Dissertations / Theses on the topic 'Security policie'
To see the other types of publications on this topic, follow the link: Security policie.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Security policie.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
MUTTI, Simone. "Policy and Security Conguration Management in Distributed Systems." Doctoral thesis, Università degli studi di Bergamo, 2015. http://hdl.handle.net/10446/49849.
Full textAbstract:
The evolution of information system sees a continuously increasing need of flexible and sophisticated approaches for the management of security requirements. On one hand, systems are increasingly more integrated (e.g., Bring Your Own Device) and present interfaces for the invocation of services accessible through network connections. On the other hand, system administrators have the responsibility to guarantee that this integration and the consequent exposure of internal resources does not introduce vulnerabilities. The need to prove that the system correctly manages the security requirements is not only motivated by the increased exposure, but also by the need to show compliance with respect to the many regulations promulgated by governments and commercial bodies.
In modern information systems a particular area of security requirement is access control management, with security policies that describe how resources and services should be protected. These policies offer a classification of the actions on the system that distinguishes them into authorized and forbidden, depending on a variety of parameters. Given the critical role of security and their large size and complexity, concerns arise about the correctness of the policy. It is not possible anymore to rely on the security designer to have a guarantee that the policy correctly represents how the system should protect the access to resources.
The research documented in this thesis investigates new approaches for the development of a collection of both methodologies and tools, which are flexible enough to help the system administrators, or generally users, in the correct management of security requirements. Due to the complexity of this topic, the research was focused on (i) enterprise and (ii) mobile scenario.
2
Schlittler, Maria Carolina de Camargo. ""Matar muito, prender mal” : a produção da desigualdade racial como efeito do policiamento ostensivo militarizado em SP." Universidade Federal de São Carlos, 2016. https://repositorio.ufscar.br/handle/ufscar/8914.
Full textAbstract:
Submitted by Aelson Maciera (aelsoncm@terra.com.br) on 2017-08-01T17:24:55Z
No. of bitstreams: 1
TeseMCS.pdf: 2997068 bytes, checksum: 7f84184a2f58192e394eaee3ae05cdec (MD5)Approved for entry into archive by Ronildo Prado (ronisp@ufscar.br) on 2017-08-01T19:08:53Z (GMT) No. of bitstreams: 1 TeseMCS.pdf: 2997068 bytes, checksum: 7f84184a2f58192e394eaee3ae05cdec (MD5)
Approved for entry into archive by Ronildo Prado (ronisp@ufscar.br) on 2017-08-01T19:09:03Z (GMT) No. of bitstreams: 1 TeseMCS.pdf: 2997068 bytes, checksum: 7f84184a2f58192e394eaee3ae05cdec (MD5)
Made available in DSpace on 2017-08-01T19:15:57Z (GMT). No. of bitstreams: 1 TeseMCS.pdf: 2997068 bytes, checksum: 7f84184a2f58192e394eaee3ae05cdec (MD5) Previous issue date: 2016-09-06
Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES)
Cette thèse analyse la relation entre les pratiques policières quotidiennes et la conformation avec la police militaire de l'Etat de São Paulo, responsable pour mantenir l’ordre. Issu d’entretiens et d’analyses de données officielles, le présent travail cherche à comprendre comment les policiers, lors de leurs opérations, sélectionnent les personnes qui subiront les actions de la police et, par conséquent, celles du système de justice criminelle. Partant de là, il a été possible de comprendre, de manière plus particulier, quels sont les publics et les crimes les plus surveillés par les policiers militarisés et, d'une manière globale, les caractéristiques du modèle de police ostensible de São Paulo. L'objectif des opérations policières ostensibles est de prendre en flagrant délit des suspects criminels, ce qui confère à la Police Militaire la responsabilité de sélectionner et « d’expulser » des rues tous ceux que les policiers identifient comme des criminels. Cela autorise la Police Militaire à avoir recours notamment à trois actions : a) l’arrestation ou b) l’élimination des personnes identifiées comme des criminelles et c) le « bon sens » du policier en tant qu’outil pour distinguer les criminels et les « bons citoyens ». Une des conclusions de cette recherche repose sur le constat d’un ample usage du « bon sens » policier lors des opérations de vigilance ostensible, ainsi que de son aspect racial. De ce fait, le « bon sens » policier, au même titre que la létalité et les arrestations, est devenu le responsable de l’accumulation de désavantages pour la population jeune et noire, en ce qui concerne le droit à la vie en sécurité ; en effet on observe que ce groupe risque beaucoup plus d’aller en prison que le reste de la population. De plus, nous avons constaté que pendant les vingt dernières années la politique sécuritaire menée dans São Paulo s’est focalisé sur le type de vigilance ostensible décrit ci-dessus, et ce en dépit de l’échec de l’opération pour ce qui concerne la diminution du nombre de crimes contre les biens à São Paulo.
This thesis analyzes the relation between daily police practices and the conformation with ostensible policing run by the Military Police of São Paulo State. This work started from interviews and analysis of official data to understand how the Military Police, during the ostensible policing, selects the people who will suffer the police approach and therefore the prosecution of the criminal justice system. Thenceforth it was possible to understand specifically which public and which crimes were most closely watched by the military police and, in an embracing way, the characteristics of the São Paulo ostensible policing model. The purpose of ostensible policing is to catch criminal suspects, implying to the Military Police the responsibility to select and remove from the streets those who the police itself identifies as “bandits”. It is also observed that this framework does not configure a public security policy, but a crime and violence management, marked by the "war" against certain types of crimes that are available to the Military Police, especially with three features: a) imprisonment; b) elimination of those identified as “bandits”, and c) the “police scent” as a differentiation tool to identify "bandits" and "good citizens". One of the study highlights is that the wide use of the “police scent” by the military police which has racial aspects in its composition added to the lethality and imprisonment, became responsible for the accumulation of disadvantages for the young black population, referring to the right to secure life and a higher risk of being arrested for property offenses in relation to the rest of the population. In all, it became clear that in the last twenty years there is an insistence from the state public security in an ostensible policing with such characteristics, even in the face of failure in the decrease of numbers of property offenses in the state of São Paulo.
A tese analisa a articulação entre práticas policiais cotidianas e a conformação do policiamento ostensivo militarizado protagonizado pela Polícia Militar. O presente trabalho partiu de entrevistas e análise de dados oficiais da segurança pública paulista para compreender como os policiais, durante o policiamento ostensivo, selecionam as pessoas que sofrerão as investidas da polícia e, por conseguinte, do sistema de justiça criminal. A partir daí foi possível entender, de forma específica, quais são os públicos e os crimes mais vigiados pelos policiais militares e, de forma abrangente, as características do modelo de policiamento ostensivo paulista. Constatou-se que o objetivo do policiamento ostensivo é flagrar suspeitos criminais, o que incute à PM a responsabilidade de selecionar e “retirar” das ruas aqueles que os policiais identificam como “bandidos”. Para tal estão disponíveis à PM, sobretudo, três recursos: a) o aprisionamento ou b) a eliminação daqueles identificados como bandidos e c) o tirocínio policial enquanto ferramenta para diferenciar “bandidos” e “cidadãos de bem”. Uma das conclusões da pesquisa é a constatação da ampla utilização do tirocínio pelos policiais que atuam no policiamento ostensivo e de seu aspecto racializado; isto significa que, para a fundamentação da suspeita policial, são utilizados marcadores raciais. Desta forma, o tirocínio, ao lado da letalidade policial e do aprisionamento se tornaram responsáveis pelo acúmulo de desvantagens para a população jovem e negra, no que tange ao direito à vida segura e a um maior risco de serem presos por crimes patrimoniais em relação ao restante da população. No mais, constatou-se que nos últimos vinte anos há uma insistência por parte da segurança pública paulista num policiamento ostensivo com tais características, mesmo diante do insucesso na diminuição no número de crimes patrimoniais no estado de São Paulo.
3
SQUILLACE, LAURA. "Praia para quem? Segurança e usos do espaço público na Operação Verão no Rio de Janeiro." Doctoral thesis, Università degli Studi di Milano-Bicocca, 2020. http://hdl.handle.net/10281/298997.
Full textAbstract:
As praias do Rio de Janeiro são consideradas um dos espaços de lazer mais democráticos da cidade, pelo acesso gratuito e por serem frequentadas por um público heterogêneo, proveniente de diversos bairros e pertencente a diferentes camadas sociais. Contudo, a Operação Verão, uma política de segurança executada nas praias pela Polícia Militar do Estado do Rio de Janeiro e pela Guarda Municipal, pode questionar os limites desta democracia. Entre seus objetivos, a Operação Verão visa prevenir os chamados arrastões, uma modalidade coletiva de furtos e roubos, supostamente cometida por grupos de jovens e adolescentes provenientes dos subúrbios. Consequentemente, essa categoria se torna um dos alvos principais da Operação Verão.
Esta tese busca compreender os mecanismos de controle social e espacial no âmbito de lazer praiano no Rio de Janeiro, através da Operação Verão e por meio de uma observação etnográfica conduzida a partir do acompanhamento do policiamento da Guarda Municipal e da Polícia Militar na área litoral. Além disso, esta pesquisa se baseia em outras entrevistas realizadas com diversos atores que interagem nesse espaço público: a juventude proveniente das periferias, submetida a uma vigilância contínua; o público praiano, que gera a demanda de segurança na área litoral; além de algumas pessoas que trabalham na faixa de areia.
As entrevistas realizadas e o estudo etnográfico do acompanhamento das forças de segurança durante a Operação Verão guiam a leitura do convívio nesse espaço público e mostram as limitações que essa medida proporciona no acesso à praia aos grupos de jovens e adolescentes das periferias considerados uma ameaça à segurança pública. O objetivo da tese é apresentar a Operação Verão através de uma análise qualitativa e demostrar como a demanda de uma praia mais segura pode gerar um mecanismo de discriminação e comprometer o acesso livre à praia para um segmento de população já historicamente criminalizado e excluído no Rio de Janeiro: a juventude suburbana.The beaches of Rio de Janeiro are considered one of the most democratic areas of leisure in the city, with free access and a heterogeneous public coming from different neighborhoods and belonging to different social classes. Despite this, the Operação Verão (Operation Summer), a security policy executed on the beaches by the Military Police and the Municipal Guard of Rio de Janeiro, may question the limits of this democracy. Among its objectives, the Operação Verão aims to prevent the so-called arrastões, a collective form of theft and robbery, supposedly committed by groups of young people and adolescents from the suburbs. Consequently, this category becomes one of the main targets of the Operação Verão. Through an ethnographic observation of the Operação Verão, carried out by accompanying law enforcement agents in their work, this thesis seeks to understand the mechanisms of social and spatial control in the context of beach leisure in Rio de Janeiro. In addition, this research is based on the result of interviewing other actors who interact in this public space: youth from the suburbs, subjected to a continuous surveillance; the public of the beach, which generates the demand for security in the coastal area and other people who work over there. The interviews conducted and the ethnographic study of the monitoring of the security forces during the Operação Verão guide the reading of the interaction in this public space. All this also shows the limitations that this measure provides in regards of the access to the beach to groups of youths and adolescents from the suburbs, considered a threat to public security. The goal of the thesis is to present the Operação Verão through a qualitative analysis and to demonstrate how the demand for a safer beach could generate a mechanism of discrimination and could compromise free access to the beach for a segment of population already historically criminalized and excluded in Rio de Janeiro: the youth from the suburbs.
4
Lim, Yow Tzu. "Evolving security policies." Thesis, University of York, 2010. http://etheses.whiterose.ac.uk/1612/.
Full textAbstract:
As computer system size and complexity grow, formulating effective policies require more sophistication. There are many risk factors that need to be considered, some of which may be in conflict. Inevitably, unpredictable circumstances that demand decisions will arise during operation. In some cases an automated response may be imperative; in other cases these may be ill-advised. Manual decisions are often made that override the current policy and serve effectively to redefine it. This matter is further complicated in highly dynamic operational environments like mobile ad-hoc networks, in which the risk factors may be changing continually. Thus, security policies must be able to change and adapt to the operational needs. This study investigates the potential of evolutionary algorithms as a tool in determining the optimal security policies that suit such environments. This thesis reviews some fundamental concepts in related domains. It presents three applications of evolutionary algorithms in solving problems that are of direct relevance. These include the inference of security policies from decision examples, the dynamic adaptation of security policies, and the optimisation of security policies for a specific set of missions. The results show that the inference approaches based on evolutionary algorithms are very promising. The thesis concludes with an evaluation of the work done, the extent to which the work justifies the thesis hypothesis and some possible directions on how evolutionary algorithms can be applied to address a wider range of relevant problems in the domain of concern.
5
Guillén, Lasierra Francesc. "Modelos de policía y seguridad." Doctoral thesis, Universitat Autònoma de Barcelona, 2015. http://hdl.handle.net/10803/291813.
Full textAbstract:
Esta tesis pretende demostrar la importancia de las diversas concepciones ideales (modelos) a partir de las cuáles se articulan las organizaciones y las actuaciones policiales así como sus contribuciones a la mejora del servicio con que la policía provee a los ciudadanos y las limitaciones de cada uno de ellos. La tesis parte de la idea de que los modelos policiales (y, en consecuencia, de seguridad) no son construcciones teóricas sin influencia en el día a día de las organizaciones policiales, sino todo lo contrario, que tienen influencia en los diversos ámbitos del trabajo policial. Los modelos parten de legitimaciones diferentes e influencian la finalidad principal (misión) de la policía, las relaciones con el ciudadano, la gestión del orden público, la estructura y las dinámicas de las organizaciones policiales así como los controles de la actuación policial y sus indicadores de referencia.
El trabajo comienza describiendo el contexto en que la policía aparece como institución de control social formal así como cuál es su ámbito funcional de actuación y los elementos más significativos de la función policial de cara a la construcción ideal de los modelos, con una reflexión crítica sobre el concepto de cultura policial. Posteriormente, se definen tres grandes modelos policiales: el gubernativo, el profesional y el comunitario o de servicio público y se describen las respuestas que cada uno de ellos dan a aspectos claves de la realidad policial. Así, el modelo gubernativo recibe su legitimación de un Gobierno representativo constituido en el marco de estados de derecho con separación de poderes, con respeto a la legalidad y el control judicial correspondiente. Se trata de un modelo con tendencia a estar influenciado por el poder político, en el que los ciudadanos tienen mayor o menor importancia en función de las coyunturas políticas, la organización policial es un instrumento de transmisión de órdenes y la gestión del orden público y el tratamiento de la información son muy relevantes. El modelo profesional se configura a partir de la legitimación que otorga el saber profesional (como en el caso de los médicos o los arquitectos) en el marco del respeto a la ley. La lucha contra la delincuencia es la misión fundamental, aunque no rechaza la gestión de la seguridad viaria o el orden público; ni el ciudadano ni el poder político son relevantes en la función policial por su falta de conocimientos profesionales. El modelo de policía comunitaria o de servicio público se construye a partir de los ciudadanos, para ellos y con ellos, siendo la policía un servicio destinado a satisfacer sus necesidades con su colaboración, y su opinión, el elemento clave de valoración de la policía.
El trabajo continúa con la descripción de las modernas estrategias de policía que han dominado el debate criminológico en los últimos años (policía orientada a los problemas, policía guiada por la inteligencia, Broken Windows Policing, y policía de aseguramiento) para valorar las razones por las cuáles, a pesar de sus positivas aportaciones, no constituyen nuevos modelos en tanto que no implican construcciones ideales completas de la policía.
Finalmente, se analizan las tendencias existentes en los sistemas de policía, poniendo sobre la mesa la influencia de la politización y la democratización de la seguridad, la globalización, la revolución tecnológica y la crisis económica en las organizaciones policiales. Estas tendencias y las virtudes y deficiencias señaladas de cada uno de los modelos sirven de base a las conclusiones sobre las características que tendría que tener la policía para afrontar con éxito los retos futuros, aprovechando las virtudes de los modelos estudiados.This thesis aims at stressing the importance of the diverse ideal conceptions of policing (models) that constitute the grounds for police organisations and policing. All of them have made contributions to the service with which the police provide the citizens and, at the same time, have evidenced shortcomings and limitations. The idea sustained in this work is that policing models (and consequently security models) are not theoretical constructions without any influence in daily policing, but, to the contrary, they are extremely relevant for the diverse areas of policing. Models stem from different legitimacies and affect the nuclear aim of policing (the mission), relationships with citizens, public order management, the structure and dynamics of police organisation and the systems of accountability and efficiency indicators as well. The first chapters begin with the description of the context in which the police appears as an institution of formal social control and the material field of policing focusing on its most substantial elements in order to build models up (police culture, mission, relationships with citizens, public order, organisation and accountability). Then, three models are defined: the governmental, the professional and community policing or public service policing. The governmental model gets its legitimacy from a representative Government in the framework of the rule of law with state powers balance, law abiding and judiciary control. It is a model with some tendency to be influenced by political power, in which citizens are more or less important depending on political junctures; police organisation is just an instrument to transmit orders, management of public order and gathering and treatment of information are crucial objectives for the police. The professional model is based on police professional knowledge (such as doctors or architects) in the framework of law; war on crime constitutes its mission, although it also tackles traffic police and public order; citizens or politicians should have no role in policing due to their lack of knowledge. Community policing or public service policing is thought from the citizens, for them and with them, police become a service addressed their needs with their collaboration and their opinion is the chore reference to assess the police. After having thoroughly described the three models, modern strategies of policing that have dominated criminological debates in last decades are discussed (Problem Oriented Policing, Intelligence-led Policing, Broken Windows Policing, and Reassurance Policing) in order to evidence the reasons why they are not considered policing models. It is argued that they don’t constitute new models because they are not complete ideal constructions of policing. Nevertheless they bring methodological innovations into the pre-existent models that try to improve their efficiency. Finally, this thesis analyses current tendencies in existing police systems, stressing the influence of politicization, globalisation, new technologies and the economic crisis in police organisations. The study of these tendencies and the virtues and deficiencies of the different models discussed in previous chapters offer the bases for the conclusions about how police should be to be able to face future challenges of policing in a satisfactory way.
6
Hallett, Joseph. "Capturing mobile security policies precisely." Thesis, University of Edinburgh, 2018. http://hdl.handle.net/1842/31341.
Full textAbstract:
The security policies of mobile devices that describe how we should use these devices are often informally specified. Users have preferences for some apps over others. Some users may avoid apps which can access large amounts of their personal data, whilst others may not care. A user is unlikely to write down these policies or describe them using a formal policy language. This is unfortunate as without a formal description of the policy we cannot precisely reason about them. We cannot help users to pick the apps they want if we cannot describe their policies. Companies have mobile security policies that definehowan employee should use smart phone devices and tablet computers from home at work. A company might describe the policy in a natural language document for employees to read and agree to. They might also use some software installed on employee's devices to enforce the company rules. Without a link between the specification of the policy in the natural language document and the implementation of the policy with the tool, understanding how they are related can be hard. This thesis looks at developing an authorisation logic, called AppPAL, to capture the informal security policies of the mobile ecosystem, which we define as the interactions surrounding the use of mobile devices in a particular setting. This includes the policies of the users, the devices, the app stores, and the environments the users bring the devices into. Whilst earlier work has looked on checking and enforcing policies with low-level controls, this work aims to capture these informal policy's intents and the trust relationships within them separating the policy specification from its enforcement. This allows us to analyse the informal policies precisely, and reason about how they are used. We show how AppPAL instantiates SecPAL, a policy language designed for access control in distributed environments. We describe AppPAL's implementation as an authorisation logic for mobile ecosystems. We show how we can check AppPAL policies for common errors. Using AppPAL we show that policies describing users privacy preferences do not seem to match the apps users install. We explore the differences between app stores and how to create new ones based on policy. We look at five BYOD policies and discover previously unexamined idioms within them. This suggests aspects of BYOD policies not managed by current BYOD tools.
7
Persson, Magnus. "Building trust : The contradiction between security and democracy in post Apartheid South Africa." Thesis, Linnéuniversitetet, Institutionen för socialt arbete, SA, 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-17110.
Full textAbstract:
Abstract Title: Building Trust: The contradiction between security and democracy in post apartheid South Africa Author: Magnus Persson Supervisor: Svante Lundberg This paper aims to investigate the contradiction between security and democracy in post-apartheid South African policing, and was executed on the field together with the South African Police Service (SAPS). The theoretical point of departure is that trust between people, in relation to the institutions of society, is fundamental to democratic development. This in combination with previous research on police reform, police academy socialization, community policing and militarization has lead to the conclusion that a remilitarization process is under way and that a militaristic approach to policing is likely to be counterproductive in terms of achieving democratic development. The study has been executed on a South African police academy as well as at two different police stations with the combined methods of participatory observation and interviews.
8
Brooks, Jason L., and Jason A. Goss. "SECURITY ISSUES AND RESULTING SECURITY POLICIES FOR MOBILE DEVICES." Monterey, California. Naval Postgraduate School, 2013. http://hdl.handle.net/10945/32799.
