Tesis sobre el tema "Security measures"
Siga este enlace para ver otros tipos de publicaciones sobre el tema: Security measures.
Crea una cita precisa en los estilos APA, MLA, Chicago, Harvard y otros
Consulte los 50 mejores tesis para su investigación sobre el tema "Security measures".
Junto a cada fuente en la lista de referencias hay un botón "Agregar a la bibliografía". Pulsa este botón, y generaremos automáticamente la referencia bibliográfica para la obra elegida en el estilo de cita que necesites: APA, MLA, Harvard, Vancouver, Chicago, etc.
También puede descargar el texto completo de la publicación académica en formato pdf y leer en línea su resumen siempre que esté disponible en los metadatos.
Explore tesis sobre una amplia variedad de disciplinas y organice su bibliografía correctamente.
1
Paul, Philip Christopher. "Microelectronic security measures". Thesis, University of Cambridge, 2009. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.611689.
Texto completo
2
King-Lacroix, Justin. "Securing the 'Internet of Things' : decentralised security for wireless networks of embedded systems". Thesis, University of Oxford, 2016. https://ora.ox.ac.uk/objects/uuid:b41c942f-5389-4a5b-8bb7-d5fb6a18a3db.
Texto completoResumen
The phrase 'Internet of Things' refers to the pervasive instrumentation of physical objects with sensors and actuators, and the connection of those sensors and actuators to the Internet. These sensors and actuators are generally based on similar hardware as, and have similar capabilities to, wireless sensor network nodes. However, they operate in a completely different network environment: wireless sensor network nodes all generally belong to a single entity, whereas Internet of Things endpoints can belong to different, even competing, ones. This difference has profound implications for the design of security mechanisms in these environments. Wireless sensor network security is generally focused on defence against attack by external parties. On the Internet of Things, such an insider/outsider distinction is impossible; every entity is both an endpoint for legitimate communications, and a possible source of attack. We argue that that under such conditions, the centralised models that underpin current networking standards and protocols for embedded systems are simply not appropriate, because they require such an insider/outsider distinction. This thesis serves as an exposition in the design of decentralised security mechanisms, applied both to applications, which must perform access control, and networks, which must guarantee communications security. It contains three main contributions. The first is a threat model for Internet of Things networks. The second is BottleCap, a capability-based access control module, and an exemplar of decentralised security architecture at the application layer. The third is StarfishNet, a network-layer protocol for Internet of Things wireless networks, and a similar exemplar of decentralised security architecture at the network layer. Both are evaluated with microbenchmarks on prototype implementations; StarfishNet's association protocol is additionally validated using formal verification in the protocol verification tool Tamarin.
3
Santos, Alvaro K. "Economic aspects of airport security measures". Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 1999. http://handle.dtic.mil/100.2/ADA366334.
Texto completo
4
Kavuluru, Ramakanth. "ANALYSIS OF SECURITY MEASURES FOR SEQUENCES". UKnowledge, 2009. http://uknowledge.uky.edu/gradschool_diss/735.
Texto completoResumen
Stream ciphers are private key cryptosystems used for security in communication and data transmission systems. Because they are used to encrypt streams of data, it is necessary for stream ciphers to use primitives that are easy to implement and fast to operate. LFSRs and the recently invented FCSRs are two such primitives, which give rise to certain security measures for the cryptographic strength of sequences, which we refer to as complexity measures henceforth following the convention. The linear (resp. N-adic) complexity of a sequence is the length of the shortest LFSR (resp. FCSR) that can generate the sequence. Due to the availability of shift register synthesis algorithms, sequences used for cryptographic purposes should have high values for these complexity measures. It is also essential that the complexity of these sequences does not decrease when a few symbols are changed. The k-error complexity of a sequence is the smallest value of the complexity of a sequence obtained by altering k or fewer symbols in the given sequence. For a sequence to be considered cryptographically ‘strong’ it should have both high complexity and high error complexity values.
An important problem regarding sequence complexity measures is to determine good bounds on a specific complexity measure for a given sequence. In this thesis we derive new nontrivial lower bounds on the k-operation complexity of periodic sequences in both the linear and N-adic cases. Here the operations considered are combinations of insertions, deletions, and substitutions. We show that our bounds are tight and also derive several auxiliary results based on them.
A second problem on sequence complexity measures useful in the design and analysis of stream ciphers is to determine the number of sequences with a given fixed (error) complexity value. In this thesis we address this problem for the k-error linear complexity of 2n-periodic binary sequences. More specifically:
1. We characterize 2n-periodic binary sequences with fixed 2- or 3-error linear complexity and obtain the counting function for the number of such sequences with fixed k-error linear complexity for k = 2 or 3.
2. We obtain partial results on the number of 2n-periodic binary sequences with fixed k-error linear complexity when k is the minimum number of changes required to lower the linear complexity.
5
Mohsen, Rabih. "Quantitative measures for code obfuscation security". Thesis, Imperial College London, 2016. http://hdl.handle.net/10044/1/55180.
Texto completoResumen
In this thesis we establish a quantitative framework to measure and study the security of code obfuscation, an effective software protection method that defends software against malicious reverse engineering. Despite the recent positive result by Garg et al.[GGH+13] that shows the possibility of obfuscating using indistinguishability obfuscation definition, code obfuscation has two major challenges: firstly, the lack of theoretical foundation that is necessary to define and reason about code obfuscation security; secondly, it is an open problem whether there exists security metrics that measure and certify the current state-of-the-art of code obfuscation techniques. To address these challenges, we followed a research methodology that consists of the following main routes: a formal approach to build a theory that captures, defines and measures the security of code obfuscation, and an experimental approach that provides empirical evidence about the soundness and validity of the proposed theory and metrics. To this end, we propose Algorithmic Information Theory, known as Kolmogorov complexity, as a theoretical and practical model to define, study, and measure the security of code obfuscation. We introduce the notion of unintelligibility, an intuitive way to define code obfuscation, and argue that it is not sufficient to capture the security of code obfuscation. We then present a more powerful security definition that is based on the algorithmic mutual information, and show that is able to effectively capture code obfuscation security. We apply our proposed definition to prove the possibility of obtaining security in code obfuscation under reasonable assumptions. We model adversaries with deobfuscation capabilities that explicitly realise the required properties for a successful deobfuscation attack. We build a quantitative model that comprises a set of security metrics, which are derived from our proposed theory and based on lossless compression, aiming to measure the quality of code obfuscation security. We propose normalised information distance NID as a metric to measure code obfuscation resilience, and establish the relation between our security definition and the normalised information distance. We show that if the security conditions for code obfuscations are satisfied (the extreme case) then the NID tends to be close to one, which is the maximum value that can be achieved. Finally, we provide an experimental evaluation to provide empirical validation for the proposed metrics. Our results show that the proposed measures are positively correlated with the degree of obfuscation resilience to an attacker using decompilers, i.e. the percentage of the clear code that was not recovered by an attacker, which indicates a positive relationship with the obfuscation resilience factor.
6
Cachin, Christian. "Entropy measures and unconditional security in cryptography /". [S.l.] : [s.n.], 1997. http://e-collection.ethbib.ethz.ch/show?type=diss&nr=12187.
Texto completo
7
Rastogi, Rahul. "Information security service management : a service management approach to information security management". Thesis, Nelson Mandela Metropolitan University, 2011. http://hdl.handle.net/10948/1389.
Texto completoResumen
In today’s world, information and the associated Information Technology are critical assets for many organizations. Any information security breach, or compromise of these assets, can lead to serious implications for organizations that are heavily dependent on these assets. For such organizations, information security becomes vital. Organizations deploy an information security infrastructure for protecting their information assets. This infrastructure consists of policies and controls. Organizations also create an information security management system for managing information security in the organization. While some of the policies and controls are of a purely technical nature, many depend upon the actions of end-users. However, end-users are known to exhibit both compliant and noncompliant behaviours in respect of these information security policies and controls in the organization. Non-compliant information security behaviours of end-users have the potential to lead to information security breaches. Non-compliance thus needs to be controlled. The discipline of information security and its management have evolved over the years. However, the discipline has retained the technology-driven nature of its origin. In this context, the discipline has failed to adequately appreciate the role played by the end-users and the complexities of their behaviour, as it relates to information security policies and controls. The pervasive information security management philosophy is that of treating end-users as the enemy. Compliance is sought to be achieved through awareness programs, rewards, punishments and evermore strict policies and controls. This has led to a bureaucratic information security management approach. The philosophy of treating end-users as the enemy has had an adverse impact on information security in the organization. It can be said that rather than curbing non-compliance by end-users, the present-day bureaucratic approach to information security management has contributed to non-compliance. This thesis calls this the end-user crisis. This research aims at resolving this crisis by identifying an improved approach to information security management in the organization. This research has applied the service management approach to information security management. The resultant Information Security Service Management (ISSM) views end-users as assets and resources, and not as enemies. The central idea of ISSM is that the end-user is to be treated as a customer, whose needs are to be satisfied. This research presents ISSM. This research also presents the various components of ISSM to aid in its implementation in an organization.
8
Acharya, Gautam. "Legal aspects of aviation security measures taken at airports". Thesis, McGill University, 2005. http://digitool.Library.McGill.CA:80/R/?func=dbin-jump-full&object_id=98600.
Texto completoResumen
Aviation and the internet are two conveniences without which the modern world would almost grind to a halt given our current dependence levels (on them). If both were to suddenly vanish, mankind would be thrown back to the late 19th century reminiscent of a world which was once a smaller place.Aviation plays a critical role in our daily life transporting man and material over vast distances in a relatively short period of time. A vital cog in this wheel is the airport that 'facilitates' the safe loading, unloading, take-off and landing of aircraft.
For some time now, aircraft have been the target of various terrorist groups and militant factions seeking to make a point to the world in the most dramatic fashion possible. To maintain the security of civil aviation, laws have been promulgated (both nationally and internationally) to ensure that the perpetrators (of the crime) when caught, will be adequately punished and in a manner that will deter others from committing crimes against civil aviation. However this law-making process (in large part initiated by the International Civil Aviation Organization) has not sufficiently addressed airports and the security therein.
This paper seeks to examine---and in some cases suggest improvements to---aviation security laws at large, with a specific emphasis on airports. It is believed that a more comprehensive set of laws governing aviation security would result in greater efficacy of airport security procedures thus reducing the need for prospective judicial intervention and concomitant lengthy court proceedings.
9
Cioranu, Adrian Gabriel. "Facilitation versus security". Thesis, McGill University, 2005. http://digitool.Library.McGill.CA:80/R/?func=dbin-jump-full&object_id=99131.
Texto completoResumen
The aviation industry is undeniably playing a very significant role in our day-to-day life. A vast and inter-connected web of flights ensures swift passenger travel and cargo traffic. However, in the name of security, otherwise intrinsic technicalities tend now not only to hinder on further development of aviation facilitation but also take over and lead towards the exact opposite result. What are the current measures taken by the international community to streamline passenger travel? What are the new initiatives which ought to be implemented? How is the future of aviation facilitation going to look like? How is it going to affect air travel and what legal implications is it rising? Throughout this thesis we will present the legal framework applicable to aviation facilitation and discuss the main initiatives that are being considered by ICAO and IATA in this respect. While Facilitation and Security should be considered as "two faces of the same coin", in reality they appear to "compete" against each other. Hence, we will provide our arguments in support of this theory.
10
Naude, Kevin Alexander. "Assessing program code through static structural similarity". Thesis, Nelson Mandela Metropolitan University, 2007. http://hdl.handle.net/10948/578.
Texto completoResumen
Learning to write software requires much practice and frequent assessment. Consequently, the use of computers to assist in the assessment of computer programs has been important in supporting large classes at universities. The main approaches to the problem are dynamic analysis (testing student programs for expected output) and static analysis (direct analysis of the program code). The former is very sensitive to all kinds of errors in student programs, while the latter has traditionally only been used to assess quality, and not correctness. This research focusses on the application of static analysis, particularly structural similarity, to marking student programs. Existing traditional measures of similarity are limiting in that they are usually only effective on tree structures. In this regard they do not easily support dependencies in program code. Contemporary measures of structural similarity, such as similarity flooding, usually rely on an internal normalisation of scores. The effect is that the scores only have relative meaning, and cannot be interpreted in isolation, ie. they are not meaningful for assessment. The SimRank measure is shown to have the same problem, but not because of normalisation. The problem with the SimRank measure arises from the fact that its scores depend on all possible mappings between the children of vertices being compared. The main contribution of this research is a novel graph similarity measure, the Weighted Assignment Similarity measure. It is related to SimRank, but derives propagation scores from only the locally optimal mapping between child vertices. The resulting similarity scores may be regarded as the percentage of mutual coverage between graphs. The measure is proven to converge for all directed acyclic graphs, and an efficient implementation is outlined for this case. Attributes on graph vertices and edges are often used to capture domain specific information which is not structural in nature. It has been suggested that these should influence the similarity propagation, but no clear method for doing this has been reported. The second important contribution of this research is a general method for incorporating these local attribute similarities into the larger similarity propagation method. An example of attributes in program graphs are identifier names. The choice of identifiers in programs is arbitrary as they are purely symbolic. A problem facing any comparison between programs is that they are unlikely to use the same set of identifiers. This problem indicates that a mapping between the identifier sets is required. The third contribution of this research is a method for applying the structural similarity measure in a two step process to find an optimal identifier mapping. This approach is both novel and valuable as it cleverly reuses the similarity measure as an existing resource. In general, programming assignments allow a large variety of solutions. Assessing student programs through structural similarity is only feasible if the diversity in the solution space can be addressed. This study narrows program diversity through a set of semantic preserving program transformations that convert programs into a normal form. The application of the Weighted Assignment Similarity measure to marking student programs is investigated, and strong correlations are found with the human marker. It is shown that the most accurate assessment requires that programs not only be compared with a set of good solutions, but rather a mixed set of programs of varying levels of correctness. This research represents the first documented successful application of structural similarity to the marking of student programs.
11
Coertze, Jacques Jacobus. "A framework for information security governance in SMMEs". Thesis, Nelson Mandela Metropolitan University, 2012. http://hdl.handle.net/10948/d1014083.
Texto completoResumen
It has been found that many small, medium and micro-sized enterprises (SMMEs) do not comply with sound information security governance principles, specifically the principles involved in drafting information security policies and monitoring compliance, mainly as a result of restricted resources and expertise. Research suggests that this problem occurs worldwide and that the impact it has on SMMEs is great. The problem is further compounded by the fact that, in our modern-day information technology environment, many larger organisations are providing SMMEs with access to their networks. This results not only in SMMEs being exposed to security risks, but the larger organisations as well. In previous research an information security management framework and toolbox was developed to assist SMMEs in drafting information security policies. Although this research was of some help to SMMEs, further research has shown that an even greater problem exists with the governance of information security as a result of the advancements that have been identified in information security literature. The aim of this dissertation is therefore to establish an information security governance framework that requires minimal effort and little expertise to alleviate governance problems. It is believed that such a framework would be useful for SMMEs and would result in the improved implementation of information security governance.
12
Dong, Ying y 董穎. "Providing security services for mobile ad hoc networks". Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2007. http://hub.hku.hk/bib/B3955711X.
Texto completo
13
Tyukala, Mkhululi. "Governing information security using organisational information security profiles". Thesis, Nelson Mandela Metropolitan University, 2007. http://hdl.handle.net/10948/626.
Texto completoResumen
The corporate scandals of the last few years have changed the face of information security and its governance. Information security has been elevated to the board of director level due to legislation and corporate governance regulations resulting from the scandals. Now boards of directors have corporate responsibility to ensure that the information assets of an organisation are secure. They are forced to embrace information security and make it part of business strategies. The new support from the board of directors gives information security weight and the voice from the top as well as the financial muscle that other business activities experience. However, as an area that is made up of specialist activities, information security may not easily be comprehended at board level like other business related activities. Yet the board of directors needs to provide oversight of information security. That is, put an information security programme in place to ensure that information is adequately protected. This raises a number of challenges. One of the challenges is how can information security be understood and well informed decisions about it be made at the board level? This dissertation provides a mechanism to present information at board level on how information security is implemented according to the vision of the board of directors. This mechanism is built upon well accepted and documented concepts of information security. The mechanism (termed An Organisational Information Security Profile or OISP) will assist organisations with the initialisation, monitoring, measuring, reporting and reviewing of information security programmes. Ultimately, the OISP will make it possible to know if the information security endeavours of the organisation are effective or not. If the information security programme is found to be ineffective, The OISP will facilitate the pointing out of areas that are ineffective and what caused the ineffectiveness. This dissertation also presents how the effectiveness or ineffctiveness of information security can be presented at board level using well known visualisation methods. Finally the contribution, limits and areas that need more investigation are provided.
14
Mayisela, Simphiwe Hector. "Data-centric security : towards a utopian model for protecting corporate data on mobile devices". Thesis, Rhodes University, 2014. http://hdl.handle.net/10962/d1011094.
Texto completoResumen
Data-centric security is significant in understanding, assessing and mitigating the various risks and impacts of sharing information outside corporate boundaries. Information generally leaves corporate boundaries through mobile devices. Mobile devices continue to evolve as multi-functional tools for everyday life, surpassing their initial intended use. This added capability and increasingly extensive use of mobile devices does not come without a degree of risk - hence the need to guard and protect information as it exists beyond the corporate boundaries and throughout its lifecycle. Literature on existing models crafted to protect data, rather than infrastructure in which the data resides, is reviewed. Technologies that organisations have implemented to adopt the data-centric model are studied. A utopian model that takes into account the shortcomings of existing technologies and deficiencies of common theories is proposed. Two sets of qualitative studies are reported; the first is a preliminary online survey to assess the ubiquity of mobile devices and extent of technology adoption towards implementation of data-centric model; and the second comprises of a focus survey and expert interviews pertaining on technologies that organisations have implemented to adopt the data-centric model. The latter study revealed insufficient data at the time of writing for the results to be statistically significant; however; indicative trends supported the assertions documented in the literature review. The question that this research answers is whether or not current technology implementations designed to mitigate risks from mobile devices, actually address business requirements. This research question, answered through these two sets qualitative studies, discovered inconsistencies between the technology implementations and business requirements. The thesis concludes by proposing a realistic model, based on the outcome of the qualitative study, which bridges the gap between the technology implementations and business requirements. Future work which could perhaps be conducted in light of the findings and the comments from this research is also considered.
15
Frauenstein, Edwin Donald. "A framework to mitigate phishing threats". Thesis, Nelson Mandela Metropolitan University, 2013. http://hdl.handle.net/10948/d1021208.
Texto completoResumen
We live today in the information age with users being able to access and share information freely by using both personal computers and their handheld devices. This, in turn, has been made possible by the Internet. However, this poses security risks as attempts are made to use this same environment in order to compromise the confidentiality, integrity and availability of information. Accordingly, there is an urgent need for users and organisations to protect their information resources from agents posing a security threat. Organisations typically spend large amounts of money as well as dedicating resources to improve their technological defences against general security threats. However, the agents posing these threats are adopting social engineering techniques in order to bypass the technical measures which organisations are putting in place. These social engineering techniques are often effective because they target human behaviour, something which the majority of researchers believe is a far easier alternative than hacking information systems. As such, phishing effectively makes use of a combination of social engineering techniques which involve crafty technical emails and website designs which gain the trust of their victims. Within an organisational context, there are a number of areas which phishers exploit. These areas include human factors, organisational aspects and technological controls. Ironically, these same areas serve simultaneously as security measures against phishing attacks. However, each of these three areas mentioned above are characterised by gaps which arise as a result of human involvement. As a result, the current approach to mitigating phishing threats comprises a single-layer defence model only. However, this study proposes a holistic model which integrates each of these three areas by strengthening the human element in each of these areas by means of a security awareness, training and education programme.
16
Fana, Akhona. "An evaluation of security issues in cloud-based file sharing technologies". Thesis, University of Fort Hare, 2015. http://hdl.handle.net/10353/1841.
Texto completoResumen
Cloud computing is one of the most promising technologies for backup and data storage that provides flexible access to data. Cloud computing plays a vital role in remote backup. It is so unfortunate that this computing technique has flaws that thrilled and edgy end users in implementing it effectively. These flaws include factors like lack of integrity, confidentiality and privacy to information. A secure cloud is impossible unless the computer-generated environment is appropriately secured. In any form of technology it is always advisable that security challenges must be prior identified and fixed before the implementation of that particular technology. Primarily, this study will focus on finding security issues in cloud computing with the objective of finding concerns like credential theft and session management in the ―Cloud‖. Main arguments like HTTP banner disclosure, Bash ―ShellShock‖ Injection and password issues were discovered during the stages of study implementation. These challenges may provide information that will permit hackers in manipulating and exploiting cloud environment. Identifying credential theft and session management in cloud-based file sharing technologies a mixed method approach was implemented throughout the course of the study due to the nature of study and unity of analysis. Penetration tests were performed as security testing technique. Prevention and guideline of security threats leads to a friendly and authentic world of technology.
17
Lububu, Steven. "Perception of employees concerning information security policy compliance : case studies of a European and South African university". Thesis, Cape Peninsula University of Technology, 2018. http://hdl.handle.net/20.500.11838/2802.
Texto completoResumen
Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2018.This study recognises that, regardless of information security policies, information about institutions continues to be leaked due to the lack of employee compliance. The problem is that information leakages have serious consequences for institutions, especially those that rely on information for its sustainability, functionality and competitiveness. As such, institutions ensure that information about their processes, activities and services are secured, which they do through enforcement and compliance of policies. The aim of this study is to explore the extent of non-compliance with information security policy in an institution. The study followed an interpretive, qualitative case study approach to understand the meaningful characteristics of the actual situations of security breaches in institutions. Qualitative data was collected from two universities, using semi-structured interviews, with 17 participants. Two departments were selected: Human Resources and the Administrative office. These two departments were selected based on the following criteria: they both play key roles within an institution, they maintain and improve the university’s policies, and both departments manage and keep confidential university information (Human Resources transects and keeps employees’ information, whilst the Administrative office manages students’ records). This study used structuration theory as a lens to view and interpret the data. The qualitative content analysis was used to analyse documentation, such as brochures and information obtained from the websites of the case study’s universities. The documentation was then further used to support the data from the interviews. The findings revealed some factors that influence non-compliance with regards to information security policy, such as a lack of leadership skills, favouritism, fraud, corruption, insufficiency of infrastructure, lack of security education and miscommunication. In the context of this study, these factors have severe consequences on an institution, such as the loss of the institution’s credibility or the institution’s closure. Recommendations for further study are also made available.
18
Davis, Carlton R. "Security protocols for mobile ad hoc networks". Thesis, McGill University, 2006. http://digitool.Library.McGill.CA:80/R/?func=dbin-jump-full&object_id=102970.
Texto completoResumen
Mobile ad hoc networks (MANETs) are generating much interest both in academia and the telecommunication industries. The principal attractions of MANETs are related to the ease with which they can be deployed due to their infrastructure-less and decentralized nature. For example, unlike other wireless networks, MANETs do not require centralized infrastructures such as base stations, and they are arguably more robust due to their avoidance of single point of failures. Interestingly, the attributes that make MANETs attractive as a network paradigm are the same phenomena that compound the challenge of designing adequate security schemes for these innovative networks.One of the challenging security problems is the issue of certificate revocation in MANETs where there are no on-line access to trusted authorities. In wired network environments, when certificates are to be revoked, certificate authorities (CAs) add the information regarding the certificates in question to certificate revocation lists (CRLs) and post the CRLs on accessible repositories or distribute them to relevant entities. In purely ad hoc networks, there are typically no access to centralized repositories or trusted authorities; therefore the conventional method of certificate revocation is not applicable.
Another challenging MANET security problem is the issue of secure routing in the presence of selfish or adversarial entities which selectively drop packets they agreed to forward; and in so doing these selfish or adversarial entities can disrupt the network traffic and cause various communication problems.
In this thesis, we present two security protocols we developed for addressing the above-mentioned MANET security needs. The first protocol is a decentralized certificate revocation scheme which allows the nodes within a MANET to have full control over the process of certificate revocation. The scheme is fully contained and it does not rely on any input from centralized or external entities such as trusted CAs. The second protocol is a secure MANET routing scheme we named Robust Source Routing (RSR). In addition to providing data origin authentication services and integrity checks, RSR is able to mitigate against intelligent, colluding malicious agents which selectively drop or modify packets they are required to forward.
19
Lundin, Reine. "Guesswork and Entropy as Security Measures for Selective Encryption". Doctoral thesis, Karlstads universitet, Avdelningen för datavetenskap, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:kau:diva-14032.
Texto completoResumen
More and more effort is being spent on security improvements in today's computer environments, with the aim to achieve an appropriate level of security. However, for small computing devices it might be necessary to reduce the computational cost imposed by security in order to gain reasonable performance and/or energy consumption. To accomplish this selective encryption can be used, which provides confidentiality by only encrypting chosen parts of the information. Previous work on selective encryption has chiefly focused on how to reduce the computational cost while still making the information perceptually secure, but not on how computationally secure the selectively encrypted information is. Despite the efforts made and due to the harsh nature of computer security, good quantitative assessment methods for computer security are still lacking. Inventing new ways of measuring security are therefore needed in order to better understand, assess, and improve the security of computer environments. Two proposed probabilistic quantitative security measures are entropy and guesswork. Entropy gives the average number of guesses in an optimal binary search attack, and guesswork gives the average number of guesses in an optimal linear search attack. In information theory, a considerable amount of research has been carried out on entropy and on entropy-based metrics. However, the same does not hold for guesswork. In this thesis, we evaluate the performance improvement when using the proposed generic selective encryption scheme. We also examine the confidentiality strength of selectively encrypted information by using and adopting entropy and guesswork. Moreover, since guesswork has been less theoretical investigated compared to entropy, we extend guesswork in several ways and investigate some of its behaviors.
20
Chu, Man-ying y 朱文英. "Information security deviant behavior: its typology, measures, and causes". Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2012. http://hub.hku.hk/bib/B48079613.
Texto completoResumen
Although information security is important to all organizations, little
behavioral research has been carried out in this area. Particularly lacking is research
on negative forms of behavior involved in information security. The aim of this thesis
is to fill this research gap by conducting three related studies on information security
deviant behavior (ISDB), which refers to the voluntary behavior of employees within
organizations that differs markedly from the information security norms of the
organizations and that is normally considered by other employees to be wrong.
Prior research work on this topic is insufficient, and the information security
deviance concept remains unclear. This thesis explores the topic by considering three
fundamental research questions: 1) What is ISDB? 2) How can ISDB be measured? 3)
Why do employees commit ISDB?
Study I addresses the first question—“What is ISDB?”—by identifying and
organizing ISDB using a typology. A four-step method, comprising content analysis,
multidimensional scaling, expert judgmental analysis, and empirical testing, is
proposed for the development of typologies, which can fulfill the criteria for being a
theory. The findings of this study suggest that ISDB can be organized into four ideal
types that are interrelated along two dimensions—severity and frequency. Four
constructs are identified from this typology. They are resource misuse (“high
frequency, high severity” deviance), security carelessness (“high frequency, low
severity” deviance), access control deviance (“low frequency, low severity” deviance),
and system protection deviance (“low frequency, high severity” deviance). Study I not
only develops an organized and theoretical framework for systematic research on
ISDB and constitutes a critical starting point for the development of measures of the
behavior, but also makes an important theoretical contribution by demonstrating the
development of a typology, which is a unique form of theory building for an
underdeveloped topic.
Study II focuses on the second research question—“How can ISDB be
measured?”—by developing valid and reliable scales to measure ISDB. My target is
to develop scales to measure commonly found types of ISDB using an empirical
method. Accordingly, the two “low frequency” types of deviance, access control and
system protection deviance, are omitted from consideration. A rigorous measurement
development process which includes three surveys and a number of tests is adopted. A
four-item scale of resource misuse and a three-item scale of security carelessness are
developed. The development of these two scales makes an important contribution to
future ISDB research by providing a means to measure two types of information
security deviance, thus facilitating the empirical study of ISDB.
Study III is aimed at answering the third research question—“Why do
employees commit ISDB?”—through construction of a causal model. Rather than
consider “intention” as existing behavioral research on information security
commonly does, Study III investigates actual behavior and employs resource misuse
(“high frequency, high severity” deviance) as the dependent variable. Data from a
Web-based survey are analyzed using the partial least squares approach. Considering
the dual-process approach in the theory of planned behavior, the findings suggest that
resource misuse may be both an intentional type of behavior and an unreasoned action.
Perceived behavioral control influences employees’ resource misuse actions via their
desires or intentions, whereas attitude toward resource misuse affects these actions via
employees’ desires alone. Subjective norm is found not to affect employees’ resource
misuse via either desires or intentions. In terms of the theoretical contributions, Study
III takes steps to consider information security deviance by incorporating the
dual-process approach and the theory of planned behavior. In terms of managerial
significance, the results of Study III can help managers to better understand why
employees commit resource misuse.
In conclusion, this thesis provides a number of significant insights into ISDB
and useful guidelines for further research on the topic. In addition, the findings of the
three studies can help managers to develop better company strategies and policies to
reduce internal security threats.published_or_final_version
Business
Doctoral
Doctor of Philosophy
21
Mauwa, Hope. "Information security awareness: generic content, tools and techniques". Thesis, Nelson Mandela Metropolitan University, 2007. http://hdl.handle.net/10948/560.
Texto completoResumen
In today’s computing environment, awareness programmes play a much more important role in organizations’ complete information security programmes. Information security awareness programmes are there to change behaviour or reinforce good security practices, and provide a baseline of security knowledge for all information users. Security awareness is a learning process, which changes individual and organizational attitudes and perceptions so that the importance of security and the adverse consequences of its failure are realized. Therefore, with proper awareness, employees become the most effective layer in an organization’s security defence. With the important role that these awareness programmes play in organizations’ complete information security programmes, it is a must that all organizations that are serious about information security must implement it. But though awareness programmes have become increasing important, the level of awareness in most organizations is still low. It seems that the current approach of developing these programmes does not satisfy the needs of most organizations. Therefore, another approach, which tries to meet the needs of most organizations, is proposed in this project as part of the solution of raising the level of awareness programmes in organizations.
22
Michiel, Michael. "The institutionalisation of an information security culture in a petroleum organisation in the Western Cape". Thesis, Cape Peninsula University of Technology, 2018. http://hdl.handle.net/20.500.11838/2749.
Texto completoResumen
Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2018.In today’s world, organisations cannot exist without having information readily available. The protection of information relies not only on technology but also on the behaviour of employees. The failure to institutionalise an information security culture inside an organisation will cause the continued occurrence of security breaches. The aim of the research is to explore how an information security culture can be institutionalised within a petroleum organisation in the Western Cape. The primary research question is posed as follows: “What are the factors affecting the institutionalisation of an information security culture?” To answer the research question, a study was conducted at a petroleum organisation in the Western Cape. A subjectivist ontological and interpretivist epistemological stance has been adopted and an inductive research approach was followed. The research strategy was a case study. Data for this study were gathered through interviews (12 in total) using semi-structured questionnaires. The data collected were transcribed, summarised, and categorised to provide a clear understanding of the data. For this study, twenty-four findings and seven themes were identified. The themes are: i) user awareness training and education; ii) user management; iii) compliance and monitoring; iv) change management; v) process simplification; vi) communication strategy; and vii) top management support. Guidelines are proposed, comprising four primary components. Ethical clearance to conduct the study was obtained from the Ethics committee of CPUT and permission to conduct the study was obtained from the Chief Information Officer (CIO) of the petroleum organisation. The findings point to collaboration between employees, the Information Security department, and management in order to institute a culture of security inside the organisation.
23
Yalcinkaya, Ramazan. "Risk Assessment of Aviation Security and Evaluation of Aviation Security Policies". Thesis, University of North Texas, 2005. https://digital.library.unt.edu/ark:/67531/metadc4801/.
Texto completoResumen
Comprising many airplanes, airports, aircrew, and employees, aviation industry is a large sector that is very vulnerable to attacks, whether it is from terrorists or criminals. Aviation history is fraught with examples of airport bombings, hijackings, and sabotage terrorist attacks. The most destructive of which is the tragedy of September 11, 2001, the cornerstone of today's aviation security policies. This study uses risk assessment tools to determine the dimensions of danger and threats against the aviation industry and addresses how vulnerable the aviation sector is. After vulnerabilities and threats are examined, possible impacts of attacks against the aviation security are discussed. This study also explores the pre and post September 11 policies that governments and policy makers develop to reduce risks in aviation sector. In addition, it discusses weaknesses and strengths of these policies which surfaced during the implementations. Finally, this study proposes some recommendations based on vulnerabilities and threats of aviation security.
24
Baratz, Joshua W. (Joshua William) 1981. "Regions Security Policy (RSP) : applying regions to network security". Thesis, Massachusetts Institute of Technology, 2004. http://hdl.handle.net/1721.1/17933.
Texto completoResumen
Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.Includes bibliographical references (p. 51-54).
The Regions network architecture is a new look at network organization that groups nodes into regions based on common purposes. This shift from strict network topology groupings of nodes requires a change in security systems. This thesis designs and implements the Regions Security Policy (RSP). RSP allows a unified security policy to be set across a region, fully controlling data as it enters into, exits from, and transits within a region. In doing so, it brings together several existing security solutions so as to provide security comparable to existing systems that is more likely to function correctly.
by Joshua W. Baratz.
M.Eng.and S.B.
25
Simpson, Andrew C. "Safety through security". Thesis, University of Oxford, 1996. http://ora.ox.ac.uk/objects/uuid:4a690347-46af-42a4-91fe-170e492a9dd1.
Texto completoResumen
In this thesis, we investigate the applicability of the process algebraic formal method Communicating Sequential Processes (CSP) [Hoa85] to the development and analysis of safetycritical systems. We also investigate how these tasks might be aided by mechanical verification, which is provided in the form of the proof tool Failures-Divergences Refinement (FDR) [Ros94]. Initially, we build upon the work of [RWW94, Ros95], in which CSP treatments of the security property of non-interference are described. We use one such formulation to define a property called protection, which unifies our views of safety and security. As well as applying protection to the analysis of safety-critical systems, we develop a proof system for this property, which in conjunction with the opportunity for automated analysis provided by FDR, enables us to apply the approach to problems of a sizable complexity. We then describe how FDR can be applied to the analysis of mutual exclusion, which is a specific form of non-interference. We investigate a number of well-known solutions to the problem, and illustrate how such mutual exclusion algorithms can be interpreted as CSP processes and verified with FDR. Furthermore, we develop a means of verifying the faulttolerance of such algorithms in terms of protection. In turn, mutual exclusion is used to describe safety properties of geographic data associated with Solid State Interlocking (SSI) railway signalling systems. We show how FDR can be used to describe these properties and model interlocking databases. The CSP approach to compositionality allows us to decompose such models, thus reducing the complexity of analysing safety invariants of SSI geographic data. As such, we describe how the mechanical verification of Solid State Interlocking geographic data, which was previously considered to be an intractable problem for the current generation of mechanical verification tools, is computationally feasible using FDR. Thus, the goals of this thesis are twofold. The first goal is to establish a formal encapsulation of a theory of safety-critical systems based upon the relationship which exists between safety and security. The second goal is to establish that CSP, together with FDR, can be applied to the modelling of Solid State Interlocking geographic databases. Furthermore, we shall attempt to demonstrate that such modelling can scale up to large-scale systems.
26
Fuloria, Shailendra. "Robust security for the electricity network". Thesis, University of Cambridge, 2012. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.610100.
Texto completo
27
Warricker, Anina M. "The status of information security in South Africa". Thesis, Stellenbosch : Stellenbosch University, 2005. http://hdl.handle.net/10019.1/50528.
Texto completoResumen
Thesis (MPhil)--Stellenbosch University, 2005.ENGLISH ABSTRACT: The business and social environments are increasingly reliant on the information network, and the quality and integrity of the information to effectively conduct transactions, and "survive" in the new economy. These information networks facilitate communication and transactions between customers, suppliers, partners, and employees. Emerging technologies further encourage the extension of network boundaries beyond the branch office, to private homes, airports, and even the comer coffee shop, e.g. wireless internet access. Although technology advances contribute to significant increases in productivity, convenience, and competitive advantage, it also increases the risk of attacks on the integrity and confidentiality of any information interaction. One of the key questions is how to achieve the right level of information network security and implement effective protection systems, without impacting productivity by excessively restricting the flow of information. The issue of information security is not a localised problem, but a problem on global scale, and South African businesses are no less at risk than any other geographically located business. The risk of information security is even greater if aspects like globalisation are taken into account, and the growing inter-connectedness of the global business environment. The central question is: How does the South African business environment view information security, their perceived success in implementing information security measures, and their view of future trends in information security. Ingenue- Consulting is a global business focusing on technology consulting services, across a wide range of industries and technologies. Information security has been identified by Ingenue Consulting to be a global problem, and primary research into this business issue have been undertaken in different locations globally, e.g. Australia and South African executive level survey of what the perception and importance are of information security, of business leaders across public and private industries. Ingenue Consulting has an in-house research facility, and tasked them with conducting a survey in South Africa. The survey results can then be compared with global trends, and applied in the business environment, to highlight the impact of information security risks, and to help businesses to change and improve their information security processes and technologies. The research department started out doing an extensive literature study to identify global and local trends in information security, and to assist in the compilation of the survey questionnaire. A sample group of "blue chip" businesses across all industries was targeted at executive level to conduct a research survey - fifty interviews were conducted. The raw data was collated and analysed to formulate an opinion of the information security practices and perceptions of the business environment in South Africa. The survey confirmed that the South African market risks in terms of information security are very similar to global trends. Some of the key trends are: Information security agreements are normally signed at the onset of employment, but rarely updated or highlighted to ensure continued support and implementation. This is almost contradictory to the fact that information security are taken seriously by the executive level, and often discussed at board level. The mobility of information with the emergence of wireless networks is a key issue for most businesses - as information security is at its most vulnerable. Most of the respondents rated themselves ahead of the curve and their competitors - overestimation of competencies, could lead to larger future risks. The sensitive nature of information security industry makes benchmarking against local or global players difficult due to the sensitive nature -limited willingness to participate in a consultative forum. Companies that outsouree IT tend to "wash their hands off' security issues as the responsibility of the outsourcing vendor. Most local businesses haven't got a worldly view - they do not have an active process to find out what their peers are doing locally or globally, they rely mostly on vendor and consulting advice, or media coverage.
AFRIKAANSE OPSOMMING: Die besigheids en sosiale omgewings is toenemend afhanklik van die inligtings netwerke, en die kwaliteit en integriteit van inligting om transaksies effektief uit te voer, en om te "oorleef" in die nuwe ekonomie. Inligtings netwerke fasiliteer kommunikasie en transaksies tussen kliente, verskaffers, vennote, en werknemers. Nuwe tegnologiee verder veskuif netwerk grense, wyer as die tak-kantoor, na private huise, lughawens, of die koffie kafee - deur middel van draadlose internet toegang. Alhoewel tegnologie ontwikkelings bydra tot verbeterde produktiwiteit, en gemak van gebruik - dra dit ook by tot groter gevaar van aanvalle op die integriteit en konfidensialiteit van enige inligtings transaksie. Een van die sleutel vrae is hoe om die regte vlak van inligting netwerk sekuriteit te bereik, en om die regte beskermings metodes te implementeer - sonder om die produtiwiteit te inhibeer. Die inligting sekuritets vraagstuk is nie bloot 'n lokale vraagstuk nie, maar van globale skaal, en Suid-Afrikaanse besighede is nie minder in gevaar as enige ander besigheid in 'n ander lande nie, veral nie as aspekte soos globaliseering in ag geneem word nie. Die sentrale vraag is: Hoe sien die Suid-Afrikaanse besigheids wereld inligtings sekuriteit, en die waargenome sukses met die implementering van inligtings sekuriteit prosesse, en ook hoe hul die toekoms sien van inligtings sekuriteit. Ingenue* Consulting is 'n wereldwye besigheid, gefokus op tegnologie konsultasie dienste, oor 'n wye reeks industriee en tegnologiee. Inligting sekuriteit is deur Ingenue Consulting ge-identifiseer as 'n globale probleem, en primere navorsing in die area is al onderneem in verskillende geografiee, soos Australie en die Verenigde Koninkryk. Die Suid-Afrikaanse tak van Ingenue het vroeg in 2004 besluit om 'n lokale studie te doen oor top bestuur se persepsies van inligting sekuriteits risikos, in beide die publieke en privaat besigheids wereld. Die interne navorsings afdeling van Ingenue Consulting in Suid-Afrika is gevra om die nodige studie te ondeneem, om dit dan met globale studies te vergelyk, en te kan bepaal waar gapings mag wees, en hoe om die gapings aan te spreek. Die navorsings afdeling het begin deur 'n ekstensiewe literatuur studie te doen, as hulp tot die samestelling van die vrae-lys. 'n Teiken groep van top Suid-Afrikaanse besighede, verteenwoordigend van alle industriee is genader om 'n onderhoud toe te staan om die vrae-lys te voltooi - vyftig onderhoude was voltooi. Die rou data is gekollekteer en geanaliseer, om 'n opinie te formuleer oor die inligtings sekuriteit persepsies en praktyke van die besigheids omgewing in Suid-Afrika. Die navorsing het bevestig dat die Suid-Afrikaanse mark baie dieselfde is as ander geografiese markte - in terme van inligting sekuriteit. Van die sleutel konklusies is: Inligting sekuriteit ooreenkomste word meestal geteken met die aanvangs van diens, maar bitter selde dan weer opgevolg of hernu - dit is byna kontradikterend dat top bestuur ook baie besorg is oor inligting sekuriteit, en dat dit dikwels by raads vergaderings bespreek word. Die mobiliteit van inligting is 'n groeiende bekommernis, omrede inligting dan nog meer op risiko is. Meeste respondente sien hulself as beter of meer gevorderd as hul kompeteerders - 'n oor-estimasie van sukses in inligtings sekuriteit kan lei tot groter probleme in die toekoms. Die sensitiewe natuur van inligting sekuriteit maak ope vergelyking van gedetaileerde prosesse moeilik - en meeste besighede is nie bereid om deel te neem aan algemene gesprekke nie. Terwyl besighede wat hul tegnologie afdeling deur 'n derde party bestuur, neem geen verantwoordelikheid vir hul inligtings sekuriteit nie. 'n Groter bekommernis is dat besighede in Suid-Afrika nie 'n aktiewe proses het om op hoogte bly van wat die beste opsies is in inligtings sekuriteit nie, of wat hul teenstanders doen nie - maar vertrou op die advies van verkoops en konsultasie maatskappye, of media berigte.
28
Rutherford, Andrew. "Introducing hippocratic log files for personal privacy control". Thesis, Nelson Mandela Metropolitan University, 2005. http://hdl.handle.net/10948/171.
Texto completoResumen
The rapid growth of the Internet has served to intensify existing privacy concerns of the individual, to the point that privacy is the number one concern amongst Internet users today. Tools exist that can provide users with a choice of anonymity or pseudonymity. However, many Web transactions require the release of personally identifying information, thus rendering such tools infeasible in many instances. Since it is then a given that users are often required to release personal information, which could be recorded, it follows that they require a greater degree of control over the information they release. Hippocratic databases, designed by Agrawal, Kiernan, Srikant, and Xu (2002), aim to give users greater control over information stored in a data- base. Their design was inspired by the medical Hippocratic oath, and makes data privacy protection a fundamental responsibility of the database itself. To achieve the privacy of data, Hippocratic databases are governed by 10 key privacy principles. This dissertation argues, that asides from a few challenges, the 10 prin- ciples of Hippocratic databases can be applied to log ¯les. This argument is supported by presenting a high-level functional view of a Hippocratic log file architecture. This architecture focuses on issues that highlight the con- trol users gain over their personal information that is collected in log files. By presenting a layered view of the aforementioned architecture, it was, fur- thermore, possible to provide greater insight into the major processes that would be at work in a Hippocratic log file implementation. An exploratory prototype served to understand and demonstrate certain of the architectural components of Hippocratic log files. This dissertation, thus, makes a contribution to the ideal of providing users with greater control over their personal information, by proposing the use of Hippocratic logfiles.
29
Siddiq, Irfan. "Ethnic Conflict in Indonesia : causes and recommended measures /". Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2005. http://library.nps.navy.mil/uhtbin/hyperion/05Dec%5FSiddiq.pdf.
Texto completo
30
Bloch, Matthieu. "Physical-layer security". Diss., Atlanta, Ga. : Georgia Institute of Technology, 2008. http://hdl.handle.net/1853/24658.
Texto completoResumen
Thesis (Ph.D.)--Electrical and Computer Engineering, Georgia Institute of Technology, 2008.Committee Chair: McLaughlin, Steven; Committee Member: Barros, Joao; Committee Member: Bellissard, Jean; Committee Member: Fekri, Faramarz; Committee Member: Lanterman, Aaron
31
Viljoen, Melanie. "A framework towards effective control in information security governance". Thesis, Nelson Mandela Metropolitan University, 2009. http://hdl.handle.net/10948/887.
Texto completoResumen
The importance of information in business today has made the need to properly secure this asset evident. Information security has become a responsibility for all managers of an organization. To better support more efficient management of information security, timely information security management information should be made available to all managers. Smaller organizations face special challenges with regard to information security management and reporting due to limited resources (Ross, 2008). This dissertation discusses a Framework for Information Security Management Information (FISMI) that aims to improve the visibility and contribute to better management of information security throughout an organization by enabling the provision of summarized, comprehensive information security management information to all managers in an affordable manner.
32
Koch, Katharina. "German security measures and the refugee crisis 2012 - October 2016". Thesis, Linnéuniversitetet, Institutionen för samhällsstudier (SS), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-60304.
Texto completoResumen
At present, Europe faces an unprecedented inflow of refugees which confronts it with great challenges. Germany is particularly affected by the high number of refugees and its accompanying consequences. The aim of the thesis is to show how the refugee crisis was securitized and why the high number of refugees and its accompanying effects on social life led to a modification of internal and external security measures in Germany. The thesis presents the developments during the refugee crisis in Germany and their effects on German security as well as the measures introduced to address the problems. Thereby, the securitization theory is used to analyze the events and measures taken accordingly. The analysis concludes that the security measures were modified to react to a changing perception of the refugees by the German population whose opinion changed from a ‘welcome-culture’ to a demand for a restricted refugee intake due to the events described in the findings part.
33
LU, WEN-PAI. "SECURITY OF COMMUNICATION IN COMPUTER NETWORKS (KEY MANAGEMENT, VERIFICATION)". Diss., The University of Arizona, 1986. http://hdl.handle.net/10150/183922.
Texto completoResumen
This dissertation concerns investigations on two of the most important problems in establishing communication security in computer networks: (1) developing a model which precisely describes the mechanism that enforces the security policy and requirements for a secure network, and (2) designing a key management scheme for establishing a secure session for end-to-end encryption between a pair of communicants. The security mechanism attempts to ensure secure flow of information between entities assigned to different security classes in different computer systems attached to a computer communication network. The mechanism also controls the accesses to the network devices by the subjects (users and processes executed on behalf of the users). The communication security problem is formulated by using a mathematical model which precisely describes the security requirements for the network. The model integrates the notions of access control and information flow control to provide a Trusted Network Base (TNB) for the network. The demonstration of security of the network when the security mechanism is designed following the present model is given by using mathematical induction techniques. The problem of designing key management schemes for establishing end-to-end encrypted sessions between source-destination pairs when the source and the destination are on different networks interconnected via Gateways and intermediate networks is examined. In such an internet environment, the key management problem attains a high degree of complexity due to the differences in the key distribution mechanisms used in the constituent networks and the infeasibility of effecting extensive hardware and software changes to the existing networks. A hierarchical approach for key management is presented which utilizes the existing network specific protocols at the lower levels and protocols between Authentication Servers and/or Control Centers of different networks at the higher levels. Details of this approach are discussed for specific illustrative scenarios to demonstrate the implementational simplicity. A formal verification of the security of the resulting system is also conducted by an axiomatic procedure utilizing certain combinatory logic principles. This approach is general and can be used for verifying the security of any existing key management scheme.
34
Bailey, Carmen F. "Analysis of security solutions in large enterprises". Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2003. http://library.nps.navy.mil/uhtbin/hyperion-image/03Jun%5FBailey.pdf.
Texto completo
35
Yu, Kin-ying y 余見英. "Efficient schemes for anonymous credential with reputation support". Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2012. http://hub.hku.hk/bib/B48330012.
Texto completoResumen
Anonymous credential is an important tool to protect the identity of users in the Internet for various reasons (e.g. free open speech) even when a service provider (SP) requires user authentication. Yet, misbehaving users may use anonymity for malicious purposes and SP would have no way to refrain these users from creating further damages.
Revocable anonymous credential allows SP to revoke a particular anonymous user based on the observed behavior of a session the user conducted. However, such kind of all-or-nothing revocation does not work well with the “Web 2.0” applications because it does not give a user a second chance to remedy a misconduct, nor rewards for positive behaviors. Reputation support is vital for these platforms.
In this thesis, we propose two schemes with different strengths that solve this privacy and reputation dilemma. Our first scheme, PE(AR)2, aims to empower anonymous credential based authentication with revocation and rewarding support. The scheme is efficient, outperforms PEREA which was the most efficient solution to this problem, with an authentication time complexity O(1) as compared with other related works that has dependency on either the user side storage or the blacklist size. PEREA has a few drawbacks that make it vulnerable and not practical enough. Our scheme fixes PEREA's vulnerability together with efficiency improvement. Our benchmark on PE(AR)2 shows that an SP can handle over 160 requests/second when the credentials store 1000 single-use tickets, which outperforms PEREA with a 460 fold efficiency improvement.
Our second scheme, SAC, aims to provide a revocation and full reputation support over anonymous credential based authentication system. With a small efficiency trade-o_ as compared with PE(AR)2, the scheme now supports both positive and negative scores. The scoring mechanism is now much more flexible, that SP could modify the rated score of any active sessions, or declare that no more rating should be given to it and mark it as finalized. SAC provides a much more elastic user side credential storage, there is no practical limit on the number of authentication sessions associated with a credential. Unlike other schemes, SAC make use of a combined membership proof instead of multiple non-membership proofs to distinguish if a session is active, finalized, or blacklisted. This special consideration has contributed to the reduction of efficiency-flexibility trade-off from PE(AR)2, making the scheme stay practical in terms of authentication time. Our benchmark on SAC shows that an SP can handle over 2.9 requests/second when the credentials store 10000 active sessions, which outperforms BLACR-Express (a related work based on pairing cryptography with full reputation support) with a 131 fold efficiency improvement.
Then we analyze the potential difficulties for adopting the solutions to any existing web applications. We present a plugin based approach such that our solutions could run on a user web browser directly, and how a service provider could instruct the plugin to communicate using our protocol in HTML context.
We conclude our thesis stating the solutions are practical, efficient and easy to integrate in real world scenario, and discuss potential future works.published_or_final_version
Computer Science
Doctoral
Doctor of Philosophy
36
KASPAREK, JASON W. "SECURITY WITHOUT SACRIFICE: MEDIATING SECURITY IN THE HISTORIC CITY HALL". University of Cincinnati / OhioLINK, 2004. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1083350798.
Texto completo
37
Tansley, Natalie Vanessa. "A methodology for measuring and monitoring IT risk". Thesis, Nelson Mandela Metropolitan University, 2007. http://hdl.handle.net/10948/772.
Texto completoResumen
The primary objective of the research is to develop a methodology for monitoring and measuring IT risks, strictly focusing on internal controls. The research delivers a methodology whereby an organization can measure its system of internal controls, providing assurance that the risks are at an acceptable level. To achieve the primary objective a number of secondary objectives were addressed: What are the drivers forcing organizations to better corporate governance in managing risk? What is IT risk management, specifically focusing on operational risk. What is internal control and specifically focusing on COSO’s internal control process. Investigation of measurement methods, such as, Balance Scorecards, Critical Success Factors, Maturity Models, Key Performance Indicators and Key Goal Indicators. Investigation of various frameworks such as CobiT, COSO and ISO 17799, ITIL and BS 7799 as to how they manage IT risk relating to internal control.
38
Young, Randall Frederick. "Defining the Information Security Posture: An Empirical Examination of Structure, Integration, and Managerial Effectiveness". Thesis, University of North Texas, 2008. https://digital.library.unt.edu/ark:/67531/metadc9006/.
Texto completoResumen
The discipline of information security management is still in its infancy as evidenced by the lack of empirical scholarly work in this area. Most research within the information security domain focuses on specific technologies and algorithms and how it impacts the principles of confidentiality, integrity, and availability. But, an important area receiving little attention is the antecedents of effective information security management at the organizational level (Stanton, Guzman, Stam & Caldera, 2003). The little empirical research that has been conducted in this area has shown that information security management in many organizations is poor (Baskerville, 1993; Shimeall & McDermott, 1999). Several researchers have identified the need for methods to measure the organization-wide information security posture of organizations (Eloff & Von Solms, 2000; James, 1996). This dissertation attempts to measure the organization-wide information security posture by examining benchmark variables that assess role, planning orientation, and performance structure within the organization. Through this conceptualization of an organization's information security posture, a means is presented to measure overall information security and how it impacts the effective utilization of information security strategies. The presence of the dependent variable, effectiveness, gives academics and practitioners a success measure which can guide more effective decision making in the information security domain. An additional aim of this dissertation is to empirically examine the influence of management practices and decisions on effective use of information security strategies within the organization. The issues of centralization versus decentralization of information security activities will be evaluated along with its impact on information security posture of organizations and the effectiveness of the organization's information security strategies. Data was collected from 119 IT and information security executives. Results show that how the organization structures information security activities is not correlated with more effective utilization of information security strategies. Meanwhile, the organization's information security posture is significantly correlated with more effective utilization of information security strategies. The implications of this research is discussed.
39
Van, der Schyff Karl Izak. "Cloud information security : a higher education perspective". Thesis, Rhodes University, 2014. http://hdl.handle.net/10962/d1011607.
Texto completoResumen
In recent years higher education institutions have come under increasing financial pressure. This has not only prompted universities to investigate more cost effective means of delivering course content and maintaining research output, but also to investigate the administrative functions that accompany them. As such, many South African universities have either adopted or are in the process of adopting some form of cloud computing given the recent drop in bandwidth costs. However, this adoption process has raised concerns about the security of cloud-based information and this has, in some cases, had a negative impact on the adoption process. In an effort to study these concerns many researchers have employed a positivist approach with little, if any, focus on the operational context of these universities. Moreover, there has been very little research, specifically within the South African context. This study addresses some of these concerns by investigating the threats and security incident response life cycle within a higher education cloud. This was done by initially conducting a small scale survey and a detailed thematic analysis of twelve interviews from three South African universities. The identified themes and their corresponding analyses and interpretation contribute on both a practical and theoretical level with the practical contributions relating to a set of security driven criteria for selecting cloud providers as well as recommendations for universities who have or are in the process of adopting cloud computing. Theoretically several conceptual frameworks are offered allowing the researcher to convey his understanding of how the aforementioned practical concepts relate to each other as well as the concepts that constitute the research questions of this study.
40
Reid, Rayne. "Guidelines for cybersecurity education campaigns". Thesis, Nelson Mandela University, 2017. http://hdl.handle.net/10948/14091.
Texto completoResumen
In our technology- and information-infused world, cyberspace is an integral part of modern-day society. As the number of active cyberspace users increases, so too does the chances of a cyber threat finding a vulnerable target increase. All cyber users who are exposed to cyber risks need to be educated about cyber security. Human beings play a key role in the implementation and governing of an entire cybersecurity and cybersafety solution. The effectiveness of any cybersecurity and cybersafety solutions in a societal or individual context is dependent on the human beings involved in the process. If these human beings are either unaware or not knowledgeable about their roles in the security solution they become the weak link in these cybersecurity solutions. It is essential that all users be educated to combat any threats. Children are a particularly vulnerable subgroup within society. They are digital natives and make use of ICT, and online services with increasing frequency, but this does not mean they are knowledgeable about or behaving securely in their cyber activities. Children will be exposed to cyberspace throughout their lifetimes. Therefore, cybersecurity and cybersafety should be taught to children as a life-skill. There is a lack of well-known, comprehensive cybersecurity and cybersafety educational campaigns which target school children. Most existing information security and cybersecurity education campaigns limit their scope. Literature reports mainly on education campaigns focused on primary businesses, government agencies and tertiary education institutions. Additionally, most guidance for the design and implementation of security and safety campaigns: are for an organisational context, only target organisational users, and mostly provide high-level design recommendations. This thesis addressed the lack of guidance for designing and implementing cybersecurity and cybersafety educational campaigns suited to school learners as a target audience. The thesis aimed to offer guidance for designing and implementing education campaigns that educate school learners about cybersecurity and cybersafety. This was done through the implementation of an action research process over a five-year period. The action research process involved cybersecurity and cybersafety educational interventions at multiple schools. A total of 18 actionable guidelines were derived from this research to guide the design and implementation of cybersecurity and cybersafety education campaigns which aim to educate school children.
41
Shankaran, Rajan, University of Western Sydney, of Science Technology and Environment College y School of Computing and Information Technology. "Security issues in mobile IP and mobile ad hoc networks". THESIS_CSTE_CIT_Shankaran_R.xml, 2004. http://handle.uws.edu.au:8081/1959.7/585.
Texto completoResumen
The need for information anywhere and at any time has been the driving force for the increasing growth in mobile networks and devices. The field of mobile computing is the merger of advances in computing and communications with the aim of providing seamless and ubiquitous computing environment for mobile users. Whereas notebook computers and personal digital assistants (PDAs) are self-contained, networked computing constitutes a new paradigm of computing that is revolutionizing the way computers are used. Mobile networking greatly enhances the utility of carrying a computing device. It provides mobile users with versatile communication to other people and expedient notification of important events, yet with much more flexibility than cellular telephones and pagers. It also permits continuous access to services and resources of the traditional land-based wired networks. This combination of networking and mobility will engender new applications and services, such as collaborative software to support impromptu meetings, electronic bulletin boards that adapt to the contents according to the participants present, self adjusting lighting and heating, and navigation software to guide users in unfamiliar places and tours. To support mobility in the Internet, the Internet Protocol (IP) has been extended to support mobility. Also at the same time, there is also a growing trend for these IP based networks to operate in an infrastructureless environment called mobile ad-hoc networks. However, the proliferation of such mobile networks depends on a multitude of factors, with trustworthiness being one of the primary challenges to be met. The objective of this dissertation is to address the issues involved in the design of security services for Mobile IP and ad-hoc networks. Extensions to IP based networks (both wired and infrastructureless networks) to facilitate mobility have not been designed keeping security in mind. However adequate security features are basic requirements for the continued functioning of mobile networks. Clearly the problem is so broad that there is no way to devise a general solution We aim to address most of these wide- ranging problems and in the process initiate a practical approach to the development of an integrated security infrastructure for mobile networks. The intention is to seamlessly integrate these security services and mechanisms at the IP level within the mobile IP and ad-hoc networks. The provision of security services at the higher and lower layers and their interoperability with our proposed framework is outside the scope of this thesisDoctor of Philosophy (PhD)
42
Nagarle, Shivashankarappa A. "Novel framework to support information security audit in virtual environment". Thesis, Coventry University, 2013. http://curve.coventry.ac.uk/open/items/aa65bb37-9504-46d3-930e-44ec71f745f3/1.
Texto completoResumen
Over the years, the focus of information security has evolved from technical issue to business issue. Heightened competition from globalization compounded by emerging technologies such as cloud computing has given rise to new threats and vulnerabilities which are not only complex but unpredictable. However, there are enormous opportunities which can bring value to business and enhance stakeholders’ wealth. Enterprises in Oman are compelled to embark e-Oman strategy which invariably increases the complexity due to integration of heterogeneous systems and outsourcing with external business partners. This implies that there is a need for a comprehensive model that integrates people, processes and technology and provides enterprise information security focusing on organizational transparency and enhancing business value. It was evident through interviews with security practitioners that existing security models and frameworks are inadequate to meet the dynamic nature of threats and challenges inherent in virtualization technology which is a catalyst to cloud computing. Hence the intent of this research is to evaluate enterprise information security in Oman and explore the potential of building a balanced model that aligns governance, risk management and compliance with emphasis to auditing in virtual environment. An integrated enterprise governance, risk and compliance model was developed where enterprise risk management acts as a platform, both mitigating risk on one hand and as a framework for defining cost controls and quantifying revenue opportunities on the other. Further, security standards and frameworks were evaluated and some limitations were identified. A framework for implementing IT governance focusing on critical success factors was developed after analysing and mapping the four domains of COBIT with various best practices. Server virtualization using bare metal architecture was practically tested which provides fault-tolerance and automated load balancing with enhanced security. Taxonomy of risks inherent in virtual environments was identified and an audit process flow was devised that provides insight to auditors to assess the adequacy of controls in a virtual environment. A novel framework for a successful audit in virtual environment is the contribution of this research that has changed some of the security assumptions and audit controls in virtual environment.
