Dissertations / Theses on the topic 'Secure Services'
To see the other types of publications on this topic, follow the link: Secure Services.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Secure Services.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Fan, Zhe. "Secure subgraph query services." HKBU Institutional Repository, 2015. https://repository.hkbu.edu.hk/etd_oa/229.
Full textAbstract:
Graphs are powerful tools for a wide range of real applications, from Biological and Chemical Databases, Social Networks, Citation Networks to Knowledge Bases. Large graph data repositories have been consistently found in recent applications. Due to the high complexity of graph queries, e.g., NP-Completeness of subgraph query, and the lack of IT expertise, hosting efficient graph query services for the owners of graph data has been a technically challenging task. And hence, they may prefer to outsource their services to third-party service providers (SPs) for scalability, elasticity and efficiency. Unfortunately, SPs may not always be trusted. Security, typically the integrity and confidentiality, of the data, has been recognized as one of the critical attributes of Quality of Services (QoS). This directly influences the willingness of both data owners and query clients to use SP’s services. To address these concerns, this thesis proposes novel techniques to solve both authentication-aware and privacy-aware subgraph query. Firstly, we study authenticated subgraph query services (Chapter 3). To support the service, we propose Merkle IFTree (MIFTree) where Merkle hash trees are applied into our Intersection-aware Feature-subgraph Tree (IFTree). IFTree aims to minimize I/O in a well-received subgraph query paradigm namely the filtering-and-verification framework. The structures required to be introduced to verification objects (VOs) and the authentication time are minimized. Subsequently, the overall response time is minimized. For optimizations, we propose an enhanced authentication method on MIFTree. Secondly, we propose structure-preserving subgraph query services (Chapter 4). A crucial step of this part is to transform the seminal subgraph isomorphism algorithm (the Ullmann’s algorithm) into a series of matrix operations. We propose a novel cyclic group based encryption (CGBE) method for private matrix operations. We propose a protocol that involves the query client and static indexes for optimizations. We prove that the structural information of both query graph and data graph are preserved under CGBE and analyze the privacy preservation in the presence of the optimizations. Thirdly, we propose asymmetric structure-preserving subgraph query processing (Chapter 5), where the data graph is publicly known and the query structure/topology is kept secret. Unlike other previous methods for subgraph queries, this part proposes a series of novel optimizations that only exploit graph structures, not the queries. Further, we propose a robust query encoding and adopt our proposed cyclic group based encryption method, so that the query processing can be transformed into a series of private matrix operations and performed securely. The effectiveness and efficiency of all the techniques presented in this thesis are experimentally evaluated with both real-world and synthetic dataset
2
Ali, Mazhar. "Towards Secure Cloud Storage Services." Diss., North Dakota State University, 2015. http://hdl.handle.net/10365/24802.
Full textAbstract:
Cloud computing is anticipated to revolutionize the Information and Communication Technology sector and has been a mainstream of research over the last decade. The cloud computing, upsurges the capabilities of the hardware resources by optimal and shared utilization. The above mentioned features encourage the organizations and individual users to shift their data, applications and services to the cloud. However, the services provided by third-party cloud service providers entail additional security threats. Data being one of the prime assets of the organizations must be protected from all sorts of security threats. The data in the cloud is much more vulnerable to risks in terms of confidentiality, integrity, and availability in comparison to the conventional computing model. The ever increasing number of users and applications leads to enhanced security risks. Violation of integrity may also result from multi-tenant nature of the cloud. Employee of SaaS providers, having access to information may also act as a potential risk. Considering the paramount importance of data security in the cloud environment, we propose methodologies towards the secure cloud storage services. We propose methodologies to secure: (a) Single user data, (b) Group shared data, and (c) approach security and performance collectively. We propose Data Security for Cloud Environment with Semi-trusted third party (DaSCE) protocol, a cloud storage security system that provide key management, access control, and file assured deletion. Parts of keys are stored at semi-trusted servers called key managers. The key management is accomplished using (k, n) threshold secret sharing mechanism. Finally, we present the DROPS methodology that collectively deals with the security and performance in terms of retrieval time. The data file is fragmented and the fragments are dispersed over multiple nodes. The nodes are separated by means of T-coloring. The fragmentation and dispersal ensures that no significant information is obtainable by an adversary in case of a successful attack.
3
Hines, Larry, and Jeff Kalibjian. "Securing Print Services for Telemetry Post-Processing Applications." International Foundation for Telemetering, 2006. http://hdl.handle.net/10150/604260.
Full textAbstract:
ITC/USA 2006 Conference Proceedings / The Forty-Second Annual International Telemetering Conference and Technical Exhibition / October 23-26, 2006 / Town and Country Resort & Convention Center, San Diego, CaliforniaOne of the primary goals of telemetry post processing is to format received data for review and analysis. This occurs by both displaying processed data on video monitors and by printing out the results to hardcopy media. Controlling access (i.e. viewing) of telemetry data in soft form (i.e. video monitor) is achieved by utilizing the existing framework of authentication and authorization on the client/server machines hosting the telemetry data (and post processing applications). Controlling access to hardcopy output has historically been much more problematic. This paper discusses how to implement secure printing services for telemetry post processing applications.
4
Aringunram, Ravichandran. "Secure communication services for distributed conference system." [Gainesville, Fla.]: University of Florida, 2002. http://purl.fcla.edu/fcla/etd/UFE0000505.
Full text
5
Guerreiro, João. "Secure Web Services for Wireless Sensor Networks." Thesis, Uppsala University, Department of Information Technology, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-129474.
Full textAbstract:
Sensor deployments are becoming more and more common nowadays and the ways to access them are becoming more standardized. Indeed, users want to access sensor data via the Internet and without using some complex and unknown protocol; enter Web Services. By observing the typical system architecture for relaying sensor information to the web, we identified out of a large group of security issues a particular one. The issue in question is user privacy.
In this thesis we focus on hiding the activity of a user who queries a sensor deployment, from an attacker that can listen to communications in the neighborhood of the network. Our goal is to generate extra traffic in an intelligent way so that it can effectively mask user activity without draining the energy from the sensors.
6
Hayton, Richard. "An open architecture for secure interworking services." Thesis, University of Cambridge, 1995. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.313860.
Full text
7
Potebenko, Maria, and Alina Shliakhovska. "Secure environment for e-services in Ukraine." Thesis, National Aviation University, 2021. https://er.nau.edu.ua/handle/NAU/51120.
Full textAbstract:
1. Services & Specialties - E-services [Electronic resource]. – Access mode:
https://sites.google.com/a/sharadarupasinghe.com/e-services/services
2. Electronic services by categories | Cabinet Ministers of Ukraine (in Ukrainian)
[Electronic resource]. – Access mode: https://www.kmu.gov.ua/servicesfilter
3. Current state, problems and prospects for the development of electronic
administrative services in Ukraine (in Ukrainian) [Electronic resource]. – Access mode:
https://niss.gov.ua/doslidzhennya/politika/suchasniy-stan-problemi-i-perspektivi-rozvitku-vukraini-elektronnikhThe concept of e-service represents one prominent application of utilizing the use of information and communication technologies in different areas. Basically, there are three main components: service provider, service receiver and the channels of service delivery. For example, as concerned to public e-service, public agencies are the service provider and citizens as well as businesses are the service receiver. The channel of service delivery is the third requirement of e-service. Internet is the main channel of e-service delivery while other classic channels are also considered.
Концепція електронного сервісу являє собою одне з видатних застосувань використання інформаційно-комунікаційних технологій у різних сферах. В основному, є три основні компоненти: постачальник послуг, приймач послуг та канали надання послуг. Наприклад, що стосується державної електронної послуги, державні установи є постачальником послуг, а громадяни, а також підприємства - отримувачами послуг. Канал надання послуг є третьою вимогою електронної послуги. Інтернет є основним каналом надання електронних послуг, тоді як інші класичні канали також розглядаються.
8
Barnes, Cheontell Marie. "Relating following aggression : women's medium secure services." Thesis, University of Essex, 2015. http://repository.essex.ac.uk/16837/.
