Segurança e privacidade em terminologia de rede

Security and Privacy are now at the forefront of modern concerns, and drive a significant part of the debate on digital society. One particular aspect that holds significant bearing in these two topics is the naming of resources in the network, because it directly impacts how networks work, but also affects how security mechanisms are implemented and what are the privacy implications of metadata disclosure. This issue is further exacerbated by interoperability mechanisms that imply this information is increasingly available regardless of the intended scope. This work focuses on the implications of naming with regards to security and privacy in namespaces used in network protocols. In particular on the imple- mentation of solutions that provide additional security through naming policies or increase privacy. To achieve this, different techniques are used to either embed security information in existing namespaces or to minimise privacy ex- posure. The former allows bootstraping secure transport protocols on top of insecure discovery protocols, while the later introduces privacy policies as part of name assignment and resolution. The main vehicle for implementation of these solutions are general purpose protocols and services, however there is a strong parallel with ongoing re- search topics that leverage name resolution systems for interoperability such as the Internet of Things (IoT) and Information Centric Networks (ICN), where these approaches are also applicable.Segurança e Privacidade são dois topicos que marcam a agenda na discus- são sobre a sociedade digital. Um aspecto particularmente subtil nesta dis- cussão é a forma como atribuímos nomes a recursos na rede, uma escolha com consequências práticas no funcionamento dos diferentes protocols de rede, na forma como se implementam diferentes mecanismos de segurança e na privacidade das várias partes envolvidas. Este problema torna-se ainda mais significativo quando se considera que, para promover a interoperabili- dade entre diferentes redes, mecanismos autónomos tornam esta informação acessível em contextos que vão para lá do que era pretendido. Esta tese foca-se nas consequências de diferentes políticas de atribuição de nomes no contexto de diferentes protocols de rede, para efeitos de segurança e privacidade. Com base no estudo deste problema, são propostas soluções que, através de diferentes políticas de atribuição de nomes, permitem introdu- zir mecanismos de segurança adicionais ou mitigar problemas de privacidade em diferentes protocolos. Isto resulta na implementação de mecanismos de segurança sobre protocolos de descoberta inseguros, assim como na intro- dução de mecanismos de atribuiçao e resolução de nomes que se focam na protecçao da privacidade. O principal veículo para a implementação destas soluções é através de ser- viços e protocolos de rede de uso geral. No entanto, a aplicabilidade destas soluções extende-se também a outros tópicos de investigação que recorrem a mecanismos de resolução de nomes para implementar soluções de intero- perabilidade, nomedamente a Internet das Coisas (IoT) e redes centradas na informação (ICN).Programa Doutoral em Informátic

Mashup Ecosystems: Integrating Web Resources on Desktop and Mobile Devices

The Web is increasingly used as an application platform, and recent development of it has introduced software ecosystems where different actors collaborate. This collaboration is international from day one, and it evolves and grows rapidly. In web ecosystems applications are provided as services, and interdependencies between ecosystem parts can vary from very strong and obvious to loose and recondite. Mashups -- web application hybrids that combine resources from different services into an integrated system that has increased value from user perspective -- are exploiting services of the Web and creating ecosystems where end-users, mashup authors, and service providers collaborate. The term "resources" is used here in a broad sense, and it can refer to user's local data, infinite content of the Web, and even executable code. This dissertation presents mashups as a new breed of web applications that are intended for parsing the web content into an easily accessed form on both regular desktop computers as well as on mobile devices. Constantly evolving web technologies and new web services open up unforeseen possibilities for mashup development. However, developing mashups with current methods and tools for existing deployment environments is challenging. First, the Web as an application platform faces numerous shortcomings, second, web application development practices in general are still immature, and third, development of mashups has additional requirements that need to be addressed. In addition, mobility sets even more challenges for mashup authoring. This dissertation describes and addresses numerous issues regarding mashup ecosystems and client-side mashup development. To achieve this, we have implemented technical research artifacts including mashup ecosystems and different kinds of mashup compositions. The artifacts are developed with numerous runtime environments and tools and targeted at different end-user platforms. This has allowed us to evaluate methods, tools, and practises used during the implementation. As result, this dissertation identifies the fundamental challenges of mashup ecosystems and describes how service providers and mashup ecosystem authors can address these challenges in practice. In addition, example implementation of a specialized multimedia mashup ecosystem for mobile devices is described. To address mashup development issues, this dissertation introduces practical guidelines and a reference architecture that can be applied when mashups are created with traditional web development tools. Moreover, environments that can be used on mobile devices to create mashups that have access to both web and local resources are introduced. Finally, a novel approach to web software development -- creating software as a mashup -- is introduced, and a realization of such concept is described