Full textAbstract:
Mobile devices, given their promise of mobility with rich functionality, are being deployed with broadening use cases throughout the United States Department of Defense. All the while, massive quantities of information are stored and accessed by these devices without there being a comprehensive and specialized security policy dedicated to protecting that information. The importance of having a security policy grows as these devices start providing new capabilities and replacing many information systems we currently have deployed. Since the same device will be used in many different contexts, each with potentially different security policies, the devices will have to be able to adapt to those contexts. The security policy(ies) enforced by the device will have to adapt accordingly. We investigate potential mobile computing security policies to balance this request for context aware functionality with the information assurance required of these government devices. We investigate the security issues raised in the use of these devices and provide example security policies that address some of these issues.
9
Thimamontri, Apinya. "Homeland Security Roles and Responsibilities: an Examination of Texas Police Chiefs’ Perceptions." Thesis, University of North Texas, 2012. https://digital.library.unt.edu/ark:/67531/metadc149673/.
Full textAbstract:
Research has shown that the police industry has entered into an era of homeland security. However, whether the core functions of policing have significantly changed since September 11, 2001, has been the topic of considerable debate. Using secondary data, the research identifies variables that are most influential in predicting whether Texas police chiefs understand their departments’ homeland security roles and responsibilities. The data was originally obtained in 2007 through self-administered surveys of police chiefs attending the Texas Chief Leadership Series (TPCLS) and the New Chief Development Program (NCDP).
10
Brown, David A. "Examining the Behavioral Intention of Individuals' Compliance with Information Security Policies." ScholarWorks, 2017. https://scholarworks.waldenu.edu/dissertations/3750.
Full textAbstract:
Target Corporation experienced an information security breach resulting in compromising customers' financial information. Management is responsible for implementing adequate information security policies that protect corporate data and minimize financial losses. The purpose of this experimental study was to examine the effect of a fear appeal communication on an individual's information security policy behavioral intention. The sample population involved information technology professionals randomly selected from the SurveyMonkey audience. A research model, developed using constructs from deterrence theory and protection motivation theory, became the structural model used for partial least squares-structural equation modeling (PLS-SEM) analysis of the survey response data, which indicated that self-efficacy was statistically significant. The remaining model variables, perceived threat vulnerability, perceived threat severity, response efficacy, informal sanction certainty, informal sanction severity, formal sanction certainty, and formal sanction severity, were not statistically significant. A statistically significant self-efficacy result could indicate confidence among the population to comply with information security policies. The nonsignificant results could indicate the fear appeal treatment did not motivate a change in behavior or information security policy awareness bias was introduced by selecting information technology professionals. Social change in information security could be achieved by developing an effective information security policy compliance fear appeal communication, which could change information security compliance behavior and contribute to securing the nation's critical cyber infrastructure and protecting data.
11
Rimando, Ryan A. "Development and analysis of security policies in security enhanced Android." Thesis, Monterey, California. Naval Postgraduate School, 2012. http://hdl.handle.net/10945/27896.
Full textAbstract:
This thesis examines Security Enhanced Android. Both its policy and its additional security features are explored. The policy is examined in depth, providing a better understanding of the security provided by SE Android. We analyze the default SE Android policy. We identify a potential weakness and change the policy to facilitate control over communication channels. A proof-of-concept set of applications is developed to demonstrate how SE Android can be used to improve application security. The proof-of-concept policy is then analyzed to determine if security goals are met.
12
Herzog, Almut. "Usable Security Policies for Runtime Environments." Doctoral thesis, Linköpings universitet, IISLAB - Laboratoriet för intelligenta informationssystem, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-8809.
Full textAbstract:
The runtime environments provided by application-level virtual machines such as the Java Virtual Machine or the .NET Common Language Runtime are attractive for Internet application providers because the applications can be deployed on any platform that supports the target virtual machine. With Internet applications, organisations as well as end users face the risk of viruses, trojans, and denial of service attacks. Virtual machine providers are aware of these Internet security risks and provide, for example, runtime monitoring of untrusted code and access control to sensitive resources. Our work addresses two important security issues in runtime environments. The first issue concerns resource or release control. While many virtual machines provide runtime access control to resources, they do not provide any means of limiting the use of a resource once access is granted; they do not provide so-called resource control. We have addressed the issue of resource control in the example of the Java Virtual Machine. In contrast to others’ work, our solution builds on an enhancement to the existing security architecture. We demonstrate that resource control permissions for Java-mediated resources can be integrated into the regular Java security architecture, thus leading to a clean design and a single external security policy. The second issue that we address is the usabilityhttps://www.diva-portal.org/liu/webform/form.jsp DiVA Web Form and security of the setup of security policies for runtime environments. Access control decisions are based on external configuration files, the security policy, which must be set up by the end user. This set-up is security-critical but also complicated and errorprone for a lay end user and supportive, usable tools are so far missing. After one of our usability studies signalled that offline editing of the configuration file is inefficient and difficult for end users, we conducted a usability study of personal firewalls to identify usable ways of setting up a security policy at runtime. An analysis of general user help techniques together with the results from the two previous studies resulted in a proposal of design guidelines for applications that need to set up a security policy. Our guidelines have been used for the design and implementation of the tool JPerM that sets the Java security policy at runtime. JPerM evaluated positively in a usability study and supports the validity of our design guidelines.
13
Herzog, Almut. "Usable security policies in runtime environments /." Linköping : Department of Computer and Information Science, Linköpings universitet, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-8809.
Full text
14
Khoury, Raphaël. "Enforcing Security Policies with Runtime Monitors." Thesis, Université Laval, 2011. http://www.theses.ulaval.ca/2011/28124/28124.pdf.
Full textAbstract:
Le monitorage (monitoring) est une approche pour la sécurisation du code qui permet
l'exécution d’un code potentiellement malicieux en observant son exécution, et en intervenant
au besoin pour éviter une violation d’une politique de sécurité. Cette méthode
a plusieurs applications prometteuses, notamment en ce qui a trait à la sécurisation du
code mobile.
Les recherches académiques sur le monitorage se sont généralement concentrées sur
deux questions. La première est celle de délimiter le champ des politiques de sécurité
applicables par des moniteurs opérant sous différentes contraintes. La seconde question
est de construire des méthodes permettant d’insérer un moniteur dans un programme,
ce qui produit un nouveau programme instrumenté qui respecte la politique de sécurité
appliquée par ce moniteur. Mais malgré le fait qu’une vaste gamme de moniteurs a été
étudiée dans la littérature, les travaux sur l’insertion des moniteurs dans les programmes
se sont limités à une classe particulière de moniteurs, qui sont parmi les plus simples et
les plus restreint quant à leur champ de politiques applicables.
Cette thèse étend les deux avenues de recherches mentionnées précédemment et
apporte un éclairage nouveau à ces questions. Elle s’attarde en premier lieu à étendre le
champ des politiques applicables par monitorage en développabt une nouvelle approche
pour l’insertion d’un moniteur dans un programme. En donnant au moniteur accès à
un modèle du comportement du programme, l’étude montre que le moniteur acquiert
la capacité d’appliquer une plus vaste gamme de politiques de sécurité.
De plus, les recherches ont aussi d´emontré qu’un moniteur capable de transformer
l’exécution qu’il surveille est plus puissant qu’un moniteur qui ne possède pas cette
capacité. Naturellement, des contraintes doivent être imposées sur cette capacité pour
que l’application de la politique soit cohérente. Autrement, si aucune restriction n’est
imposée au moniteur, n’importe quelle politique devient applicable, mais non d’une
manière utile ou désirable. Dans cette étude, nous proposons deux nouveaux paradigmes
d’application des politiques de sécurité qui permettent d’incorporer des restrictions
raisonnables imposées sur la capacité des moniteurs de transformer les exécutions sous
leur contrôle. Nous étudions le champ des politiques applicables avec ces paradigmes
et donnons des exemples de politiques réelles qui peuvent être appliquées à l’aide de
notre approche.Execution monitoring is an approach that seeks to allow an untrusted code to run safely by observing its execution and reacting if need be to prevent a potential violation of a user-supplied security policy. This method has many promising applications, particularly with respect to the safe execution of mobile code. Academic research on monitoring has generally focused on two questions. The first, relates to the set of policies that can be enforced by monitors under various constraints and the conditions under which this set can be extended. The second question deals with the way to inline a monitor into an untrusted or potentially malicious program in order to produce a new instrumented program that provably respects the desired security policy. This study builds on the two strands of research mentioned above and brings new insights to this study. It seeks, in the first place, to increase the scope of monitorable properties by suggesting a new approach of monitor inlining. By drawing on an a priori model of the program’s possible behavior, we develop a monitor that can enforce a strictly larger set of security properties. Furthermore, longstanding research has showed that a monitor that is allowed to transform its input is more powerful than one lacking this ability. Naturally, this ability must be constrained for the enforcement to be meaningful. Otherwise, if the monitor is given too broad a leeway to transform valid and invalid sequences, any property can be enforced, but not in a way that is useful or desirable. In this study, we propose two new enforcement paradigms which capture reasonable restrictions on a monitor’s ability to alter its input. We study the set of properties enforceable if these enforcement paradigms are used and give examples of real-life security policies that can be enforced using our approach.
15
Hwang, JeeHyun. "Improving the Quality of Security Policies." Thesis, North Carolina State University, 2014. http://pqdtopen.proquest.com/#viewpdf?dispub=3584006.
Full textAbstract:
Systems such as web applications, database systems, and cloud services regulate users’ access control to sensitive resources based on security policies. Organizations often manage security policies in an ad-hoc and inconsistent manner due to a lack of budget, resources, and staff. This management could cause crucial security problems such as unauthorized access to sensitive resources.
A security policy is a set of restrictions and properties that specify how a computing system prevents information and computing resources from being used in violation of an organization’s security laws, rules, and practices. In computer systems, security policies are enforced to ensure correct functioning of access control such as “who” (e.g., authorized users or processes) can perform actions under “what” conditions.
Policy authors may follow common patterns in specifying and maintaining security policies. Researchers applied data mining techniques for deriving (implicit) patterns such as a group of users (i.e., roles in RBAC policies) who have the same access permissions. Policy authors reuse common patterns to reduce mistakes. Anomalies of those patterns are candidates for inspection to determine whether these anomalies expose faults.
Faults (i.e., misconfigurations) in security policies could result in tragic consequences, such as disallowing an authorized user to access her/his resources and allowing malicious users to access critical resources. Therefore, to improve the quality of security policies in terms of policy correctness, policy authors must conduct rigorous testing and verification during testing and maintenance phases of software development process. However, manual test-input generation and verification is an error-prone, time-consuming, and tedious task.
In this dissertation, we propose approaches that help improve the quality of security policies automatically. Our research goal is to help policy authors through automated pattern mining and testing techniques in the efficient detection and removal of faults. This dissertation is comprised of three research projects where each project focuses on a specific software engineering task. The three research projects are as follows:
Pattern Mining. We present an approach to mine patterns from security policies used in open source software products. Our approach applies data mining techniques on policy evolution and specification data of those security policies to identify common patterns, which represent usage of security policies. Our approach uses mined patterns as policy specification rules and detect faults in security policies under analysis as deviations from the mined patterns.
