• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Only Abstract
 

Only Abstract

on

  • 276 views

gy

gy

Statistics

Views

Total Views
276
Views on SlideShare
276
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft Word

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Only Abstract Only Abstract Document Transcript

    • I ) Design and Implementation of an Environment to Support Development of Methods for Security Assessment Abstract: There is no debate over the importance of IT security. Equally important is the research on security assessment; methods for evaluating the security of IT systems. The Swedish Defense Research Agency has for the last couple of years been conducting research on the area of security assessment. To verify the correctness of these methods, tools are implemented. This thesis presents the design and implementation of an environment to support and aid future implementations and evaluations of security assessment methods. The aim of this environment, known as the New Tool Environment, NTE, is to assist the developer by facilitating the more time consuming parts of the implementation. A large part of this thesis is devoted to the development of a database solution, which results in an object/relational data access layer. III) Risk Analysis of the applied RFID system : Project Stolpen Abstract: This thesis will be a risk analysis of a RFID-system for a logistical application. The system works as follows: Around Karlstad in Sweden there are three new weighing machines for lorries. The load weight will be measured for the police to control overweight and for logistical reasons such as issuing invoices and optimising the supply chain. The lorries do not have to stop to be weighed. They have to drive slowly over the weighing machine, so the loss of time is minimal. The lorries will be identified via RFID- tags. So every time a lorry will be driven over the weighing machine, the identification number and the measured weight will be logged and send to a database. In the future it is planed to store the weight on the tag itself. The task is now to analyse the RFID- communication and the transmission to the database. The thesis will contain several parts. First RFID in general and how RFID will be used in the application-scenario will be
    • described. Next sections will be about the security and privacy requirements and the risks in detail. Then possible solutions are outlined and concrete suggestions are presented. Finally a conclusion will be drawn, which will show that the application has a low level of security. III ) Database security curriculum in InfoSec program ABSTRACT Database Security course is an important part of the InfoSec curriculum. In many institutions this is not taught as an independent course. Parts of the contents presented in this paper are usually incorporated in other courses such as Network Security. The importance of database security concepts stems from the fact that a compromise of data at rest could expose an organization to a greater security threat than otherwise. Database vulnerabilities exposed recently in several high profile incidents would be a good reason to dedicate a full course to this important topic. In this paper we present key topics such as technologies for database protection, access control, multilevel security, database vulnerabilities and defenses, privacy and legal issues, impact of policies and some well known secure database models. DATA WAREHOUSING Iv) The Application of Case-Based Reasoning to the Understanding of Constraints on Information Models ABSTRACT This thesis explores a case-based reasoning approach to understanding the constraints on information models, in particular those written in the information modelling language EXPRESS. In the context of this thesis, a constraint on a model is any condition (explicit or implicit) that must not be violated by a data repository which conforms to that model. The underlying motivation for this research is the need to understand the comparative semantics of the constraints on two models of the same domain, for tasks such as schema- to-schema mapping (automatically generating a program to map instances from one data repository to another). This comparative understanding of constraints would enable a system to see to what extent the constraints on one model are respected by another model (e.g. in the case of schema-to-schema mapping, whether mapping valid instances from the source model could violate constraints on the target model). This thesis presents a method for understanding the constraints on a given EXPRESS model. This understanding is realised by extracting from the model higher-level knowledge about the constraints. This knowledge is represented as higher-level
    • constraints: constraints which are at a higher level of abstraction than the model itself, making explicit their implicit semantics. In the case-based reasoning approach to understanding the constraints on a model, cases that match particular fragments of the model are used to suggest higher-level constraints to extract. Although the current system only considers one model in isolation, this work will provide a useful building block for future systems which are concerned with the comparative semantics of the constraints on two models. The particular way in which the constraints are understood is driven by the purpose of this comparative understanding: the (manual) process of identifying higher-level constraints entails a comparative investigation of models that have semantically equivalent constraints which are expressed in different ways. An experimental constraint-understanding system has been implemented, which is capable of extracting higher-level constraints from valid EXPRESS models. V ) Benefits of Network Security Consolidation ABSTRACT Driven by budget, space, power and other constraints, consolidation has become a strategic imperative for enterprise IT professionals at all levels. In order to achieve the most benefit and offer the highest levels of security effectiveness and efficiency, a consolidated network security solution should offer complete integration of specialized hardware with the software and security content. Join John Pescatore, VP Security Research at Gartner, and Anthony James, VP of Products at Fortinet, for a closer look at the benefits of network security consolidation in a short 20 minute discussion exploring: How consolidated security functions can help CIOs Key benefits of a consolidated security solution versus multiple point solutions How Fortinet delivers comprehensive security at industry leading performance Why consolidated security make sense for the enterprise Consolidation provides a higher level of security versus single function products VI)Abstract There is no debate over the importance of IT security. Equally important is the research on security assessment; methods for evaluating the security of IT systems. The Swedish Defense Research Agency has for the last couple of years been conducting research on the area of security assessment. To verify the correctness of
    • these methods, tools are implemented. This thesis presents the design and implementation of an environment to support and aid future implementations and evaluations of security assessment methods. The aim of this environment, known as the New Tool Environment, NTE, is to assist the developer by facilitating the more time consuming parts of the implementation. A large part of this thesis is devoted to the development of a database solution, which results in an object/relational data access layer. VIII ) A logic-programming approach to network security analysis Abstract: An important problem in network security management is to uncover potential multistage, multihost attack paths due to software vulnerabilities and misconfigurations. This thesis proposes a logic-programming approach to conduct this analysis automatically. We use Datalog to specify network elements and their security interactions. The multihost, multistage vulnerability analysis can be conducted by an off-the-shelf logic-programming engine that can evaluate Datalog efficiently. Compared with previous approaches, Datalog is purely declarative, providing a clear specification of reasoning logic. This makes it easy to leverage multiple third-party tools and data in the analysis. We built an end-to-end system, MulVAL, that is based on the methodology discussed in this thesis. In MulVAL, a succinct set of Datalog rules captures generic attack scenarios, including exploiting various kinds of software vulnerabilities, operating-system sematics that enables or prohibits attack steps, and other common attack techniques. The reasoning engine takes inputs from various off-the-shelf tools and formal security advisories, performs analysis on the network level to determine if vulnerabilities found on individual hosts can result in a condition violating a given high-level security policy. Datalog is a language that has efficient evaluation, and in practice it runs fast in off-the- shelf logic programming engines. The flexibility of general logic programming also allows for more advanced analysis, in particular hypothetical analysis, which searches for attack paths due to unknown vulnerabilities. Hypothetical analysis is useful for checking the security robustness of the configuration of a network and its ability to guard against future threats. Once a potential attack path is discovered, MulVAL generates a visualized attack tree that helps the system administrator understand how the attack could happen and take countermeasures accordingly.
    • VII ) Evaluation of Security Risks Associated with Networ ked Info rmation Systems Abstract Security risk s associated with networ ked enterprise systems is a topic that has become increasingly significant in the new millennium. As corporations rely ever more on techno logy to run their businesses, connecting enterprise systems to each other to perform seamless business transactions in a virtually borderless world, security is beco ming a concern rather than an afterthought for IS managers around the world. This thesis consists o f a comprehensive literature review and the results of a case study conducted in Sydney dur ing June œ September 2001. The insights gained from the literature were tested and o bservations made during the case study, which involved a B2B Internet applicatio n implementation for a large Japanese electronics conglo merate in Australia. The Gartner Group estimates that 75% of all enterprises were Internet-isolated in 1999; however, they predict that 80% o f all businesses will be using the Internet as an integr al part of their businesses by 2004 (Witty, 2001). It was identified that 85% to 90% of all businesses on the Internet r eported some fo rm of security incident in 2000 (CSI, 2001) , and Computer Economics estimated the cost o f computer crime to be US$17.1 billion in 2000 ( Abreu, 2001). These facts clearly indicate that security is a real problem. Research has revealed that a large proportion of the secur ity lapses were attributed to system ad ministrators‘ failure to update software patches, and to remain o n the top of the latest developments in their trade. This behaviour is sometimes attributed to the culture, or even the workload of admin istrators, who are typically respo nsib le for looking after numerous disparate systems. The increasingly complex systems also expect administrators to be experts in var ious techno logies, which is o ften beyo nd the compre he nsion of ma ny syste ms admin ist rat ors. The final outcome o f this research is a secur ity evaluation framework that is practical enough to be used in real applications with acceptable results, witho ut having to be an expert in the securityupo n concepts drawn frotested. to Australianleaders in the nal Standards. It is built industry, and empirically m computer security and Internatio arena. The framework co nforms M.Bus (IT) Thesis, RMIT 2001
    • IX )Benefits of Network Security Consolidation ABSTRACT Driven by budget, space, power and other constraints, consolidation has become a strategic imperative for enterprise IT professionals at all levels. In order to achieve the most benefit and offer the highest levels of security effectiveness and efficiency, a consolidated network security solution should offer complete integration of specialized hardware with the software and security content. Join John Pescatore, VP Security Research at Gartner, and Anthony James, VP of Products at Fortinet, for a closer look at the benefits of network security consolidation in a short 20 minute discussion exploring: How consolidated security functions can help CIOs Key benefits of a consolidated security solution versus multiple point solutions How Fortinet delivers comprehensive security at industry leading performance Why consolidated security make sense for the enterprise Consolidation provides a higher level of security versus single function products