global support of the nonproliferation objectives. This paper describes the organization of the Office of Safeguards and Security and the Nonproliferation Support Program role and responsibility, and presents some of the current areas of program emphasis and activity

Generating Random Samples of a Given Size Using Social Security Numbers.

Science.gov (United States)

Erickson, Richard C.; Brauchle, Paul E.

1984-01-01

The purposes of this article are (1) to present a method by which social security numbers may be used to draw cluster samples of a predetermined size and (2) to describe procedures used to validate this method of drawing random samples. (JOW)

Effective ASCII-HEX steganography for secure cloud

International Nuclear Information System (INIS)

Afghan, S.

2015-01-01

There are many reasons of cloud computing popularity some of the most important are; backup and rescue, cost effective, nearly limitless storage, automatic software amalgamation, easy access to information and many more. Pay-as-you-go model is followed to provide everything as a service. Data is secured by using standard security policies available at cloud end. In spite of its many benefits, as mentioned above, cloud computing has also some security issues. Provider as well as customer has to provide and collect data in a secure manner. Both of these issues plus efficient transmitting of data over cloud are very critical issues and needed to be resolved. There is need of security during the travel time of sensitive data over the network that can be processed or stored by the customer. Security to the customer's data at the provider end can be provided by using current security algorithms, which are not known by the customer. There is reliability problem due to existence of multiple boundaries in the cloud resource access. ASCII and HEX security with steganography is used to propose an algorithm that stores the encrypted data/cipher text in an image file which will be then sent to the cloud end. This is done by using CDM (Common Deployment Model). In future, an algorithm should be proposed and implemented for the security of virtual images in the cloud computing. (author)

Nation State as Security Provider in Human Security Issue

OpenAIRE

Maya Padmi, Made Fitri

2015-01-01

Human Security notion is emphasizing on human as the central of security studies, challenging the position of state as the core of security. Some studies are tried to separate the state security and human security, however there are strong connection between these two notions. State has important role in establishing and maintaining the security of its own citizens. Through social contract and social security protection, state are oblige to set the security of its own people as their security...

Main Issues in Big Data Security

Directory of Open Access Journals (Sweden)

Julio Moreno

2016-09-01

Full Text Available Data is currently one of the most important assets for companies in every field. The continuous growth in the importance and volume of data has created a new problem: it cannot be handled by traditional analysis techniques. This problem was, therefore, solved through the creation of a new paradigm: Big Data. However, Big Data originated new issues related not only to the volume or the variety of the data, but also to data security and privacy. In order to obtain a full perspective of the problem, we decided to carry out an investigation with the objective of highlighting the main issues regarding Big Data security, and also the solutions proposed by the scientific community to solve them. In this paper, we explain the results obtained after applying a systematic mapping study to security in the Big Data ecosystem. It is almost impossible to carry out detailed research into the entire topic of security, and the outcome of this research is, therefore, a big picture of the main problems related to security in a Big Data system, along with the principal solutions to them proposed by the research community.

Security Policy and Developments in Central Asia : Security Documents Compared with Security Challenges

NARCIS (Netherlands)

Haas, de M.

2016-01-01

This article examines the security policy of the Central Asian (CA) states, by comparing theory (security documents) with practice (the actual security challenges). The lack of CA regional (security) cooperation and authoritarian rule puts political and economic stability at stake. The internal and

Wireless Sensor Buoys for Perimeter Security of Military Vessels and Seabases

Science.gov (United States)

2015-12-01

two decades have demonstrated that attacks of this type are indeed possible, and that current security measures may not be sufficient to mitigate such...attack by small surface crafts. The past two decades have demonstrated that attacks of this type are indeed possible, and that current security measures ...xiii LIST OF ACRONYMS AND ABBREVIATIONS ADAPT AP ARA AT/FP COTS DARPA DOD DODINST EF-21 GPS GUI IEEE ISR LCS LiDAR LTE MAC MAGTF

Internet Banking Security Strategy: Securing Customer Trust

OpenAIRE

Frimpong Twum; Kwaku Ahenkora

2012-01-01

Internet banking strategies should enhance customers¡¯ online experiences which are affected by trust and security issues. This study provides perspectives of users and nonusers on internet banking security with a view to understanding trust and security factors in relation to adoption and continuous usage. Perception of internet banking security influenced usage intentions. Nonusers viewed internet banking to be insecure but users perceived it to be secure with perceived ease of use influenc...

