Segui questo link per vedere altri tipi di pubblicazioni sul tema: Security.
Tesi sul tema "Security"
Cita una fonte nei formati APA, MLA, Chicago, Harvard e in molti altri stili
Vedi i top-50 saggi (tesi di laurea o di dottorato) per l'attività di ricerca sul tema "Security".
Accanto a ogni fonte nell'elenco di riferimenti c'è un pulsante "Aggiungi alla bibliografia". Premilo e genereremo automaticamente la citazione bibliografica dell'opera scelta nello stile citazionale di cui hai bisogno: APA, MLA, Harvard, Chicago, Vancouver ecc.
Puoi anche scaricare il testo completo della pubblicazione scientifica nel formato .pdf e leggere online l'abstract (il sommario) dell'opera se è presente nei metadati.
Vedi le tesi di molte aree scientifiche e compila una bibliografia corretta.
1
Telatin, Michela. "The development-security nexus and security sector reform". Thesis, University of Westminster, 2011. https://westminsterresearch.westminster.ac.uk/item/90095/the-development-security-nexus-and-security-sector-reform.
Testo completoAbstract (sommario):
The thesis investigates the link between development and security - the ‘development-security nexus’- which emerged during the 1990s, facilitated by the formulation of human development and human security. It examines how this development-security nexus has evolved over time and has influenced the interrelated significance of development and security for international relations. The thesis questions this interdependence and analyses the theory and practice that see development and security issues as reciprocally reinforcing each other, in particular through a set of policies called Security Sector Reform (SSR). The research includes three main areas of interest related to the different meanings of development and security focusing in particular on human development and human security; the various interpretations of the development-security nexus since the 1990s; and the analysis of how Security Sector Reform, publicised as development-security nexus policies, are designed to translate it into practice. The thesis argues that the nexus between development and security is under-theorised, and the originality of this research is to investigate the link between its theories and practices. The critical view of this thesis towards current dominant theoretical and operational orientations of the development-security nexus is based on an analysis of literature on Critical Security Studies, Post- Development, and Non-mainstream International Relations approaches. The thesis contributes to existing scholarship by unpacking the different meanings of development and security embedded in Security Sector Reform policies and reveals the need to contextualise the significance of their interlinkages within each policy scenario. In particular the three case studies on Defence Reform of Armenia, SSR Afghanistan and SSR Guinea-Bissau highlight respectively: 1) the novelty of concerns raised by SSR and the complexity to categorise concerns on security within a single, even if inclusive, policy discourse. 2) the need to go beyond the narrow view of a militarised view of security and its inadequacy to support the implementation of development objectives and 3) that the link between development and security is still very much dependent on a vision of security linked to the state’s armed forces, and of development which is focused on state security governance capacity.
2
Memon, Abdul Qudoos, Ali Hasan Raza e Sadia Iqbal Iqbal. "WLAN Security : WLAN Security". Thesis, Halmstad University, School of Information Science, Computer and Electrical Engineering (IDE), 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-4379.
Testo completoAbstract (sommario):
WLANs are become popular due to their different advantages. Beside all these advantages WLANs are also facing the major problem of the security, so that why lots of people are doing research on WLAN to improve the security because many companies want to transfer their sensible data over WLAN.
This report discusses the security issues of WLAN based on IEEE 802.11 standard, such type of networks are referred to as wifi network. WLAN is deployed as an extension of already existed wired LAN. Therefore it is necessary to provide the security of WLAN equals to Wired LAN.
We worked in a lab environment in order to configure the three different security solutions (WEP, WPA & WPA2 using IEEE 802.1X and RADIUS Server) on infrastructure mode for personnel and enterprise architecture of WLAN. For each security solution we used the backtrack as a security cracking tool, in order to break the WEP (64 and 128 bit long) security key of WLAN, make comparison between 64 and 128 bit long WEP key and also analyzed the different kind of attacks and some drawbacks of using WEP security in WLAN. In the same way configure the WPA and WPA2 (using IEEE 802.1X and RADIUS Server) security solution in infrastructure mode of WLAN and use the same security cracking tool backtrack in order to break the security of the WLAN and analyze the different attacks on the network in these architecture and drawbacks of using WPA and WPA2 Security solutions. By using IEEE 802.1X and RADIUS Server we can improve the security of the enterprise network.
In the end we come with many conclusions and suggestions that will help in order to provide better security while deploying Wireless LAN.
Opponents: Ali Murtaza & Mansoor Ahmed
3
Antonsson, Martin. "Securing XML Web Services : using WS-security". Thesis, University West, Department of Informatics and Mathematics, 2003. http://urn.kb.se/resolve?urn=urn:nbn:se:hv:diva-580.
Testo completo
4
Forman, Peter James. "Securing natural gas : entity-attentive security research". Thesis, Durham University, 2017. http://etheses.dur.ac.uk/12139/.
Testo completoAbstract (sommario):
Natural gas is a troublesome and ‘wayward’ material (Bridge, 2004; 396). Amongst other qualities, it is invisible, intangible, naturally odorless, highly inflammable, and constantly resistant to the forces that contain it. This thesis provides an account of how these qualities both introduce a series of insecurities to everyday social environments, and also make it a challenging material to govern. Specifically, I examine the way that security is performed around gas circulations in the UK’s transmission and distribution pipelines, and I describe how a range of specialized security practices have been developed according to the particular challenges that gas’s materiality presents. In developing this account, I make two claims. First, I argue that performances of security cannot be adequately understood without attending to the specific qualities of the circulating elements around which it is practiced. Here I build upon Dillon’s (1996) observation that security has tended to be treated as a noun that is independent of the elements that it is practiced in relation to. As a consequence, it has typically been framed as a broadly transferrable set of practices that can be more-or-less unproblematically applied to very different elements. I suggest that this abstraction has resulted in the further reduction of security into two broad practices: acts of circulatory filtration (in which risky elements are separated from flows of safe bodies, materials and things), and acts of circulatory maintenance (whereby security is performed by ensuring the continuity of particular circulations). It is my contention in this thesis that security scholars need to pay better attention to the ways in which the specific material qualities of circulating elements are generative of particular forms of securing practice. Indeed, by examining the way that security is performed around gas, I describe a series of practices that far exceed those described in accounts that present security as a matter of circulatory filtration or maintenance. My second claim is that the spaces and scales at which security is analyzed need to be expanded. I demonstrate how the critical security studies and energy security literatures have both tended to focus on security’s practice within particular nodes, at the exclusion of the performances of security (and forms of insecurity) that develop across the journeys of circulating elements; as they move between nodes. Indeed, I suggest that circulation has often been reduced in these accounts to thin, straight, and featureless lines that are largely inconsequential for performances of security. I seek to trouble this reduction, following gas as it travels through the UK gas transport infrastructures, tracing the various forms of (in)security that develop across these journeys. As a consequence of these two claims, security takes quite a different form in this account to its various depictions in the existing security literatures. I describe it as consisting of a series of ontological projects that are enacted across the lengths and breadths of gas’s circulations, and through which the material reality of natural gas is constantly (re)organised in attempts to facilitate, ‘compensate for’, and ‘cancel out’ particular kinds of perceived potential phenomena (Foucault, 2007; 36). Significantly, these performances are shown to be structured, or ‘programmed’ (Latour, 1991), through the coming together of multiple interests that pertain to a variety of heterogeneous actors and manifold referent objects. Different interests are shown to come together across gas’s journeys, and to undergo ongoing processes of negotiation that result in a variety of security performances, through which different imperatives are pursued. As such, I suggest that gas becomes ‘modulated’ (Deleuze, 1992) – it is constantly transformed from moment to moment, across the full duration of its circulatory journeys.
5
Konstantaras, Dimitrios, e Mustafa Tahir. "Securing Network Connected Applications with Proposed Security Models". Thesis, Växjö University, School of Mathematics and Systems Engineering, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:vxu:diva-2022.
Testo completoAbstract (sommario):
In today’s society, serious organizations need protection against both internal and external attacks. There are many different technologies available that organizations can incorporate into their organization in order to enhance security for their networking applications. Unfortunately, security is way to often considered as an afterthought and therefore implemented as an external part of the applications. This is usually performed by introducing general security models and technologies.
However, an already developed, well structured and considered security approach – with proper implementation of security services and mechanisms – different security models can be used to apply security
within the security perimeter of an organization. It can range from built into the application to the edge of a private network, e.g. an appliance. No matter the choice, the involved people must possess security expertise to deploy the proposed security models in this paper, that have the soul purpose to secure applications.
By using the Recommendation X.800 as a comparison framework, the proposed models will be analyzed in detail and evaluated of how they provide the security services concerned in X.800. By reasoning about what security services that ought to be implemented in order to prevent or detect diverse security attacks, the organization needs to carry out a security plan and have a common understanding of the defined security policies.
An interesting finding during our work was that, using a methodology that leads to low KLOC-values results in high security, though low KLOC-values and high security go hand-in-hand.
6
Estenberg, Gabriel. "The National Security Perspective Revisited. States’ Energy Security and the Environmental Security". Thesis, Malmö universitet, Fakulteten för kultur och samhälle (KS), 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:mau:diva-22800.
Testo completoAbstract (sommario):
The purpose of this thesis is to counterargue Simon Dalby’s claim that the national security perspective should be replaced by a global security perspective. Dalby argues that the national security is inappropriate to capture the current issues regarding the environmental security. To counterargue Dalby’s claim, I represent the national security perspective by using the perspective of states’ energy security, and compare current trends and issues regarding states’ energy security and the environmental security. This is done to argue that states can either chose to enhance their own energy security or the environmental security. Prisoners' Dilemma is then used as a theoretical framework on an explanatory example to provide insights about a dilemma, called the Energy- Environment Dilemma in this thesis, that curbs states’ ability to commit themselves to the cause of protecting the environmental security. The explanatory example used is the strategic importance of the Northwest passage for the U.S. and Canada. The results of this thesis suggests that the national security perspective, in combination with Prisoners’ Dilemma, is useful to provide insights about the Energy-Environmental Dilemma. Replacing it with a global security perspective would be to ignore a perspective which can provide insights about a challenge for states to commit to the cause of protecting the environmental security.
7
Kalibjian, Jeff. "Securing Telemetry Post Processing Applications with Hardware Based Security". International Foundation for Telemetering, 2004. http://hdl.handle.net/10150/605052.
Testo completoAbstract (sommario):
International Telemetering Conference Proceedings / October 18-21, 2004 / Town & Country Resort, San Diego, CaliforniaThe use of hardware security for telemetry in satellites utilized for intelligence and defense applications is well known. Less common is the use of hardware security in ground-based computers hosting applications that post process telemetry data. Analysis reveals vulnerabilities in software only security solutions that can result in the compromise of telemetry data housed on ground-based computer systems. Such systems maybe made less susceptible to compromise with the use of hardware based security.
8
He, Ying. "Generic security templates for information system security arguments : mapping security arguments within healthcare systems". Thesis, University of Glasgow, 2014. http://theses.gla.ac.uk/5773/.
Testo completoAbstract (sommario):
Industry reports indicate that the number of security incidents happened in healthcare organisation is increasing. Lessons learned (i.e. the causes of a security incident and the recommendations intended to avoid any recurrence) from those security incidents should ideally inform information security management systems (ISMS). The sharing of the lessons learned is an essential activity in the “follow-up” phase of security incident response lifecycle, which has long been addressed but not given enough attention in academic and industry. This dissertation proposes a novel approach, the Generic Security Template (GST), aiming to feed back the lessons learned from real world security incidents to the ISMS. It adapts graphical Goal Structuring Notations (GSN), to present the lessons learned in a structured manner through mapping them to the security requirements of the ISMS. The suitability of the GST has been confirmed by demonstrating that instances of the GST can be produced from real world security incidents of different countries based on in-depth analysis of case studies. The usability of the GST has been evaluated using a series of empirical studies. The GST is empirically evaluated in terms of its given effectiveness in assisting the communication of the lessons learned from security incidents as compared to the traditional text based approach alone. The results show that the GST can help to improve the accuracy and reduce the mental efforts in assisting the identification of the lessons learned from security incidents and the results are statistically significant. The GST is further evaluated to determine whether users can apply the GST to structure insights derived from a specific security incident. The results show that students with a computer science background can create an instance of the GST. The acceptability of the GST is assessed in a healthcare organisation. Strengths and weaknesses are identified and the GST has been adjusted to fit into organisational needs. The GST is then further tested to examine its capability to feed back the security lessons to the ISMS. The results show that, by using the GST, lessons identified from security incidents from one healthcare organisation in a specific country can be transferred to another and can indeed inform the improvements of the ISMS. In summary, the GST provides a unified way to feed back the lessons learned to the ISMS. It fosters an environment where different stakeholders can speak the same language while exchanging the lessons learned from the security incidents around the world.
9
Tyukala, Mkhululi. "Governing information security using organisational information security profiles". Thesis, Nelson Mandela Metropolitan University, 2007. http://hdl.handle.net/10948/626.
Testo completoAbstract (sommario):
The corporate scandals of the last few years have changed the face of information security and its governance. Information security has been elevated to the board of director level due to legislation and corporate governance regulations resulting from the scandals. Now boards of directors have corporate responsibility to ensure that the information assets of an organisation are secure. They are forced to embrace information security and make it part of business strategies. The new support from the board of directors gives information security weight and the voice from the top as well as the financial muscle that other business activities experience. However, as an area that is made up of specialist activities, information security may not easily be comprehended at board level like other business related activities. Yet the board of directors needs to provide oversight of information security. That is, put an information security programme in place to ensure that information is adequately protected. This raises a number of challenges. One of the challenges is how can information security be understood and well informed decisions about it be made at the board level? This dissertation provides a mechanism to present information at board level on how information security is implemented according to the vision of the board of directors. This mechanism is built upon well accepted and documented concepts of information security. The mechanism (termed An Organisational Information Security Profile or OISP) will assist organisations with the initialisation, monitoring, measuring, reporting and reviewing of information security programmes. Ultimately, the OISP will make it possible to know if the information security endeavours of the organisation are effective or not. If the information security programme is found to be ineffective, The OISP will facilitate the pointing out of areas that are ineffective and what caused the ineffectiveness. This dissertation also presents how the effectiveness or ineffctiveness of information security can be presented at board level using well known visualisation methods. Finally the contribution, limits and areas that need more investigation are provided.
10
Kainda, Ronald. "Usability and security of human-interactive security protocols". Thesis, University of Oxford, 2011. http://ora.ox.ac.uk/objects/uuid:ea14d34a-d232-4c8b-98ab-abbf0d7a5d36.
Testo completoAbstract (sommario):
We investigate the security and usability of Human-Interactive Security Protocols (HISPs); specifically, how digests of 4 or more digits can be compared between two or more sys- tems as conveniently as possible while ensuring that issues such as user complacency do not compromise security. We address the research question: given different association scenarios and modes of authentication in HISPs, how can we improve on existing, or design new, empirical channels that suit human and contextual needs to achieve acceptable effective security? We review the literature of HISPs, proposed empirical channels,and usability studies of HISPs; we follow by presenting the methodology of the research reported in this thesis. We then make a number of contributions discussing the effectiveness of empirical channels and address the design, analysis, and evaluation of these channels. In Chapter 4 we present a user study of pairwise device associations and discuss the factors affecting effective security of empirical channels in single-user scenarios. In Chapter 5 we present a user study of group device associations and discuss the factors affecting effective security of empirical channels in multi-user scenarios. In Chapter 7 we present a framework designed for researchers and system designers to reason about empirical channels in HISPs. The framework is grounded in experimental data, related research, and validated by experts. In Chapter 8 we present a methodology for analysing and evaluating the security and usability of HISPs. We validate the methodology by applying it in laboratory experiments of HISPs. Finally, in Chapter 6 we present a set of principles for designing secure and usable empirical channels. We demonstrate the effectiveness of these principles by proposing new empirical channels.
11
Haley, Charles B. "Arguing security : a framework for analyzing security requirements". Thesis, Open University, 2007. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.439343.
Testo completo
12
Cramer, Jane Kellett 1964. "National security panics : overestimating threats to national security". Thesis, Massachusetts Institute of Technology, 2002. http://hdl.handle.net/1721.1/8312.
Testo completoAbstract (sommario):
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Political Science, 2002.Includes bibliographical references (p. 415-427).
Three times in this century the US public has panicked with fear because of exaggerations of external threats to the nation. These panics peaked in 1950,1960, and 1980. Why did the U.S. markedly exaggerate the Soviet threat at these times? These periods of widespread public fear were "defining moments" when the US created confrontational and militarized containment policies. These panics ratcheted up the arms race tremendously between the US and the Soviet Union, and arguably these panics led to unnecessary confrontations and crises. In this study I test leading explanations of these cases--eight hypotheses drawn from three different perspectives. The Rational Perspective argues insufficient information and uncertainty about present and future capabilities and intentions causes overestimations. The Psychological Perspective argues cognitive errors could cause these overestimations (attribution theory and schema theory/analogical reasoning, tested here). The Domestic Politics Perspective argues oversell, logrolling, electoral politics and/or militarism causes public overestimations. Domestic Politics best explains the national misperceptions examined. In each case, the sources of the specific misperceptions examined were clearly rooted in domestic politics (1950: oversell and militarism; 1960 and 1980: electoral politics and militarism.) Uncertainty about the threat was found to be a significant contributing factor in 1950 (but not the source/elites did not unintentionally overestimate when the misperceptions first formed).
(cont.) Uncertainty was found to be a significant "permissive condition" for the misperceptions of 1960-but uncertainty was highest just after Sputnik in 1957, and sharply decreased by 1960, yet public fear increased and peaked in 1960. There was no significant uncertainty in the 1980 panic--uncertainty is not a necessary condition for panic. Psychological hypotheses were not detected playing a role in causing these panics. Leaders private deliberations were examined and did not exhibit the patterns of reasoning predicted by these theories (e.g. leaders were aware of provoking the threat). National misperceptions guide policy and shape many leaders' beliefs through "blowback" and psychological post hoc rationaliztion. These large, important misperceptions are rooted in domestic politics, while international relations scholars focus on psychological and rational reasons for misperceptions. The study of misperceptions in international relations needs to be re-oriented.
by Jane Kellett Cramer.
Ph.D.
13
Powell, Rhonda L. "Security and the right to security of person". Thesis, University of Oxford, 2008. http://ora.ox.ac.uk/objects/uuid:26e81a46-54d5-44f5-a3cd-c74a5798ea0d.
Testo completoAbstract (sommario):
This thesis inquires into the meaning of the right to security of person. This right is found in many international, regional and domestic human rights instruments. However, academic discourse reveals disagreement about the meaning of the right. The thesis first considers case law from the European Convention on Human Rights, the South African Bill of Rights and the Canadian Charter. The analysis shows that courts too disagree about the meaning of the right to security of person. The thesis then takes a theoretical approach to understanding the meaning of the right. It is argued that the concept of ‘security’ establishes that the right imposes both positive and negative duties but that ‘security’ does not determine which interests are protected by the right. For this, we need consider the meaning of the ‘person’. The notion of personhood as understood in the ‘capabilities approach’ of Amartya Sen and Martha Nussbaum is then introduced. It is suggested that this theory could be used to identify the interests protected by the right. Next, the theoretical developments are applied to the legal context in order to illustrate the variety of interests the right to security of person would protect and the type of duties it would impose. As a result, it is argued that the idea of ‘security of person’ is too broad to form the subject matter of an individual legal right. This raises a question over the relationship between security of person and human rights law. It is proposed that instead of recognising an individual legal right to security of person, human rights law as a whole could be seen as a mechanism to secure the person, the capabilities approach determining what it takes to fulfil a right and thereby secure the person.
14
Крапивний, Іван Васильович, Иван Васильевич Крапивный, Ivan Vasylovych Krapyvnyi, Віталій Анатолійович Омельяненко, Виталий Анатольевич Омельяненко, Vitalii Anatoliiovych Omelianenko e V. O. Varakin. "Information security economic systems in national security country". Thesis, Sumy State University, 2015. http://essuir.sumdu.edu.ua/handle/123456789/43592.
Testo completoAbstract (sommario):
In today's world, information security becomes vital for ensuring the interests of man, society and the state and the most important, part of the whole system of national security.
Doctrine considers all the work in the field of information based on the Concept of National Security of Ukraine. The doctrine identifies four main components of Ukraine's national interests in the information sphere.
15
Wullenweber, Emily Rose Stephens John D. "Biofuels the security threats of a security solution /". Chapel Hill, N.C. : University of North Carolina at Chapel Hill, 2008. http://dc.lib.unc.edu/u?/etd,2123.
Testo completoAbstract (sommario):
Thesis (M.A.)--University of North Carolina at Chapel Hill, 2008.Title from electronic title page (viewed Feb. 17, 2009). "... in partial fulfillment of the requirements for the degree of Master of Arts in the Department of Political Science, Concentration TransAtlantic Studies." Discipline: Political Science; Department/School: Political Science.
16
Haley, Charles B. "Arguing security : a framework for analyzing security requirements". n.p, 2006. http://ethos.bl.uk/.
Testo completo
17
Klasson, Daniel, Kim Klasson e Anatoly Iourtchenko. "Network Security Report : Penetration Tools for Network Security". Thesis, Högskolan i Halmstad, Sektionen för Informationsvetenskap, Data– och Elektroteknik (IDE), 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-24545.
Testo completoAbstract (sommario):
This report, will show by demonstration with Network Penetration, how to reveal security holes by using the same methods as an outside attack and carry out attacks against wired and wireless networks when it comes to sniffing user traffic, abuse VLAN, cracking password, WEP, WPA/WPA2, hacking WPS and analysing traffic. The tests was performed at the Halmstad University with lab equipment and at home with own equipment. Using Backtrack 5 R3 which is compatible with Linux, performance of the tests could be done by making use of various tools that comes with Backtrack.The goal of the project was to demonstrate how to reveal security holes by using the same methods as an outside attack. By testing, demonstrate and report the security of wired and wireless network, the achievement of these goals could be done and a greater insight into network security was gained, which gives more experience and knowledge that can be taken to a future professional life. The results show how simple it can be to abuse a network or sniff a password if there is no attention to the safety and the security configurations that can be implemented.In other words, during this project, both learning and demonstration has been done to show how vulnerable individuals, civilians and entrepreneurs are. It is easier than someone can imagine to obtaining unauthorized information that nobody wants to share out.
18
SINIGAGLIA, FEDERICO. "Security Analysis of Multi-Factor Authentication Security Protocols". Doctoral thesis, Università degli studi di Genova, 2020. http://hdl.handle.net/11567/1010670.
Testo completoAbstract (sommario):
Multi-Factor Authentication (MFA) is being increasingly adopted by on- line services in order to achieve an adequate level of security. MFA is based on security protocols, called MFA protocols, that integrate the use of credentials with additional identity proofs, called authentication factors (based on knowledge, possession or inherence). The authentication factors are provided through specific objects, called authenticators (e.g., hardware token). To date, MFA has been widely adopted in the most diverse security-critical application scenarios (e.g., online banking, eHealth). Various solutions have been proposed, leveraging MFA protocols which employ different kinds of authenticators and providing different user experience. When considering various MFA protocols, few questions may arise. How do MFA protocols differ in terms of (i) level of protection, (ii) compliance w.r.t. current regulations and (iii) complexity for the user?
To answer the question concerning the level of protection, traditional verification techniques for security protocols require a formal specification of the protocol under analysis. However, as a matter of fact, several service providers employ ad-hoc MFA protocols and do not disclose their internals. In addition, classical attacker models, such as the Dolev-Yao adversary, hardly apply. Hence, new protocol modeling techniques and new attacker models should be investigated.
Concerning regulations, public and private authorities have introduced directives and guidelines for the design of MFA protocols (e.g., recommendations for online payment services from the European Banking Authority, and the guidelines from NIST about the digital identity management through MFA). In principle, these initiatives aim to guide the design of more secure and usable MFA protocols, but there is no evidence that the existing MFA protocols actually comply with the aforementioned regulations. Thus, a novel methodology is needed to provide such an evidence.
The ease-of-use is a relevant aspect to be considered in the analysis of an MFA protocol. Indeed, the use of multiple authenticators in the execution of an MFA protocol can negatively affect user experience, which can have an impact on its security as well. However, none of the research works managed to measure the usability of a conspicuous number of MFA protocols design. Hence, a methodology for evaluating the ease-of-use of an MFA protocol should be identified.
In this work, we propose a framework to analyze MFA protocols, which does not rely on the implementation details, being able to assess the (i) level of protection, (ii) compliance w.r.t. current regulations and (iii) complexity for the user.
To this aim, we define a specification language which is compatible with the typical (amount of) information publicly released by service providers on the employed MFA protocols. For what concerns the security analysis, we propose an evaluation of MFA protocols in terms of resistance against a set of attacker models, tailored for the specific case of MFA protocols. For what concerns the regulatory aspects and best practices, we include the possibility to evaluate a protocol in terms of compliance with a customizable set of requirements and best practices. Furthermore, for what concerns the ease-of-use of an MFA protocol, we propose a new metric, called complexity, for evaluating a protocol in terms of efforts that an user is required to perform during its execution.
The aforementioned framework has been then implemented in a working tool, MuFASA, allowing (even non-expert) users to model an MFA protocol and to automatically analyze it.
Finally, the presented framework has been applied on some selected use cases. First, it has been employed in the early stages of the design of a novel MFA protocol, integrated into the Citizens’ Clinical Record platform developed in the Trentino region (Italy). Then, it has been used for performing a latitudinary study on online banking services, allowing us to model and analyze more than 150 MFA protocols employed by banks all over the world.
19
Ekström, Dan. "Securing a wireless local area network : using standard security techniques". Thesis, Blekinge Tekniska Högskola, Institutionen för programvaruteknik och datavetenskap, 2003. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-5662.
Testo completoAbstract (sommario):
Wireless equipment offers several possibilities which make it more attractive than the wired alternative. Meetings or temporary office spaces could be assigned with less consideration of the presence of permanent networking facilities. It also makes it possible for users to create ad-hoc networks simply by being within a certain range of each other, which facilitates information sharing. Since information is broadcasted in the air, it also requires stringent security measures. Vendors of wireless equipment have their non-standard security solutions which lock-in the acquirer. For this purpose I study standard security schemes which could be applied independent of the wireless device manufacturer. The techniques that I have chosen are IPSec, Kerberos and MS Passport. The study describes each technique from the perspectives of manageability, security, performance, compatibility, cost and ease of implementation. The result is a comparison of the studied techniques. I conclude with a recommendation to use a combination of IPSec and Kerberos to enhance the security of a wireless local area network and a reservation towards MS Passport.
20
Consolini, Todd. "Regional security assessments a strategic approach to securing federal facilities /". Thesis, Monterey, California : Naval Postgraduate School, 2009. http://edocs.nps.edu/npspubs/scholarly/theses/2009/Dec/09Dec%5FConsolini.pdf.
Testo completoAbstract (sommario):
Thesis (M.A. in Security Studies (Homeland Security and Defense))--Naval Postgraduate School, December 2009.Thesis Advisor(s): Rollins, John. Second Reader: Darken, Rudy. "December 2009." Description based on title screen as viewed on January 26, 2010. Author(s) subject terms: Federal Protective Service, policy option analysis, critical infrastructure and key resources (CI/KR), interdependency, facility security level, government facilities sector, National Infrastructure Protection Plan (NIPP), risk management. Includes bibliographical references (p. 81-83). Also available in print.
21
Lamprecht, Christiaan Johan. "Adaptive security". Thesis, University of Newcastle Upon Tyne, 2012. http://hdl.handle.net/10443/1435.
Testo completoAbstract (sommario):
Automated runtime security adaptation has great potential in providing timely and fine grained security control. In this thesis we study the practical utility of a runtime security-performance trade off for the pervasive Secure Socket Layer (SSL/TLS) protocol. To that end we address a number of research challenges. We develop an Adaptive Security methodology to extend non-adaptive legacy security systems with adaptive features. We also create a design of such an extended system to support the methodology. The design aids in identifying additional key components necessary for the creation of an adaptive security system. We furthermore apply our methodology to the Secure Socket Layer (SSL) protocol to create a design and implementation of a practical Adaptive SSL (ASSL) solution that supports runtime security adaptation in response to cross-cutting environmental concerns. The solution effectively adapts security at runtime, only reducing maximum server load by 15% or more depending on adaptation decision complexity. Next we address the security-performance trade off research challenge. Following our methodology we conduct an offline study of factors affecting server performance when security is adapted. These insights allow for the creation of policies that can trade off security and performance by taking into account the expected future state of the system under adaptation. In so doing we found that client SSL session duration, requested file size and current security algorithm play roles predicting future system state. Notably, performance deviation is smaller when sessions are longer and files are smaller and vice versa. A complete Adaptive Security solution which successfully demonstrates our methodology is implemented with trade-off policies and ASSL as key components. We show that the solution effectively utilises available processing resources to increase security whilst still respecting performance guarantees.
22
Yousuff, Razu. "Network security". Thesis, KTH, Skolan för elektro- och systemteknik (EES), 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-199380.
Testo completo
23
Ovchinnikov, I. I., e E. A. Minin. "Internet security". Thesis, Сумський державний університет, 2013. http://essuir.sumdu.edu.ua/handle/123456789/33773.
Testo completoAbstract (sommario):
We live in an era of internet technology. Every day we hear a lot about hacker attacks that cause leakage of personal information and credit data. The Internet was born of academic efforts to share information and it never strove for high security measures. A pressing concern is a security of computer systems and security in the Internet particularly.
When you are citing the document, use the following link http://essuir.sumdu.edu.ua/handle/123456789/33773
24
Huarcaya, Arroyo Ricardo Miguel, Espinoza Gilbert Daniel Lopez, Visaloth Luis Enrique Mendoza, Cribilleros Agustin Bartolome Romero e Leon Patricia Alcira Torres. "Security Kids". Bachelor's thesis, Universidad Peruana de Ciencias Aplicadas (UPC), 2018. http://hdl.handle.net/10757/625338.
Testo completoAbstract (sommario):
En la actualidad se ve como la tecnología sigue avanzando y parece que recién se creará el primer Smartphone, años más tarde conoceríamos la primera tableta digital, y ahora los Smartwatch, etc.
Pero, así como hay avances muy grandes en tecnología, se puede apreciar también a nivel nacional que aumenta la inseguridad ciudadana, que ataca a cualquier miembro de familia, pero en especial a los seres más indefensos como nuestros niños.
Un medio que podría brindar cierta tranquilidad a los padres de familia es un Smartwatch, que además de tener las propiedades convencionales, permite realizar una comunicación telefónica entre padres e hijos, para que así los apoderados sepan en tiempo real la localización a través del GPS y puedan estar en contacto con ellos en el transcurso del día.
Sin duda este dispositivo será de gran ayuda para las familias, no solo dará tranquilidad, aumentará la comunicación entre sus miembros, pero sobre todo seguridad a los que usen este dispositivo. Si bien ahora vemos que los familiares más expuestos al tema de inseguridad son los niños, también estos pueden ser usados por las personas de tercera edad.Nowadays we can see how the technology continues to advance and it seems that the first Smartphone will be created, years later we would know the first digital tablet, and now the Smartwatch, etc. But, just as there are very large advances in technology, it can also be appreciated at the national level that increases citizen insecurity, which attacks any family member, but especially the most defenseless beings such as our children. A means that could provide some peace of mind to parents is a Smartwatch, which in addition to having the conventional properties, allows a telephone communication between parents and children, so that the parents know in real time the location through GPS and can be in contact with them during the day. Undoubtedly this device will be of great help for families, not only will it give peace of mind, it will increase communication among its members, but above all, security for those who use this device. Although now we see that the relatives most exposed to the issue of insecurity are children, they can also be used by the elderly.
Trabajo de investigación
25
Blanco, Collazos Arturo Enrique, Kuoman María del Carmen Wong e Huamán Elvis Yaringaño. "Security Clean". Bachelor's thesis, Universidad Peruana de Ciencias Aplicadas (UPC), 2018. http://hdl.handle.net/10757/625349.
Testo completoAbstract (sommario):
El trabajo de investigación, se refiere al NSE A, B y C1, que encierra a todos los solteros o personas que viven solas, parejas jóvenes o roommates que tienen entre 31 a 35 años, y gozan de un buen trabajo, con el cual, están bien posicionados en sus empleos, con buenos sueldos entre S/. 4,000.00 y S/. 14,205.00 soles (según su estrato), por la calificación que tienen en su educación y preparación académica. Asimismo, se ha visto que, por su misma capacidad económica, tienen otro nivel de vida independizándose y viviendo solos, comprándose o alquilando sus departamentos.
Vemos también que tienen muchas necesidades, una de ellas es “¿Quién les limpia su departamento?”, nosotros como equipo, hemos visto esta necesidad como una oportunidad de negocio, ya que ellos solo se dedican a producir y vivir la vida de otro modo, con el que no quieren lidiar limpiando su departamento.
La idea de negocio, fue construir una pequeña empresa de aseo doméstico, donde le brindaríamos la plena seguridad y la eficacia que todo ciudadano peruano quiere en la limpieza de su dpto. Para corroborar esta idea, utilizamos la metodología de entrevistas de profundidad (método cuantitativo, preguntas dicotómicas o cerradas de opción). Esta herramienta nos ayudó a validar nuestra idea de negocio, con la cual desarrollamos todo un proyecto. El aprendizaje del curso fue el que nos hizo completar de forma ejecutiva nuestro proyecto, sabiendo que nuestra idea de negocio es válida y se puede llevar a la práctica en cualquier momento.The research work, refers to NSE A, B and C1, which encloses all singles or people living alone, young couples or roommates who are between 31 to 35 years old and enjoy a good job, With which, they are well positioned in their jobs, with good salaries between S /. 4,000.00 And S /. 14,205.00 soles (according to their stratum), for the qualification they have in their education and academic preparation. Likewise, it has been seen that due to their economic capacity, they have another level of living becoming independent and living alone, buying or renting their apartments. We also see that they have many needs, one of them is "Who cleans their apartment?", We as a team, have seen this need as a business opportunity, since they only dedicate themselves to producing and living life in a different way , with which they do not want to deal with cleaning their apartment. The business idea was to build a small household cleaning company, where we would provide the full security and efficiency that every Peruvian citizen wants in cleaning their apartment. To corroborate this idea, we use the methodology of depth interviews (quantitative method, dichotomous or closed option questions). This tool helped us to validate our business idea, with which we developed an entire project. The course learning was the one that made us complete our project in an executive way, knowing that our business idea is valid and can be put into practice at any time.
Trabajo de investigación
26
Andersson, Martin. "Software Security Testing : A Flexible Architecture for Security Testing". Thesis, Växjö University, School of Mathematics and Systems Engineering, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:vxu:diva-2388.
Testo completoAbstract (sommario):
Abstract: This thesis begins with briefly describing a few vulnerability classes that exist in today’s software. We then continue by describing how these vulnerabilities could be discovered through dynamic testing. Both general testing techniques and existent tools are mentioned.
The second half of this thesis present and evaluates a new flexible architecture. This new architecture has the ability to combine different approaches and create a more flexible environment from where the testing can be conducted. This new flexible architecture aims towards reducing maintenance and/or adaptation time for existing tools or frameworks. The architecture consists of a given set of plug-ins that can be easily replaced to adapt test as needed. We evaluate this architecture by implementing test plug-ins. We also use this architecture and a set of test plug-ins to generate a fuzzer targeted to test a known vulnerable server.
27
Gruici, Simona. "International Security : Crossing Borders: International Migration and National Security". Thesis, Högskolan i Jönköping, Internationella Handelshögskolan, 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:hj:diva-15242.
Testo completoAbstract (sommario):
One of the most dynamic events of our time is the large extent of population movements within and across national boundaries. The causes of this movement of people include economic hardship due to various natural calamities such as earthquakes, droughts, famine and floods, as well as economic hardship due to lack of income. Political instabilities represent a central factor that is forcing the population movements at both national and international level. In most of the cases, reality is beeing perceived as follows: if international security is enhanced, so is national security. However, the phenomenon of migration is perceived as being a greater challenge in the field of security towards failure states, rather than it might affect any welfare postindustrial states. Nowadays we are facing a more globalized security environment, fact that is actually providing other states with the possibility to create a better security for their own nations. In order to gain this security immunity, the states should be able to enforce and protect the migration policies within international security. The relationship between migration and security became increasingly complex in the new millennium. As it follows, the focus of this theme is the correlation between migration´s consequences, both positive and negative, towards national security of host states. Furthermore, the topic of this paper is extending over ´what terrorism implies´. In order to reach a clear understanding, it has been analyzed the phenomenon of globalization and its forthcoming implications within both terrorism and migration. As a result of this transformation, terrorism has the power now to threat much more countries in the global area. Nevertheless, the purpose of this thesis is to examine which factors have an impact on international security, within a continental similarity. The central focus reflects over the Euro-Mediterranean area and to certain extends over the United States. The considered factors are: migration, loss/gain of governmental control, the political reaction after the attack of 9/11, spread of democracy (e.g. globalization), and creating citizenship.
28
Shipman-Sercu, Chris. "A False Sense of Security: The Social Security Debate". Scholarship @ Claremont, 2010. http://scholarship.claremont.edu/cmc_theses/65.
Testo completoAbstract (sommario):
My motivation to write this thesis is based on the controversy surrounding the Social Security system that has recently infiltrated the media. Through my research, I have discovered the debate concerning Social Security is not a recent development but has existed since the 1930’s. Many sources are warning citizens to no longer count on Social Security as they most likely will not receive benefits until a extremely old age if they receive benefits at all. Current retirees are fearful of either a decrease in benefits or not receiving the money they contributed to the system through the years of employment at all. Proposals and options for overhauling the system have moved to center stage in politicians’ agendas and numbers of solutions have surfaced. Unfortunately, this debate is creating a huge divide between party lines in Congress. Some argue for more government control while others advocate privatization. The goal for this thesis is to perform a cost/benefit analysis of the two ideologies and determine which is more practical and realistic for both the government and the people.
29
Brooks, Jason L., e Jason A. Goss. "SECURITY ISSUES AND RESULTING SECURITY POLICIES FOR MOBILE DEVICES". Monterey, California. Naval Postgraduate School, 2013. http://hdl.handle.net/10945/32799.
Testo completoAbstract (sommario):
Mobile devices, given their promise of mobility with rich functionality, are being deployed with broadening use cases throughout the United States Department of Defense. All the while, massive quantities of information are stored and accessed by these devices without there being a comprehensive and specialized security policy dedicated to protecting that information. The importance of having a security policy grows as these devices start providing new capabilities and replacing many information systems we currently have deployed. Since the same device will be used in many different contexts, each with potentially different security policies, the devices will have to be able to adapt to those contexts. The security policy(ies) enforced by the device will have to adapt accordingly. We investigate potential mobile computing security policies to balance this request for context aware functionality with the information assurance required of these government devices. We investigate the security issues raised in the use of these devices and provide example security policies that address some of these issues.
30
Walden, Ian Newark. "Data communications security : legislating and contracting for legal security". Thesis, Nottingham Trent University, 1992. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.314417.
Testo completo
31
Bilgic, Ali. "Transcending Europe's immigration security dilemma : security, trust, and hospitality". Thesis, Aberystwyth University, 2010. http://hdl.handle.net/2160/452c3109-1597-4d36-ac4a-7392183a7c1a.
Testo completoAbstract (sommario):
The thesis aims to develop a theoretical perspective for studying illegal protection-seeking migration, and possible responses to this movement adopted by the receiving communities. Using the security dilemma as the framework of analysis, the discussion will be conducted through the theoretical perspective provided by emancipatory security theory. The thesis has three parts. In Part I, the insecurity experienced by illegal sub-Saharan protection-seekers during their journey will be analyzed based on some accounts publicized by various civil society organizations. Part II will develop the theoretical perspective by combining the literatures on refugee and forced migration studies, security dilemma theorizing, normative approaches in IR, and trust-building in world politics. Key concepts such as ‘protection-seeker’ and ‘cosmopolitan trust’ will be developed. In Part III, the logics of immigration security dilemma will be illustrated with special reference to illegal sub-Saharan protection-seeking migration in the EU. The thesis will conclude that Europe’s immigration security dilemma in relation to illegal sub-Saharan protection-seekers can be transcended through building cosmopolitan trust, which manifests itself as Kantian hospitality.
32
Baratz, Joshua W. (Joshua William) 1981. "Regions Security Policy (RSP) : applying regions to network security". Thesis, Massachusetts Institute of Technology, 2004. http://hdl.handle.net/1721.1/17933.
Testo completoAbstract (sommario):
Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.Includes bibliographical references (p. 51-54).
The Regions network architecture is a new look at network organization that groups nodes into regions based on common purposes. This shift from strict network topology groupings of nodes requires a change in security systems. This thesis designs and implements the Regions Security Policy (RSP). RSP allows a unified security policy to be set across a region, fully controlling data as it enters into, exits from, and transits within a region. In doing so, it brings together several existing security solutions so as to provide security comparable to existing systems that is more likely to function correctly.
by Joshua W. Baratz.
M.Eng.and S.B.
33
Altinpinar, Mustafa. "Adapting to a new security environment : Turkey's border security". Thesis, University of Portsmouth, 2016. https://researchportal.port.ac.uk/portal/en/theses/adapting-to-a-new-security-environment(7ab2f7fb-8e8a-46dc-8f00-a7d08014fece).html.
Testo completoAbstract (sommario):
The security literature has witnessed growing attempts to re-conceptualize security outside of the traditional concern with interstate military conflict. However, the existing literature offers only limited explanations of this tendency and only focusses on new challenges and largely neglects to rethink how the new border security issues are actually governed in practice. These endeavours have brought about the need to re-conceptualise border security which was once taken as ‘a sub-set of national security’, an isolated phenomenon. The research was carried out from an interpretive perspective and used qualitative methods - including semi-structured interviews with a range of key actors in this context in Turkey and a case study conducted in Turkey’s capital Ankara and in Kilis, a province at Turkey’s Syrian border - to collect the research data. The data were analysed thematically using sector standard software. The research found that Turkey’s compartmental and archaic national security architecture and the national security approach built around it, currently pose the main threat to the state and society as the organizations and practices of security were shaped by the particular geopolitical and technical requirements of the Cold War. The need for transformation emerges as an outcome of conflicts between the key actors (state and society) and the resistance to each other’s claims for control. There is a compelling case for the reconceptualization of border security as a comprehensive approach that leads all the relevant public and private capabilities, organises all departments, transforms national security understanding and shapes the future security architecture; not simply as the discursive identification of new threats. The research also found that the most salient feature of the politics of a non-traditional border security concept lies in the willingness of the state to challenge the conception that security issues can be resolved only at the national level. It is recognised that would be an explicitly political act that has the potential to transform traditional understandings of state-hood.
34
Kaur, Kirandeep. "Virtualisation Security Issues : Security Issues Arises In Virtual Environment". Thesis, Högskolan i Halmstad, Akademin för informationsteknologi, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-43345.
Testo completo
35
Hetherington, Christopher John. "Private security as an essential component of Homeland Security /". Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2004. http://library.nps.navy.mil/uhtbin/hyperion/04Jun%5FHetherington.pdf.
Testo completoAbstract (sommario):
Thesis (M.A. in Security Studies (Homeland Security and Defense))--Naval Postgraduate School, June 2004.Thesis advisor(s): Maria Rasmussen. Includes bibliographical references (p. 57-59). Also available online.
36
Sudhodanan, Avinash. "Black-Box Security Testing of Browser-Based Security Protocols". Doctoral thesis, Università degli studi di Trento, 2017. https://hdl.handle.net/11572/368805.
Testo completoAbstract (sommario):
Millions of computer users worldwide use the Internet every day for consuming web-based services (e.g., for purchasing products from online stores, for storing sensitive files in cloud-based file storage web sites, etc.). Browser-based security protocols (i.e. security protocols that run over the Hypertext Transfer Protocol and are executable by commercial web-browsers) are used to ensure the security of these services. Multiple parties are often involved in these protocols. For instance, a browser-based security protocol for Single Sign-On (SSO in short) typically consists of a user (controlling a web browser), a Service Provider web site and an Identity Provider (who authenticates the user). Similarly, a browser-based security protocol for Cashier-as-a-Service (CaaS) scenario consists of a user, a Service Provider web site (e.g., an online store) and a Payment Service Provider (who authorizes payments).
The design and implementation of browser-based security protocols are usually so complex that several vulnerabilities are often present even after intensive inspection. This is witnessed, for example, by vulnerabilities found in various browser-based security protocols such as SAML SSO v2.0, OAuth Core 1.0, etc. even years after their publication, implementation, and deployment. Although techniques such as formal verification and white-box testing can be used to perform security analysis of browser- based security protocols, currently they have limitations: the necessity of having formal models that can cope with the complexity of web browsers (e.g., cookies, client-side scripting, etc.), the poor support offered for certain programming languages by white-box testing tools, to name a few. What remains is black-box security testing. However, currently available black-box security testing techniques for browser-based security protocols are either scenario-specific (i.e. they are specific for SSO or CaaS, not both) or do not support very well the detection of vulnerabilities enabling replay attacks (commonly referred to as logical vulnerabilities) and Cross-Site Request Forgery (CSRF in short).
The goal of this thesis is to overcome the drawbacks of the black-box security testing techniques mentioned above. At first this thesis presents an attack pattern-based black-box testing technique for detecting vulnerabilities enabling replay attacks and social login CSRF in multi-party web applications (i.e. web applications utilizing browser-based security protocols involving multiple parties). These attack patterns are inspired by the similarities in the attack strategies of previously-discovered attacks against browser-based security protocols. Second, we present manual and semi-automatic black-box security testing strategies for detecting 7 different types of CSRF attacks, targeting the authentication and identity management functionalities of web sites. We also provide proof-of-concept implementations of our ideas. These implementations are based on OWASP ZAP (a prominent, free and open-source penetration testing tool).
This thesis being in the context of an industrial doctorate, we had the opportunity to analyse the use-cases provided by our industrial partner, SAP, to further improve our approach. In addition, to access the effectiveness of the techniques we propose, we applied them against the browser-based security protocols of many prominent web sites and discovered nearly 340 serious security vulnerabilities affecting more than 200 web sites, including the web sites of prominent vendors such as Microsoft, eBay, etc.
37
Sudhodanan, Avinash. "Black-Box Security Testing of Browser-Based Security Protocols". Doctoral thesis, University of Trento, 2017. http://eprints-phd.biblio.unitn.it/2006/1/Avinash_PhD_thesis.pdf.
Testo completoAbstract (sommario):
Millions of computer users worldwide use the Internet every day for consuming web-based services (e.g., for purchasing products from online stores, for storing sensitive files in cloud-based file storage web sites, etc.). Browser-based security protocols (i.e. security protocols that run over the Hypertext Transfer Protocol and are executable by commercial web-browsers) are used to ensure the security of these services. Multiple parties are often involved in these protocols. For instance, a browser-based security protocol for Single Sign-On (SSO in short) typically consists of a user (controlling a web browser), a Service Provider web site and an Identity Provider (who authenticates the user). Similarly, a browser-based security protocol for Cashier-as-a-Service (CaaS) scenario consists of a user, a Service Provider web site (e.g., an online store) and a Payment Service Provider (who authorizes payments).
The design and implementation of browser-based security protocols are usually so complex that several vulnerabilities are often present even after intensive inspection. This is witnessed, for example, by vulnerabilities found in various browser-based security protocols such as SAML SSO v2.0, OAuth Core 1.0, etc. even years after their publication, implementation, and deployment. Although techniques such as formal verification and white-box testing can be used to perform security analysis of browser- based security protocols, currently they have limitations: the necessity of having formal models that can cope with the complexity of web browsers (e.g., cookies, client-side scripting, etc.), the poor support offered for certain programming languages by white-box testing tools, to name a few. What remains is black-box security testing. However, currently available black-box security testing techniques for browser-based security protocols are either scenario-specific (i.e. they are specific for SSO or CaaS, not both) or do not support very well the detection of vulnerabilities enabling replay attacks (commonly referred to as logical vulnerabilities) and Cross-Site Request Forgery (CSRF in short).
The goal of this thesis is to overcome the drawbacks of the black-box security testing techniques mentioned above. At first this thesis presents an attack pattern-based black-box testing technique for detecting vulnerabilities enabling replay attacks and social login CSRF in multi-party web applications (i.e. web applications utilizing browser-based security protocols involving multiple parties). These attack patterns are inspired by the similarities in the attack strategies of previously-discovered attacks against browser-based security protocols. Second, we present manual and semi-automatic black-box security testing strategies for detecting 7 different types of CSRF attacks, targeting the authentication and identity management functionalities of web sites. We also provide proof-of-concept implementations of our ideas. These implementations are based on OWASP ZAP (a prominent, free and open-source penetration testing tool).
This thesis being in the context of an industrial doctorate, we had the opportunity to analyse the use-cases provided by our industrial partner, SAP, to further improve our approach. In addition, to access the effectiveness of the techniques we propose, we applied them against the browser-based security protocols of many prominent web sites and discovered nearly 340 serious security vulnerabilities affecting more than 200 web sites, including the web sites of prominent vendors such as Microsoft, eBay, etc.
38
Bugai, Veaceslav D. "European security organizations in the post-Cold-War security environment the new frame of European security". Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2006. http://library.nps.navy.mil/uhtbin/hyperion/06Mar%5FBugai.pdf.
Testo completoAbstract (sommario):
Thesis (M.A. in Security Studies (Civil-Military Relations))--Naval Postgraduate School, March 2006.Thesis Advisor(s): Donald Abenheim. "March 2006." Includes bibliographical references (p. 71-74). Also available online.
39
Valella, William. "Securing open source Virtual Private Networks a study in Linux security /". [Gainesville, Fla.] : University of Florida, 2001. http://purl.fcla.edu/fcla/etd/UFE0000362.
Testo completoAbstract (sommario):
Thesis (M.S.)--University of Florida, 2001.Title from title page of source document. Document formatted into pages; contains x, 188 p.; also contains graphics. Includes vita. Includes bibliographical references.
40
Asan, Pinar. "Security Through Integration: The Eu As A Pluralistic Security Community". Master's thesis, METU, 2008. http://etd.lib.metu.edu.tr/upload/2/12609764/index.pdf.
Testo completoAbstract (sommario):
This study is primarily concerned with the evolution of the EU as a pluralistic security community throughout the course of European integration. Its main purpose is to examine how the EU member states have managed to renounce the use of force in their relations with one another and consequently succeeded in establishing a lasting peace in Western Europe following World War Two.Within the scope of the study, the EU&rsquos attempts to extend its zone of peace and stability beyond its immediate borders by using some foreign policy tools such as the enlargement and the recently launched European Neighbourhood Policy are also explored .Finally, the thesis attempts to evaluate the potential contribution that Turkey would make to the EU security community in the post-Cold War era upon her membership in the EU.
41
Persson, Lars. "Implementing a SOAP security proxy and Evaluating SOAP security standards". Thesis, Umeå universitet, Institutionen för datavetenskap, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:umu:diva-58062.
Testo completoAbstract (sommario):
The project had two intended goals. One was to create a prototype for the proxy component of the Secure Webservice Platform system that can function on the GNU/Linux operating system. The other goal was to evaluate a number of different SOAP security methods in order to determine if any could function as a alternative to the Specifikation för Säker Elektronisk Kommunikation (SSEK) standard. In order to achieve the second goal, an evaluation was performed on the SOAP security methods Transport Layer Security, XML Signature, XML Encryption, Web Service Security, and Web Service Secure Conversation using a set of predefined criteria. In order to be able to evaluate if any of the methods could function as an alternative to SSEK, an evaluation of SSEK using the predefined criteria was also performed. In order to achieve the first goal, a prototype was constructed and SSEK security was implemented using a combination of node.js, libxmljs and xmlsec. The conclusions drawn from the results obtained is that none of the evaluated methods could work as an alternative to SSEK security, although some could come close when combined with others. It was also concluded that while node.js could be used to construct a prototype, due to the limited amount of support for SOAP web service standards provided by node.js as well as the amount of adjustments that needed to be done on libxmljs in order to implement the security, careful consideration should be taken before selecting node.js as a platform for similar projects.
42
Wakim, Mike. "Employing Android Security Features for Enhanced Security and Privacy Preservation". Thesis, Université d'Ottawa / University of Ottawa, 2017. http://hdl.handle.net/10393/36353.
Testo completoAbstract (sommario):
In this thesis, we examine the architecture and the security framework underlying the Android operating system. We explore existing Android end-to-end encrypted (E2EE) messaging applications and derive four categories of common issues that are applicable to these applications. We then provide an overview of the known issue of privilege escalation wherein a malicious privileged application can utilize inter-process communication techniques to send protected data to an unauthorized application on a user’s device. We demonstrate through a proof of concept how this behavior can be achieved in real applications, and we suggest potential countermeasures that can help prevent this issue. Furthermore, in the interest of diminishing the common issues that are applicable to E2EE messaging applications, we propose a new design for such applications that employs some of the principal security features offered by the Android operating system. We explain how our design can help eliminate trust-related issues associated with such applications, as well as how it can help minimize issues in other categories. Finally, we demonstrate how our proposed design can be used in practice by implementing a proof of concept.
43
Arsenault, Denis. "Environment, security and natural disasters, contesting discourses of environmental security". Thesis, National Library of Canada = Bibliothèque nationale du Canada, 1998. http://www.collectionscanada.ca/obj/s4/f2/dsk2/tape17/PQDD_0018/MQ36809.pdf.
Testo completo
44
Rimando, Ryan A. "Development and analysis of security policies in security enhanced Android". Thesis, Monterey, California. Naval Postgraduate School, 2012. http://hdl.handle.net/10945/27896.
Testo completoAbstract (sommario):
This thesis examines Security Enhanced Android. Both its policy and its additional security features are explored. The policy is examined in depth, providing a better understanding of the security provided by SE Android. We analyze the default SE Android policy. We identify a potential weakness and change the policy to facilitate control over communication channels. A proof-of-concept set of applications is developed to demonstrate how SE Android can be used to improve application security. The proof-of-concept policy is then analyzed to determine if security goals are met.
45
Hengel, Gabriel Josiah. "21st century energy security tensions within the transatlantic security community". Thesis, University of Aberdeen, 2017. http://digitool.abdn.ac.uk:80/webclient/DeliveryManager?pid=235817.
Testo completoAbstract (sommario):
Much has been written during this century's energy security debate about the external threats the West faces to oil and natural gas supplies. This literature is often prescriptive, offering solutions to address these assumed threats. This research takes a much-needed look inward at the pressures placed on the multi-dimensional relationships within the transatlantic security community. An original contribution to knowledge is made through the exploration of these energy security tensions within the community and how they impact the two energy security prerequisites, availability and affordability. An examination of key oil and natural gas issues in the United States, Europe and the main transatlantic institutions demonstrates that the transatlantic community is very secure and often acts inadvertently to undermine its own energy security condition. Thus, the conventional wisdom that the supply of fossil fuel energy is a leading and high-priority security issue is challenged. Contrary to most literature, the conclusion is reached that energy security is actually not a high-level concern to the transatlantic security community, and that on occasions leading members of the community, who are high energy consumers, choose to put fossil fuel energy supply at risk to pursue political and strategic policies assigned a higher priority. In practice, producer states are found to be much more dependent on uninterrupted energy trade than consumer states, positively contributing to the reliability of oil and natural gas supply. In fact, through highly competitive political engagement with Russia and the Middle East North Africa region, the transatlantic states risk undermining the energy security of the community. Nevertheless, transatlantic energy security tensions have not risen to an actionable level. When placed in the overall context of transatlantic security issues, these energy security tensions do not threaten to divide the transatlantic community in any meaningful way.
46
Rouhi, Mahsa. "Security discourse and security decision-making in Iran, 1979-1989". Thesis, University of Cambridge, 2014. https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.708104.
Testo completo
47
Kumar, Richa. "Constructing security : a relational mapping of the EU security market". Thesis, University of Kent, 2017. https://kar.kent.ac.uk/63935/.
Testo completoAbstract (sommario):
The present research provides a study of the growing EU (border) security market. It demonstrates how the practices of the security market elude commonly made distinctions of public/private, internal/external, civil/military and security/defence dichotomies. It underlines the significance of collaboration, convergences and circulations as the dynamics behind the growth of the EU security market. In particular, it focuses on the collaboration of private actors with their public counterparts. Leveraging Bourdieu's notion of 'field', this research maps the variety of actors involved in the EU security market, focusing on the questions of domination, transversality, gravitational forces and conflict. It outlines convergences between public/private by highlighting shareholding patterns of the companies, their cross-sectoral competencies, circulation of personnel and routinized activities of lobbying, marketing, and sales through which they construct the security market. Further, utilizing the concept of 'habitus' and 'capital', this research analyzes the career trajectories and biographies of the security professionals, including raising questions of gender and generation that differentiate the field of security. Furthermore, by examining a range of terms and phrases, it explores the vocabulary of security - the security lexicon - which is employed by the security professionals to further the global (in)security doxa. Methodologically, my research draws upon interviews with over 60 security professionals working with security companies, EU bodies, research institutes, law firms and lobbying consultancies, along with participant observation at high-level security conferences and security exhibitions. This study seeks to reveal the obscured relations and motivations, profit motives and politics explaining the dynamics of the growing security market, which raise questions of accountability, responsibility and transparency that are circumvented through these (blurring) practices.
48
Basaran, Tugba. "Geographies of security : security, law and space in liberal states". Thesis, University of Cambridge, 2008. https://www.repository.cam.ac.uk/handle/1810/283846.
Testo completo
49
Tian, Ke. "Learning-based Cyber Security Analysis and Binary Customization for Security". Diss., Virginia Tech, 2018. http://hdl.handle.net/10919/85013.
Testo completoAbstract (sommario):
This thesis presents machine-learning based malware detection and post-detection rewriting techniques for mobile and web security problems. In mobile malware detection, we focus on detecting repackaged mobile malware. We design and demonstrate an Android repackaged malware detection technique based on code heterogeneity analysis. In post-detection rewriting, we aim at enhancing app security with bytecode rewriting. We describe how flow- and sink-based risk prioritization improves the rewriting scalability. We build an interface prototype with natural language processing, in order to customize apps according to natural language inputs. In web malware detection for Iframe injection, we present a tag-level detection system that aims to detect the injection of malicious Iframes for both online and offline cases. Our system detects malicious iframe by combining selective multi-execution and machine learning algorithms. We design multiple contextual features, considering Iframe style, destination and context properties.Ph. D.
50
Elsadig, Abdalla Abdalla Mohamed. "Virtualization Security Issues : Security issues arise in the virtual environment". Thesis, Högskolan i Halmstad, Akademin för informationsteknologi, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-42474.
Testo completoAbstract (sommario):
The thesis is submitted in Partial Fulfilment of the Requirements of a Master's degree in network Forensics at Halmstad University, Sweden. The author had selected VirtualizationSecurity as a valid issue for cloud computing service. In choosing this topic had the intention to apply the acquired knowledge during the Master's course, in search of practical solutions for computer security issues. This study report is classified into six segments and a conclusion. These are the introduction, background, research methodology, literature review, summary, discussions, conclusion, and recommendation (future work). InformationTechnology (IT) sector had encountered numerous and ever-emerging security issues, including those in virtual environments, which have become a big concern for organizations. Virtualization is the use of software to accommodate multiple operating systems on a computer system simultaneously, which can be applied from anywhere, given that there is internet connectivity. So the user can have access and can resolve the security issues. However, some constraints are limiting the benefits of the Virtualization of servers. The objective of this project is to study Virtualization as a valid means of solving IT security issues. Also, to assess mitigation approaches that can enhance Virtualization in the computing environment. To accomplish such objectives, this study had undergone a systematic literature review to learn the variety and nature of security issues of the virtual environment. Accordingly, the study had undertaken the classification of security issues to determine effective mitigation methods. The study had realized that there are around twenty-two known security issues, which are classified and described in section six of the report. Virtualization, as the subject study: three mitigation schemes are reviewed and discussed to alleviate important virtualization security issues (chapter seven of this Thesis).Moreover, the effects of the proposed mitigation techniques on the virtualization security issues on the CIA model (Availability, Integrity, and Confidentiality) are explained in brief. The model allows the researcher to quickly find the appropriate mitigation technique to manage the security issues of any virtual environment. In conclusion, the study provided a metadata reading of the security issues in the virtual environment. And apply the selected methods to solve the security issues, which proves that the virtualization technology is the critical element of utilizing computing power to its maximum capacity by executing process simultaneously without downtime, however IT security issues are continuously evolving and the research mission is always to conceive new techniques.