Automated Test Generation. We present a systematic structural testing approach for security policies. Our approach is based on the concept of policy coverage, which helps test a policy’s structural entities (i.e., rules, predicates, and clauses) to check whether each entity is specified correctly. Our approach analyzes security policies under test and generates test cases automatically to achieve high structural coverage. These test cases can achieve high fault-detection capability (i.e., detecting faults).
Automated Test Selection for Regression Testing. We present a safe-test-selection approach for regression testing of security policies. Among given initial test cases in access control systems under test, our approach selects and executes only test cases that could expose different policy behaviors across multiple versions of security policies. Our approach helps detect unexpected policy behaviors (i.e., regression faults) caused by policy changes efficiently.
These three research project have resulted in the following contributions:
• Patterns characterizing correlations of attributes in security policies help detect faults.
• Structural coverage for security policies is closely related to fault-detection capability. An original set of test cases with higher structural coverage often achieves higher fault-detection capability. Furthermore, its reduced set of test cases while maintaining the same structural coverage achieves similar fault-detection capability with the original set.
• Substantial number of test cases for regression testing can be reduced to help improve performance.
16
Li, Yanhuang. "Interoperability and Negotiation of Security Policies." Thesis, Télécom Bretagne, 2016. http://www.theses.fr/2016TELB0414/document.
Full textAbstract:
Suite au développement des technologies de l'information, et en particulier au déploiement d'infrastructures telles que le Cloud Computing, de plus en plus d'applications et plateformes coopèrent en échangeant des données et des services. Cette tendance renforce l'importance de la gestion de la sécurité. Afin d'assurer la sécurité des données et de l'interaction de service une politique de sécurité doit être appliquée. Dans cette thèse, nous nous intéressons aux politiques de contrôle d'accès. Ce type de politique spécifie les privilèges de l'utilisation des ressources et est implémentée par différents modèles selon différents scénarios. Notre objectif ici est d'aider le client du service à bien exprimer ses exigences de sécurité et à choisir les fournisseurs de services qui peuvent la déployer. La première partie de cette thèse est dédiée à la sélection des fournisseurs de service. Dans le cas où les politiques de sécurité du fournisseur sont accessibles au client, nous proposons une méthode pour mesurer la similarité entre les politiques de sécurité. Dans le cas où les politiques de sécurité ne sont pas accessibles au client ou ne sont pas explicitement spécifiées, nous proposons un cadre à base de règles permettant la dérivation à partir des exigences de sécurité aux politiques de sécurité concrètes. La seconde partie de la thèse porte sur la négociation de politiques de sécurité. Nous étudions le processus permettant aux parties en négociation de parvenir à un accord par une série d'échanges d'offres et de contre-offres. Lorsque le résultat de la négociation est positif, un contrat incluant la politique de sécurité acceptée par les parties est généréSecurity policy provides a way to define the constraints on behavior of the members belonging to a system, organization or other entities. With the development of IT technology such as Grid Computing and Cloud Computing, more and more applications and platforms exchange their data and services for cooperating. Toward this trend, security becomes an important issue and security policy has to be applied in order to ensure the safety of data and service interaction. In this thesis, we deal with one type of security policy: access control policy. Access control policy protects the privileges of resource's utilization and there exist different policy models for various scenarios. Our goal is to ensure that the service customer well expresses her security requirements and chooses the service providers that fit these requirements.The first part of this dissertation is dedicated to service provider selection. In case that the security policies of the service provider are accessible to the service customer, we provide a method for measuring the similarity between security policies. Another case is that security policies are not accessible to the service customer or not specified explicitly. Our solution is proposing a policy-based framework which enables the derivation from attribute-based security requirements to concrete security policies. The second part of the dissertation focuses on the security policy negotiation. We investigate the process of reaching agreement through bargaining process in which negotiators exchange their offers and counter offers step by step. The positive result of the negotiation generates a policy contract
17
Giacomantonio, Christopher Joseph. "Policing integration : the inter- and intra-organizational coordination of police work." Thesis, University of Oxford, 2013. http://ora.ox.ac.uk/objects/uuid:4c85a7d4-4475-42a0-9fa1-226baaca43fc.
Full textAbstract:
The thesis examines the coordination of public police organizations in an intra-national setting through interviews and observations with police officers and managers in multiple organizations in the Lower Mainland, BC, Canada, alongside documentary analysis of local, national and provincial law, policy and protocols relating to coordination. It produces a qualitative and inductive analysis of how police coordinate both within and between agencies, examining ‘interstices’ between police units and using recent ‘integration’ initiatives between public police organizations in the Lower Mainland as a focal point. It develops a recent local history of police activity and organizational change in the region; a novel typology of police organizational boundaries grounded in open-systems organizational theory; and an account of the dynamics of inter-unit coordination based on empirical findings. The thesis then sets out a governance problem for police coordination, developing the argument that coordination work is unique work and needs to be treated as such for purposes of accountability, transparency and equity of police practice in a democratic society. This governance problem is applied to broader developments in police work in Anglo-American societies, and an intellectual framework for assessing police governance under coordination is advanced.
18
Martinez, Salvador. "Automatic reconstruction and analysis of security policies from deployed security components." Phd thesis, Ecole des Mines de Nantes, 2014. http://tel.archives-ouvertes.fr/tel-01065944.
Full textAbstract:
Security is a critical concern for any information system. Security properties such as confidentiality, integrity and availability need to be enforced in order to make systems safe. In complex environments, where information systems are composed by a number of heterogeneous subsystems, each subsystem plays a key role in the global system security. For the specific case of access-control, access-control policies may be found in several components (databases, networksand applications) all, supposedly, working together. Nevertheless since most times these policies have been manually implemented and/or evolved separately they easily become inconsistent. In this context, discovering and understanding which security policies are actually being enforced by the information system comes out as a critical necessity. The main challenge to solve is bridging the gap between the vendor-dependent security features and a higher-level representation that express these policies in a way that abstracts from the specificities of concrete system components, and thus, it's easier to understand and reason with. This high-level representation would also allow us to implement all evolution/refactoring/manipulation operations on the security policies in a reusable way. In this work we propose such a reverse engineering and integration mechanism for access-control policies. We rely on model-driven technologies to achieve this goal.
19
Yalcinkaya, Ramazan. "Risk Assessment of Aviation Security and Evaluation of Aviation Security Policies." Thesis, University of North Texas, 2005. https://digital.library.unt.edu/ark:/67531/metadc4801/.
Full textAbstract:
Comprising many airplanes, airports, aircrew, and employees, aviation industry is a large sector that is very vulnerable to attacks, whether it is from terrorists or criminals. Aviation history is fraught with examples of airport bombings, hijackings, and sabotage terrorist attacks. The most destructive of which is the tragedy of September 11, 2001, the cornerstone of today's aviation security policies. This study uses risk assessment tools to determine the dimensions of danger and threats against the aviation industry and addresses how vulnerable the aviation sector is. After vulnerabilities and threats are examined, possible impacts of attacks against the aviation security are discussed. This study also explores the pre and post September 11 policies that governments and policy makers develop to reduce risks in aviation sector. In addition, it discusses weaknesses and strengths of these policies which surfaced during the implementations. Finally, this study proposes some recommendations based on vulnerabilities and threats of aviation security.
20
El, Maarabani Mazen. "Verification and test of interoperability security policies." Phd thesis, Institut National des Télécommunications, 2012. http://tel.archives-ouvertes.fr/tel-00717602.
Full textAbstract:
Nowadays, there is an increasing need for interaction in business community. In such context, organizations collaborate with each other in order to achieve a common goal. In such environment, each organization has to design and implement an interoperability security policy. This policy has two objectives: (i) it specifies the information or the resources to be shared during the collaboration and (ii) it define the privileges of the organizations' users. To guarantee a certain level of security, it is mandatory to check whether the organizations' information systems behave as required by the interoperability security policy. In this thesis we propose a method to test the behavior of a system with respect to its interoperability security policies. Our methodology is based on two approaches: active testing approach and passive testing approach. We found that these two approaches are complementary when checking contextual interoperability security policies. Let us mention that a security policy is said to be contextual if the activation of each security rule is constrained with conditions. The active testing consists in generating a set of test cases from a formal model. Thus, we first propose a method to integrate the interoperability security policies in a formal model. This model specifies the functional behavior of an organization. The functional model is represented using the Extended Finite Automata formalism, whereas the interoperability security policies are specified using OrBAC model and its extension O2O. In addition, we propose a model checking based method to check whether the behavior of a model respects some interoperability security policies. To generate the test cases, we used a dedicated tool developed in our department. The tool allows generating abstract test cases expressed in the TTCN notation to facilitate its portability. In passive testing approach, we specify the interoperability policy, that the system under test has to respect, with Linear Temporal logics. We analyze then the collected traces of the system execution in order to deduce a verdict on their conformity with respect to the interoperability policy. Finally, we show the applicability of our methods though a hospital network case study. This application allows to demonstrate the effectiveness and reliability of the proposed approaches
21
Martins, Francisco. "Controlling Security Policies in a Distributed Environment." Doctoral thesis, Department of Informatics, University of Lisbon, 2006. http://hdl.handle.net/10451/14314.
Full textAbstract:
This thesis proposes a typing discipline to control the migration of code in a distributed, mobile environment. Our approach is to express security policies as types, to characterise security faults as typing errors, and to use a type system to statically enforce a given security policy. We prove a type safety result that ensures that well-typed programs do not violate the prescribed security policy. We start by analysing a simple, yet non-trivial, approach to control the access to resources in a concurrent language (the $\pi-$calculus). In the concurrent framework we study the control of actions at program level and, in a finer-grained scenario, at resource level. Moving into a distributed, concurrent platform (using the D$\pi$-calculus as the underlying language), we analyse the impact of code mobility in the verification of security. In a first stage, we control mobility by specifying security policies at site level, and by considering only the source site, the target site, and the action to be executed, as the relevant information to decide if an action should be performed. This approach revealed some vulnerabilities, namely that a site cannot control by itself its own security: it always need to trust in third-parties. Aiming at overcoming this undesired lacuna, as well as simplifying the writing and maintenance of security policies, we introduce the concepts of groups, a cluster of sites that share the same security polices, and of path to account for the sequence of sites visited by migrating code. We define security at group level, avoiding the replication of polices by the sites that are members of the same group. Granting privileges to migrating paths allows for a site to precisely select the action that it grants permission to be executed (without needing to depend on third-parties). Our major result is that, recalling Milners motto, well-typed programs do not go wrong, in the sense that, if a network has no typing error, then it does not incur in a security fault.
