Dynamic Cascade Vulnerability Checks in Real-World Networks
|
|
- Brian Hensley
- 8 years ago
- Views:
Transcription
1 3 rd December 2012 Dynamic Cascade Vulnerability Checks in Real-World Networks Rachel Craddock, Adrian Waller, Noel Butler, Sarah Pennington Thales UK Research and Technology David Llewellyn-Jones, Madjid Merabti, Qi Shi, Bob Askwith School of Computing and Mathematical Sciences, LJMU
2 1 / Outline Cascade Vulnerability Problem Detection Overview Practical Issues Simulation Results Conclusions
3 CVP Cascade Vulnerability Problem
4 Cascade Vulnerability Problem Security vulnerability in MLS systems that interact across networks u Data compromise is potentially easier for networked systems than for a single system accredited to the same level u Caused by the way that systems are assured based on the level of the data held on them Common formulation u Data is assigned a security level e.g. TS, S, C u In normal operation data can be upgraded freely, but not downgraded u MLS devices may store data of more than one level u Risk that if device is compromised, attacker could downgrade data Greater the downgrade, the more serious the damage caused, and the greater the risk u To mitigate the risk, MLS devices must be assured to a certain level The higher the assurance, the harder to compromise Assign a difficulty to compromise device that is inversely proportional to the risk requirement Problem u Works in isolation, but can fail with networked devices
5 CVP Example Min Clearance Max Data Sensitivity C S TS TS S C u Assign a difficulty to each machine Commensurate with risk For defence systems risk requirements generally result in discrete numerical security levels being defined u Single TS-C machine must be accredited to difficulty level 3 u Difficulty of compromising multiple machines is the maximum of both machines Compromise both h 1 and h 3 is difficulty 2 u To reduce level of data from TS to C: Downgrade from TS to S on h 1 Transmit to h 3 via h 2 Downgrade to C by compromising h 3 Achieved with difficulty of 2 Easier to compromise the networked system than would be required by the TCSEC criteria for an isolated system
6 CVP Solutions Current approaches u Centralised u Require complete knowledge of the network Applied to network as a whole Structure of network must be known in full at time algorithm is applied In real networks, may not be desirable or even possible u Less efficient u Horton algorithm First finds all legal paths through the network Considers all paths through the network and highlights cascading paths Our approach u Distributed algorithm u Detection occurs at the point of connection of a new link in the network Vulnerabilities can be detected using only local information Allows new links that will cause a cascade vulnerability to be safely refused in an efficient way u Immediate decision
7 CVP Detection Algorithm Distributed Dynamic Cascade Checks
8 CVP Detection Each system maintains input and output tables u Capture the nature of the paths entering and leaving the system u Limited amount of data u n x n matrix of difficulty values n: number of possible classification levels the network supports Input Output
9 CVP Detection Initialisation Procedure u Sets the initial values that should be stored before it makes any connections Based on standard risk matrix used across the network u Each cell represents relationship between level of system storing data and level of system connected to it u A symbol is used to indicate where a downgrade or upgrade cannot arise u Initially input and output tables have the same values
10 CVP Detection Decision Procedure u When a new unidirectional connection is requested we aim to ensure it does not cause a vulnerability Connecting nodes exchange input and output tables as shown Nodes compare input and output tables Nodes calculate the minimum difficulty of performing a downgrade using existing links and the new link Must be higher than pre-specified difficulty requirements If CVP is detected, the link is refused and no further action is needed
11 CVP Detection Update Procedure u Each system performs a merge on their tables u Changes to the table must be propagated to other nodes System must send changes to any connected systems so they can perform updates If the table doesn t change, no further propagation is needed
12 Implementation Practical Issues
13 Secure On-Demand Architecture SODA u Developed as part of EC SUPHICE project u Allows dynamic, policy-based connections to be made semi-automatically between high-assurance networks Pair-wise decisions only u Uses hardware crypto devices to encrypt channels u Rules-based approach Human administrators define rules Can change rules quickly if required Extended SODA u Include CVP checks into authorisation process
14 Secure On-Demand Architecture Registry u Provides details of available networks that meet certain criteria u Provides attributes about chosen network Authorisation Server u Checks attributes against policy rules u Makes decision whether to connect Limitation u Does not take into account existing connections
15 Integration with SODA u CVP detection integrated into SODA Authorisation Servers u Authorisation Servers exchange information for CVP detection u Authorisation Server performs check and makes decision u If CVP detected, decision is referred to human operator of both systems Allows overrule and connection can be made at risk More flexible than rejecting
16 Concurrent Updates Allow concurrent updates u Requests to connect a node can be revisited u Input and output tables will correct themselves Doesn t matter order receive updates and rollbacks u Unsafe connection may be in place for a short time u Roll back if incorrect decision Prevent concurrent updates u Very dynamic networks u Very high risk associated with unsafe connections u Use central, shared Update Manager to lock updates Ask permission to initiate update Informs Update Manager when process has completed If permission denied, node is added to queue of requests
17 Preventing Concurrent Updates Determining update has completed u Update path is completed when update reaches a node whose tables do not change or node at end of path u Node sends completion notification back along path u Initiating node informs Update Manager when received notifications for each update it sent
18 Practical Issues Unexpected disconnections u Node at either end of link detects disconnection and informs Update Manager No update in progress: network is locked so update for lost link can occur Update in progress: update for lost link occurs once current update has finished Discovering links has been lost u Node doesn t receive response to a request Periodic connectivity checks u Length of time to wait is scenario-dependent
19 Security implications of Update Manager Inherent assumption about trust between nodes u Nodes will tend to belong to single or set of trusted organisations u Can assume nodes are not malicious unless compromised u Authentication between nodes and Update Manager to prevent spoofing u Nodes only send lock request to Update Manager Low confidentiality requirement Integrity and availability are important to prevent denial-of-service attack Access to Update Manager u Out-of-band channel, separate to main network connections u Existing network Multiple, coordinated Update Managers with one nominated as common Yet to be fully addressed
20 Simulation Results
21 Simulation Results MATTS topology test system u Networks of components can be build up graphically u Testing secure component composition results u CVP check is performed when attempt is made to create a new link
22 Simulation Results Testing accuracy u 1000 random graphs of nodes and links 50% built with our dynamic method no cascading paths 50% built with 1 link failing check at least 1 cascading path u Checked graphs with Horton algorithm u Test results concurred in all cases Testing efficiency u Comparison of time taken to generate cascade-free graphs Graph sizes from 20 nodes/100 links to 50 nodes/500 links Averaged results of five randomly generated graphs
23 Simulation Results Fixed number of links
24 Simulation Results Fixed number of nodes
25 Simulation Results Testing time required to add new link to existing network u 1000 nodes cascade-free network with 7500 to links u Measured processing time to test for CVP when new link added u 10 instances of each network size Links in Network Time (ms)
26 Conclusions
27 Conclusions Distributed CVP Detection algorithm u Application to SODA u Practical approach for real-world systems u Simulation results show efficiency and scalability
28 Future Work Implement and test solutions for preventing concurrent updates Applications outside military Coalition networks u Assume common interpretation of security policy, security levels, etc u Coalition network has multiple organisations and/or nations Could create common set of security levels Security policy is likely to be different Aggregation of network information u Each node has access to information about network Input and output tables u Could infer more information about network Future work: how much could you infer? u Centralised approaches Trusted central point with visibility of whole network Would have similar or possibly worse problem in coalition networks
29 Questions?
30 Contact Details Adrian Waller Thales UK Research and Technology David Llewellyn-Jones School of Computing and Mathematical Sciences Liverpool John Moores University
Technical Standards for Information Security Measures for the Central Government Computer Systems
Technical Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 2.1 General...
More informationSY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.
system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped
More informationChapter 23. Database Security. Security Issues. Database Security
Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database
More informationForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
More informationCurrent and Future Research into Network Security Prof. Madjid Merabti
Current and Future Research into Network Security Prof. Madjid Merabti School of Computing & Mathematical Sciences Liverpool John Moores University UK Overview Introduction Secure component composition
More informationNew Systems and Services Security Guidance
New Systems and Services Security Guidance Version Version Number Date Author Type of modification / Notes 0.1 29/05/2012 Donna Waymouth First draft 0.2 21/06/2012 Donna Waymouth Update re certificates
More informationApplication of Predictive Analytics for Better Alignment of Business and IT
Application of Predictive Analytics for Better Alignment of Business and IT Boris Zibitsker, PhD bzibitsker@beznext.com July 25, 2014 Big Data Summit - Riga, Latvia About the Presenter Boris Zibitsker
More informationChapter 23. Database Security. Security Issues. Database Security
Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database
More informationToolkit for vulnerability assessment in 3G networks. Kameswari Kotapati The Pennsylvania State University University Park PA 16802
Toolkit for vulnerability assessment in 3G networks Kameswari Kotapati The Pennsylvania State University University Park PA 16802 Contents Motivation Solution Overview Methodology Overview 3G Attack Graph
More informationAN OVERVIEW OF VULNERABILITY SCANNERS
AN OVERVIEW OF VULNERABILITY SCANNERS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole
More informationState-of-the-Art in System-of-Systems Security for Crisis Management
State-of-the-Art in System-of-Systems Security for Crisis Management Kashif Kifayat, David Llewellyn-Jones, Abdullahi Arabo, Oliver Drew, Madjid Merabti, Qi Shi Liverpool John Moores University Email:
More informationCYBER SECURITY Audit, Test & Compliance
www.thalescyberassurance.com CYBER SECURITY Audit, Test & Compliance 02 The Threat 03 About Thales 03 Our Approach 04 Cyber Consulting 05 Vulnerability Assessment 06 Penetration Testing 07 Holistic Audit
More informationApplying Cryptography as a Service to Mobile Applications
Applying Cryptography as a Service to Mobile Applications SESSION ID: CSV-F02 Peter Robinson Senior Engineering Manager RSA, The Security Division of EMC Introduction This presentation proposes a Cryptography
More informationChristchurch Polytechnic Institute of Technology Information Systems Acquisition, Development and Maintenance Security Standard
Christchurch Polytechnic Institute of Technology Information Systems Acquisition, Development and Maintenance Security Standard Corporate Policies & Procedures Section 1: General Administration Document
More informationPrediction of DDoS Attack Scheme
Chapter 5 Prediction of DDoS Attack Scheme Distributed denial of service attack can be launched by malicious nodes participating in the attack, exploit the lack of entry point in a wireless network, and
More informationData Security and Governance with Enterprise Enabler
Copyright 2014 Stone Bond Technologies, L.P. All rights reserved. The information contained in this document represents the current view of Stone Bond Technologies on the issue discussed as of the date
More informationUser Guidance. CimTrak Integrity & Compliance Suite 2.0.6.19
CimTrak Integrity & Compliance Suite 2.0.6.19 Master Repository Management Console File System Agent Network Device Agent Command Line Utility Ping Utility Proxy Utility FTP Repository Interface User Guidance
More informationAPPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST
APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST Application Name: Vendor Name: Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data
More informationGuidance Regarding Skype and Other P2P VoIP Solutions
Guidance Regarding Skype and Other P2P VoIP Solutions Ver. 1.1 June 2012 Guidance Regarding Skype and Other P2P VoIP Solutions Scope This paper relates to the use of peer-to-peer (P2P) VoIP protocols,
More informationTesting Intelligent Device Communications in a Distributed System
Testing Intelligent Device Communications in a Distributed System David Goughnour (Triangle MicroWorks), Joe Stevens (Triangle MicroWorks) dgoughnour@trianglemicroworks.com United States Smart Grid systems
More informationRemote Administration
Windows Remote Desktop, page 1 pcanywhere, page 3 VNC, page 7 Windows Remote Desktop Remote Desktop permits users to remotely execute applications on Windows Server 2008 R2 from a range of devices over
More informationCS377: Database Systems Data Security and Privacy. Li Xiong Department of Mathematics and Computer Science Emory University
CS377: Database Systems Data Security and Privacy Li Xiong Department of Mathematics and Computer Science Emory University 1 Principles of Data Security CIA Confidentiality Triad Prevent the disclosure
More informationApplication Security in the Software Development Lifecycle
Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO
More informationInformation Technology Services Information Security Incident Response Plan
Information Technology Services Information Security Incident Response Plan Authors: Peter Hamilton Security Manager Craig Collis Head of Risk, Quality and Continuity Date:1/04/2014 Version:1.3 Status:Final
More informationSecurity Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)
Security Management of Cloud-Native Applications Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) 1 Outline Context State-of-the-Art Design Patterns Threats to cloud systems Security
More informationTELEFÓNICA UK LTD. Introduction to Security Policy
TELEFÓNICA UK LTD Introduction to Security Policy Page 1 of 7 CHANGE HISTORY Version No Date Details Authors/Editor 7.0 1/11/14 Annual review including change control added. Julian Jeffery 8.0 1/11/15
More informationSecurity Considerations for DirectAccess Deployments. Whitepaper
Security Considerations for DirectAccess Deployments Whitepaper February 2015 This white paper discusses security planning for DirectAccess deployment. Introduction DirectAccess represents a paradigm shift
More informationSecurity Principles. Related to. Handset Theft
Security Principles Related to Handset Theft Table of Contents TABLE OF CONTENTS...2 GLOSSARY OF TERMS...3 1. INTRODUCTION...4 1.1 IMPORTANCE OF IMEI INTEGRITY...4 1.2 IMPROVED IMEI INTEGRITY PRINCIPLES...4
More informationInternet Sustainability and Network Marketing Safety
Protecting Neighbor Discovery Against Node Compromises in Sensor Networks Donggang Liu isec Laboratory, CSE Department The University of Texas at Arlington Abstract The neighborhood information has been
More informationMASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY
MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY HTTP://SCIENCE.HAMPTONU.EDU/COMPSCI/ The Master of Science in Information Assurance focuses on providing
More informationMulti-factor authentication
CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationBasics of Internet Security
Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational
More informationEA-ISP-012-Network Management Policy
Technology & Information Services EA-ISP-012-Network Management Policy Owner: Adrian Hollister Author: Paul Ferrier Date: 01/04/2015 Document Security Level: PUBLIC Document Version: 1.00 Document Ref:
More informationManaged Encryption Service
Amethyst Cryptographic Services Ltd Managed Encryption Service An Overview Chris Greengrass March 2011 Encryption and Cryptography The use of encryption/decryption is as old as the art of communication.
More informationEnd User Devices Security Guidance: Apple ios 8
GOV.UK Guidance End User Devices Security Guidance: Apple ios 8 Published Contents 1. Changes since previous guidance 2. Usage scenario 3. Summary of platform security 4. How the platform can best satisfy
More informationPASSWORD MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region
PASSWORD MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationDatabase Security Part 7
Database Security Part 7 Discretionary Access Control vs Mandatory Access Control Elisa Bertino bertino@cs.purdue.edu Discretionary Access Control (DAC) No precise definition Widely used in modern operating
More information1: B asic S imu lati on Modeling
Network Simulation Chapter 1: Basic Simulation Modeling Prof. Dr. Jürgen Jasperneite 1 Contents The Nature of Simulation Systems, Models and Simulation Discrete Event Simulation Simulation of a Single-Server
More informationLevels of Software Testing. Functional Testing
Levels of Software Testing There are different levels during the process of Testing. In this chapter a brief description is provided about these levels. Levels of testing include the different methodologies
More informationOn the features and challenges of security and privacy in distributed internet of things. C. Anurag Varma achdc@mst.edu CpE 6510 3/24/2016
On the features and challenges of security and privacy in distributed internet of things C. Anurag Varma achdc@mst.edu CpE 6510 3/24/2016 Outline Introduction IoT (Internet of Things) A distributed IoT
More informationIBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public]
IBX Business Network Platform Information Security Controls 2015-02- 20 Document Classification [Public] Table of Contents 1. General 2 2. Physical Security 2 3. Network Access Control 2 4. Operating System
More informationImproving Cloud Survivability through Dependency based Virtual Machine Placement
Improving Cloud Survivability through Dependency based Virtual Machine Placement Min Li, Yulong Zhang, Kun Bai 2, Wanyu Zang, Meng Yu, and Xubin He 3 Computer Science, Virginia Commonwealth University,
More informationSecurity Issues In Cloud Computing and Countermeasures
Security Issues In Cloud Computing and Countermeasures Shipra Dubey 1, Suman Bhajia 2 and Deepika Trivedi 3 1 Department of Computer Science, Banasthali University, Jaipur, Rajasthan / India 2 Department
More informationAuditing a Web Application. Brad Ruppert. SANS Technology Institute GWAS Presentation 1
Auditing a Web Application Brad Ruppert SANS Technology Institute GWAS Presentation 1 Objectives Define why application vulnerabilities exist Address Auditing Approach Discuss Information Interfaces Walk
More informationReference Guide for Security in Networks
Reference Guide for Security in Networks This reference guide is provided to aid in understanding security concepts and their application in various network architectures. It should not be used as a template
More informationEnsuring security the last barrier to Cloud adoption
Ensuring security the last barrier to Cloud adoption Publication date: March 2011 Ensuring security the last barrier to Cloud adoption Cloud computing has powerful attractions for the organisation. It
More informationTICSA. Telecommunications (Interception Capability and Security) Act 2013. Guidance for Network Operators. www.gcsb.govt.nz www.ncsc.govt.
TICSA Telecommunications (Interception Capability and Security) Act 2013 Guidance for Network Operators www.gcsb.govt.nz www.ncsc.govt.nz Contents Introduction...2 Overview of the Guidance...3 Focus of
More informationSECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS)
SECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS) Neha Maurya, ASM S IBMR ABSTRACT: Mobile Ad hoc networks (MANETs) are a new paradigm of wireless network, offering unrestricted mobility without any underlying
More informationMobile Security Wireless Mesh Network Security. Sascha Alexander Jopen
Mobile Security Wireless Mesh Network Security Sascha Alexander Jopen Overview Introduction Wireless Ad-hoc Networks Wireless Mesh Networks Security in Wireless Networks Attacks on Wireless Mesh Networks
More informationWhat is VNC. VNC Solutions and Related. What VNC Solutions are available. