Дисертації з теми "Software and application security"
Оформте джерело за APA, MLA, Chicago, Harvard та іншими стилями
Ознайомтеся з топ-50 дисертацій для дослідження на тему "Software and application security".
Біля кожної праці в переліку літератури доступна кнопка «Додати до бібліографії». Скористайтеся нею – і ми автоматично оформимо бібліографічне посилання на обрану працю в потрібному вам стилі цитування: APA, MLA, «Гарвард», «Чикаго», «Ванкувер» тощо.
Також ви можете завантажити повний текст наукової публікації у форматі «.pdf» та прочитати онлайн анотацію до роботи, якщо відповідні параметри наявні в метаданих.
Переглядайте дисертації для різних дисциплін та оформлюйте правильно вашу бібліографію.
Söderquist, Mårten. "Tiny Security : Evaluating energy use for security in an IoT application." Thesis, Mittuniversitetet, Institutionen för data- och systemvetenskap, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:miun:diva-36860.
Повний текст джерелаDell'Aguzzo, Paolo. "The secret life of software applications." Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2014. http://amslaurea.unibo.it/7405/.
Повний текст джерелаWanderydz, Kristoffer. "WEB APPLICATION SECURITY IN THE JAVA ENVIRONMENT." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-2370.
Повний текст джерелаFoster, Nathalie Louise. "The application of software and safety engineering techniques to security protocol development." Thesis, University of York, 2002. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.412617.
Повний текст джерелаSrilatha, Rondla, and Gande Someshwar. "Security Testing for Web Applications in SDLC." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-2903.
Повний текст джерела+91 8977404640
Mayo, Quentin R. "Detection of Generalizable Clone Security Coding Bugs Using Graphs and Learning Algorithms." Thesis, University of North Texas, 2018. https://digital.library.unt.edu/ark:/67531/metadc1404548/.
Повний текст джерелаBackman, Lars. "Why is security still an issue? : A study comparing developers’ software security awareness to existing vulnerabilities in software applications." Thesis, Linköpings universitet, Programvara och system, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-153438.
Повний текст джерелаUr-Rehman, Wasi. "Maintaining Web Applications Integrity Running on RADIUM." Thesis, University of North Texas, 2015. https://digital.library.unt.edu/ark:/67531/metadc804975/.
Повний текст джерелаChan, Ping-fai, and 陳秉暉. "Data flow and heap analysis with application to privilege escalation vulnerability scanning and software theft detection." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2013. http://hub.hku.hk/bib/B50899569.
Повний текст джерелаpublished_or_final_version
Computer Science
Doctoral
Doctor of Philosophy
Shaffer, Alan B. "An application of Alloy to static analysis for secure information flow and verification of software systems." Monterey, Calif. : Naval Postgraduate School, 2008. http://edocs.nps.edu/npspubs/scholarly/dissert/2008/Dec/08Dec%5FShaffer_PhD.pdf.
Повний текст джерелаDissertation Supervisor: Auguston, Mikhail. "December 2008." Description based on title screen as viewed on January 29, 2009. Includes bibliographical references (p. 87-93). Also available in print.
Konstantaras, Dimitrios, and Mustafa Tahir. "Securing Network Connected Applications with Proposed Security Models." Thesis, Växjö University, School of Mathematics and Systems Engineering, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:vxu:diva-2022.
Повний текст джерелаIn today’s society, serious organizations need protection against both internal and external attacks. There are many different technologies available that organizations can incorporate into their organization in order to enhance security for their networking applications. Unfortunately, security is way to often considered as an afterthought and therefore implemented as an external part of the applications. This is usually performed by introducing general security models and technologies.
However, an already developed, well structured and considered security approach – with proper implementation of security services and mechanisms – different security models can be used to apply security
within the security perimeter of an organization. It can range from built into the application to the edge of a private network, e.g. an appliance. No matter the choice, the involved people must possess security expertise to deploy the proposed security models in this paper, that have the soul purpose to secure applications.
