232,801 research outputs found

    Password Based a Generalize Robust Security System Design Using Neural Network

    Get PDF
    Among the various means of available resource protection including biometrics, password based system is most simple, user friendly, cost effective and commonly used. But this method having high sensitivity with attacks. Most of the advanced methods for authentication based on password encrypt the contents of password before storing or transmitting in physical domain. But all conventional cryptographic based encryption methods are having its own limitations, generally either in terms of complexity or in terms of efficiency. Multi-application usability of password today forcing users to have a proper memory aids. Which itself degrades the level of security. In this paper a method to exploit the artificial neural network to develop the more secure means of authentication, which is more efficient in providing the authentication, at the same time simple in design, has given. Apart from protection, a step toward perfect security has taken by adding the feature of intruder detection along with the protection system. This is possible by analysis of several logical parameters associated with the user activities. A new method of designing the security system centrally based on neural network with intrusion detection capability to handles the challenges available with present solutions, for any kind of resource has presented

    SCALABLE CAPABILITY-BASED AUTHORIZATION FOR HIGH-PERFORMANCE PARALLEL FILE SYSTEMS

    Get PDF
    As the size and scale of supercomputers continues to increase at an exponential rate the number of users on a given supercomputer will only grow larger. A larger number of users on a supercomputer places a greater importance on the strength of information security. Nowhere is this requirement for security more apparent than the file system, as users expect their data to be protected from accidental or deliberate modification. In spite of the ever-increasing demand for more secure file system access the majority of parallel file systems do not implement a robust security protocol for fear it will negatively impact the performance and scalability of the file system. We provide a capability-based security protocol for use in high-performance parallel file systems that is capable of meeting the performance and scalability requirements of current and future supercomputers. We develop a reference implementation for the Parallel Virtual File System and show its performance characteristics using several microbenchmarks. Our test results show that capability-based security is capable of protecting access to parallel file system objects, in some cases with little overhead

    Managing regional security of supply : a case study from Scotland

    Get PDF
    Securing the supply of electricity to a region of a power system requires either generation capacity within that region, or transmission import capability coupled with generation elsewhere in the power system. The problem is one of co-optimising generation and transmission infrastructure. This paper begins by discussing changes in Great Britain (GB) regulator environment affecting the provision of regional security of supply: changes to the transmission charging regime; new regulatory arrangements including enhancements to the System Operator’s role, and the opening up of major new transmission projects to competition; and some limitations of the existing standard defining the methodology for calculating secure transmission capabilities. Scotland, as a region of the GB power system, provides an interesting case study in which to investigate the allocation of contributions to regional security of supply between transmission and various categories of generation. In particular, intermittent generation is currently ignored when calculating the level of transmission import capability required to maintain security of supply in a region, whilst it is considered in overall generation adequacy calculations at a system level. Whilst wind generation is not dispatchable, it is shown here that it does provide an additional source of generation availability that should be considered in studies into transmission import requirements. This paper uses historical data for Scottish generation availability from recent winters to investigate the likely impact of changes to the Scottish generation fleet on the need for secure transmission import capability into Scotland. It calculates transmission requirements based on the risk of requiring demand reduction within a region. Scenarios representing possible generation backgrounds in Scotland over the coming decade show that, measured in this way, wind generation can offset transmission import requirements by up to 25% of its installed capacity. The key conclusions of the paper are that a risk-based analysis of regional security of supply and transmission requirements can help allocate the true impact of different generators on the transmission import capability needed to secure supply to a region. Such a method can therefore be useful in informing the allocation of charges between parties and in developing planning standards to shape future investment in the system

    Exploring Capability-based security in software design with Rust

    Get PDF
    Access control is one of the most critical aspects of software engineering when designing secure software. In 2021, the Open Web Application Security Project (OWASP)foundation_owasp_nodate released a new Top10 several years after its last release in 2017. Broken Access Control made a significant jump to the top of the list, marking it as the most prone and vital security aspect of software development. Previous research shows that security challenges, such as Confused Deputy, can be solved with a capability-based approach. To achieve a capability-based system for REepresentational State Transfer (RESTful) Application Programming Interfaces(APIs), we use the Rust programming language to explore how we can create a capability design pattern. We want to create a library for the developer to harness the power of capabilities when writing the code, adhering to the capability properties and Principles of Least Privilege (PoLP), and creating a RESTful API. We created a capability library we used to implement a RESTful API, simple-api, connecting it with Grant Negotiation and Authorization Protocol (GNAP) into a proof-of-concept capability-based system published on GitHub. Resulting in successfully creating capability-based access control for RESTful APIs. We show a use-case where the core access control model is Capabilities and potentially mitigates confused deputies in a RESTful API software architecture.Masteroppgåve i informatikkINF399MAMN-INFMAMN-PRO