Deterrence and the New Global Security Environment - Lecture note

International Nuclear Information System (INIS)

Sitt, Bernard

2006-01-01

This lecture note makes an analysis of a collective publication entitled 'Deterrence and the New Global Security Environment', edited by Ian Kenyon and John Simpson (Routledge, New York, 2006). This collection of papers rigorously examines the current place of deterrence in international security relations, delivering the best of contemporary thinking. This is a special issue of the leading journal 'Contemporary Security Policy'. The present Lecture note emphasises a particular deterrence situation mentioned in this publication which is the one involving terrorist actors

A Component-Based Approach for Securing Indoor Home Care Applications

Science.gov (United States)

Estévez, Elisabet

2017-01-01

eHealth systems have adopted recent advances on sensing technologies together with advances in information and communication technologies (ICT) in order to provide people-centered services that improve the quality of life of an increasingly elderly population. As these eHealth services are founded on the acquisition and processing of sensitive data (e.g., personal details, diagnosis, treatments and medical history), any security threat would damage the public’s confidence in them. This paper proposes a solution for the design and runtime management of indoor eHealth applications with security requirements. The proposal allows applications definition customized to patient particularities, including the early detection of health deterioration and suitable reaction (events) as well as security needs. At runtime, security support is twofold. A secured component-based platform supervises applications execution and provides events management, whilst the security of the communications among application components is also guaranteed. Additionally, the proposed event management scheme adopts the fog computing paradigm to enable local event related data storage and processing, thus saving communication bandwidth when communicating with the cloud. As a proof of concept, this proposal has been validated through the monitoring of the health status in diabetic patients at a nursing home. PMID:29278370

A Component-Based Approach for Securing Indoor Home Care Applications

Directory of Open Access Journals (Sweden)

Aitor Agirre

2017-12-01

Full Text Available eHealth systems have adopted recent advances on sensing technologies together with advances in information and communication technologies (ICT in order to provide people-centered services that improve the quality of life of an increasingly elderly population. As these eHealth services are founded on the acquisition and processing of sensitive data (e.g., personal details, diagnosis, treatments and medical history, any security threat would damage the public’s confidence in them. This paper proposes a solution for the design and runtime management of indoor eHealth applications with security requirements. The proposal allows applications definition customized to patient particularities, including the early detection of health deterioration and suitable reaction (events as well as security needs. At runtime, security support is twofold. A secured component-based platform supervises applications execution and provides events management, whilst the security of the communications among application components is also guaranteed. Additionally, the proposed event management scheme adopts the fog computing paradigm to enable local event related data storage and processing, thus saving communication bandwidth when communicating with the cloud. As a proof of concept, this proposal has been validated through the monitoring of the health status in diabetic patients at a nursing home.

Design of Secure and Lightweight Authentication Protocol for Wearable Devices Environment.

Science.gov (United States)

Das, Ashok Kumar; Wazid, Mohammad; Kumar, Neeraj; Khan, Muhammad Khurram; Choo, Kim-Kwang Raymond; Park, YoungHo

2017-09-18

Wearable devices are used in various applications to collect information including step information, sleeping cycles, workout statistics, and health related information. Due to the nature and richness of the data collected by such devices, it is important to ensure the security of the collected data. This paper presents a new lightweight authentication scheme suitable for wearable device deployment. The scheme allows a user to mutually authenticate his/her wearable device(s) and the mobile terminal (e.g., Android and iOS device) and establish a session key among these devices (worn and carried by the same user) for secure communication between the wearable device and the mobile terminal. The security of the proposed scheme is then demonstrated through the broadly-accepted Real-Or-Random model, as well as using the popular formal security verification tool, known as the Automated Validation of Internet Security Protocols and Applications (AVISPA). Finally, we present a comparative summary of the proposed scheme in terms of the overheads such as computation and communication costs, security and functionality features of the proposed scheme and related schemes, and also the evaluation findings from the NS2 simulation.