43
Gcaza, Noluxolo. "A national strategy towards cultivating a cybersecurity culture in South Africa". Thesis, Nelson Mandela University, 2017. http://hdl.handle.net/10948/13735.
Texto completoResumen
In modern society, cyberspace is interwoven into the daily lives of many. Cyberspace is increasingly redefining how people communicate as well as gain access to and share information. Technology has transformed the way the business world operates by introducing new ways of trading goods and services whilst bolstering traditional business methods. It has also altered the way nations govern. Thus individuals, organisations and nations are relying on this technology to perform significant functions. Alongside the positive innovations afforded by cyberspace, however, those who use it are exposed to a variety of risks. Cyberspace is beset by criminal activities such as cybercrime, fraud, identity theft to name but a few. Nonetheless, the negative impact of these cyber threats does not outweigh the advantages of cyberspace. In light of such threats, there is a call for all entities that reap the benefits of online services to institute cybersecurity. As such, cybersecurity is a necessity for individuals, organisations and nations alike. In practice, cybersecurity focuses on preventing and mitigating certain security risks that might compromise the security of relevant assets. For a long time, technology-centred measures have been deemed the most significant solution for mitigating such risks. However, after a legacy of unsuccessful technological efforts, it became clear that such solutions in isolation are insufficient to mitigate all cyber-related risks. This is mainly due to the role that humans play in the security process, that is, the human factor. In isolation, technology-centred measures tend to fail to counter the human factor because of the perception among many users that security measures are an obstacle and consequently a waste of time. This user perception can be credited to the perceived difficulty of the security measure, as well as apparent mistrust and misinterpretation of the measure. Hence, cybersecurity necessitates the development of a solution that encourages acceptable user behaviour in the reality of cyberspace. The cultivation of a cybersecurity culture is thus regarded as the best approach for addressing the human factors that weaken the cybersecurity chain. While the role of culture in pursuing cybersecurity is well appreciated, research focusing on defining and measuring cybersecurity culture is still in its infancy. Furthermore, studies have shown that there are no widely accepted key concepts that delimit a cybersecurity culture. However, the notion that such a culture is not well-delineated has not prevented national governments from pursuing a culture in which all citizens behave in a way that promotes cybersecurity. As a result, many countries now offer national cybersecurity campaigns to foster a culture of cybersecurity at a national level. South Africa is among the nations that have identified cultivating a culture of cybersecurity as a strategic priority. However, there is an apparent lack of a practical plan to cultivate such a cybersecurity culture in South Africa. Thus, this study sought firstly to confirm from the existing body of knowledge that cybersecurity culture is indeed ill-defined and, secondly, to delineate what constitutes a national cybersecurity culture. Finally, and primarily, it sought to devise a national strategy that would assist SA in fulfilling its objective of cultivating a culture of cybersecurity on a national level.
44
Ren, Kui. "Communication security in wireless sensor networks". Worcester, Mass. : Worcester Polytechnic Institute, 2007. http://www.wpi.edu/Pubs/ETD/Available/etd-040607-174308/.
Texto completo
45
Russell, Selwin. "Security in electronic data interchange". Thesis, Queensland University of Technology, 1996.
Buscar texto completo
46
Domingues, Steve. "Navigating between information security management documents : a modeling methodology". Thesis, Nelson Mandela Metropolitan University, 2010. http://hdl.handle.net/10948/1212.
Texto completoResumen
Organizations no longer draft their own standards. Instead, organizations take advantage of the available international standards. One standard may not cover all the organization's needs, requiring organizations to implement more than one standard. The same aspect in an organization may be covered by two or more standards, creating an overlap. An awareness of such overlaps led to various institutions creating mapping documents illustrating how a control from one standard relates to a control from a different standard. The mapping documents are consulted by the end user, to identify how a control in one standard may relate to other standards. This allows the end user to navigate between the standards documents. These mapping documents are valuable to a person who wishes to grasp how different standards deal with a specific control. However, the navigation between standards is a cumbersome task. In order to navigate between the standards the end user is required to consult three or more documents, depending on the number of standards that are mapped to the control being investigated. The need for a tool that will provide fast and efficient navigation between standards was identified. The data tier of the tool is the focus of this dissertation. As a result, this research proposes a modeling methodology that will allow for the modeling of the standards and the information about the mapping between standards, thereby contributing to the creation of tools to aid in the navigation between standards. A comparison between the major data modeling paradigms identifies multi-dimensional modeling as the most appropriate technique to model standards. Adapting an existing modeling methodology to cater for the modeling standards, yield a five step standard modeling methodology. Once modeled, the standards can be physically implemented as a database. The database schema that results from the standard modeling methodology adheres to a specific pattern and can thus be expressed according to well-defined meta-model. This allows for the generation of SQL statements by a tool with limited knowledge of the standards in a way that allows the quick navigation between standards. To determine the usefulness of the standards modeling methodology the research presents iv a prototype that utilizes the well-defined meta-model to navigate between standards. It is shown that, as far as navigation is concerned, no code changes are necessary when adding a new standard or new mappings between standards. This research contributes to the creation of a tool that can easily navigate between standards by providing the ability to model the data tier in such a way that it is extensible, yet remains independent of the application and presentation tiers.
47
Van, Buuren Suzi. "Information security in a distributed banking environment, with specific reference to security protocols". Thesis, 2012. http://hdl.handle.net/10210/6484.
Texto completoResumen
M.Comm.The principal aim of the present dissertation is to determine the nature of an electronicbanking environment, to determine the threats within such an environment and the security functionality needed to ward off these threats. Security solutions for each area at risk will be provided in short. The main focus of the dissertation will fall on the security protocols that can be used as solutions to protect a banking system. In the dissertation, indication will also be given of what the security protocols, in their turn, depend on to provide protection to a banking system. There are several security protocols that can be used to secure a banking system. The problem, however, is to determine which protocol will provide the best security for a bank in a specific application. This dissertation is also aimed at providing a general security framework that banks could use to evaluate various security protocols which could be implemented to secure a banking system. Such framework should indicate which security protocols will provide a bank in a certain banking environment with the best protection against security threats. It should also indicate which protocols could be used in combination with others to provide the best security.
48
Diakite, Soumaila Dit Moule. "WISP: a wireless information security portal". Thesis, 2010. http://hdl.handle.net/10210/3060.
Texto completoResumen
M.Sc.Wireless networking is a fairly new technology that is important in information technology (IT). Hotels, Airports, Coffee shops, and homes are all installing wireless networks at a record pace, making wireless networks the best choice for consumers. This popularity of wireless networks is because of the affordability of wireless networks devices, and the easy installation [11]. In spite of the popularity of the wireless networks, one factor that has prevented them from being even more widespread can be summed up in a single word: security. It comes as no surprise that these two – wireless and security – converge to create one of the most important topics in the IT industry today [11]. Wireless networks by nature bring about new challenges unique to its environment. One example of these new challenges is: “Signal overflow beyond physical walls”, and with these kinds of new challenges unique to wireless networks, we have new security risks. Hence wireless networks lend themselves to a host of attack possibilities and risks. That is because wireless networks provide a convenient network access point for an attacker, potentially beyond the physical security controls of the organization [7]. Therefore it is challenging for managers to introduce wireless networks and properly manage the security of wireless networks, Security problems of wireless networks are the main reason for wireless networks not being rolled out optimally [1]. In this dissertation, we aim to present to both specialist and non–specialists in the IT industry the information needed to protect a wireless network. We will first identify and discuss the different security requirements of wireless networks. After that we shall examine the technology that helps make wireless networks secure, and describe the type of attacks against wireless networks and defense techniques to secure wireless networks. The research will concentrate on wireless LANs (Local Area Networks), and leading wireless LAN protocols and standards. The result of the research will be used to create WISP (A Wireless Information Security Portal). WISP will be a tool to support the management of a secure wireless network, and help assure the confidentiality, integrity, and availability of the information systems in a wireless network environment.
49
Hu, Yi. "Power system steady state security margin measures". 1992. http://catalog.hathitrust.org/api/volumes/oclc/28901168.html.
Texto completoResumen
Thesis (Ph. D.)--University of Wisconsin--Madison, 1992.Typescript. eContent provider-neutral record in process. Description based on print version record. Includes bibliographical references (leaves 112-123).
50
"Internet security threats and solutions". Thesis, 2015. http://hdl.handle.net/10210/13974.
Texto completo