Full textAbstract:
Background: Women in medium secure services can present with aggressive behaviours and a high level of risk to self and others. Research suggests frontline staff are frequently the victims of, or witness to aggression by forensic inpatients. The therapeutic relationship is proposed as central to therapeutic outcome, but may be jeopardised by inpatient aggression. Staff perceptions of the therapeutic relationship and aggression have not been explored in women’s medium secure services. The study aimed to develop a theoretical model grounded in frontline staff perceptions of the therapeutic alliance and aggression in a women’s medium secure services. Method: The data from 13 semi-structured interviews conducted with frontline staff was analysed using Constructivist Grounded Theory methods. Results: The tentative descriptive theoretical model “Relating Following Aggression” emerged from the interview data. Contextual information supports five core categories, and the related sub-categories. The findings propose the therapeutic relationship is intrinsically linked to boundaries, and boundary violations could result in relational deterioration. Aggression affected the emotional and psychological wellbeing of the participants, and compromised the staff-patient relationship. The participants were fearful of aggression occurring in their workplace which resulted in them spending less time with the women and withdrawing from the therapeutic relationship. Conclusion: The findings reveal the complexity of the frontline staff-patient relationship in women’s services. Aggression occurring between frontline staff and women can seriously compromise the therapeutic relationship through a crossing of the boundary line and a perceived breach of trust. Greater support for both the frontline staff and women is required. Future research is recommended. Keywords: Frontline staff, women, aggression, forensic, therapeutic relationship, Constructivist Grounded Theory.
9
Krohn, Maxwell (Maxwell N. ). "Building fast and secure Web services with OKWS." Thesis, Massachusetts Institute of Technology, 2005. http://hdl.handle.net/1721.1/34364.
Full textAbstract:
Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.Includes bibliographical references (p. 69-74).
OKWS is a Web server specialized for secure and fast delivery of dynamic content. It provides Web developers with a small set of tools powerful enough to build complex Web-based systems. Despite its emphasis on security, OKWS shows performance improvements compared to popular systems: when servicing fully dynamic, non-disk-bound database workloads, OKWS's throughput and responsiveness exceed that of Apache 2, Flash and Haboob. Experience with OKWS in a commercial deployment suggests it can reduce hardware and system management costs, while providing security guarantees absent in current systems. In the end, lessons gleaned from the OKWS project provide insight into how operating systems might better facilitate secure application design.
by Maxwell Krohn.
S.M.
10
Li, Hong Ping. "Secure proximity queries in mobile geo-social services." HKBU Institutional Repository, 2013. https://repository.hkbu.edu.hk/etd_ra/1551.
Full text
11
Fabian, Benjamin. "Secure name services for the internet of things." Doctoral thesis, Humboldt-Universität zu Berlin, Wirtschaftswissenschaftliche Fakultät, 2008. http://dx.doi.org/10.18452/15829.
Full textAbstract:
Mit dem Begriff Internet der Dinge (IOT) wird eine im Entstehen begriffene globale, Internet-basierte Architektur von Informationsdiensten bezeichnet, die Informationen Ÿber mit RFID-Chips versehene GegenstŠnde bereitstellt. Das IOT soll den Informationsaustausch Ÿber GŸter in in globalen Logistiknetzen erleichtern, ihre Transparenz erhšhen und somit Effizienzsteigerungen erreichen. Namensdienste fŸr das IOT sind verteilte Systeme, die bei Eingabe eines Identifikators fŸr einen Gegenstand, z.B. eines Elektronischen Produktcodes (EPC), eine Liste von Internetadressen fŸr Dienste zurŸckgeben, die weitere Informationen Ÿber den Gegenstand anbieten. Die vorliegende Arbeit hat die Herausforderungen an die Informationssicherheit von IOT-Namensdiensten (IOTNS) zum Thema. Hierbei leisten wir die folgenden ForschungsbeitrŠge: Erstens werden die Anforderungen an einen IOTNS herausgearbeitet, wobei insbesondere mehrseitige Sicherheit und die Perspektive der IOTNS-Clients berŸcksichtigt werden, die in den Standards und der Forschungsliteratur zum IOT bisher vernachlŠssigt worden sind. Zweitens fŸhren wir eine Sicherheitsanalyse des einflu§reichen Standards Object Naming Service (ONS) durch. Drittens werden Verbesserungen des ONS diskutiert, die einen Teil der ONS-Sicherheitsprobleme beheben kšnnten, ohne den etablierten Standard vollstŠndig zu verŠndern. Hierbei werden insbesondere eine Architektur fŸr Multipolares ONS und ihr Prototyp vorgestellt, bei der die internationale AbhŠngigkeit von dem Land reduziert werden kann, das den ONS-Root kontrolliert. Viertens prŠsentieren wir eine neue IOTNS-Architektur und ihre Implementierung auf der Forschungsplattform PlanetLab, die auf verteilten Hashtabellen basiert und von der gezeigt wird, dass sie verbesserte Sicherheitseigenschaften gegenŸber ONS aufweist -- bei vergleichbarem oder sogar erhšhtem Grad an FunktionalitŠt, Skalierbarkeit und Systemleistung.The term Internet of Things (IOT) describes an emerging global, Internet-based information service architecture for RFID-tagged items (Radio-Frequency Identification). In the vision of its proponents, this IOT will facilitate information exchange about goods in global supply chain networks, increase transparency, and enhance their efficiency. Name Services for the IOT are distributed systems that serve the following fundamental lookup function: Given an identifier for a real-world object, e.g., an Electronic Product Code (EPC), they return a list of Internet addresses of services, which offer additional information about this object. This thesis discusses the information security challenges involved in the design and use of an IOT Name Service (IOTNS). Our main contributions are the following: First, the requirements for an IOTNS are collected and discussed, including multilateral security and the client perspective, which have been neglected in IOT standards and research literature so far. Second, we conduct a detailed security analysis of the most influential standard Object Naming Service (ONS). This extends our previous article that initiated this new research line in the field of RFID and IOT security. Third, enhancements to ONS are discussed, which could mitigate some of the ONS security shortcomings in an evolutionary way without completely abandoning the established standard. In particular, we describe an architecture and prototype for Multipolar ONS, which reduces international dependency on a single country controlling the ONS Root. Fourth, we present a new IOTNS architecture based on Distributed Hash Tables (DHT) and its implementation on the research platform PlanetLab. This architecture is shown to offer enhanced overall security compared to ONS while delivering equivalent or even better functionality, scalability, and performance.
12
Clarke, William Francis Eugene. "Therapeutic community principles and practice within a secure environment." Thesis, University of Brighton, 1991. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.304526.
Full text
13
Watson, William. "Haven of change : the history of a secure psychiatric hospital." Thesis, University of Cambridge, 1992. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.259691.
Full text
14
Gorgun, Ilhami. "Deploying And Invoking Secure Web Services Over Jxta Framework." Master's thesis, METU, 2005. http://etd.lib.metu.edu.tr/upload/12605915/index.pdf.
Full textAbstract:
Web services introduce a new paradigm for distributed computing, and the
technology that it introduces constructs a new type of Web application. Web
services can be described as any software that makes its discovery and
invocation available over the Internet, and uses a standardized XML messaging
system.
The term peer-to-peer refers to a class of decentralized systems enabling the
access of shared resources available on peers that are acting both as client and
as server.
In this work, a peer-to-peer approach is used to expoit Web service
technologies by providing Web service security for JXTA peer-to-peer
networks. JXTA is a network programming environment that has particularly
been designed for the peer-to-peer platform.
In order to achieve the goal of secure Web services, the specifications &ldquoWSSecurity&rdquo
, &ldquo
XML Key Management Specification&rdquo
, &ldquo
WS-Trust&rdquo
and &ldquo
WSSecurityPolicy&rdquo
are exploited. &ldquo
WS-Security&rdquo
is primarily a specification for an XML-based security metadata container, and is a building block for the specifications &ldquo
WS-Trust&rdquo
and &ldquo
WS-SecurityPolicy&rdquo
. &ldquo
WS-Trust&rdquo
defines the process of how to acquire security tokens. Within the peer-to-peer network that is proposed with this work, a peer is dedicated to act as a &ldquo
trusted third party&rdquo
and to manage the processes for incorporating the security of public-key infrastructure, which is defined by &ldquo
XML Key Management Specification&rdquo
. In addition, the same peer is dedicated to manage to acquire security tokens, which is defined by &ldquo
WS-Trust&rdquo
. As for &ldquo
WS-SecurityPolicy&rdquo
, Web service invoking peers conform to this specification that specifies how to define security assertions stating Web service provider&rsquo
s preferences and requirements. This work realizes and achieves the necessity of bringing together the technologies mentioned above in order to propose an architecture of secure SOAP messaging for Web service invocation in peer-to-peer environment that is provided by the JXTA framework. The work presented in this thesis is realized as a part of the SATINE project funded by the European Commission.
15
Poroye, Adeola Oluwaseyi. "Secure contactless mobile financial services with near field communication." Thesis, University of the Western Cape, 2011. http://etd.uwc.ac.za/index.php?module=etd&action=viewtitle&id=gen8Srv25Nme4_3849_1320751857.
Full text
16
Singh, Aameek. "Secure Management of Networked Storage Services: Models and Techniques." Diss., Available online, Georgia Institute of Technology, 2007, 2007. http://etd.gatech.edu/theses/available/etd-04092007-004039/.
Full textAbstract:
Thesis (Ph. D.)--Computing, Georgia Institute of Technology, 2008.Liu, Ling, Committee Chair ; Aberer, Karl, Committee Member ; Ahamad, Mustaque, Committee Member ; Blough, Douglas, Committee Member ; Pu, Calton, Committee Member ; Voruganti, Kaladhar, Committee Member.
17
Tan, Juan Jim. "Adaptive management and interoperability for secure semantic open services." Thesis, Queen Mary, University of London, 2005. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.418306.
Full text
18
El, jaouhari Saad. "A secure design of WoT services for smart cities." Thesis, Ecole nationale supérieure Mines-Télécom Atlantique Bretagne Pays de la Loire, 2018. http://www.theses.fr/2018IMTA0120/document.
Full textAbstract:
WebRTC est une technologie récente de communication qui permet d’établir des échanges multimédia conversationnels directement entre navigateurs. Nous nous intéressons dans cette thèse à des locuteurs dans un Smart Space (SS) défini comme un environnement centré-utilisateur instrumenté par unensemble de capteurs et d’actionneurs connectés. Nous analysons les capacités nécessaires pour permettre à un participant d’une session WebRTC d’impliquer dans cette même session, les flux induits par les objets connectés appartenant au SS d’un utilisateur quelconque de la session. Cette approche recèle un gisement de nombreux nouveaux usages. Nous limitons notre analyse à ceux concernant l’exercice distant d’une expertise et d’un savoir-faire. Techniquement, il s’agit d’articuler de façon contrôlée WebRTC et IoT/WoT. Nous procédons à une extension de WebRTC par WoT pour fournir à tout utilisateur d’une session WebRTC, un accès aux objets connectés du SS de tout autre participant à la session, en mettant l’accent sur la sécurisation de cet accès ainsi que sur sa conformité aux exigences de respect de la vie privée (RGPD) de l’utilisateur concerné. Le positionnement de notre approche dans le contexte des services de communication opérant dans les villes connectées, impose la prise en compte de SSs multiples et variés induisant chacun ses propres politiques de routage et de sécurité. Pour répondre à nos objectifs, il devient nécessaire au cours d’une session WebRTC, d’identifier, sélectionner, déployer et appliquer les règles de routage et de sécurité de façon à garantir un accès rapide et sécurisé aux différents SSs concernés et distribués sur tout le réseau. Nous développons une architecture originale répondant à ces besoins et intégrant un contrôleur SDN du fait de l’étroite imbrication entre les problématiques de routage et de sécurité. Un prototype illustrant notre approche a été mis en oeuvre et testé afin d’évaluer la performance et la sécurité du système. Nous illustrons finalement notre approche dans le domaine de la santé en démontrant son apport pour gérer une infrastructure de grande taille telle qu’un hôpitalThe richness and the versatility of WebRTC, a new peer-to-peer, real-time and browser based communication technology, allowed the imagination of new and innovative services. In this thesis, we analyzed the capabilities required to allow a participant in a WebRTC session to access the smart Things belonging to his own environment as well as those of any other participant in the same session. The access to such environment, which we call “SmartSpace (SS)”, can be either passive, for example by monitoring the contextual information provided by the sensors, or active by requesting the execution of commands by the actuators, or a mixture of both. This approach deserves attention because it allows solving in an original way various issues such as allowing experts to remotely exercise and provide their expertise and/or knowing how. From a technical point of view the issue is not trivial because it requires a smooth and mastered articulation between two different technologies: WebRTC and the Internet of Things (IoT) /Web of Things (WoT). Hence, the first part of the problem studied in this thesis, consists in analyzing the possibilities of extending WebRTC capabilities with theWoT. So as to provide a secure and privacy-respectful access to the various smart objects located in the immediate environment of a participant to any otherend-user involved in the same ongoing WebRTC session. This approach is then illustrated in the ehealth domain and tested in a real smart home (a typical example of a smart space). Moreover,positioning our approach in the context of communication services operating in smart cities requires the ability to support a multiplicity of SSs,each with its own network and security policy. Hence,in order to allow a participant to access one of his own SSs or one of another participant (through a delegation of access process), it becomes necessary to dynamically identify, select, deploy, and enforce the SS’s specific routing and security rules, so as to have an effective, fast and secure access. Therefore, the second part of the problem studied in this Ph.D.consists in defining an efficient management of the routing and security issues regarding the possibility of having multiple SSs distributed over the entire network
19
Dhillon, Gurmit. "Developing a CBT manual for adult inpatient secure services." Thesis, University of Southampton, 2014. https://eprints.soton.ac.uk/374544/.
Full text
20
Sun, Wenhai. "Towards Secure Outsourced Data Services in the Public Cloud." Diss., Virginia Tech, 2018. http://hdl.handle.net/10919/84396.
Full textAbstract:
Past few years have witnessed a dramatic shift for IT infrastructures from a self-sustained model to a centralized and multi-tenant elastic computing paradigm -- Cloud Computing, which significantly reshapes the landscape of existing data utilization services. In truth, public cloud service providers (CSPs), e.g. Google, Amazon, offer us unprecedented benefits, such as ubiquitous and flexible access, considerable capital expenditure savings and on-demand resource allocation. Cloud has become the virtual ``brain" as well to support and propel many important applications and system designs, for example, artificial intelligence, Internet of Things, and so forth; on the flip side, security and privacy are among the primary concerns with the adoption of cloud-based data services in that the user loses control of her/his outsourced data. Encrypting the sensitive user information certainly ensures the confidentiality. However, encryption places an extra layer of ambiguity and its direct use may be at odds with the practical requirements and defeat the purpose of cloud computing technology. We believe that security in nature should not be in contravention of the cloud outsourcing model. Rather, it is expected to complement the current achievements to further fuel the wide adoption of the public cloud service. This, in turn, requires us not to decouple them from the very beginning of the system design. Drawing the successes and failures from both academia and industry, we attempt to answer the challenges of realizing efficient and useful secure data services in the public cloud. In particular, we pay attention to security and privacy in two essential functions of the cloud ``brain", i.e. data storage and processing. Our first work centers on the secure chunk-based deduplication of encrypted data for cloud backup and achieves the performance comparable to the plaintext cloud storage deduplication while effectively mitigating the information leakage from the low-entropy chunks. On the other hand, we comprehensively study the promising yet challenging issue of search over encrypted data in the cloud environment, which allows a user to delegate her/his search task to a CSP server that hosts a collection of encrypted files while still guaranteeing some measure of query privacy. In order to accomplish this grand vision, we explore both software-based secure computation research that often relies on cryptography and concentrates on algorithmic design and theoretical proof, and trusted execution solutions that depend on hardware-based isolation and trusted computing. Hopefully, through the lens of our efforts, insights could be furnished into future research in the related areas.Ph. D.
21
Mumtaz, Majid. "Security Services for Mobile Applications." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-116762.
Full textAbstract:
In today's era of technology, information can revolve the whole world within seconds via Internet. Devices such as smartphones, tablets and smart applications running on them enable users to access information anytime and anywhere over the air network. Ubiquitous nature of smartphones stimulates the growth of applications development, especially for small scale devices. Protection and security of sensitive mobile applications and their resources against threats are new emerging challenges for mobile application developers. Even competitive enterprise application development organizations lack comprehensive security services for small scale devices. Ultimately unpredictable threats become active anytime and can easily hamper the whole infrastructure within short time frame. In future enterprise applications, to protect entities and overall access of back-end secure infrastructure and services secure and easy to deploy strong authentication and authorization services will play a key role. Complexity of security risks in wireless networks is changing the ways of protection mechanisms for mobile applications. Achieving security balance with convenience becomes a challenging task for application developers. Due to complex blurred picture of an attack in an enterprise applications development, usually the developers don't pay attention against the mitigation of such threats at the initial phase of application development. Due to this, weaknesses appear in latter stages that make an application system vulnerable. Conventionally it is a common practice by application developers to rely on username/password authentication mechanism, and even more secure way that is considered to be a One Time Password (OTP) or complex passphrase schemes. These schemes have a number of limitations and drawbacks regarding today’s diverse wireless environments. In this research we used Public Key Infrastructure (PKI) certificate-based strong authentication scheme for small scale devices which is a significant step-up from simple username/password, OTP and location-based authentication schemes. Leading standards which we followed FIPS 201 Personal Identity Verification standard and FIPS 196 Strong Authentication Protocol scheme. Our solution is based on secure smart microSD card that can be used for providing high level of security for mobile enterprise applications. Also other considerable security services included confidentiality of exchanged transaction messages between applications and back-end application provider server, integrity of transaction messages, and non-repudiation services.
22
Chen, Shujuan. "Secure Real-time Services for Wireless Sensor Networks in Contiki." Thesis, KTH, Reglerteknik, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-106231.
Full textAbstract:
With the widespread use of networked embedded systems operating over wireless sensor networks, a standardized architecture is required to enable the rapid development of applications. An embedded operating system serves as an important building block of the standardized architecture. The support of the most commonly used services and protocols should be made available in it as a system service to improve the development speed. Real-time services are commonly required by many time-sensitive applications, such as automation control, real-time monitoring. Events need a global time notion or must happen within a deadline. Collected data should arrive at the destination before it becomes old and loses its meaning. But there is no common notion of time in a wireless sensor network in which all the nodes are physically separated and no global clock or common memory exists. Moreover, there is no guarantee that the sensed data will get to the destination before the deadline. To address these real-time issues, we develop real-time services including time synchronization and low-latency data collection to provide therapid development of time-critical applications. Meanwhile, security becomes an important issue to wireless sensor network due to the vulnerability of the wireless channel. The adversaries can simply capture and change the data and then resend it. The real-time services utilizing the wireless communication are vulnerable to the attacks and might be the weakest link for the whole system if it is not designed with security in mind. As the building block of real-time services, time synchronization comes into the first place to provide a global time scale for a distributed networking system. We study current time synchronization protocols for wireless sensor networks, propose our protocol design and implement it in the experimental platform, Contiki OS on the hardware platform Tmote Sky. To show the feasibility and performance of our protocol, we perform extensive experimental evaluation. Low-latency data collection services will also play a significant role for the time-critical applications. It aims to provide the guarantee of a time limit for the data collection. Based on the synchronized notion of time over the network, we implement a protocol for data collection aiming at low end-to-end latency for the same platform. To show the performance of data collection using this protocol, we test end-to-end latency in a multi-hop network and evaluate it based on the hop count and the estimation of the point-to-point delay in a single-hop communication. Security issues pose a great challenge to the applications as well as the underlying services due to vulnerability of the wireless channel, hostile environment as well as the severe resource constraint. To make the real-time services resilient to security attacks, we analyse the security attacks that might interrupt the services and present countermeasures to resist these security breaches. The hardware platform in use provides a crypto accelerator in the radio chip and frees the microcontroller from the long computation time for the security operations. We implement the security protocol utilizing hardware-assisted security operation to provide the link-layer security services. In addition, we provide data freshness service using authenticated MAC timestamping for each packet. Then we show how to secure the real-time services using these security services and integrate them into the protocol implementation.
23
Erlandsson, Fredrik, and Daniel Evertsson. "S-UDDI : using Web services, the Secure and Trustworthy way." Thesis, Blekinge Tekniska Högskola, Avdelningen för för interaktion och systemdesign, 2005. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-5573.
Full textAbstract:
SOA and especially Web services are a big evolving market these days. SOA typically uses Web services when interacting between different parts of applications. Methods to easily discover the Web services must exist. For this UDDI has been introduced. The current implementation of UDDI has a weak security model. We have developed an extension to this model, which interacts with the current solution to make it more secure. Our solution, S-UDDI, enable a way to find and publish Web services in a secure and trustworthy way.
24
Sajjad, Ali. "A secure and scalable communication framework for inter-cloud services." Thesis, City University London, 2015. http://openaccess.city.ac.uk/14415/.
Full textAbstract:
A lot of contemporary cloud computing platforms offer Infrastructure-as-a-Service provisioning model, which offers to deliver basic virtualized computing resources like storage, hardware, and networking as on-demand and dynamic services. However, a single cloud service provider does not have limitless resources to offer to its users, and increasingly users are demanding the features of extensibility and inter-operability with other cloud service providers. This has increased the complexity of the cloud ecosystem and resulted in the emergence of the concept of an Inter-Cloud environment where a cloud computing platform can use the infrastructure resources of other cloud computing platforms to offer a greater value and flexibility to its users. However, there are no common models or standards in existence that allows the users of the cloud service providers to provision even some basic services across multiple cloud service providers seamlessly, although admittedly it is not due to any inherent incompatibility or proprietary nature of the foundation technologies on which these cloud computing platforms are built. Therefore, there is a justified need of investigating models and frameworks which allow the users of the cloud computing technologies to benefit from the added values of the emerging Inter-Cloud environment. In this dissertation, we present a novel security model and protocols that aims to cover one of the most important gaps in a subsection of this field, that is, the problem domain of provisioning secure communication within the context of a multi-provider Inter-Cloud environment. Our model offers a secure communication framework that enables a user of multiple cloud service providers to provision a dynamic application-level secure virtual private network on top of the participating cloud service providers. We accomplish this by taking leverage of the scalability, robustness, and flexibility of peer-to-peer overlays and distributed hash tables, in addition to novel usage of applied cryptography techniques to design secure and efficient admission control and resource discovery protocols. The peer-to-peer approach helps us in eliminating the problems of manual configurations, key management, and peer churn that are encountered when setting up the secure communication channels dynamically, whereas the secure admission control and secure resource discovery protocols plug the security gaps that are commonly found in the peer-to-peer overlays. In addition to the design and architecture of our research contributions, we also present the details of a prototype implementation containing all of the elements of our research, as well as showcase our experimental results detailing the performance, scalability, and overheads of our approach, that have been carried out on actual (as opposed to simulated) multiple commercial and non-commercial cloud computing platforms. These results demonstrate that our architecture incurs minimal latency and throughput overheads for the Inter-Cloud VPN connections among the virtual machines of a service deployed on multiple cloud platforms, which are 5% and 10% respectively. Our results also show that our admission control scheme is approximately 82% more efficient and our secure resource discovery scheme is about 72% more efficient than a standard PKI-based (Public Key Infrastructure) scheme.
25
Kounga, Gina. "Strong authentification for providing secure services in ad hoc networks." Versailles-St Quentin en Yvelines, 2009. http://www.theses.fr/2009VERS0047.
Full textAbstract:
L'authentification est une pré-condition pour fournir de la sécurité dans les réseaux ad hoc. Afin de définir une solution d'autehtification adaptée aux caractéristiques de ces réseaux, nous faisons, dans cette thèse, une analyse approfondie des solutions existantes et de la façon dont elles ont été adaptées pour satisfaire aux contraintes des réseaux ad hoc. Cela permet d'identifier leurs limitations ainsi que les problèmes à résoudre. Nous proposons alors une première solution qui résout certains d'entre eux. Cette solution est améliorée dans une seconde solution qui permet, en outre, à chaque noeud de gérer seul ses paires de clefs. L'authenticité des clefs publiques ainsi générées peut être vérifiée sans accéder à une tierce entité. Finalement, nous utilisons cette solution pour définir trois applications sécurisées qui, d'une part, illustrent le fait qu'elle permet de fournir tout service de sécurité et qui, d'autre part, permettent de générer des revenus dans les réseaux ad hoc. La première application permet aux utilisateurs d'acheter des ressources multimédias dans des réseaux ad hoc. La non-répudiation est fournie afin de garantir qu'à la fin de toute transaction l'acheteur reçoit la ressource acheté, est capable de la visionner ou de l'écouter et que le vendeur sera rémunéré. La seconde application permet à des véhicules d'échanger anonymement des informations de sureté et dévaluer leurs fiabilités. Finalement, la troisième application permet aux noeuds de négocier et fournir un accès à un réseau fixe en empêchant toute fraude. Les performances de la solution, sur laquelle reposent ces applications, montrent qu'elle peut être utilisée par des appareils mobilesEntity authentification is a precondition to provide secure services in ad hoc networks. In order to define an entity authentification solution that suits the characteristics of ad hoc networks, we do an in-depth analysis of existing authentification solutions and how they have been adapted to work in mobile ad hoc networks. This permits to identify their limitations as well as the problems that still need to be solved. We then propose a first solution that solves these remaining problems. It is improved in a second solution that additionally permits each node to manage alone its cryptographic key pairs. The authenticity of such generated public keys can be verified without accessing any third party. We finally use this improved solution to define three secured applications that first highlight how that solution can be used to fulfil various security requirements and that second permits to generate some revenues in ad hoc networks. The first application permits individuals to buy some multimedia resources in ad hoc networks. Non-repudiation is provided to guarantee that at the end of a transaction the buying node receives the resource it has bought and is able to view or play it. It is further provided to guarantee that the selling node is sure that it will be paid for having sold the resource. The second application permits vehicles to exchange anonymously some safety information and to evaluate the reliability of this information. The third application finally permits nodes to negociate and provide the access to a fixed network in a way that avoids defrauding. The performances of the improved solution, on wich these applications rely, show that it can be used on mobile device
26
Mutsuddi, Monoreet. "Smart card enabled security services to support secure telemedicine applications." Morgantown, W. Va. : [West Virginia University Libraries], 2000. http://etd.wvu.edu/templates/showETD.cfm?recnum=1213.
Full textAbstract:
Thesis (M.S.)--West Virginia University, 2000.Title from document title page. Document formatted into pages; contains vi, 70 p. : ill. (some col.). Includes abstract. Includes bibliographical references (p. 70-71).
27
Evdokimov, Sergei. "Secure outspurcing of IT services in a non-trusted environment." Doctoral thesis, Humboldt-Universität zu Berlin, Wirtschaftswissenschaftliche Fakultät, 2008. http://dx.doi.org/10.18452/15821.
Full textAbstract:
In dieser Arbeit werden die Mšglichkeiten sicherer Ausgliederung von Datenbanken und inhaltsbasiertem Routing an einen nicht voll vertrauenswŸrdigen Dienstanbieter betrachtet. Wir untersuchen die Grenzen der Sicherheit, die in diesem Szenario erreicht werden kšnnen. Sicherheit wird dabei unter Zuhilfenahme aktueller komplexitŠtstheoretischer Arbeiten definiert. Dies ermšglicht die Verwendung formaler Methoden zur Untersuchung der Bedingungen, unter denen verschiedene Grade von Sicherheit mšglich sind. Die BeitrŠge dieser Dissertation sind im Einzelnen: - Wir untersuchen die Eignung sog. Privacy-Homomorphismen, welche die AusfŸhrung von Operationen auf verschlŸsselten Daten erlauben. Dies dient der Entwicklung von Protokollen zur sicheren Datenbankausgliederung. Weiter beschreiben wir ein allgemeines Framework fŸr sichere Datenbankausgliederung, das auf sog. Volltextsuch-VerschlŸsselungsverfahren basiert. Ferner stellen wir einen Beweis fŸr die Sicherheit und Korrektheit vor. - Wir beschreiben ein neues Volltextsuch-VerschlŸsselungsverfahren, das im Vergleich zu bekannten Arbeiten eine grš§ere Anzahl verschiedener Operationen fŸr das Datenbank-Outsourcing-Problem ermšglicht und signifikant niedrigere Fehlerraten hat. - Wir schlagen einen Ansatz vor, um im Kontext der sicheren Datenbank-Auslagerung Blanko-Zugriffe auf die verschlŸsselten Daten zu verwalten. Verglichen mit existierenden Techniken ist unser Ansatz anwendbar auf generellere Szenarien, ist einfacher und hat Šhnliche Effizienzeigenschaften. - Wir untersuchen die Mšglichkeit des sicheren inhaltsbasierten Routings, in dem wir ein formales Sicherheitsmodell konstruieren, existierende AnsŠtze in diesem Modell bewerten und eine formale Analyse der Mšglichkeit von Vertraulichkeit durchfŸhren. Unser Sicherheitsmodell deckt die UnzulŠnglichkeiten der bestehenden AnsŠtze auf. Schlie§lich beschreiben wir ein inhaltsbasiertes Routingverfahren, welches das Modell erfŸllt.This thesis considers the possibilities of secure outsourcing of databases and of content-based routing operations to an untrusted service provider. We explore the limits of the security that is achievable in these scenarios. When discussing security, we refer to the state of the art definitions from cryptography and complexity theory. The key contributions of the thesis are the following: - We explore the applicability of cryptographic constructs that allow performing operations over encrypted data, also known as privacy homomorphisms, for creating protocols that could enable secure database outsourcing. We also describe a framework for secure database outsourcing that is based on searchable encryption schemes, and prove its correctness and security. - We describe a new searchable encryption scheme that exceeds existing analogues with regard to certain parameters: compared to the existing works, the proposed scheme allows for performing a larger number of operations over a securely outsourced database and has significantly lower chances of returning erroneous results of a search. - We propose an approach for managing discretionary access to securely outsourced and encrypted databases. Compared to existing techniques, our approach is applicable to more general scenarios, is simpler and has similar performance characteristics. - We examine possibilities of performing a secure content-based routing by building a formal security model that describes a secure content-based routing system, evaluate existing approaches against this model, and provide an analysis of the possibilities for achieving confidentiality when performing the routing. Compared to the existing works, which fail in providing complete confidentiality, our security model considers shortcomings of these solutions. We also describe a content-based routing system that satisfies this model and to the best of our knowledge is the first of its kind to provide a complete confidentiality.
28
Wong, Sai Man. "Versioning of Web Services for the Swedish Public Sector’s secure electronic mail service Mina meddelanden." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-177577.
Full textAbstract:
Mina meddelanden (English: My Messages) is a secure electronic mail service provided by seven Swedish public authorities, which may be used by the Swedish population to electronically receive mail from the public sector. The IT infrastructure of this mail service is primarily developed and maintained by the Swedish Tax Agency. It is built on Web Services and the principles of Service-Oriented Architecture (SOA). This allows external stakeholders to connect to the system as subsystems: Senders, Postal Services or Mailbox Operators, each designed to either send, mediate or receive mail using Web Services. Used in this way, Web Services allow for a loosely coupled system, however, system upgrades must be deployed in an orderly fashion so as to prevent breakdowns. The main research areas of this literature review, conducted with an iterative search process, include versioning of Web Services, SOA strategies, design patterns and frameworks. Based on the findings of this research, two theoretical approaches are suggested for Mina meddelanden: (i) a gradual change between two strictly controlled versions with a unified repository to store relevant Web service artifacts and documentations, and (ii) more generally to implement an integration platform that includes a service bus to mediate messages to the most suitable version. Mina meddelanden is a government project, and there are strict IT regulations and directives that must be followed. Therefore, the first approach is the most suitable at the time of writing, since there is already a working version of the system that follows these rules. Future implementation of an integration platform requires further study to ensure legal requirements are met.Mina meddelanden är en säker digital posttjänst som tillhandahålls av sju svenska myndigheter och kan användas av den svenska befolkningen för att ta emot post elektroniskt från den offentliga sektorn. IT-infrastrukturen av denna posttjänst utvecklas och underhålls främst av Skatteverket. Den är byggd på webbtjänster och principerna av en tjänsteorienterad arkitektur (SOA). Detta gör det möjligt för externa aktörer att ansluta till systemet som delsystemen: Avsändare, Förmedlare eller Brevlådeoperatörer som är utformade för att antingen skicka, förmedla eller ta emot e-post med hjälp av webbtjänster. Webbtjänster gör det möjligt för delsystemen att samarbeta med varandra, men uppdateringar utav ett sådant system måste ske på ett metodiskt sätt för att förhindra haverier. Det huvudsakliga undersökningsområdet av denna litteraturstudie, genomfördes med en iterativ sökprocess, omfattas av versionshantering av webbtjänster, SOA strategier, designmallar och ramverk. Baserat på litteraturstudien förslås två teoretiska tillvägagångssätt för Mina meddelanden: (i) en succesiv förändring mellan två strikta och kontrollerade versioner med ett enat förvar för att lagra relevanta webbtjänster artefakter och dokumentationer och (ii) en mer generell lösning att implementera en integrationsplattform som inkluderar en tjänstebuss för att förmedla meddelanden till den mest passande versionen. Mina meddelanden är ett statligt projekt och måste därför följa strikta IT direktiv och riktlinjer, så det första tillvägagångssättet är den bäst kvalificerad i skrivande stund på grund av att det redan finns en fungerande version av systemet som följer dessa regler. Framtida implementationer av en integrationsplattform kräver ytterligare studier för att säkerställa att juridiska krav är uppnådda.