International security and arms control

International Nuclear Information System (INIS)

Ekeus, R.

2000-01-01

The end of the cold war also ended the focus on the bilateral approach to arms control and disarmament. Key concepts of security needed to be revisited, along with their implications for the disarmament and arms control agenda. Though there is currently a unipolar global security environment, there remain important tasks on the multilateral arms control agenda. The major task is that of reducing and eliminating weapons of mass destruction, especially nuclear weapons. The author contends that maintaining reliance on the nuclear-weapons option makes little sense in a time when the major Powers are strengthening their partnerships in economics, trade, peacemaking and building. (author)

Context aware adaptive security service model

Science.gov (United States)

Tunia, Marcin A.

2015-09-01

Present systems and devices are usually protected against different threats concerning digital data processing. The protection mechanisms consume resources, which are either highly limited or intensively utilized by many entities. The optimization of these resources usage is advantageous. The resources that are saved performing optimization may be utilized by other mechanisms or may be sufficient for longer time. It is usually assumed that protection has to provide specific quality and attack resistance. By interpreting context situation of business services - users and services themselves, it is possible to adapt security services parameters to countermeasure threats associated with current situation. This approach leads to optimization of used resources and maintains sufficient security level. This paper presents architecture of adaptive security service, which is context-aware and exploits quality of context data issue.

Cloud Computing Security Latest Issues amp Countermeasures

Directory of Open Access Journals (Sweden)

Shelveen Pandey

2015-08-01

Full Text Available Abstract Cloud computing describes effective computing services provided by a third-party organization known as cloud service provider for organizations to perform different tasks over the internet for a fee. Cloud service providers computing resources are dynamically reallocated per demand and their infrastructure platform and software and other resources are shared by multiple corporate and private clients. With the steady increase in the number of cloud computing subscribers of these shared resources over the years security on the cloud is a growing concern. In this review paper the current cloud security issues and practices are described and a few innovative solutions are proposed that can help improve cloud computing security in the future.

Elements of ESA's policy on space and security

Science.gov (United States)

Giannopapa, Christina; Adriaensen, Maarten; Antoni, Ntorina; Schrogl, Kai-Uwe

2018-06-01

In the past decade Europe has been facing rising security threats, ranging from climate change, migrations, nearby conflicts and crises, to terrorism. The demand to tackle these critical challenges is increasing in Member States. Space is already contributing, and could further contribute with already existing systems and future ones. The increasing need for security in Europe and for safety and security of Europe's space activities has led to a growing number of activities in ESA in various domains. It has also driven new and strengthened partnerships with security stakeholders in Europe. At the European level, ESA is collaborating closely with the main European institutions dealing with space security. In addition, as an organisation ESA has evolved to conduct security-related projects and programmes and to address the threats to its own activities, thereby securing the investments of the Member States. Over the past years the Agency has set up a comprehensive regulatory framework in order to be able to cope with security related requirements. Over the past years, ESA has increased its exchanges with its Member States. The paper presents main elements of the ESA's policy on space and security. It introduces the current European context for space and security, the European goals in this domain and the specific objectives to which the Agency intends to contribute. Space and security in the ESA context is set out under two components: a) security from space and b) security in space, including the security of ESA's own activities (corporate security and the security of ESA's space missions). Subsequently, ESA's activities are elaborated around these two pillars, composed of different activities conducted in the most appropriate frameworks and in coordination with the relevant stakeholders and shareholders.