    Case Study: Securing MMU-less Linux Using CHERI

    Full text link
    MMU-less Linux variant lacks security because it does not have protection or isolation mechanisms. It also does not use MPUs as they do not fit with its software model because of the design drawbacks of MPUs (\ie coarse-grained protection with fixed number of protected regions). We secure the existing MMU-less Linux version of the RISC-V port using CHERI. CHERI is a hardware-software capability-based system that extends the ISA, toolchain, programming languages, operating systems, and applications in order to provide complete pointer and memory safety. We believe that CHERI could provide significant security guarantees for high-end dynamic MMU-less embedded systems at lower costs, compared to MMUs and MPUs, by: 1) building the entire software stack in pure-capability CHERI C mode which provides complete spatial memory safety at the kernel and user-level, 2) isolating user programs as separate ELFs, each with its own CHERI-based capability table; this provides spatial memory safety similar to what the MMU offers (\ie user programs cannot access each other's memory), 3) isolating user programs from the kernel as the kernel has its own capability table from the users and vice versa, and 4) compartmentalising kernel modules using CompartOS' linkage-based compartmentalisation. This offers a new security front that is not possible using the current MMU-based Linux, where vulnerable/malicious kernel modules (\eg device drivers) executing in the kernel space would not compromise or take down the entire system. These are the four main contributions of this paper, presenting novel CHERI-based mechanisms to secure MMU-less embedded Linux

    ViotSOC: Controlling Access to Dynamically Virtualized IoT Services using Service Object Capability

    Get PDF
    Virtualization of Internet of Things(IoT) is a concept of dynamically building customized high-level IoT services which rely on the real time data streams from low-level physical IoT sensors. Security in IoT virtualization is challenging, because with the growing number of available (building block) services, the number of personalizable virtual services grows exponentially. This paper proposes Service Object Capability(SOC) ticket system, a decentralized access control mechanism between servers and clients to effi- ciently authenticate and authorize each other without using public key cryptography. SOC supports decentralized partial delegation of capabilities specified in each server/- client ticket. Unlike PKI certificates, SOC’s authentication time and handshake packet overhead stays constant regardless of each capability’s delegation hop distance from the root delegator. The paper compares SOC’s security bene- fits with Kerberos and the experimental results show SOC’s authentication incurs significantly less time packet overhead compared against those from other mechanisms based on RSA-PKI and ECC-PKI algorithms. SOC is as secure as, and more efficient and suitable for IoT environments, than existing PKIs and Kerberos

    JXTA-Overlay: a P2P platform for distributed, collaborative, and ubiquitous computing

    Get PDF
    With the fast growth of the Internet infrastructure and the use of large-scale complex applications in industries, transport, logistics, government, health, and businesses, there is an increasing need to design and deploy multifeatured networking applications. Important features of such applications include the capability to be self-organized, be decentralized, integrate different types of resources (personal computers, laptops, and mobile and sensor devices), and provide global, transparent, and secure access to resources. Moreover, such applications should support not only traditional forms of reliable distributing computing and optimization of resources but also various forms of collaborative activities, such as business, online learning, and social networks in an intelligent and secure environment. In this paper, we present the Juxtapose (JXTA)-Overlay, which is a JXTA-based peer-to-peer (P2P) platform designed with the aim to leverage capabilities of Java, JXTA, and P2P technologies to support distributed and collaborative systems. The platform can be used not only for efficient and reliable distributed computing but also for collaborative activities and ubiquitous computing by integrating in the platform end devices. The design of a user interface as well as security issues are also tackled. We evaluate the proposed system by experimental study and show its usefulness for massive processing computations and e-learning applications.Peer ReviewedPostprint (author's final draft

    Universal secure rank-metric coding schemes with optimal communication overheads

    Full text link
    We study the problem of reducing the communication overhead from a noisy wire-tap channel or storage system where data is encoded as a matrix, when more columns (or their linear combinations) are available. We present its applications to reducing communication overheads in universal secure linear network coding and secure distributed storage with crisscross errors and erasures and in the presence of a wire-tapper. Our main contribution is a method to transform coding schemes based on linear rank-metric codes, with certain properties, to schemes with lower communication overheads. By applying this method to pairs of Gabidulin codes, we obtain coding schemes with optimal information rate with respect to their security and rank error correction capability, and with universally optimal communication overheads, when n≤m n \leq m , being n n and m m the number of columns and number of rows, respectively. Moreover, our method can be applied to other families of maximum rank distance codes when n>m n > m . The downside of the method is generally expanding the packet length, but some practical instances come at no cost.Comment: 21 pages, LaTeX; parts of this paper have been accepted for presentation at the IEEE International Symposium on Information Theory, Aachen, Germany, June 201
    • …
    corecore