131,619 research outputs found
Conceivable security risks and authentication techniques for smart devices
With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques
Laptop theft: a case study on effectiveness of security mechanisms in open organizations
Organizations rely on physical, technical and procedural mechanisms to protect their physical assets. Of all physical assets, laptops are the probably the most troublesome to protect, since laptops are easy to remove and conceal. Organizations open to the public, such as hospitals and universities, are easy targets for laptop thieves, since every day hundreds of people not employed by the organization wander in the premises. The problem security professionals face is how to protect the laptops in such open organizations. \ud
\ud
In this study, we look at the eectiveness of the security mechanisms against laptop theft in two universities. We analyze the logs from laptop thefts in both universities and complement the results with penetration tests. The results from the study show that surveillance cameras and access control have a limited role in the security of the organization and that the level of security awareness of the employees plays the biggest role in stopping theft. The results of this study are intended to aid security professionals in the prioritization of security mechanisms
KASR: A Reliable and Practical Approach to Attack Surface Reduction of Commodity OS Kernels
Commodity OS kernels have broad attack surfaces due to the large code base
and the numerous features such as device drivers. For a real-world use case
(e.g., an Apache Server), many kernel services are unused and only a small
amount of kernel code is used. Within the used code, a certain part is invoked
only at runtime while the rest are executed at startup and/or shutdown phases
in the kernel's lifetime run. In this paper, we propose a reliable and
practical system, named KASR, which transparently reduces attack surfaces of
commodity OS kernels at runtime without requiring their source code. The KASR
system, residing in a trusted hypervisor, achieves the attack surface reduction
through a two-step approach: (1) reliably depriving unused code of executable
permissions, and (2) transparently segmenting used code and selectively
activating them. We implement a prototype of KASR on Xen-4.8.2 hypervisor and
evaluate its security effectiveness on Linux kernel-4.4.0-87-generic. Our
evaluation shows that KASR reduces the kernel attack surface by 64% and trims
off 40% of CVE vulnerabilities. Besides, KASR successfully detects and blocks
all 6 real-world kernel rootkits. We measure its performance overhead with
three benchmark tools (i.e., SPECINT, httperf and bonnie++). The experimental
results indicate that KASR imposes less than 1% performance overhead (compared
to an unmodified Xen hypervisor) on all the benchmarks.Comment: The work has been accepted at the 21st International Symposium on
Research in Attacks, Intrusions, and Defenses 201
Body language, security and e-commerce
Security is becoming an increasingly more important concern both at the desktop level and at the network level. This article discusses several approaches to authenticating individuals through the use of biometric devices. While libraries might not implement such devices, they may appear in the near future of desktop computing, particularly for access to institutional computers or for access to sensitive information. Other approaches to computer security focus on protecting the contents of electronic transmissions and verification of individual users. After a brief overview of encryption technologies, the article examines public-key cryptography which is getting a lot of attention in the business world in what is called public key infrastructure. It also examines other efforts, such as IBM’s Cryptolope, the Secure Sockets Layer of Web browsers, and Digital Certificates and Signatures. Secure electronic transmissions are an important condition for conducting business on the Net. These business transactions are not limited to purchase orders, invoices, and contracts. This could become an important tool for information vendors and publishers to control access to the electronic resources they license. As license negotiators and contract administrators, librarians need to be aware of what is happening in these new technologies and the impact that will have on their operations
Automated operation of a home made torque magnetometer using LabVIEW
In order to simplify and optimize the operation of our home made torque
magnetometer we created a new software system. The architecture is based on
parallel, independently running instrument handlers communicating with a main
control program. All programs are designed as command driven state machines
which greatly simplifies their maintenance and expansion. Moreover, as the main
program may receive commands not only from the user interface, but also from
other parallel running programs, an easy way of automation is achieved. A
program working through a text file containing a sequence of commands and
sending them to the main program suffices to automatically have the system
conduct a complex set of measurements. In this paper we describe the system's
architecture and its implementation in LabVIEW.Comment: 6 pages, 7 figures, submitted to Rev. Sci. Inst
Limiting the effects of earthquakes on gravitational-wave interferometers
Ground-based gravitational wave interferometers such as the Laser
Interferometer Gravitational-wave Observatory (LIGO) are susceptible to
high-magnitude teleseismic events, which can interrupt their operation in
science mode and significantly reduce the duty cycle. It can take several hours
for a detector to stabilize enough to return to its nominal state for
scientific observations. The down time can be reduced if advance warning of
impending shaking is received and the impact is suppressed in the isolation
system with the goal of maintaining stable operation even at the expense of
increased instrumental noise. Here we describe an early warning system for
modern gravitational-wave observatories. The system relies on near real-time
earthquake alerts provided by the U.S. Geological Survey (USGS) and the
National Oceanic and Atmospheric Administration (NOAA). Hypocenter and
magnitude information is generally available in 5 to 20 minutes of a
significant earthquake depending on its magnitude and location. The alerts are
used to estimate arrival times and ground velocities at the gravitational-wave
detectors. In general, 90\% of the predictions for ground-motion amplitude are
within a factor of 5 of measured values. The error in both arrival time and
ground-motion prediction introduced by using preliminary, rather than final,
hypocenter and magnitude information is minimal. By using a machine learning
algorithm, we develop a prediction model that calculates the probability that a
given earthquake will prevent a detector from taking data. Our initial results
indicate that by using detector control configuration changes, we could prevent
interruption of operation from 40-100 earthquake events in a 6-month
time-period
- …