29
Vasudevan, Sridhar. "Secure telemedicine system for home health care." Morgantown, W. Va. : [West Virginia University Libraries], 2000. http://etd.wvu.edu/templates/showETD.cfm?recnum=1254.
Full textAbstract:
Thesis (M.S.)--West Virginia University, 2000.Title from document title page. Document formatted into pages; contains vi, 94 p. : ill. (some col.). Includes abstract. Includes bibliographical references (p. 92-93).
30
Tham, Kevin Wen Kaye. "Developing security services for network architectures." Thesis, Queensland University of Technology, 2006. https://eprints.qut.edu.au/16546/1/Kevin_Wen_Kaye_Tham_Thesis.pdf.
Full textAbstract:
In the last 15 years, the adoption of enterprise level data networks had increased dramatically. This is mainly due to reasons, such as better use of IT resources, and even better coordination between departments and business units. These great demands have fuelled the push for better and faster connectivity to and from these networks, and even within the networks. We have moved from the slow 10Mbps to 1Gbps connectivity for end-point connections and moved from copper-based ISDN to fibre-linked connections for enterprise connections to the Internet. We now even include wireless network technologies in the mix, because of the greater convenience it offers.
Such rapid progress is accompanied by ramifications, especially if not all aspects of networking technologies are improved linearly. Since the 1960s and 1970s, the only form of security had been along the line of authentication and authorisation. This is because of the widely used mainframes in that era. When the Internet and, ultimately, the wide-spread use of the Internet influxed in the 1980s, network security was born, and it was not until the late 1980s that saw the first Internet Worm that caused damage to information and systems on the Internet. Fast forward to today, and we see that although we have come a long way in terms of connectivity (connect to anywhere, and anytime, from anywhere else), the proposed use of network security and network security methods have not improved very much. Microsoft Windows XP recently switched from using their own authentication method, to the use of Kerberos, which was last revised 10 years ago.
This thesis describes the many problems we face in the world of network security today, and proposes several new methods for future implementation, and to a certain extend, modification to current standards to encompass future developments. Discussion will include a proposed overview of what a secure network architecture should include, and this will lead into several aspects that can be improved on. All problems identified in this thesis have proposed solutions, except for one. The critical flaw found in the standard IEEE802.11 wireless technology was discovered during the course of this research. This flaw is explained and covered in great detail, and also, an explanation is given as to why this critical flaw is not fixable.
31
BryerJoyner, Susan Heller Scott D. "Secure local area network services for a high assurance multilevel network /." Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 1999. http://handle.dtic.mil/100.2/ADA362547.
Full textAbstract:
Thesis (M.S. in Computer Science) Naval Postgraduate School, March 1999.Thesis advisor(s): Cynthia E. Irvine, James P. Anderson. "March 1999:. Includes bibliographical references (p. 213-215). Also available online.
32
Alrouh, Bachar. "Towards secure web services : performance analysis, decision making and steganography approaches." Thesis, Brunel University, 2011. http://bura.brunel.ac.uk/handle/2438/6193.
Full textAbstract:
Web services provide a platform neutral and programming language independent technology that supports interoperable machine-to-machine interaction over a network. Clients and other systems interact with Web services using a standardised XML messaging system, such as the Simple Object Access Protocol (SOAP), typically conveyed using HTTP with an XML serialisation in conjunction with other related Web standards. Nevertheless, the idea of applications from different parties communicating together raises a security threat. The challenge of Web services security is to understand and consider the risks of securing a Web-based service depending on the existing security techniques and simultaneously follow evolving standards in order to fill the gap in Web services security. However, the performance of the security mechanisms is fraught with concerns due to additional security contents in SOAP messages, the higher number of message exchanges to establish trust, as well as the extra CPU time to process these additions. As the interaction between service providers and requesters occurs via XML-based SOAP messages, securing Web services tends to make these messages longer than they would be otherwise and consequently requires interpretation by XML parsers on both sides, which reduces the performance of Web services. The work described in this thesis can be broadly divided into three parts, the first of which is studying and comparing the performance of various security profiles applied on a Web service tested with different initial message sizes. The second part proposes a multi-criteria decision making framework to aid Web services developers and architects in selecting the best suited security profile that satisfies the different requirements of a given application during the development process in a systematic, manageable, and effective way. The proposed framework, based on the Analytical Hierarchy Process (AHP) approach, incorporates not only the security requirements, but also the performance considerations as well as the configuration constraints of these security profiles. The framework is then validated and evaluated using a scenario-driven approach to demonstrate situations where the decision making framework is used to make informed decisions to rank various security profiles in order to select the most suitable one for each scenario. Finally, the last part of this thesis develops a novel steganography method to be used for SOAP messages within Web services environments. This method is based on changing the order of XML elements according to a secret message. This method has a high imperceptibility; it leaves almost no trail because it uses the communication protocol as a cover medium, and keeps the structure and size of the SOAP message intact. The method is empirically validated using a feasible scenario so as to indicate its utility and value.
33
Dupré, la Tour Irénée. "A secure authentication infrastruture for mobile communication services over the Internet." Thesis, University of Ottawa (Canada), 2001. http://hdl.handle.net/10393/9401.
Full textAbstract:
Mobile communication on the Internet sets more security concerns than traditional mobile networks such as GSM. The network infrastructure registration process should give credentials to the user to let him or her being identified by any service provider in order to prevent fraudulent use. In addition, a user should be able to communicate with privacy and to sign a message (e.g. a payment order) so that billing is possible. Users should be able to connect from everywhere, with various types of terminals, possibly mobile. In this thesis, we propose to secure an infrastructure providing telecommunication services on the Internet for mobile users. We establish a trust relationship between any pair of the parties with a password-based user access. As for user-to-user communication, both signaling and media data can be secured. We illustrate the use of this infrastructure to provide secure IP-Telephony.
34
Ong, Kar Leong. "Design and implementation of wiki services in a multilevel secure environment." Thesis, Monterey, Calif. : Naval Postgraduate School, 2007. http://bosun.nps.edu/uhtbin/hyperion-image.exe/07Dec%5FOng%5FKar.pdf.
Full textAbstract:
Thesis (M.S. in Computer Science)--Naval Postgraduate School, December 2007.Thesis Advisor(s): Irvine, Cynthia E. ; Nguyen, Thuy D. "December 2007." Description based on title screen as viewed on January 22, 2008.... Includes bibliographical references (p. 121-122). Also available in print.
35
Evans, kathryn. "Support staffs experiences of relationship formation and development in secure services." Thesis, Lancaster University, 2009. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.536074.
Full text
36
BryerJoyner, Susan, and Scott D. Heller. "Secure local area network services for a high assurance multilevel network." Thesis, Monterey, California. Naval Postgraduate School, 1999. http://hdl.handle.net/10945/13583.
Full textAbstract:
To reduce the cost and complexity of the current DoD information infrastructure, a Multilevel Secure (MLS) network solution eliminating hardware redundancies is required. Implementing a high assurance MLS LAN requires the ability to extend a trusted path over a TCP/IP network. No high assurance network trusted path mechanisms currently exist. We present a design and proof- of-concept implementation for a Secure LAN Server that provides the trusted path between a trusted computing base extension (TCBE) servicing a COTS PC and protocol servers executing at single sensitivity levels on the XTS-300. The trusted path establishes high assurance communications (over a TCP/IP network) between a TCBE and the Secure LAN Server. This trusted channel is used first for user authentication, then as a trusted relay between the protocol server and TCBE. All transmitted data passed over the LAN can be protected by encryption, providing assurance of integrity and confidentiality for the data. This thesis documents the implementation of a demonstration prototype Secure LAN Server using existing technology, including high assurance systems, COTS hardware, and COTS software, to provide access to multilevel data in a user-friendly environment. Our accomplishment is crucial to the development of a full scale MLS LAN.
37
Stinson, Jill D., and Sharon Bradford Robbins. "Characteristics of People With Intellectual Disabilities in a Secure U.S. Forensic Hospital." Digital Commons @ East Tennessee State University, 2014. https://dc.etsu.edu/etsu-works/7873.
Full textAbstract:
Prior research examining persons with intellectual disabilities who have committed criminal offenses has focused primarily on correctional populations, or those who reside in secure forensic settings in the United Kingdom and Australia. This study describes 235 persons with intellectual, developmental, and cognitive disabilities who reside in a secure forensic psychiatric hospital in the Midwestern United States. Participants were further divided into groups of persons with pervasive developmental disorders (n = 35), fetal alcohol syndrome (n = 18), traumatic brain injuries (n = 52), or IQ scores falling within the range of moderate (n = 20) or mild (n = 55) mental retardation or borderline intellectual functioning (n = 55). These participants presented with significant histories of childhood maltreatment and adversity, serious psychiatric impairment, criminal histories marked by multiple arrests and serious violent behavior, and frequent histories of institutionalization and out-of-home placement. Their adaptive functioning within the community was characterized by limited histories of normative intimate relationships; sporadic, unskilled employment; and difficulties with maintaining residential and psychiatric stability. Important commonalities and future research needs are discussed. Important differences and similarities between groups are discussed and compared with other available literature.
38
Tham, Kevin Wen Kaye. "Developing security services for network architectures." Queensland University of Technology, 2006. http://eprints.qut.edu.au/16546/.
Full textAbstract:
In the last 15 years, the adoption of enterprise level data networks had increased dramatically. This is mainly due to reasons, such as better use of IT resources, and even better coordination between departments and business units. These great demands have fuelled the push for better and faster connectivity to and from these networks, and even within the networks. We have moved from the slow 10Mbps to 1Gbps connectivity for end-point connections and moved from copper-based ISDN to fibre-linked connections for enterprise connections to the Internet. We now even include wireless network technologies in the mix, because of the greater convenience it offers. Such rapid progress is accompanied by ramifications, especially if not all aspects of networking technologies are improved linearly. Since the 1960s and 1970s, the only form of security had been along the line of authentication and authorisation. This is because of the widely used mainframes in that era. When the Internet and, ultimately, the wide-spread use of the Internet influxed in the 1980s, network security was born, and it was not until the late 1980s that saw the first Internet Worm that caused damage to information and systems on the Internet. Fast forward to today, and we see that although we have come a long way in terms of connectivity (connect to anywhere, and anytime, from anywhere else), the proposed use of network security and network security methods have not improved very much. Microsoft Windows XP recently switched from using their own authentication method, to the use of Kerberos, which was last revised 10 years ago. This thesis describes the many problems we face in the world of network security today, and proposes several new methods for future implementation, and to a certain extend, modification to current standards to encompass future developments. Discussion will include a proposed overview of what a secure network architecture should include, and this will lead into several aspects that can be improved on. All problems identified in this thesis have proposed solutions, except for one. The critical flaw found in the standard IEEE802.11 wireless technology was discovered during the course of this research. This flaw is explained and covered in great detail, and also, an explanation is given as to why this critical flaw is not fixable.
39
Croft, Neil John. "Secure interoperation of wireless technologies." Diss., Pretoria : [s.n.], 2003. http://upetd.up.ac.za/thesis/available/etd-12072004-082613.
Full text
40
Pozzobon, Oscar. "Secure location services : vulnerability analysis and provision of security in location systems /." [St. Lucia, Qld.], 2004. http://www.library.uq.edu.au/pdfserve.php?image=thesisabs/absthe18315.pdf.
Full text
41
Larsson, Fredrik. ""Halfpipe Active Channel"- developing a secure communications protocol." Thesis, Linköping University, Department of Electrical Engineering, 2005. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-2799.
Full textAbstract:
With the advent of powerful multimedia capable mobile phones, the market for mobile services is flourishing. Zenterio AB's Halfpipe Active Desktop is a complete distributed mobile service platform a with a powerful server and platform-independent client. The communication between the client and server takes place over a GPRS-capable mobile network.
The purpose of this thesis is to develop a secure communications protocol for use between the Halfpipe Active Desktop client and server. This is done by determining requirements, analyzing candidate protocols and then by designing the final protocol. The result, the Halfpipe Active Channel protocol, is an authorized, encrypted, session oriented, message based and light weight protocol designed to minimize computational as well as network overhead.
This master's thesis project was defined by and performed at Zenterio AB during the second half of 2004.
42
Bou, Abdo Jacques. "Efficient and secure mobile cloud networking." Thesis, Paris 6, 2014. http://www.theses.fr/2014PA066551.
Full textAbstract:
MCC (Mobile Cloud Computing) est un candidat très fort pour le NGN (Next Generation Network) qui permet aux utilisateurs mobiles d’avoir une mobilité étendue, une continuité de service et des performances supérieures. Les utilisateurs peuvent s’attendre à exécuter leurs travaux plus rapidement, avec une faible consommation de batterie et à des prix abordables ; mais ce n’est pas toujours le cas. Diverses applications mobiles ont été développées pour tirer parti de cette nouvelle technologie, mais chacune de ces applications possède ses propres exigences. Plusieurs MCA (Mobile Cloud Architectures) ont été proposées, mais aucune n'a été adaptée pour toutes les applications mobiles, ce qui a mené à une faible satisfaction du client. De plus, l'absence d'un modèle d'affaires (business model) valide pour motiver les investisseurs a empêché son déploiement à l'échelle de production. Cette thèse propose une nouvelle architecture de MCA (Mobile Cloud Architecture) qui positionne l'opérateur de téléphonie mobile au cœur de cette technologie avec un modèle d'affaires de recettes. Cette architecture, nommée OCMCA (Operator Centric Mobile Cloud Architecture), relie l'utilisateur d’un côté et le fournisseur de services Cloud (CSP) de l'autre côté, et héberge un cloud dans son réseau. La connexion OCMCA / utilisateur peut utiliser les canaux multiplex menant à un service beaucoup moins cher pour les utilisateurs, mais avec plus de revenus, et de réduire les embouteillages et les taux de rejet pour l'opérateur. La connexion OCMCA / CSP est basée sur la fédération, ainsi un utilisateur qui a été enregistré avec n’importe quel CSP, peut demander que son environnement soit déchargé de cloud hébergé par l'opérateur de téléphonie mobile afin de recevoir tous les services et les avantages de OCMCA.Les contributions de cette thèse sont multiples. Premièrement, nous proposons OCMCA et nous prouvons qu'il a un rendement supérieur à toutes les autres MCA (Mobile Cloud Architectures). Le modèle d'affaires (business model) de cette architecture se concentre sur la liberté de l'abonnement de l'utilisateur, l'utilisateur peut ainsi être abonné à un fournisseur de cloud et être toujours en mesure de se connecter via cette architecture à son environnement à l'aide du déchargement et de la fédérationMobile cloud computing is a very strong candidate for the title "Next Generation Network" which empowers mobile users with extended mobility, service continuity and superior performance. Users can expect to execute their jobs faster, with lower battery consumption and affordable prices; however this is not always the case. Various mobile applications have been developed to take advantage of this new technology, but each application has its own requirements. Several mobile cloud architectures have been proposed but none was suitable for all mobile applications which resulted in lower customer satisfaction. In addition to that, the absence of a valid business model to motivate investors hindered its deployment on production scale. This dissertation proposes a new mobile cloud architecture which positions the mobile operator at the core of this technology equipped with a revenue-making business model. This architecture, named OCMCA (Operator Centric Mobile Cloud Architecture), connects the user from one side and the Cloud Service Provider (CSP) from the other and hosts a cloud within its network. The OCMCA/user connection can utilize multicast channels leading to a much cheaper service for the users and more revenues, lower congestion and rejection rates for the operator. The OCMCA/CSP connection is based on federation, thus a user who has been registered with any CSP, can request her environment to be offloaded to the mobile operator's hosted cloud in order to receive all OCMCA's services and benefits
43
Habib, Usman. "Secure Mobile Authentication for Linux Workstation log on." Thesis, Norwegian University of Science and Technology, Department of Telematics, 2010. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-10898.
Full textAbstract:
Password based logon schemes have many security weaknesses. For secure environments smart card and biometric based authentication solutions are available as replacement for standard password based systems. Nevertheless, the cost of deployment and maintenance of these systems is quite high. On the other hand, mobile network operators have a huge base of deployed smart cards that can be reused to provide authentication in other spheres significantly reducing costs. In this project we present a study of how mobile phones can be used to provide a secure low-cost two-factor workstation logon solution.To find and study the available mobile phone based authentication architectures and come up with workstation logon architecture the study of relevant technologies utilized in these solutions: UMTS networks, Bluetooth communication, Remote Authentication Dial in User Service (RADIUS), authentication and authorization in Windows, Linux, and MAC OS X. The analysis of available mobile phone based authentication schemes like SIM Strong schemes based on EAP-SIM, Session-ID based schemes, and OTP based schemes are also added.A solution for Linux workstation logon process has been proposed in the thesis using the Pluggable Authentication Module (PAM). The Solution uses 2 factors for authentication, one is the static password and the second factor is the mobile based authentication using a 13 character long OTP. With adding the existing technology and giving the administrator the option of selecting the authentication method for user makes the solution more suitable for an enterprise.
44
Wimmer, Martin Rudolf. "Efficient access control for service-oriented IT infrastructures enabling secure distributed service compositions." Saarbrücken VDM Verlag Dr. Müller, 2007. http://d-nb.info/988827174/04.
Full text
45
Rodriguez, J., X. Koudouridis, M. Gelabert, M. Tayyab, R. Bassoli, F. H. P. Fitzek, R. Torre, et al. "Secure Virtual Mobile Small Cells: A Stepping Stone Towards 6G." IEEE, 2001. http://hdl.handle.net/10454/18488.
Full textAbstract:
YesAs 5th Generation research reaches the twilight, the research community must go beyond 5G and look towards the 2030 connectivity landscape, namely 6G. In this context, this work takes a step towards the 6G vision by proposing a next generation communication platform, which aims to extend the rigid coverage area of fixed deployment networks by considering virtual mobile small cells (MSC) that are created on demand. Relying on emerging computing paradigms such as NFV (Network Function Virtualization) and SDN (Software Defined Networking), these cells can harness radio and networking capability locally reducing protocol signalling latency and overhead. These MSCs constitute an intelligent pool of networking resources that can collaborate to form a wireless network of MSCs providing a communication platform for localized, ubiquitous and reliable connectivity. The technology enablers for implementing the MSC concept are also addressed in terms of virtualization, lightweight wireless security, and energy efficient RF. The benefits of the MSC architecture towards reliable and efficient cell-offloading are demonstrated as a use-case.
This project has received funding from the European Union´s H2020 research and innovation program under grant agreement H2020-MCSAITN- 2016-SECRET 722424 [2].
46
Rodriguez, J., X. Koudouridis, M. Gelabert, M. Tayyab, R. Bassoli, F. H. P. Fitzek, R. Torre, et al. "Secure Virtual Mobile Small Cells: A Stepping Stone Towards 6G." IEEE, 2021. http://hdl.handle.net/10454/18488.
Full textAbstract:
YesAs 5th Generation research reaches the twilight, the research community must go beyond 5G and look towards the 2030 connectivity landscape, namely 6G. In this context, this work takes a step towards the 6G vision by proposing a next generation communication platform, which aims to extend the rigid coverage area of fixed deployment networks by considering virtual mobile small cells (MSC) that are created on demand. Relying on emerging computing paradigms such as NFV (Network Function Virtualization) and SDN (Software Defined Networking), these cells can harness radio and networking capability locally reducing protocol signalling latency and overhead. These MSCs constitute an intelligent pool of networking resources that can collaborate to form a wireless network of MSCs providing a communication platform for localized, ubiquitous and reliable connectivity. The technology enablers for implementing the MSC concept are also addressed in terms of virtualization, lightweight wireless security, and energy efficient RF. The benefits of the MSC architecture towards reliable and efficient cell-offloading are demonstrated as a use-case.
This project has received funding from the European Union´s H2020 research and innovation program under grant agreement H2020-MCSAITN- 2016-SECRET 722424 [2].
47
Calvert, Clare. "An exploration of the relationships between trauma and delusional ideation in secure services." Thesis, Lancaster University, 2005. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.431411.
Full text
48
Breckon, Susan Elizabeth. "Listening to the voices of intellectually disabled offenders : qualitative enquiry in secure services." Thesis, Lancaster University, 2014. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.586925.
Full textAbstract:
Qualitative research, undertaken with intellectually disabled (ID) offender participants, is rarely reflected within the research literature. This lack of research evidence, which listens to the voices of ID offenders, serves to portray qualitative enquiry as of limited value with this client group and therefore quantitative methods remain the dominant research method within the field. The first section of this thesis reports a mixed-method review exploring the status of published qualitative studies with ID offender participants. The review employs systematic search techniques to identify relevant studies and then assesses the quality of these papers using a quality framework. It is contended within the conclusions of the review that the status of qualitative research with ID offenders is perceived as low due to the limited number of published studies and the poor quality with which this form of enquiry is generally undertaken. Within the research paper, of this thesis, qualitative enquiry was undertaken with ID offender participants, nurses and clinical psychologist using constructivist grounded theory methods. The aim was to explore the process by which ID offenders are seen and see themselves as ready to engage with psychological therapy. The results highlighted a temporal process within which a number of central elements were interlinked, including 'stability/ predictability', 'development of relationships with staff, and 'reassurance'. The model was discussed in relation to current evidence on readiness and clinical implications were made in terms of care and treatment.
49
Burdock, Matthew. "Burnout in secure forensic mental health services for young people : a mixed methods approach." Thesis, University of Southampton, 2016. https://eprints.soton.ac.uk/402565/.
Full textAbstract:
Occupational burnout is highly prevalent in mental health services and has a deleterious effect upon the psychological wellbeing of staff. Few studies have explored burnout in inpatient settings; those that have do not address the possible systemic impact. This study aimed to explore burnout and emotional reactions to behaviour that challenges in a secure forensic mental health service for young people; a specialised environment in which severe and frequent incidences of aggression and violence occur. Following a systematic review of burnout literature pertaining to inpatient mental health services, an empirical study was conducted using a convergent parallel mixed method design. Forty three staff members were recruited to the quantitative strand and ten were recruited to the qualitative strand. Emotional Reactions to Challenging Behaviour Scale (ERCBS) and Maslach Burnout Inventory (MBI) instruments were used. A significant moderate positive correlation was found between emotional exhaustion and negative emotional reactions to behaviour that challenges. This relationship was mediated by general self-efficacy, which buffered the effect of emotional exhaustion on negative responses to behaviour that challenges; responses found to be detrimental to the relational environment. ‘Young People Blame Themselves’ was explored as a relational barrier and maintaining factor in occupational burnout. In ‘You Want Someone You Recognise’ and ‘We Lack That Consistency’ a high ratio of agency staff and a lack of operational consistency were identified as occupational stressors. Emotional exhaustion is associated with negative emotional reaction to challenging behaviour. Interventions should be targeted towards developing staff self-efficacy, through the use of reflective practice and ecological changes that enhance team-working and feelings of safety on the ward. When on the ward, staff should be mindful of young people’s predisposition towards attribution bias. Future studies need to give greater consideration to systemic outcomes associated with burnout.
50
Cole, Samantha. "Management of clients who self-harm in UK secure forensic units." Thesis, Canterbury Christ Church University, 2016. http://create.canterbury.ac.uk/15030/.
Full textAbstract:
Little evidence exists in the literature for how to manage clients who self-harm within low, medium and high secure forensic wards, despite the identified high rates of self-harm within these services. This study sought to investigate the management practices used with clients who self-harm in low, medium and high secure forensic wards, how helpful staff consider these practices and what understanding staff have of the reasons for which clients self-harm. A Delphi survey methodology was employed across three rounds using a multidisciplinary cohort of forensic ward staff, across low, medium and high wards. Physical management strategies were reported as most frequently employed to manage self-harm. Relational approaches to managing self-harm showed the highest rate of consensus for their helpfulness in practice. Consensus was reached across numerous domains explaining reasons for self-harm, including as a ‘communication of distressing feelings’. Statements indicating a negative view of self-harm such as ‘to manipulate staff and gain attention’ received consensus of disagreement. Psychological models and approaches used by clinical and forensic psychologists in the cohort were identified, and helpful elements of these models were identified, including ‘positive focus of approach’ and ‘emphasis on relational working’.