Design principles and patterns for computer systems that are simultaneously secure and usable

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Includes bibliographical references (p. 429-464) and index.It is widely believed that security and usability are two antagonistic goals in system design. This thesis argues that there are many instances in which security and usability can be synergistically improved by revising the way that specific functionality is implemented in many of today's operating systems and applications. Specific design principles and patterns are presented that can accomplish this goal. Patterns are presented that minimize the release of confidential information through remnant and remanent data left on hard drives, in web browsers, and in documents. These patterns are based on a study involving the purchase of 236 hard drives on the secondary market, interviews conducted with organizations whose drives had been acquired, and through a detailed examination of modern web browsers and reports of information leakage in documents. Patterns are presented that enable secure messaging through the adoption of new key management techniques. These patterns are supported through an analysis of S/MIME handling in modern email clients, a survey of 469 Amazon.com merchants, and a user study of 43 individuals. Patterns are presented for promoting secure operation and for reducing the danger of covert monitoring. These patterns are supported by the literature review and an analysis of current systems.(cont.) In every case considered, it is shown that the perceived antagonism of security and usability can be scaled back or eliminated by revising the underlying designs on which modern systems are conceived. In many cases these designs can be implemented without significant user interface changes. The patterns described in this thesis can be directly applied by today's software developers and used for educating the next generation of programmers so that longstanding usability problems in computer security can at last be addressed. It is very likely that additional patterns can be identified in other related areas.by Simson L. Garfinkel.Ph.D

Method and apparatus for processing both still and moving visual pattern images

An improved method for coding and decoding still or moving visual pattern images by partitioning images into blocks or cubes, respectively, and coding each image separately according to visually significant responses of the human eye. Coding is achieved by calculating and subtracting a mean intensity value from digital numbers within each block or cube and detecting visually perceivable edge locations within the resultant residual sub-image. If a visually perceivable edge is contained within the block or cube, gradient magnitude and orientation at opposing sides of the edge within each edge block or cube are calculated and appropriately coded. If no perceivable edge is contained within the block or cube, the sub-image is coded as a uniform intensity block. Decoding requires receiving coded mean intensity value, gradient magnitude and pattern code, and then decoding a combination of these three indicia to be arranged in an orientation substantially similar to the original digital image or original sequence of digital images. Coding and decoding can be accomplished in a hierarchical pattern. Further, hierarchical processing can be programmably manipulated according to user-defined criteria.Board of Regents, University of Texas Syste

Security and the digital domain

Security does not sound a very exciting topic for this book, which is showing you new and challenging ways to view your business and how you conduct it. Security means many different things in different contexts. Most of the time, what it is about is protection of people or objects. In our context, security is about protection of information. Two questions arise from the notion of protection of information: 1)Why is protection necessary? and 2)What are we protecting it from? The first question concerns the fact that information has value. If it did not, there would be little point in keeping it. That value is not always value in a strictly financial sense, although the cost of recovering or recreating information may be a significant issue. Archivists have traditionally defined four main types of record value, namely: administrative/informational, legal/evidential, compliance/regulatory and historical. Security is about protecting these as much as anything else. Additionally, a great deal of information is about people, and in many cultures and circumstances people have a right to expect that at least some of the information about them is treated as confidential. Confidentiality implies protection. The second question concerns the fact that there are threats to information, an aspect that we will return to at intervals in this chapter. If one is to protect something, one has to identify what the threats are, so as to take appropriate steps to mitigate them. This chapter is essentially about what the threats are and the steps that can be taken in relation to them. If you have been an archivist or records manager for some time, you will probably have a fairly shrewd idea as to how to deal with many of these issues in a world of physical manifestations of information (books, manuscripts, ledgers, minute books, maps, plans and such like). You may be rather less clear how to deal with these matters in a world of digital manifestations (bits, bytes, computer files, databases and networks). One of the tasks of this chapter is to make the connections between the two worlds, so that you can use and build upon what you already know as the balance of your work moves from physical towards digital, as it probably will

Crewed Space Vehicle Battery Safety Requirements Revision D

The Crewed Space Vehicle Battery Safety Requirements document has been prepared for use by designers of battery-powered vehicles, portable equipment, and experiments intended for crewed spaceflight. The purpose of the requirements document is to provide battery designers with information on design provisions to be incorporated in and around the battery and on the verification to be undertaken to demonstrate a safe battery is provided. The term "safe battery" means that the battery is safe for ground personnel and crew members to handle and use; safe to be used in the enclosed environment of a crewed space vehicle; and safe to be mounted or used in unpressurized spaces adjacent to habitable areas. Battery design review, approval, and certification is required before the batteries can be used for ground operations and be certified for flight

Documentation Assessment of the Diebold Voting System

The California Secretary of State commissioned a comprehensive, independent evaluation of the electronic voting systems certified for use within the State. This team, working as part of the “Top to Bottom” Review (“TTBR”), evaluated the documentation supplied by Diebold Election System, Inc