22
Marhia, Natasha. "Everyday (in)security/(re)securing the everyday : gender, policing and violence against women in Delhi." Thesis, London School of Economics and Political Science (University of London), 2012. http://etheses.lse.ac.uk/759/.
Full textAbstract:
This thesis contributes to the literature seeking to reconceptualise human security from a critical feminist perspective. It argues that security is a field of power, implicated in context-specific ways in the (re)production of gendered violences, and that human security must account for how such violences are (re)produced in and through the everyday. It explores how socially and historically embedded security institutions, discourses and practices are implicated in ‘the (violent) reproduction of gender’ (Shepherd 2008), taking as a case study Delhi Police’s initiatives to address violence/crime against women, in response to the city’s notoriety as India’s ‘rape capital’. Drawing on 86 in-depth interviews and 6 months of observational fieldwork with Delhi Police, the thesis shows that Delhi Police have found innovative ways of doing ‘security’ which depart from its association with (masculinist) authority and protection, and which apprehend violences embedded in the everyday. However, the effects are contradictory and ambivalent. Despite challenging some aspects of gender relations, the policing of violence/crime against women also reproduces conditions which enable and sustain the violence. The thesis explores how police discourses construct violence in terms of vulnerability and responsibility, in ways which both normalise and exceptionalise certain violences, and map gendered safety onto normative ideas of sexual integrity such as to reproduce the heteronormativity of marriage as a compulsory institution for women. It investigates the spatial and temporal distancing through which violence/crime against women is constructed, and the consequent reproduction of class differentiation and identification, and normative gender and sexuality. It considers how the unstable gendering of policing, and police work, intersects with and contributes to such constructions of violence/crime against women, and their discursive effects. The thesis concludes with a qualified and partial recuperation of human security as emancipatory – where emancipation is conceived as transforming oppressive power relations, and power is understood in a Foucauldian sense as pervasive, unstable and productive. It highlights the limits of security, and the relativity of its achievability.
23
Michael, Deborah Francis. "A sense of security? : the ideology and accountability of private security officers." Thesis, London School of Economics and Political Science (University of London), 2002. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.271286.
Full textAbstract:
Policing in the UK is undergoing fundamental transformation. In an emerging 'mixed economy' of social control, policing has become a complex assortment of public and private inputs. As non-emergency policing has gradually shifted away from the Home Office police service monopoly, the private security industry is acquiiing a much wider role. This small-scale qualitative study provides an original insight into the ideology and accountability of 50 security officers working for three of the market leaders in the manned-guarding industry. Particular attention is paid to their attitudes towards: their role in crime control, their relationship with the police service, and their own powers and accountability. Information is also provided about the professionalism of security officers, by presenting data about guards' social backgrounds, training and general orientation to work. The research suggests that guards are primarily concerned about providing a service to the private employers who pay them, and have flmdamentally different attitudes towards their work compared to public police officers. The conclusions underline the implications of the pnvatisation of policing for social and criminal justice, indicating the emergence of forms of 'private justice' as policing is increasingly undertaken by guards without even any nominal concerns to serve the public interest. Although this might be acceptable to the neo-liberal approach that has come to dominate public policy debate in the last quarter of the twentieth century, it would be regarded as worrying by more traditional social or political perspectives whether conservative, liberal or socialist. The low levels of professionalism suggested by this data gathered from the market leaders in the security industry also raise important questions about the potential effectiveness of the guards.
24
Graham, Scott W. Mills Stephen E. "Monitoring information systems to enforce computer security policies /." Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 1999. http://handle.dtic.mil/100.2/ADA369434.
Full textAbstract:
Thesis (M.S. in Systems Engineering) Naval Postgraduate School, September 1999."September 1999". Thesis advisor(s): Vicente Garcia. Includes bibliographical references (p. 123-124). Also available online.
25
Singh, Kapil. "Designing security policies and frameworks for web applications." Diss., Georgia Institute of Technology, 2011. http://hdl.handle.net/1853/41122.
Full textAbstract:
The new developments behind Web 2.0 have increased the complexity of web systems making the task of securing these systems a challenging problem. As a result, end-to-end security for web access has been hindered by the limitations of current web security policies and by the lack of systems that enable effective enforcement of policies. The focus of this dissertation is on how new tools and frameworks may be designed to aid the protection of web systems by acting as policy specification and enforcement points. In particular, we develop a set of policies and frameworks for three web players--the user, the web browser and the web application--that determine the end-to-end security of web content. Our contributions include a framework for users to specify security policies, a platform to enforce user policies for third-party applications, a systematic analysis of browser policy issues, and a mechanism to provide improved end-to-end security/integrity guarantees.
26
Weikard, Hans-Peter. "Industrial policies and social security : investigating the links." Universität Potsdam, 1997. http://opus.kobv.de/ubp/volltexte/2010/4876/.
Full textAbstract:
This paper opens a series of discussion papers which report about the findings of a research project within the Phare-ACE Programme of the European Union. We, a group of Bulgarian, German, Greek, Polish and Scottish economists and agricultural economists, undertake this research to provide An Integrated Analysis of Industrial Policies and Social Security Systems in Countries in Transition.1 This paper outlines the basic motivation for such study.
27
Graham, Scott W., and Stephen E. Mills. "Monitoring information systems to enforce computer security policies." Thesis, Monterey, California. Naval Postgraduate School, 1999. http://hdl.handle.net/10945/8698.
Full textAbstract:
Many computer security policies are written relatively vaguely. In many ways this is intentional to allow for easier access to all the functionality of the computer network. However, too much leeway allows users, without a need to access many of the network functions, the ability to execute functions that might cause harm to the system or provide access to information they have no need to see. With this in mind, this paper takes a look at computer security. We start with a brief history of computer security and continue with a look at internal security. Since our focus is on computer misuse and detection, a look at internal security provides a look at the reasons why we should attempt to monitor the activities of users. Misuse detection requires at least two features. These are audit reduction and profiling ability. When audit features are enabled in the operating system, massive files can build up. By establishing profiles of personnel usage, the automated audit features can quickly scan audit files, look for usage that falls outside what is determined to be normal, notify administrators, and delete old audit data. A misuse detection system, such as the Computer Misuse Detection System marketed by ODS Networks, may be implemented and incorporated into a comprehensive security policy
28
Alzahrani, Ali Mousa G. "Efficient enforcement of security policies in distributed systems." Thesis, De Montfort University, 2013. http://hdl.handle.net/2086/9029.
Full textAbstract:
Policy-based management (PBM) is an adaptable security policy mechanism in information systems (IS) that confirm only authorised users can access resources. A few decades ago, the traditional PBM has focused on closed systems, where enforcement mechanisms are trusted by system administrators who define access control policies. Most of current work on the PBM systems focuses on designing a centralised policy decision point (PDP), the component that evaluates an access request against a policy and reports the decision back, which can have performance and resilience drawbacks. Performance and resilience are a major concern for applications in military, health and national security domains where the performance is desirable to increase situational awareness through collaboration and to decrease the length of the decision making cycle. The centralised PDP also represents a single point of failure. In case of the failure of the centralised PDP, all resources in the system may cease to function. The efficient distribution of enforcement mechanisms is therefore key in building large scale policy managed distributed systems. Moving from the traditional PBM systems to dynamic PBM systems supports dynamic adaptability of behaviour by changing policy without recoding or stopping the system. The SANTA history-based dynamic PBM system has a formal underpinning in Interval Temporal Logic (ITL) allowing for formal analysis and verification to take place. The main aim of the research to automatically distribute enforcement mechanisms in the distributed system in order to provide resilience against network failure whilst preserving efficiency of policy decision making. The policy formalisation is based on SANTA policy model to provide a high level of assurance. The contribution of this work addresses the challenge of performance, manageability and security, by designing a Decentralised PBM framework and a corresponding Distributed Enforcements Architecture (DENAR). The ability of enforcing static and dynamic security policies in DENAR is the prime research issue, which balances the desire to distribute systems for flexibility whilst maintaining sufficient security over operations. Our research developed mechanisms to improve the efficiency of the enforcement of security policy mechanisms and their resilience against network failures in distributed information systems.
29
Sui, Guang Ye. "Formal Enforcement of Security Policies : An Algebraic Approach." Doctoral thesis, Université Laval, 2015. http://hdl.handle.net/20.500.11794/26466.
Full textAbstract:
La sécurité des systèmes d’information est l’une des préoccupations les plus importantes du domaine de la science informatique d’aujourd’hui. Les particuliers et les entreprises sont de plus en plus touchés par des failles de sécurité et des milliards de dollars ont été perdus en raison de cyberattaques. Cette thèse présente une approche formelle basée sur la réécriture de programmes permettant d’appliquer automatiquement des politiques de sécurité sur des programmes non sécuritaires. Pour un programme P et une politique de sécurité Q, nous générons un autre programme P’ qui respecte une politique de sécurité Q et qui se comporte comme P, sauf si la politique est sur le point d’être violée. L’approche présentée utilise l’algèbre [symbol] qui est une variante de [symbol] (Basic Process Algebra) étendue avec des variables, des environnements et des conditions pour formaliser et résoudre le problème. Le problème de trouver la version sécuritaire P’ à partir de P et de Q se transforme en un problème de résolution d’un système linéaire pour lequel nous savons déjà comment extraire la solution par un algorithme polynomial. Cette thèse présente progressivement notre approche en montrant comment la solution évolue lorsqu’on passe de l’algèbre de [symbol] à [symbol].The security of information systems is one of the most important preoccupations of today’s computer science field. Individuals and companies are more and more affected by security flaws and billions of dollars have been lost because of cyber-attacks. This thesis introduces a formal program-rewriting approach that can automatically enforce security policies on non-trusted programs. For a program P and a security policy Q, we generate another program P’ that respects the security policy Q and behaves like P except when the enforced security policy is about to be violated. The presented approach uses the [symbol] algebra that is a variant of the BPA (Basic Process Algebra) algebra extended with variables, environments and conditions to formalize and resolve the problem. The problem of computing the expected enforced program [symbol] is transformed to a problem of resolving a linear system for which we already know how to extract the solution by a polynomial algorithm. This thesis presents our approach progressively and shows how the solution evolves when we move from the [symbol] algebra to the [symbol] algebra.
30
Steffinlongo, Enrico <1987>. "Efficient security analysis of administrative access control policies." Doctoral thesis, Università Ca' Foscari Venezia, 2017. http://hdl.handle.net/10579/12917.
Full textAbstract:
In recent years access control has been a crucial aspect of computer systems, since it is the component responsible for giving users specific permissions enforcing a administrator-defined policy. This lead to the formation of a wide literature proposing and implementing access control models reflecting different system perspectives. Moreover, many analysis techniques have been developed with special attention to scalability, since many security properties have been proved hard to verify. In this setting the presented work provides two main contributions.