By using the Recommendation X.800 as a comparison framework, the proposed models will be analyzed in detail and evaluated of how they provide the security services concerned in X.800. By reasoning about what security services that ought to be implemented in order to prevent or detect diverse security attacks, the organization needs to carry out a security plan and have a common understanding of the defined security policies.
An interesting finding during our work was that, using a methodology that leads to low KLOC-values results in high security, though low KLOC-values and high security go hand-in-hand.
Kalibjian, Jeffrey R. "APPLICATION OF INTRUSION DETECTION SOFTWARE TO PROTECT TELEMETRY DATA IN OPEN NETWORKED COMPUTER ENVIRONMENTS." International Foundation for Telemetering, 2000. http://hdl.handle.net/10150/606817.
Повний текст джерелаOver the past few years models for Internet based sharing and selling of telemetry data have been presented [1] [2] [3] at ITC conferences. A key element of these sharing/selling architectures was security. This element was needed to insure that information was not compromised while in transit or to insure particular parties had a legitimate right to access the telemetry data. While the software managing the telemetry data needs to be security conscious, the networked computer hosting the telemetry data to be shared or sold also needs to be resistant to compromise. Intrusion Detection Systems (IDS) may be used to help identify and protect computers from malicious attacks in which data can be compromised.
Hecker, Martin [Verfasser], and G. [Akademischer Betreuer] Snelting. "Timing Sensitive Dependency Analysis and its Application to Software Security / Martin Hecker ; Betreuer: G. Snelting." Karlsruhe : KIT-Bibliothek, 2020. http://d-nb.info/1218599766/34.
Повний текст джерелаTseng, Yuchia. "Securing network applications in software defined networking." Electronic Thesis or Diss., Sorbonne Paris Cité, 2018. http://www.theses.fr/2018USPCB036.
Повний текст джерелаThe rapid development and convergence of computing technologies and communications create the need to connect diverse devices with different operating systems and protocols. This resulted in numerous challenges to provide seamless integration of a large amount of heterogeneous physical devices or entities. Hence, Software-defined Networks (SDN), as an emerging paradigm, has the potential to revolutionize the legacy network management and accelerate the network innovation by centralizing the control and visibility over the network. However, security issues remain a significant concern and impede SDN from being widely adopted.To identity the threats that inherent to SDN, we conducted a deep analysis in 3 dimensions to evaluate the security of the proposed architecture. In this analysis, we summarized 9security principles for the SDN controller and checked the security of the current well-known SDN controllers with those principles. We found that the SDN controllers, namely ONOS and OpenContrail, are relatively two more secure controllers according to our conducted methodology. We also found the urgent need to integrate the mechanisms such as connection verification, application-based access control, and data-to-control traffic control for securely implementing a SDN controller. In this thesis, we focus on the app-to-control threats, which could be partially mitigated by the application-based access control. As the malicious network application can be injected to the SDN controller through external APIs, i.e., RESTful APIs, or internal APIs, including OSGi bundles, Java APIs, Python APIs etc. In this thesis, we discuss how to protect the SDN controller against the malicious operations caused by the network application injection both through the external APIs and the internal APIs. We proposed a security-enhancing layer (SE-layer) to protect the interaction between the control plane and the application plane in an efficient way with the fine-grained access control, especially hardening the SDN controller against the attacks from the external APIs. This SE-layer is implemented in the RESTful-based northbound interfaces in the SDN controller and hence it is controller-independent for working with most popular controllers, such as OpenDaylight, ONOS, Floodlight, Ryu and POX, with low deployment complexity. No modifications of the source codes are required in their implementations while the overall security of the SDN controller is enhanced. Our developed prototype I, Controller SEPA, protects well the SDN controller with network application authentication, authorization, application isolation, and information shielding with negligible latency from less than 0.1% to 0.3% for protecting SDN controller against the attacks via external APIs, i.e, RESTful APIs. We developed also the SE-layer prototype II, called Controller DAC, which makes dynamic the access control. Controller DAC can detect the API abuse from the external APIs by accounting the network application operation with latency less than 0.5%. Thanks to this SE-layer, the overall security of the SDN controller is improved but with a latency of less than 0.5%. However, the SE-layer can isolate the network application to communicate the controller only through the RESTful APIs. However, the RESTful APIs is insufficient in the use cases which needs the real-time service to deliver the OpenFlow messages. Therefore, we proposed a security-enhancing architecture for securing the network application deployment through the internal APIs in SDN, with a new SDN architecture dubbed SENAD. In SENAD, we split the SDN controller in: (1) a data plane controller (DPC), and (2) an application plane controller (APC) and adopt the message bus system as the northbound interface instead of the RESTful APIs for providing the service to deliver the OpenFlow messages in real-time. (...)
Frazier, Edward Snead. "Assessing Security Vulnerabilities: An Application of Partial and End-Game Verification and Validation." Thesis, Virginia Tech, 2010. http://hdl.handle.net/10919/31849.
Повний текст джерелаMaster of Science
Fießler, Andreas Christoph Kurt. "Hybrid Hardware/Software Architectures for Network Packet Processing in Security Applications." Doctoral thesis, Humboldt-Universität zu Berlin, 2019. http://dx.doi.org/10.18452/20023.
Повний текст джерелаNetwork devices like switches, bridges, routers, and firewalls are subject to a continuous development to keep up with ever-rising requirements. As the overhead of software network processing already became the performance-limiting factor for a variety of applications, also former software functions are shifted towards dedicated network processing hardware. Although such application-specific circuits allow fast, parallel, and low latency processing, they require expensive and time-consuming development with minimal possibilities for adaptions. Security can also be a major concern, as these circuits are virtually a black box for the user. Moreover, the highly parallel processing capabilities of specialized hardware are not necessarily an advantage for all kinds of tasks in network processing, where sometimes a classical CPU is better suited. This work introduces and evaluates concepts for building hybrid hardware-software-systems that exploit the advantages of both hardware and software approaches in order to achieve performant, flexible, and versatile network processing and packet classification systems. The approaches are evaluated on standard software systems, extended by a programmable hardware circuit (FPGA) to provide full control and flexibility. One key achievement of this work is the identification and mitigation of challenges inherent when a hybrid combination of multiple packet classification circuits with different characteristics is used. We introduce approaches to reduce redundant classification effort to a minimum, like re-usage of intermediate classification results and determination of dependencies by header space analysis. In addition, for some further challenges in hardware based packet classification like filtering circuits with dynamic updates and fast hash functions for lookups, we describe feasibility and optimizations. At last, the hybrid approach is evaluated using a standard SDN switch instead of the FPGA accelerator to prove portability.
Gade, Praveen Kumar, and Manjit Osuri. "Evaluation of Multi Criteria Decision Making Methods for Potential Use in Application Security." Thesis, Blekinge Tekniska Högskola, Institutionen för kommunikationssystem, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-3713.
Повний текст джерелаThe first chapter introduces the thesis work. The second chapter presents the background of decision making models, their process, and the classification of decision making models. The third chapter presents the research methodology we have used in different phases which aims to answer the research questions. The fourth chapter gives a detailed literature study of how decision models can be used in application security. The fifth chapter evaluates selected decision models. The sixth chapter concludes the thesis and presents future work.
Lieberman, Gary. "Securely Handling Inter-Application Connection Credentials." NSUWorks, 2012. http://nsuworks.nova.edu/gscis_etd/215.
Повний текст джерелаSchumacher, Markus. "Security engineering with patterns : origins, theoretical models, and new applications /." Berlin [u.a.] : Springer, 2003. http://www.loc.gov/catdir/enhancements/fy0813/2003058151-d.html.
Повний текст джерелаNguyen, Huy Manh. "MABIC: Mobile Application Builder for Interactive Communication." TopSCHOLAR®, 2016. http://digitalcommons.wku.edu/theses/1747.
Повний текст джерелаLeao, Ruth Pastora Saraiva. "A study of automatic contingency selection algorithms for steady-state security assessment of power systems and the application of parallel processing." Thesis, Loughborough University, 1995. https://dspace.lboro.ac.uk/2134/32911.
Повний текст джерелаColombo, Regina Maria Thienne. "Proposta de uma metodologia de medição e priorização de segurança de acesso para aplicações WEB." Universidade de São Paulo, 2014. http://www.teses.usp.br/teses/disponiveis/3/3136/tde-23122014-142055/.
Повний текст джерелаIn a technological world and globally interconnected, in which individuals and organizations perform transactions on the web often, the issue of software security is essential, it is needed in several niches: security of computer networks, computers and software. The implementation of a security system that covers all aspects is extensive and complex, while the exploitation of vulnerabilities and attacks are increasing exponentially. Because of the nature of software and its availability on the web, ensure security will never be complete, but it is possible to plan, implement, measure and evaluate the security system and ultimately improve it. Currently, the specific knowledge in security is detailed and fragmented into its various niches; the view among security experts is always connected to the internal environment of computing. The measurement of security attributes is a way to know and monitor the state of software security. This research aims to present a top-down approach for measuring the access security of web applications. From a set of security properties globally recognized, however these intangible properties, I propose a measurement methodology and prioritization of security attributes to meet the security level of web applications and take necessary actions for improvement. It is defined a reference model for access security and a method of analytic hierarchy process to support the achievement of measurable attributes and status of the access security of a web application.
Holmberg, Daniel, and Victor Nyberg. "Functional and Security Testing of a Mobile Client-Server Application." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-148710.
Повний текст джерелаMonteiro, Valter. "How intrusion detection can improve software decoy applications." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2003. http://library.nps.navy.mil/uhtbin/hyperion-image/03Mar%5FMonteiro.pdf.
Повний текст джерелаMahadevan, Karthikeyan. "Estimating reliability impact of biometric devices in large scale applications." Morgantown, W. Va. : [West Virginia University Libraries], 2003. http://etd.wvu.edu/templates/showETD.cfm?recnum=3096.
Повний текст джерелаTitle from document title page. Document formatted into pages; contains vii, 66 p. : ill. (some col.). Vita. Includes abstract. Includes bibliographical references (p. 62-64).
Chen, Tang-Li. "Designing secure, JAVA based online registration systems to meet peak load performance targets." CSUSB ScholarWorks, 2004. https://scholarworks.lib.csusb.edu/etd-project/2767.
Повний текст джерелаTřeštíková, Lenka. "Bezpečnostní metriky platformy SAP." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2017. http://www.nusl.cz/ntk/nusl-363799.
Повний текст джерелаLundberg, Axel, and Lukas Jidell. "Utveckling av en krypterad chattapplikation : Analysering av användarbehov och säkerhet." Thesis, Mittuniversitetet, Institutionen för informationssystem och –teknologi, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:miun:diva-39357.
Повний текст джерелаIdag tycks informationsläckor i olika former ske frekvent med jämna mellanrum. Författarna av detta projekt anser att integritet och säkerhet är två väldigt vitala koncept inom tekniska sammanhang, något som tummas på allt för mycket. Författarna har under tidigare utbildning på Mittuniversitetet tagit del av undersökningar som pekar på att den genomsnittliga användaren vill skydda sin information, men samtidigt, har svårigheter att förstå hur produkterna hanterar nämnd formation. Därför ville författarna utveckla en krypterad tjänst som samtidigt värnar om användarens integritet. Användaren skall förstå att dennes information är i säkra händer, användarens händer. Projektet gick ut på att bygga en chattapplikation med säkerhet av skickade meddelanden, minimalt insamlande av data från användare och användarvänlighet som högsta prioriteter. Projektets mål inkluderar att intresserade användare ska ha säkerhetsinformation tillgänglig, att applikationen ska vara lättanvänd, meddelanden ska vara kryptografiskt säkra och ersättning av en användares nycklar ska vara en simpel process. Under projektets gång gjordes två iterationer av användartester för att se till att applikationen är så användarvänlig som möjligt. Resultaten av användartesterna pekar på att många användare inte är intresserade av att ha tillgänglig information om kryptering men att de användare som hade ett intresse för detta fann den tillgängliga informationen relativt lätt att förstå. Efter ändringar från första iterationen av användartester så fann majoriteten av användare applikationen intuitiv. För att jämföra säkerheten av skickade meddelanden så görs säkerhetsjämförelser med ledande applikationer inom krypterad kommunikation, dessa applikationer inkluderar WhatsApp, Viber och Facebook Messenger.
Kaiser, Edward Leo. "Addressing Automated Adversaries of Network Applications." PDXScholar, 2010. https://pdxscholar.library.pdx.edu/open_access_etds/4.
Повний текст джерелаIrwin, Barry Vivian William. "A framework for the application of network telescope sensors in a global IP network." Thesis, Rhodes University, 2011. http://hdl.handle.net/10962/d1004835.
Повний текст джерелаAtkison, Travis Levestis. "Using random projections for dimensionality reduction in identifying rogue applications." Diss., Mississippi State : Mississippi State University, 2009. http://library.msstate.edu/etd/show.asp?etd=etd-04032009-133701.
Повний текст джерелаAryal, Dhiraj, and Anup Shakya. "A Taxonomy of SQL Injection Defense Techniques." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-3076.
Повний текст джерела0760880470, 0700183408
Singaravelu, Lenin. "End-to-End Security of Information Flow in Web-based Applications." Diss., Georgia Institute of Technology, 2007. http://hdl.handle.net/1853/16142.
Повний текст джерелаHolford, John William. "The concept of self-defending objects and the development of security aware applications." Thesis, Queensland University of Technology, 2006. https://eprints.qut.edu.au/16227/1/John_Holford_Thesis.pdf.
Повний текст джерелаHolford, John William. "The concept of self-defending objects and the development of security aware applications." Queensland University of Technology, 2006. http://eprints.qut.edu.au/16227/.
Повний текст джерелаSchuster, Felix [Verfasser], Thorsten [Akademischer Betreuer] Holz, and Ahmad-Reza [Akademischer Betreuer] Sadeghi. "Securing application software in modern adversarial settings / Felix Schuster. Gutachter: Thorsten Holz ; Ahmad-Reza Sadeghi." Bochum : Ruhr-Universität Bochum, 2016. http://d-nb.info/1082425443/34.
Повний текст джерелаLunyov, Phillip. "Detecting changes in web applications." Thesis, Linnéuniversitetet, Institutionen för datavetenskap och medieteknik (DM), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-97021.
Повний текст джерелаHu, Daning. "Analysis and Applications of Social Network Formation." Diss., The University of Arizona, 2009. http://hdl.handle.net/10150/145710.
Повний текст джерелаJia, Hao. "A web application for Medasolution Healthcare Company customer service system." CSUSB ScholarWorks, 2005. https://scholarworks.lib.csusb.edu/etd-project/2612.
Повний текст джерелаArmstrong, Janell. "State of Secure Application Development for 802.15.4." BYU ScholarsArchive, 2009. https://scholarsarchive.byu.edu/etd/1776.
Повний текст джерелаNdakunda, Shange-Ishiwa Tangeni. "A mobile toolkit and customised location server for the creation of cross-referencing location-based services." Thesis, Rhodes University, 2013. http://hdl.handle.net/10962/d1013604.
Повний текст джерелаFießler, Andreas Christoph Kurt [Verfasser], Björn [Gutachter] Scheuermann, Andrew W. [Gutachter] Moore, and Georg [Gutachter] Carle. "Hybrid Hardware/Software Architectures for Network Packet Processing in Security Applications / Andreas Christoph Kurt Fießler ; Gutachter: Björn Scheuermann, Andrew W. Moore, Georg Carle." Berlin : Humboldt-Universität zu Berlin, 2019. http://d-nb.info/1189213710/34.
Повний текст джерелаFießler, Andreas [Verfasser], Björn [Gutachter] Scheuermann, Andrew W. [Gutachter] Moore, and Georg [Gutachter] Carle. "Hybrid Hardware/Software Architectures for Network Packet Processing in Security Applications / Andreas Christoph Kurt Fießler ; Gutachter: Björn Scheuermann, Andrew W. Moore, Georg Carle." Berlin : Humboldt-Universität zu Berlin, 2019. http://d-nb.info/1189213710/34.
Повний текст джерелаRegateiro, Diogo José Domingues. "A secure, distributed and dynamic RBAC for relational applications." Master's thesis, Universidade de Aveiro, 2014. http://hdl.handle.net/10773/14045.
Повний текст джерелаNowadays, database application use tools like Java Database Connectivity, Hibernate or ADO.NET to access data stored in databases. These tools are designed to bring together the relational database and object-oriented programming paradigms, forsaking applied access control policies. Hence, the application developers must master the established policies as a means to develop software that is conformant with the established access control policies. Furthermore, there are situations where these policies can evolve dynamically. In these cases it becomes hard to adjust the access control mechanisms. This challenge has led to the development of an extension to the role based access control (RBAC) model where permissions are defined as a sequence of create, read, update and delete (CRUD) expressions that can be executed and the interfaces to access them. From these permissions it's possible to generate security artefacts on the client side, i.e. in a distributed manner, which allows the clients to access the stored data while satisfying the security policies defined. On top of this model extension, a security layer has also been created in order to make the access control secure and obligatory. For the RBAC model extension this work leverages a previous work that created a dynamic access control architecture for relational applications, here referred to as DACA (Dynamic Access Control Architecture). DACA uses business logic information and the defined access control policies to build dynamically the security artefacts for the applications. In situations where the access control policies can evolve dynamically, the security artefacts are adjusted automatically. This base work, however, defines as permissions CRUD expressions, which can be executed in any order, and needs an adequate security layer to authenticate users and protect the system form intruders. Hence, this work aims to create a new architecture, called “S-DRACA” (Secure, Dynamic and Distributed Role-based Access Control Architecture), which extends the work done with DACA so that it is capable of enforcing sequences of CRUD expressions that the applications can execute if the sequences are associated with their roles and the development of a security layer to make it secure. We discuss as well the performance of this system and its applicability to other environments outside of relational databases.
Atualmente, aplicações que acedem a bases de dados utilizam ferramentas como o Java Database Connectivity, Hibernate ou ADO.NET para aceder aos dados nelas armazenados. Estas ferramentas estão desenhadas para unir os paradigmas das bases de dados relacionais e da programação orientada a objetos, mas não estão preocupados com as políticas de controlo de acesso a aplicar. Portanto, os programadores de aplicações têm de dominar as políticas estabelecidas a fim de desenvolver aplicações em conformidade com as políticas de controlo de acesso estabelecidas.. Além disso, existem situações em que as políticas de controlo de acesso podem evoluir dinamicamente. Nestes casos, torna-se difícil adequar os mecanismos de controlo de acesso. Este desafio motivou o desenvolvimento de uma extensão ao modelo de controlo de acesso baseado em papeis (RBAC) que define como permissões sequências de expressões para criar, ler, atualizar e apagar (CRUD) informação e as interfaces de acesso a cada uma delas. A partir destas permissões podem ser gerados artefactos de segurança do lado dos clientes, i.e. de uma forma distribuída, que lhes permitem aceder à informação armazenada na base de dados segundo as políticas definidas. Por cima desta extenção também foi criada uma camada de segurança para tornar o controlo de acesso seguro e obrigatório. Para a extensão do modelo RBAC este trabalho baseou-se num trabalho anterior que criou uma arquitectura dinâmica de controlo de acesso para aplicações de bases de dados relacionais, aqui referida como DACA (Dynamic Access Control Architecture). DACA utiliza informação da lógica de negócio e as políticas de controlo de acesso que foram definidos para criar dinamicamente os artefactos de segurança para as aplicações. Em situações onde as políticas de controle de acesso evoluem de forma dinâmica, os artefactos de segurança são ajustados automaticamente. Este trabalho base, no entanto, define como permissões as expressões CRUD, podendo estas ser executadas em qualquer ordem, e necessita de uma camada de segurança adequada para autenticar utilizadores e proteger os dados sensíveis de intrusos. Portanto, neste trabalho, pretende-se criar uma nova arquitectura, chamada “S-DRACA” (Secure, Dynamic and Distributed Role-based Access Control Architecture), que estende o trabalho feito no âmbito do DACA para que este seja capaz de garantir que sejam cumpridas sequência de expressões CRUD que as aplicações podem executar e que estão associados aos seus papéis nas políticas RBAC e desenvolver uma camada de segurança adequada para a tornar segura. Discutimos, também, o seu desempenho e aplicabilidade em outros ambientes sem ser em bases de dados relacionais.
