66 research outputs found

    On the modelling of Kerberos protocol in the Quality of Protection Modelling Language (QoP-ML)

    Get PDF
    The security modelling of IT systems is a very complicated task. One of the issues which must be analysed is the performance of IT systems. In many cases the guaranteed security level is too high in relation to the real threats. The overestimation of security measures can decrease system performance. The paper presents the analysis of Kerberos cryptographic protocol in terms of quality of protection performed by Quality of Protection Modelling Language (QoP-ML). The analysis concerns the availability attribute. In the article the Kerberos protocol was modelled and the QoP analysis of two selected versions was performed

    Quality of Protection Evaluation of Security Mechanisms

    Get PDF
    Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol

    On Security Management: Improving Energy Efficiency, Decreasing Negative Environmental Impact, and Reducing Financial Costs for Data Centers

    Get PDF
    Security management is one of the most significant issues in nowadays data centers. Selection of appropriate security mechanisms and effective energy consumption management together with caring for the environment enforces a profound analysis of the considered system. In this paper, we propose a specialized decision support system with a multilevel, comprehensive analysis scheme. As a result of the extensive use of mathematical methods and statistics, guidelines and indicators returned by the proposed approach facilitate the decision-making process and conserve decision-maker’s time and attention. In the paper we utilized proposed multilevel analysis scheme to manage security-based data flow in the example data center. Determining the most secure, energy-efficient, environmental friendly security mechanisms, we implemented the role-based access control method in Quality of Protection Modeling Language (QoP-ML) and evaluated its performance in terms of mentioned factors

    Adaptable Authentication Model - for Exploring the Weaker Notions of Security

    Get PDF

    A case study : academic achievement in an after-school tutoring program with Black middle school youth

    Get PDF
    unavailabl

    The international competitiveness of Chinese construction firms

    Get PDF
    Many Chinese construction firms have strategically started to develop their overseas construction markets in line with the development of the integration of global economies, following China’s accession to the World Trade Organisation in 2001, and the Chinese government’s 2013 proposal for the “One Belt One Road”, which was an opportunity for Chinese construction firms to expand their global business. However, in the current dynamic global construction market there are factors, which may affect Chinese construction firms’ global expansion. However, the competitiveness theories, such as, Porter’s Competition theory, the Resources-Based Approach, and the Strategic Management Approach, had application limitations with respect to Chinese construction firms, because of the unique characteristics of China’s construction industry, which is a socialist market economy and is moving towards integration into the global market. It has been important for Chinese construction firms to focus on investigating those indicators, which have contributed to their international operations. Therefore, it was necessary to establish a framework to assess and improve Chinese construction firms’ international competitiveness. A competitiveness framework was established through the application of mixed methods relating to a sequential explanatory strategy, with strong quantitative and qualitative considerations. For this sequential study, firstly, the key players in the competitive global construction market were identified through analysis of secondary quantitative data. Secondly, a total of 21 key competitiveness indicators were identified through analysis of secondary qualitative data, after which a draft conceptual competitiveness framework was proposed. Thirdly, Modified Delphi interviews were conducted, in order to refine and tighten the draft conceptual competitiveness framework, in all a total of 49 key competitiveness indicators were identified and a competitiveness framework was established. Finally, a case study was conducted through an analysis of both secondary data and structured interview results, which validated that the competitiveness framework was a strategy and a practical tool for assessing and improving Chinese construction firms’ international competitiveness. In addition, a mathematical method named Weighted Summation was employed in this research for calculating competitiveness. Chinese construction firms’ international competitiveness could then be calculated. This research found that the meaning of competitiveness could not be precisely defined, but the indicators, which contributed to Chinese construction firms’ international competitiveness could be identified. This research provided a useful learning tool to assess and improve construction firms’ international competitiveness

    A survey of the Victoria Falls with a view to repositioning this key tourist attraction in Zimbabwe.

    Get PDF
    Thesis (MBA)- University of Kwazulu-Natal, 2004.This study looks at the ailing Zimbabwean tourism industry and efforts to reverse the negative trend in tourist arrivals. Despite this sector of the economy enjoying positive growth both globally and at a regional level, the local industry had been adversely affected by negative perceptions about the country. The Zimbabwe Tourism Authority (ZTA), whose mission is to professionally market Zimbabwe as a leading tourist destination, has embarked on various initiatives. Unfortunately however, the organisation has enjoyed limited success in recapturing the demand experienced in the years prior to 1999. In order to investigate other avenues to pursue, this study sought the perspectives of two major stakeholders of the local tourism industry. These were namely "buyers" comprising the international tourist, who were probed for their motivations in selecting a holiday destination. In addition, local "suppliers" to the sector who interface directly with the international traveller, were asked to give their perspective on the performance of the ZTA in fulfilling its mission. Personal interviews were conducted in the resort town of Victoria Falls. This area was chosen over other attractions in Zimbabwe because our neighbouring competitors, South Africa and Zambia have promoted the resort for their own benefit, at the expense of the local industry. Another reason is the worldwide recognition and appeal of the attraction, owing to its historical significance. The study established that the resort still enjoys immense popularity, with international visitors opting to return several times in order to gaze at the scenic wonder. However, since the falls lack a truly Zimbabwean identity or image, travel agents and tour operators have either channeled tourist to the Zambian side or flown them in via South Africa as day visitors. The resultant effect has been minimal financial benefit to Zimbabwe by way of receipts from tourist expenditure. Adopting a co-operative strategic orientation with these neighbouring countries is recommended. At a local level the study found that the local tourism industry lacked a unified approach in tackling the challenges facing sector

    Gestion de la sécurité dans une infrastructure de services dynamique (Une approche par gestion des risques)

    Get PDF
    Les changements de contexte Ă©conomiques imposent de nouvelles stratĂ©gies organisationnelles aux entreprises : recentrages mĂ©tier et dĂ©veloppement de stratĂ©gies de collaboration interentreprises. Ces tendances du marchĂ© laissent prĂ©voir une croissance exponentielle d Ă©cosystĂšmes de service accessibles Ă  la fois aux clients finaux et aux partenaires. Tout laisse prĂ©voir que ces Ă©cosystĂšmes s appuieront largement sur les architectures orientĂ©es services permettant de construire des systĂšmes d information capable d avoir l agilitĂ© requise et de supporter l interconnexion des processus mĂ©tier collaboratifs en composant dynamiquement les processus Ă  partir de services distribuĂ©s. Ce type d architecture qui permet d assurer l alignement du systĂšme d information sur les besoins mĂ©tier de l entreprise, rend indispensable la prise en compte des contraintes de sĂ©curitĂ© tant au niveau individuel des services qu au niveau de la composition. Dans un environnement de services distribuĂ©s et dynamiques, la sĂ©curitĂ© ne doit pas se limiter Ă  fournir des solutions technologiques mais Ă  trouver une stratĂ©gie de sĂ©curitĂ© prenant en compte les dimensions mĂ©tier, organisationnelle et technologique. En outre, la sĂ©curitĂ© doit ĂȘtre apprĂ©hendĂ©e comme un processus continu qui vise l optimisation des investissements de sĂ©curitĂ© et assure la pĂ©rennitĂ© des mesures de sĂ©curitĂ© mises en Ɠuvre. Or les modĂšles et architectures de rĂ©fĂ©rence du domaine des services ont sous-estimĂ© la dĂ©finition des besoins en termes de sĂ©curitĂ©, les biens Ă  protĂ©ger et l identification des risques pesant sur ces biens. Pour cela, nous proposons d aborder la problĂ©matique de la sĂ©curitĂ© par une approche de gestion des risques permettant d identifier les diffĂ©rents types de risques et de proposer les mesures de sĂ©curitĂ© les plus adĂ©quates au contexte. Toutefois, la gestion des risques s avĂšre un vrai dĂ©fi dans un environnement ouvert de services collaboratifs. En effet, les mĂ©thodes de gestion des risques dĂ©veloppĂ©es dans le cadre des systĂšmes d information ne rĂ©pondent pas aux exigences de sĂ©curitĂ© dans un environnement ouvert et ne sont pas adaptĂ©es aux environnements dynamiques. Pour pallier ces limites, nous proposons un cadre mĂ©thodologique de gestion de la sĂ©curitĂ© portant sur les phases prĂ©paration, conception, exĂ©cution et supervision du cycle de vie des services. Nous proposons un modĂšle de services sĂ©curisĂ©s permettant de dĂ©finir des patrons de sĂ©curitĂ©, un modĂšle de classification des biens Ă  protĂ©ger et une ontologie pour dĂ©finir les concepts associĂ©s Ă  ces biens. En outre, nous dĂ©veloppons une mĂ©thodologie de conception d une architecture orientĂ©e services sĂ©curisĂ©e puis abordons la construction de processus mĂ©tier sĂ©curisĂ©s avant de proposer un service de gestion des vulnĂ©rabilitĂ©s de l infrastructure.Changes in economic environment impose new organizational strategies to companies: refocusing business and creating collaboration strategies. These trends point to an exponential growth of service ecosystems accessible to both end users and partners. All foreshadows that these ecosystems rely heavily on service-oriented architectures that can build information systems having the required agility and supporting the interconnection of collaborative business processes by composing processes dynamically from distributed services. This type of architecture that ensures business and information systems alignment, makes it essential to take into account security constraints at the services and the composition s levels. In a distributed and dynamic services environment, security should not be limited to providing technological solutions but to find a security strategy taking into account the business, organizational and technological dimensions. Besides, the security must be considered as an ongoing process that aims to optimize security investments and ensures the sustainability of implemented security measures. However, the models and reference architectures in the services domain have underestimated the definition of security requirements, assets to protect and the identification of risks to those assets. Therefore, we propose to address the security management issues by a risk management approach to identify the different types of risks and propose the most appropriate security measures to the context. Nevertheless, risk management is a real challenge in an open collaborative services environment. The methods of risk management developed in the context of information systems do not meet the security requirements in an open environment and are not suitable for dynamic environments. To overcome these limitations, we propose a methodological framework for security management covering the phases: preparation, design, execution and supervision of the services lifecycle. We propose a model of secure services to identify security patterns, an assets classification model and an ontology defining the concepts associated with those assets. Moreover, we develop a methodology for designing secure service oriented architectures, we address the development of secure business processes then we propose a security service for managing and supervising the infrastructure components vulnerabilities.VILLEURBANNE-DOC'INSA-Bib. elec. (692669901) / SudocSudocFranceF
    • 

    corecore