In the first, we study the security of workflow systems built on top of an attribute-based access control in the case of collusion of multiples users. We define a formal model for an ARBAC based workflow system and we state a notion of security against collusion. Furthermore we propose a scalable static analysis technique for proving the security of a workflow. Finally we implement it in a prototype tool showing its effectiveness.
In the second contribution, we propose a new model of administrative attribute-based access control (AABAC) where administrative actions are enabled by boolean expressions predicating on user attributes values. Subsequently we introduce two static analysis techniques for the verification of reachability problem: one precise, but bounded, and one over-approximated. We also give a set of pruning rules in order to reduce the size of the problem increasing scalability of the analysis. Finally, we implement the analysis in a tool and we show its effectiveness on several realistic case studies.
31
Saboya, PÃmela Costa Landim. "As mudanÃas na formaÃÃo do policial militar do Cearà no contexto da seguranÃa pÃblica." Universidade Federal do CearÃ, 2017. http://www.teses.ufc.br/tde_busca/arquivo.php?codArquivo=19094.
Full textAbstract:
nÃo hÃO presente trabalho investiga a evoluÃÃo do conhecimento realizado nas Academias de PolÃcias com uma preocupaÃÃo em mostrar quais fatores influenciaram as mudanÃas para se chegar ao atual modelo de formaÃÃo implementado na Academia Estadual de SeguranÃa PÃblica do Estado do CearÃ. Tratou-se de uma pesquisa qualitativa, com carÃter comparativo, pautada nos referenciais da sociologia e das mudanÃas curriculares dos cursos de formaÃÃo do policial militar do CearÃ. Como procedimentos metodolÃgicos foram utilizados principalmente pesquisas bibliogrÃficas sobre a seguranÃa pÃblica, a violÃncia e a formaÃÃo policial, coleta e anÃlise de dados sobre violÃncia, com observaÃÃes de acontecimentos histÃricos da formaÃÃo policial cearense. No primeiro capÃtulo do trabalho faz-se uma anÃlise dos acontecimentos que permitiram se chegar a construÃÃo das polÃcias militares no Brasil com a problematizaÃÃo da violÃncia como fator social determinante para se analisar a instituiÃÃo policial. No segundo capÃtulo do trabalho foi abordado o cenÃrio atual da sociedade brasileira e o atual modelo de formaÃÃo empregado na academia policial cearense. Na terceira parte à feita uma anÃlise dos currÃculos de formaÃÃo inicial dos policiais militares do CearÃ. Foram utilizadas como leituras os livros de Marcos Rolim, ClÃudio Beato Filho, Theodomiro Dias Neto, IgnÃcio Cano e outros tendo como organizadores e autores CÃsar Barreira, GlaucÃria Mota Brasil e estudiosos da modernidade que tratam do tema polÃcia com Ãnfase na formaÃÃo moderna como algo a ser desvendado e explorado. No terceiro capÃtulo à feito uma anÃlise das mudanÃas promovidas nos currÃculos de formaÃÃo inicial dos policiais militares do CearÃ. Por fim, nas consideraÃÃes finais à feita uma anÃlise das mudanÃas realizadas na seguranÃa pÃblica no Cearà apÃs a redemocratizaÃÃo do Brasil e quais as consequÃncias para os homicÃdios e a formaÃÃo policial dessas mudanÃas.
The present work investigates the evolution of the knowledge carried out in the Police Academies with a concern to show which factors influenced the changes to reach the current training model implemented in the State Academy of Public Security of the State of CearÃ. It was a qualitative research, with a comparative character, based on the sociology references and the curricular changes of the training courses of the military police of CearÃ. As methodological procedures, bibliographical research on public security, violence and police training, collection and analysis of data on violence, with observations of historical events of the police training in CearÃ, were used. In the first chapter of the article, an analysis is made of the events that led to the construction of military police in Brazil with the problematization of violence as a determining social factor for analyzing the police institution. In the second chapter of the study the current scenario of Brazilian society and the current training model employed in the police academy of Cearà were discussed. In the third part, an analysis of the curricula of initial training of the military police of Cearà is made. The books of Marcos Rolim, ClÃudio Beato Filho, Theodomiro Dias Neto, IgnÃcio Cano and others were used as readings, as organizers and authors CÃsar Barreira, GlaucÃria Mota Brasil and modernity scholars who deal with the theme police with emphasis on modern training as something to Be unveiled and explored. In the third chapter an analysis of the changes promoted in the initial training curricula of the military police of Cearà is made. Finally, in the final considerations, an analysis is made of the changes made in public security in Cearà after the re-democratization of Brazil and the consequences for homicides and police training of these changes.
32
Furst, Alexander J. "State Regulation of Private Police and Security Agents." Bowling Green State University / OhioLINK, 2009. http://rave.ohiolink.edu/etdc/view?acc_num=bgsu1245626912.
Full text
33
Desilets-Bixler, Nicole L. "Security in transition : police reform in El Salvador and South Africa." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2002. http://handle.dtic.mil/100.2/ADA404711.
Full textAbstract:
Thesis (M.A. in International Security and Civil-Military Relations)--Naval Postgraduate School, March 2002.Thesis advisor(s): Jeanne Giraldo, Maria Rasmussen. Includes bibliographical references. Also available online.
34
Doyle, Maria. "FEELINGS OF SAFETY : Feelings of Safety In The Presence Of the Police, Security Guards and Police Volunteers." Thesis, Örebro universitet, Institutionen för juridik, psykologi och socialt arbete, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:oru:diva-35885.
Full textAbstract:
Uniformed presences are thought to create feelings of safety in people. However, do different uniformed people contribute to the same amount of safety and are there differences dependent on the situation? The present study examined the association between various types of uniformed presence and people’s feelings of safety through a questionnaire among 352 respondents (18-86 years) (49.1 % women). The questionnaire contained pictures of relatively safe and unsafe situations with or without uniformed presence. The respondents estimated how safe they thought they would feel in these situations with and without two police officers, six police officers, a police car, two security guards, or two police volunteers. The results showed that uniformed presence does not increase feelings of safety in an already relatively safe situation, making patrol unnecessary. In relatively unsafe situations however, all types of uniformed presence increase feelings of safety. Foot patrolling police increased feelings of safety the most. Security guards and police volunteers created approximately the same amount of safety; making police volunteers a cost-effective alternative, although some situation, gender and age differences were found. All types of foot patrol were better than vehicle patrol (with some gender differences), making non-police groups an alternative to vehicle patrol.
35
Menzel, Michael. "Model-driven security in service-oriented architectures : leveraging security patterns to transform high-level security requirements to technical policies." Phd thesis, Universität Potsdam, 2011. http://opus.kobv.de/ubp/volltexte/2012/5905/.
Full textAbstract:
Service-oriented Architectures (SOA) facilitate the provision and orchestration of business services to enable a faster adoption to changing business demands. Web Services provide a technical foundation to implement this paradigm on the basis of XML-messaging. However, the enhanced flexibility of message-based systems comes along with new threats and risks. To face these issues, a variety of security mechanisms and approaches is supported by the Web Service specifications. The usage of these security mechanisms and protocols is configured by stating security requirements in security policies. However, security policy languages for SOA are complex and difficult to create due to the expressiveness of these languages.
To facilitate and simplify the creation of security policies, this thesis presents a model-driven approach that enables the generation of complex security policies on the basis of simple security intentions. SOA architects can specify these intentions in system design models and are not required to deal with complex technical security concepts.
The approach introduced in this thesis enables the enhancement of any system design modelling languages – for example FMC or BPMN – with security modelling elements. The syntax, semantics, and notion of these elements is defined by our security modelling language SecureSOA. The metamodel of this language provides extension points to enable the integration into system design modelling languages. In particular, this thesis demonstrates the enhancement of FMC block diagrams with SecureSOA.
To enable the model-driven generation of security policies, a domain-independent policy model is introduced in this thesis. This model provides an abstraction layer for security policies. Mappings are used to perform the transformation from our model to security policy languages.
However, expert knowledge is required to generate instances of this model on the basis of simple security intentions. Appropriate security mechanisms, protocols and options must be chosen and combined to fulfil these security intentions. In this thesis, a formalised system of security patterns is used to represent this knowledge and to enable an automated transformation process. Moreover, a domain-specific language is introduced to state security patterns in an accessible way. On the basis of this language, a system of security configuration patterns is provided to transform security intentions related to data protection and identity management. The formal semantics of the security pattern language enable the verification of the transformation process introduced in this thesis and prove the correctness of the pattern application.
Finally, our SOA Security LAB is presented that demonstrates the application of our model-driven approach to facilitate a dynamic creation, configuration, and execution of secure Web Service-based composed applications.Im Bereich der Enterprisearchitekturen hat das Paradigma der Service-orientierten Architektur (SOA) in den vergangenen Jahren eine große Bedeutung erlangt. Dieser Ansatz ermöglicht die Strukturierung und Umsetzung verteilter, IT-basierter Geschäftsfunktionen, um einen effizienten und flexiblen Einsatz von IT-Ressourcen zu ermöglichen. Während in der Vergangenheit fachliche Anforderungen in monolithischen Applikationen umgesetzt wurden, setzt dieser Architekturansatz auf wiederverwendbare Dienste, die spezifische Geschäftsfunktionen implementieren. Diese Dienste können dann dynamisch zur Umsetzung von Geschäftsprozessen herangezogen werden und ermöglichen eine schnelle Reaktion auf verändernde geschäftliche Rahmenbedingungen durch Anpassung der Prozesse. Die einzelnen Dienste existieren unabhängig voneinander und sind lose über einen Nachrichtenaustausch gekoppelt. Diese Unabhängigkeit unterscheidet den SOA-Ansatz von der bisherigen Entwicklung klassischer verteilter Anwendungen. Die Verwendung unabhängiger Dienste geht aber auch mit einem größeren Gefährdungspotential einher, da eine Vielzahl von Schnittstellen bereitgestellt wird, die mittels komplexer Protokolle angesprochen werden können. Somit ist die korrekte Umsetzung von Sicherheitsmechanismen in allen Diensten und SOA-Infrastrukturkomponeten essentiell. Kommunikationspartner müssen an jedem Kommunikationsendpunkt authentifiziert und autorisiert werden und ausgetauschte Nachrichten müssen immer geschützt werden. Solche Sicherheitsanforderungen werden in technischen Sicherheitskonfigurationen (Policydokumenten) mittels einer Policysprache kodiert und werden an die Dienste verteilt, die diese Anforderungen durchsetzen. Da Policysprachen für SOA aber durch die Vielzahl und Vielfalt an Sicherheitsmechanismen, -protokollen und -standards eine hohe Komplexität aufweisen, sind Sicherheitskonfigurationen höchst fehleranfällig und mit viel Fachwissen zu erstellen. Um die Generierung von Sicherheitskonfigurationen in komplexen Systemen zu vereinfachen, wird in dieser Arbeit ein modellgetriebener Ansatz vorgestellt, der eine visuelle Modellierung von Sicherheitsanforderungen in Architekturmodellen ermöglicht und eine automatisierte Generierung von Sicherheitskonfigurationen auf Basis dieser Anforderungen unterstützt. Die Modellierungsebene ermöglicht eine einfache und abstrakte Darstellung von Sicherheitsanforderungen, die sich auch für Systemarchitekten erschließen, welche keine Sicherheits-experten sind. Beispielsweise können modellierte Daten einfach mit einem Schloss annotiert werden, um den Schutz dieser Daten zu fordern. Die Syntax, die Semantik und die Darstellung dieser Anforderungen werden durch die in dieser Arbeit vorgestellte Sicherheitsmodellierungssprache SecureSOA spezifiziert. Der vorgestellte modellgetriebene Ansatz transformiert die modellierten Anforderungen auf ein domänen-unabhängiges Policymodell, das eine Abstraktionsschicht zu konkreten Policysprachen bildet. Diese Abstrak-tionsschicht vereinfacht die Generierung von Sicherheitspolicies in verschiedenen Policysprachen. Allerdings kann diese Transformation nur erfolgen, wenn im System Expertenwissen hinterlegt ist, das die Auswahl von konkreten Sicherheitsmechanismen und -optionen bestimmt. Im Rahmen dieser Arbeit werden Entwurfsmuster für SOA-Sicherheit zur Transformation herangezogen, die dieses Wissen repräsentieren. Dazu wird ein Katalog von Entwurfsmustern eingeführt, der die Abbildung von abstrakten Sicherheitsanforderungen auf konkrete Konfigurationen ermöglicht. Diese Muster sind mittels einer Entwurfsmustersprache definiert, die in dieser Arbeit eingeführt wird. Die formale Semantik dieser Sprache ermöglicht die formale Verifikation des Transformationsprozesses, um die Korrektheit der Entwurfsmusteranwendung nachzuweisen. Die Definition dieses Entwurfsmusterkatalogs und der darauf basierende Transformationsprozess ermöglichen die Abbildung von abstrakten Sicherheitsanforderungen auf konkrete technische Sicherheitskonfigurationen und stellen den Beitrag dieser Arbeit dar. Abschließend wird in dieser Arbeit das SOA-Security-Lab vorgestellt, das die Umsetzung dieses Ansatzes demonstriert.