Thakur, Neha S. "Forensic Analysis of WhatsApp on Android Smartphones." ScholarWorks@UNO, 2013. http://scholarworks.uno.edu/td/1706.
Повний текст джерелаDua, Akshay. "Trust-but-Verify: Guaranteeing the Integrity of User-generated Content in Online Applications." PDXScholar, 2013. https://pdxscholar.library.pdx.edu/open_access_etds/1425.
Повний текст джерелаDenys, Paul. "Security of Personal Information in Cloud Computing : Identifying and mitigating against risks to privacy in the deployment of Enterprise Systems Applications on the Software as a Service platform." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-5726.
Повний текст джерелаHsiao, Chih-Wen, David Turner, and Keith Ross. "A secure lightweight currency service provider." CSUSB ScholarWorks, 2004. https://scholarworks.lib.csusb.edu/etd-project/2594.
Повний текст джерелаViriyasitavat, Wattana. "A framework of trust in service workflows." Thesis, University of Oxford, 2013. http://ora.ox.ac.uk/objects/uuid:a894bd9c-eaf2-4ebd-91c1-35012cd0a527.
Повний текст джерелаBATISTA, CARLOS FREUD ALVES. "SOFTWARE SECURITY METRICS." PONTIFÍCIA UNIVERSIDADE CATÓLICA DO RIO DE JANEIRO, 2007. http://www.maxwell.vrac.puc-rio.br/Busca_etds.php?strSecao=resultado&nrSeq=10990@1.
Повний текст джерелаA dependência cada vez maior da tecnologia de informação (TI) torna software seguro um elemento chave para a continuidade dos serviços de nossa sociedade atual. Nos últimos anos, instituições públicas e privadas aumentaram seus investimentos em segurança da informação, mas a quantidade de ataques vem crescendo mais rapidamente do que a nossa capacidade de poder enfrentálos, colocando em risco a propriedade intelectual, a relação de confiança de clientes e a operação de serviços e negócios apoiados pelos serviços de TI. Especialistas em segurança afirmam que atualmente boa parte dos incidentes de segurança da informação ocorrem a partir de vulnerabilidades encontradas no software, componente presente em boa parte dos sistemas de informação. Para tornar o software fidedigno em relação à segurança, a criação e o uso de métricas de segurança serão fundamentais para gerenciar e entender o impacto dos programas de segurança nas empresas. Porém, métricas de segurança são cobertas de mistério e consideradas bastante difíceis de serem implementadas. Este trabalho pretende mostrar que hoje ainda não é possível termos métricas quantitativas capazes de indicar o nível de segurança que o software em desenvolvimento virá a ter. Necessitam-se, então, outras práticas para assegurar níveis de segurança a priori, ou seja, antes de se por o software em uso.
Today`s growing dependency on information technology (IT) makes software security a key element of IT services. In recent years public and private institutions raised the investment on information security, however the number of attacks is growing faster than our power to face them, putting at risk intellectual property, customer`s confidence and businesses that rely on IT services. Experts say that most information security incidents occur due to the vulnerabilities that exist in software systems in first place. Security metrics are essential to assess software dependability with respect to security, and also to understand and manage impacts of security initiatives in organizations. However, security metrics are shrouded in mystery and very hard to implement. This work intends to show that there are no adequate metrics capable of indicating the security level that a software will achieve. Hence, we need other practices to assess the security of software while developing it and before deploying it.