Animal models of binge drinking, current challenges to improve face validity.

Science.gov (United States)

Jeanblanc, Jérôme; Rolland, Benjamin; Gierski, Fabien; Martinetti, Margaret P; Naassila, Mickael

2018-05-05

Binge drinking (BD), i.e., consuming a large amount of alcohol in a short period of time, is an increasing public health issue. Though no clear definition has been adopted worldwide the speed of drinking seems to be a keystone of this behavior. Developing relevant animal models of BD is a priority for gaining a better characterization of the neurobiological and psychobiological mechanisms underlying this dangerous and harmful behavior. Until recently, preclinical research on BD has been conducted mostly using forced administration of alcohol, but more recent studies used scheduled access to alcohol, to model more voluntary excessive intakes, and to achieve signs of intoxications that mimic the human behavior. The main challenges for future research are discussed regarding the need of good face validity, construct validity and predictive validity of animal models of BD. Copyright © 2018 Elsevier Ltd. All rights reserved.

A Layered Decision Model for Cost-Effective System Security

Energy Technology Data Exchange (ETDEWEB)

Wei, Huaqiang; Alves-Foss, James; Soule, Terry; Pforsich, Hugh; Zhang, Du; Frincke, Deborah A.

2008-10-01

System security involves decisions in at least three areas: identification of well-defined security policies, selection of cost-effective defence strategies, and implementation of real-time defence tactics. Although choices made in each of these areas affect the others, existing decision models typically handle these three decision areas in isolation. There is no comprehensive tool that can integrate them to provide a single efficient model for safeguarding a network. In addition, there is no clear way to determine which particular combinations of defence decisions result in cost-effective solutions. To address these problems, this paper introduces a Layered Decision Model (LDM) for use in deciding how to address defence decisions based on their cost-effectiveness. To validate the LDM and illustrate how it is used, we used simulation to test model rationality and applied the LDM to the design of system security for an e-commercial business case.

The Security of Energy Supply and the Contribution of Nuclear Energy

International Nuclear Information System (INIS)

2011-01-01

What contribution can nuclear energy make to improve the security of energy supply? This study, which examines a selection of OECD member countries, qualitatively and quantitatively validates the often intuitive assumption that, as a largely domestic source of electricity with stable costs and no greenhouse gas emissions during production, nuclear energy can make a positive contribution. Following an analysis of the meaning and context of security of supply, the study uses transparent and policy-relevant indicators to show that, together with improvements in energy efficiency, nuclear energy has indeed contributed significantly to enhanced energy supply security in OECD countries over the past 40 years. Content: Foreword; Executive Summary; 1. The Security of Energy Supply and the Contribution of Nuclear Energy - Concepts and Issues: - Energy supply security: An introduction, - Why security of energy supply remains a policy issue in OECD countries, - The external dimension: import dependence, resource exhaustion and carbon policy, - The internal dimension: economic, financial and technical considerations for energy supply security - Orientations for government policies to enhance the security of energy supply, - Conclusions; 2. Indicators and Models for Measuring Security of Energy Supply Risks: - Introduction, - Different approaches towards designing the Supply/Demand Index, - A detailed review of selected security of supply indicators, - Comprehensive models for assessing the security of energy supply, - The Supply/Demand Index, - Concluding observations; 3. Evolution of the Security of Energy Supply in OECD Countries: - Time-dependent quantification of the security of energy supply, - Changes in security of supply in selected OECD countries, - Electricity generation and the security of energy supply, - The contribution of nuclear energy and energy intensity to the security of energy supply, - The geographical distribution of SSDI values, - Conclusions; 4. Public

Secure Authentication and Prescription Safety Protocol for Telecare Health Services Using Ubiquitous IoT

Directory of Open Access Journals (Sweden)

Zahid Mahmood

2017-10-01

Full Text Available Internet-of-Things (IoT include a large number of devices that can communicate across different networks. Cyber-Physical Systems (CPS also includes a number of devices connected to the internet where wearable devices are also included. Both systems enable researchers to develop healthcare systems with additional intelligence as well as prediction capabilities both for lifestyle and in hospitals. It offers as much persistence as a platform to ubiquitous healthcare by using wearable sensors to transfer the information over servers, smartphones, and other smart devices in the Telecare Medical Information System (TMIS. Security is a challenging issue in TMIS, and resourceful access to health care services requires user verification and confidentiality. Existing schemes lack in ensuring reliable prescription safety along with authentication. This research presents a Secure Authentication and Prescription Safety (SAPS protocol to ensure secure communication between the patient, doctor/nurse, and the trusted server. The proposed procedure relies upon the efficient elliptic curve cryptosystem which can generate a symmetric secure key to ensure secure data exchange between patients and physicians after successful authentication of participants individually. A trusted server is involved for mutual authentication between parties and then generates a common key after completing the validation process. Moreover, the scheme is verified by doing formal modeling using Rubin Logic and validated using simulations in NS-2.35. We have analyzed the SAPS against security attacks, and then performance analysis is elucidated. Results prove the dominance of SAPS over preliminaries regarding mutual authentication, message integrity, freshness, and session key management and attack prevention.

SECURE nuclear district heating plant

International Nuclear Information System (INIS)

Nilsson; Hannus, M.

1978-01-01

The role foreseen for the SECURE (Safe Environmentally Clean Urban REactor) nuclear district heating plant is to provide the baseload heating needs of primarily the larger and medium size urban centers that are outside the range of waste heat supply from conventional nuclear power stations. The rationale of the SECURE concept is that the simplicity in design and the inherent safety advantages due to the use of low temperatures and pressures should make such reactors economically feasible in much smaller unit sizes than nuclear power reactors and should make their urban location possible. It is felt that the present design should be safe enough to make urban underground location possible without restriction according to any criteria based on actual risk evaluation. From the environmental point of view, this is a municipal heat supply plant with negligible pollution. Waste heat is negligible, gaseous radioactivity release is negligible, and there is no liquid radwaste release. Economic comparisons show that the SECURE plant is competitive with current fossil-fueled alternatives. Expected future increase in energy raw material prices will lead to additional energy cost advantages to the SECURE plant

A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks

Directory of Open Access Journals (Sweden)

Shibo Luo

2015-12-01

Full Text Available Software-Defined Networking-based Mobile Networks (SDN-MNs are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directly to SDN-MNs, and a novel security assessment methodology is needed. In this paper, an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process (AHP is proposed for SDN-MNs. Firstly, this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP. Secondly, to address the diversity and complexity of SDN-MNs, a novel attack graph definition and attack graph generation algorithm are proposed. In order to quantify security levels, the Node Minimal Effort (NME is defined to quantify attack cost and derive system security levels based on NME. Thirdly, to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration, we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS as the methodology. Finally, we offer a case study to validate the proposed methodology. The case study and evaluation show the advantages of the proposed security assessment mechanism.

A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks.

Science.gov (United States)

Luo, Shibo; Dong, Mianxiong; Ota, Kaoru; Wu, Jun; Li, Jianhua

2015-12-17

Software-Defined Networking-based Mobile Networks (SDN-MNs) are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directly to SDN-MNs, and a novel security assessment methodology is needed. In this paper, an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process (AHP) is proposed for SDN-MNs. Firstly, this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP. Secondly, to address the diversity and complexity of SDN-MNs, a novel attack graph definition and attack graph generation algorithm are proposed. In order to quantify security levels, the Node Minimal Effort (NME) is defined to quantify attack cost and derive system security levels based on NME. Thirdly, to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration, we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS) as the methodology. Finally, we offer a case study to validate the proposed methodology. The case study and evaluation show the advantages of the proposed security assessment mechanism.