36
Plotkin, Lori A. "Kuwait, 1979-1991 : problems and policies for internal security." Thesis, University of Oxford, 2003. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.288970.
Full text
37
Hassan, S. M. A. "Food security and regional development policies in arid Sudan." Thesis, Swansea University, 1993. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.637243.
Full textAbstract:
Food is a need for all communities. Food security and development planning is a current issue of investigation in the Third World, particularly in Sub-Saharan Africa, due to recent famines. In these countries, development planning has been criticized on the grounds of its alienation from the local environments and its failure to achieve food security for the growing population. This thesis investigates the food problem in arid Sudan and examines the situation in the White Nile region as a suitable case study. The investigation of this problem was on indicators, such as food production, food marketing, food consumption, and environmental change to verify the hypothesis that there is a food problem in arid Sudan, similar to that in arid Sub-Saharan Africa, and demonstrates the inappropriate development planning in the Sudan. Investigation makes clear that the food problem is more evident in the rainland areas of the region and gives further evidence of the failure of Sudanese planning in its arid lands. Of the eleven chapters, chapter one is an overview of the food problem in the Sudan and Sub-Saharan Africa, and discusses research methodology. Chapter two reviews Sudanese planning and the research hypotheses, whilst chapter three applies development theory to the Sudanese situation. Chapter four examines the Afro-Asian experience in food production and concludes with lessons for the Sudan to ponder in the White Nile region. Chapter five investigates the development process of the White Nile region and related problems, particularly of food supply. Chapters six to ten are respectively devoted to an investigation of food production, marketing, and consumption in relation to the environment and survival strategies. Chapter eleven includes the main research findings and suggests a solution of the food problem in arid Sudan.
38
Toje, Asle. "American influence on European Union security policies, 1998-2004." Thesis, University of Cambridge, 2007. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.612838.
Full text
39
Lomsak, Daniel. "Toward More Composable Software-Security Policies: Tools and Techniques." Scholar Commons, 2013. http://scholarcommons.usf.edu/etd/4531.
Full textAbstract:
Complex software-security policies are dicult to specify, understand, and update. The
same is true for complex software in general, but while many tools and techniques exist
for decomposing complex general software into simpler reusable modules (packages, classes,
functions, aspects, etc.), few tools exist for decomposing complex security policies into simpler
reusable modules. The tools that do exist for modularizing policies either encapsulate
entire policies as atomic modules that cannot be decomposed or allow ne-grained policy
modularization but require expertise to use correctly.
This dissertation presents a policy-composition tool called PoliSeer [27, 26] and the
PoCo policy-composition software-security language. PoliSeer is a GUI-based tool designed
to enable users who are not expert policy engineers to
exibly specify, visualize, modify,
and enforce complex runtime policies on untrusted software. PoliSeer users rely on expert
policy engineers to specify universally composable policy modules; PoliSeer users then build
complex policies by composing those expert-written modules. This dissertation describes
the design and implementation of PoliSeer and a case study in which we have used PoliSeer
to specify and enforce a policy on PoliSeer itself.
PoCo is a language for specifying composable software-security policies. PoCo users
specify software-security policies in terms of abstract input-output event sequences. The
policy outputs are expressive, capable of describing all desired, irrelevant, and prohibited
events at once. These descriptive outputs compose well: operations for combining them
satisfy a large number of algebraic properties, which allows policy hierarchies to be designed
more simply and naturally. We demonstrate PoCo's capability via a case study in which a
sophisticated policy is implemented in PoCo.
40
Mallios, Ioannis. "Probabilistic-Cost Enforcement of Security Policies in Distributed Systems." Research Showcase @ CMU, 2016. http://repository.cmu.edu/dissertations/736.
Full textAbstract:
Computer and network security has become of paramount importance in our everyday lives. Cyber attacks can lead to a wide range of undesirable situations ranging from breaches of personal information and confidential data to loss of human lives. One way to protect computer and network systems is through the use of technical (i.e., software and hardware) security mechanisms, such as firewalls and Intrusion Detection Systems (IDSs). Previous work has introduced formal frameworks that can be used to model such technical security mechanisms. Such formal frameworks help us: (1) understand the fundamental limitations of security mechanisms, (2) verify the correctness of the design of security mechanisms, and (3) efficiently design secure systems. While these frameworks provided an important first step for the modeling of security mechanisms and the analysis of their enforcement capabilities, they were able to model only individual security mechanisms and they could not be used to compare the cost of different monitoring designs. In this thesis we present formal frameworks for modeling and reasoning about a larger class of security mechanisms and enforcement scenarios than previous research. We demonstrate how our frameworks can be used to model different types and architectures of security mechanisms, both for centralized and distributed systems (e.g., IDSs and distributed IDSs). We use our frameworks to identify and prove new lower and upper bounds of the enforceable security policies by security mechanisms. These results extend the list of bounds of enforceable security policies identified by previous research and broaden our understanding of fundamental limitations of the enforcement capabilities of security mechanisms. Finally, we demonstrate how to compare the expected cost of different designs of security mechanisms.
41
Schwan, Matthias. "Specification and verification of security policies for smart cards." Doctoral thesis, Humboldt-Universität zu Berlin, Mathematisch-Naturwissenschaftliche Fakultät II, 2008. http://dx.doi.org/10.18452/15767.
Full textAbstract:
Chipkarten sind ein fester Bestandteil unseres täglichen Lebens, das immer stärker von der Zuverlässigkeit derartiger Sicherheitssysteme abhängt, zum Beispiel Bezahlkarten, elektronische Gesundheitskarten oder Ausweisdokumente. Eine Sicherheitspolitik beschreibt die wichtigsten Sicherheitsziele und Sicherheitsfunktionen eines Systems und bildet die Grundlage für dessen zuverlässige Entwicklung. In der Arbeit konzentrieren wir uns auf multi-applikative Chipkartenbetriebssysteme und betrachten neue zusätzliche Sicherheitsziele, die dem Schutz der Kartenanwendungen dienen. Da die Qualität des Betriebssystems von der umgesetzten Sicherheitspolitik abhängt, ist deren Korrektheit von entscheidender Bedeutung. Mit einer Formalisierung können Zweideutigkeiten in der Interpretation ausgeschlossen und formale Beweistechniken angewendet werden. Bisherige formale Verifikationen von Sicherheitspolitiken beinhalten im allgemeinen den Nachweis von Safety-Eigenschaften. Wir verlangen zusätzlich die Betrachtung von Security-Eigenschaften, wobei aus heutiger Sicht beide Arten von Eigenschaften stets getrennt in unterschiedlichen Formalismen verifiziert werden. Die Arbeit stellt eine gemeinsame Spezifikations- und Verifikationsmethodik mit Hilfe von Observer-Modellen vor, die sowohl den Nachweis von Safety-Eigenschaften in einem TLA-Modell als auch den Nachweis von Security-Eigenschaften kryptografischer Protokolle in einem induktiven Modell erlaubt. Da wir alle Spezifikationen und Verifikationen im Werkzeug VSE-II durchführen, bietet das formale Modell der Sicherheitspolitik nicht nur einen abstrakten Blick auf das System, sondern dient gleichzeitig als abstrakte Systemspezifikation, die es in weiteren Entwicklungsschritten in VSE-II zu verfeinern gilt. Die vorgestellte Methodik der Integration beider Systemmodelle in VSE-II führt somit zu einer erhöhten und nachweisbaren Qualität von Sicherheitspolitiken und von Sicherheitssystemen.Security systems that use smart cards are nowadays an important part of our daily life, which becomes increasingly dependent on the reliability of such systems, for example cash cards, electronic health cards or identification documents. Since a security policy states both the main security objectives and the security functions of a certain security system, it is the basis for the reliable system development. This work focuses on multi-applicative smart card operating systems and addresses new security objectives regarding the applications running on the card. As the quality of the operating system is determined by the underlying security policy, its correctness is of crucial importance. A formalization of it first provides an unambiguous interpretation and second allows for the analysis with mathematical precision. The formal verification of a security policy generally requires the verification of so-called safety properties; but in the proposed security policy we are additionally confronting security properties. At present, safety and security properties of formal system models are verified separately using different formalisms. In this work we first formalize a security policy in a TLA system specification to analyze safety properties and then separately verify security properties using an inductive model of cryptographic protocols. We provide a framework for combining both models with the help of an observer methodology. Since all specifications and proofs are performed with the tool VSE-II, the verified formal model of the security policy is not just an abstract view on the security system but becomes its high level specification, which shall be refined in further development steps also to be performed with the tool. Hence, the integration of the two approaches within the tool VSE-II leads to a new quality level of security policies and ultimately of the development of security systems.
42
Hanus, Bartlomiej T. "The Impact of Information Security Awareness on Compliance with Information Security Policies: a Phishing Perspective." Thesis, University of North Texas, 2014. https://digital.library.unt.edu/ark:/67531/metadc699974/.
Full textAbstract:
This research seeks to derive and examine a multidimensional definition of information security awareness, investigate its antecedents, and analyze its effects on compliance with organizational information security policies. The above research goals are tested through the theoretical lens of technology threat avoidance theory and protection motivation theory. Information security awareness is defined as a second-order construct composed of the elements of threat and coping appraisals supplemented by the responsibilities construct to account for organizational environment. The study is executed in two stages. First, the participants (employees of a municipality) are exposed to a series of phishing and spear-phishing messages to assess if there are any common characteristics shared by the phishing victims. The differences between the phished and the not phished group are assessed through multiple discriminant analysis. Second, the same individuals are asked to participate in a survey designed to examine their security awareness. The research model is tested using PLS-SEM approach. The results indicate that security awareness is in fact a second-order formative construct composed of six components. There are significant differences in security awareness levels between the victims of the phishing experiment and the employees who maintain compliance with security policies. The study extends the theory by proposing and validating a universal definition of security awareness. It provides practitioners with an instrument to examine awareness in a plethora of settings and design customized security training activities.
43
Lee, Thomas F. "A new role for local police in radiological security." Thesis, Monterey, Calif. : Naval Postgraduate School, 2007. http://bosun.nps.edu/uhtbin/hyperion-image.exe/07Sep%5FLee.pdf.
Full textAbstract:
Thesis (M.A. in Security Studies (Homeland Security and Defense))--Naval Postgraduate School, September 2007.Thesis Advisor(s): Brannan, David ; Simeral, Robert. "September 2007." Description based on title screen as viewed on October 22, 2007. Includes bibliographical references (p. 65-72). Also available in print.
44
Oliveira, Nathalia Pereira de. "Policiais Violados, policiais violentos: uma análise da formação policial." Universidade Federal de Goiás, 2016. http://repositorio.bc.ufg.br/tede/handle/tede/6189.
Full textAbstract:
Submitted by Cássia Santos (cassia.bcufg@gmail.com) on 2016-09-12T14:43:32Z
No. of bitstreams: 2
Dissertação - Nathalia Pereira de Oliveira - 2016.pdf: 4172415 bytes, checksum: faf8d0f5decce7bd59ee91fad742b22d (MD5)
license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5)Approved for entry into archive by Luciana Ferreira (lucgeral@gmail.com) on 2016-09-12T15:51:41Z (GMT) No. of bitstreams: 2 Dissertação - Nathalia Pereira de Oliveira - 2016.pdf: 4172415 bytes, checksum: faf8d0f5decce7bd59ee91fad742b22d (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5)
Made available in DSpace on 2016-09-12T15:51:41Z (GMT). No. of bitstreams: 2 Dissertação - Nathalia Pereira de Oliveira - 2016.pdf: 4172415 bytes, checksum: faf8d0f5decce7bd59ee91fad742b22d (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) Previous issue date: 2016-08-22
Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - CAPES
The objective of this research was to analyze police violence in a further way, that is, in addition to pointing out the existence of abuse of the use of police force, sought to especially understand the causes that can be identified as responsible for violent attitudes of military police. It started from the hypothesis that the training course of these professionals is based on authoritarian and violent practices against students that will be reflected in the way the police will act. Owing to interviews realized with military police, it was possible to know the existence of several elements present both in police training and throughout his career and that may also be considered as sources of violence suffered and perpetrated by military police such as the disciplinary regulations, the military culture and the society. The interviews and the reading of other papers have highlighted the absence of a right to the voice of the military police, because of this, we sought this work, whenever possible, to quote the statements of police officers, both those derived from empirical work done in this dissertation, as well those found in other academic papers.
O objetivo desta pesquisa foi analisar a violência policial de uma maneira mais aprofundada, isto é, além de apontar a existência do abuso do uso da força policial, buscou-se especialmente compreender as causas que podem ser apontadas como responsáveis por atitudes violentas por parte dos policiais militares. Partiu-se da hipótese de que o curso de formação desses profissionais é baseado em práticas autoritárias e violentas contra os alunos que irão refletir na atuação policial. A partir de entrevistas realizadas com policiais militares, percebeu-se a existência de diversos elementos presentes tanto na formação policial quanto ao longo de sua carreira, que também podem ser considerados como fontes das violências sofridas e perpetradas por policiais militares tais como: o regulamento disciplinar, a cultura militar e as pressões advindas da sociedade. As entrevistas e a leitura de trabalhos empíricos e teóricos a respeito do tema evidenciaram a inexistência do direito à voz do policial militar, sobretudo daqueles que não compõem o oficialato e, devido a isso, buscou-se, sempre que possível, trazer falas dos policiais, tanto aquelas derivadas do trabalho empírico realizado nesta dissertação, como também as encontradas em outros trabalhos acadêmicos.
45
Hamilton, Sheilah Elizabeth. "Private security and government : a Hong Kong perspective, 1841-1941 /." Thesis, Click to view the E-thesis via HKUTO, 1999. http://sunzi.lib.hku.hk/hkuto/record/B42575102.
Full text
46
Gerônimo, Gislene Donizetti. "Segurança pública: dever do Estado: garantia do exercício da cidadania." Universidade Presbiteriana Mackenzie, 2011. http://tede.mackenzie.br/jspui/handle/tede/1028.
Full textAbstract:
Made available in DSpace on 2016-03-15T19:33:46Z (GMT). No. of bitstreams: 1
Gislene Donizetti Geronimo.pdf: 433501 bytes, checksum: 8be5695f49164c369a208d10adb10752 (MD5)
Previous issue date: 2011-08-25The Modern State appeared as a new type of State. Characterized for the sovereign power, it was instituted to assure the order and the peace in the State community, as well as providing a legal communitarian order in which the individuals could exert their basic rights and lived with dignity. In this way, the State it is constructed to guarantee to the individual the security to live in society, endorsed by laws which could provide the full exercise of their personal rights. The Modern State appears as a Liberal State or 'Rule of Law', characterized for the legal limitation of State power. It is followed by the Social State, and, later, for the Democratic State of Law, characterized for the consecration of the human rights and by the popular sovereignty. Amongst the consecrated human rights, we also could find the right to the public security which, by the way, always was present in the history of the human kind and in all of the Brazilian Constitutions. The Federal Constitution of Brazil in 1988, regulated the public security as a basic right in its article 5º, also as social right in its article 6º and as a State duty and a responsibility of the brazilian society in its article 144, in which regulated the responsible of police agencies for the exercise of the public security. Still thus, the public security is exerted by agencies that had not been regulated in the Constitution, what generates relative debate which also occur, even though, for the incapacity of the policies constitutionally established in consequence of the highest index of existing crime in our Country. Thus, it is necessary joint action of the State Powers, through its Executive, Legislative and Judiciary branches, and also by the society, in order to elaborate and implement public policies towards the public security, that could contribute to prevent and to contain crime.
O Estado Moderno surgiu como um novo tipo de Estado. Marcado pelo poder soberano, foi instituído com a função de assegurar a ordem e a paz na comunidade jurídica do Estado, assim como para colocar à disposição uma ordem comunitária justa na qual os indivíduos pudessem exercer seus direitos fundamentais e viver com dignidade. Desse modo, surge o Estado para garantir ao indivíduo a segurança para estar em sociedade, respaldado por leis que lhe garantam o pleno exercício de seus direitos. O Estado Moderno se inicia como Estado Liberal ou Estado de Direito, caracterizado pela limitação jurídica ao poder estatal. É sucedido pelo Estado Social, e, depois pelo Estado Democrático de Direito, marcado pela consagração dos direitos humanos e caracterizado pela soberania popular. Dentre os direitos humanos consagrados, encontra-se o direito à segurança, que, aliás, sempre esteve presente na história da humanidade e em todas as constituições brasileiras. A Constituição Federal de 1988 a previu como direito fundamental em seu artigo 5º, como direito social, em seu artigo 6º e como dever do Estado e responsabilidade de todos em seu artigo 144, no qual elencou taxativamente os órgãos policiais responsáveis pelo exercício da segurança pública. Ainda assim, a segurança pública é exercida por órgãos que constitucionalmente não foram previstos, o que gera relativo debate, que ocorre, até mesmo, pela incapacidade das polícias constitucionalmente estabelecidas, ante ao elevadíssimo índice de criminalidade existente em nosso País. Assim, faz-se necessária ação conjunta do Estado, através de seus Poderes Executivo, Legislativo e Judiciário, e da sociedade civil no sentido de elaborar e implementar políticas de segurança pública que contribuam para prevenir e conter a criminalidade existente.
47
Dario, Diogo M. "Human security policies in the Colombian conflict during the Uribe government." Thesis, University of St Andrews, 2013. http://hdl.handle.net/10023/4516.
Full textAbstract:
The aim of this dissertation is to analyse the use of narratives informed by the discourse of human security in the context of the Colombian conflict during the government of President Alvaro Uribe Velez (2002-2010). Its main contribution is to map the transformation of these narratives from the site of their formulation in the international institutions to the site of their appropriation into domestic settings; and then consider their role in the formation of the actors' strategies and the construction of the subjectivities of the individuals affected by the conflict dynamics. The research proceeds to this analysis through an investigation of the policies for the internally displaced and those relating to the rights of the victims informed by the framework of transitional justice. It shows that, with a combination of narratives of empowerment and reconciliation, they fulfill complementary roles in the construction of the subjectivities of individuals affected by the conflict in Colombia. The dissertation also concludes that the flexibility of the human security discourse allowed the Uribe government to reinforce its position.
48
Timilsina, Anga. "Getting the policies right the prioritization and sequencing of policies in post-conflict countries /." Santa Monica, CA : RAND, 2007. http://www.rand.org/pubs/rgs_dissertations/RGSD222/.
Full text
49
Hetherington, Christopher John. "Private security as an essential component of Homeland Security /." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2004. http://library.nps.navy.mil/uhtbin/hyperion/04Jun%5FHetherington.pdf.
Full textAbstract:
Thesis (M.A. in Security Studies (Homeland Security and Defense))--Naval Postgraduate School, June 2004.Thesis advisor(s): Maria Rasmussen. Includes bibliographical references (p. 57-59). Also available online.
50
Herusutopo, Antonius. "A study of computer security policies for the Indonesian Navy." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from the National Technical Information Service, 1993. http://handle.dtic.mil/100.2/ADA272533.
Full text