The development of a discovery and control environment for networked audio devices based on a study of current audio control protocols

This dissertation develops a standard device model for networked audio devices and introduces a novel discovery and control environment that uses the developed device model. The proposed standard device model is derived from a study of current audio control protocols. Both the functional capabilities and design principles of audio control protocols are investigated with an emphasis on Open Sound Control, SNMP and IEC-62379, AES64, CopperLan and UPnP. An abstract model of networked audio devices is developed, and the model is implemented in each of the previously mentioned control protocols. This model is also used within a novel discovery and control environment designed around a distributed associative memory termed an object space. This environment challenges the accepted notions of the functionality provided by a control protocol. The study concludes by comparing the salient features of the different control protocols encountered in this study. Different approaches to control protocol design are considered, and several design heuristics for control protocols are proposed

Towards Modular and Flexible Access Control on Smart Mobile Devices

Smart mobile devices, such as smartphones and tablets, have become an integral part of our daily personal and professional lives. These devices are connected to a wide variety of Internet services and host a vast amount of applications, which access, store and process security- and privacy-sensitive data. A rich set of sensors, ranging from microphones and cameras to location and acceleration sensors, allows these applications and their back end services to reason about user behavior. Further, enterprise administrators integrate smart mobile devices into their IT infrastructures to enable comfortable work on the go. Unsurprisingly, this abundance of available high-quality information has made smart mobile devices an interesting target for attackers, and the number of malicious and privacy-intrusive applications has steadily been rising. Detection and mitigation of such malicious behavior are in focus of mobile security research today. In particular, the Android operating system has received special attention by both academia and industry due to its popularity and open-source character. Related work has scrutinized its security architecture, analyzed attack vectors and vulnerabilities and proposed a wide variety of security extensions. While these extensions have diverse goals, many of them constitute modifications of the Android operating system and extend its default permission-based access control model. However, they are not generic and only address specific security and privacy concerns. The goal of this dissertation is to provide generic and extensible system-centric access control architectures, which can serve as a solid foundation for the instantiation of use-case specific security extensions. In doing so, we enable security researchers, enterprise administrators and end users to design, deploy and distribute security extensions without further modification of the underlying operating system. To achieve this goal, we first analyze the mobile device ecosystem and discuss how Android's security architecture aims to address its inherent threats. We proceed to survey related work on Android security, focusing on system-centric security extensions, and derive a set of generic requirements for extensible access control architectures targeting smart mobile devices. We then present two extensible access control architectures, which address these requirements by providing policy-based and programmable interfaces for the instantiation of use-case specific security solutions. By implementing a set of practical use-cases, ranging from context-aware access control, dynamic application behavior analysis to isolation of security domains we demonstrate the advantages of system-centric access control architectures over application-layer approaches. Finally, we conclude this dissertation by discussing an alternative approach, which is based on application-layer deputies and can be deployed whenever practical limitations prohibit the deployment of system-centric solutions

Late standardization and technological catch-up

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Urban Studies and Planning, 2006.Includes bibliographical references (p. 325-335).In this study, we examine the process of "late standardization," in which latecomers engage in standards activities in order to move towards and beyond the technological frontier. Based on case studies of latecomers in the semiconductor and mobile telecommunication industries in South Korea and Thailand, we analyze the strategic, organizational, and institutional aspects of the late-standardization process. We hypothesize that latecomer firms and states must engage in standards activities to progress beyond catch-up, because standards are a prerequisite to technological development. Standards are strategic leverages that allow latecomers to link with and learn from technology leaders. Specifically, latecomer firms have to engage internally in quality standardization to take advantage of latecomer advantages. Quality standards help improve production capability, while enhancing credibility and reputation. Without quality control, latecomers cannot become part of global value chains and have difficulty in acquiring advanced technologies from forerunners. As latecomers become fast followers, they have to participate in external standardization. The goal is to acquire knowledge about emerging technologies and standards.(cont.) By linking with and learning from forerunners, fast followers enhance second-mover advantages derived from ramp-up capability. Once their R&D efforts bear fruit and they become technology leaders, advanced "late standardizers" have to lead external standardization efforts. This would enable them to exploit innovation capability and gain first-mover advantages derived from proprietary technologies and learning-curve effects. As latecomers move towards the technological frontier, standards activities become the core of research and development strategy and policy. They also adjust organizational structures and human resource management to accommodate standards efforts. The state plays critical yet changing roles throughout the late-standardization process. It sets up standards institutions and provides "infratechnologies" for quality control. The state also mitigates technology and market risks associated with new standards, while facilitating networking among late-standardizing firms. As late standardizers become technology and standards leaders, the state pursues "standards diplomacy" for overseas adoption of its domestic standards, while strengthening the protection of intellectual property rights.by Apiwat Ratanawaraha.Ph.D

SOLVENT-RESISTANT NANOFILTRATION MEMBRANES: SEPARATION STUDIES AND MODELING

The primary focus of the research is to extend the principles of Nanofiltration(NF) to non-aqueous systems using solvent-resistant NF membranes. Several differentlevels of interaction are introduced when organic solvents are used with polymericmembranes and thus quantification of polymer-solvent interactions is critical. Puresolvent permeation studies were conducted to understand the mechanism of solventtransport through polymeric membranes. Different membrane materials (hydrophilic andhydrophobic) as well as different solvents (polar and non-polar) were used for the study.For example, hexane flux at 13 bar through a hydrophobic silicone based NF membranewas ~ 0.6 x 10-4 cm3/cm2. s. and that through a hydrophilic aromatic polyamide based NFmembrane was ~ 6 x 10-4 cm3/cm2. s. A simple model based on a solution-diffusionapproach which uses solvent physical properties (molar volume, viscosity) andmembrane properties (surface energy, etc) is used for correlating the pure solventpermeation through hydrophobic polymeric membranes.Solute transport studies were performed using organic dyes and triglycerides inpolar and non-polar solvents. For example, the rejection of Sudan IV (384 MW organicdye) in n-hexane medium is about 25 % at 15 bar and that in methanol is about –10 % atabout 20 bar for a hydrophobic (PDMS-based) membrane. However, for a hydrophilicpolyamide based NF membrane, the direction of separation is reversed (86 % in methanoland 43 % in n-hexane). From our experimental data with two types of membranes it isclear that coupling of the solute and solvent fluxes cannot be neglected. Two traditionaltransport theories (Spiegler-Kedem and Surface Force-Pore Flow model) that considercoupling were evaluated with literature and our experimental solute permeation data. Amodel based on a fundamental chemical potential gradient approach has been proposedfor explaining solute separation. The model uses solute, solvent and membrane physicalproperties and uses the Flory-Huggins and UNIFAC theories as activity coefficientmodels. This model has been used to obtain a correlation for the diffusion coefficients ofsolutes in hexane through a hydrophobic membrane. This correlation along withconvective coupling can be used to predict separation behavior for different solutes and atdifferent temperatures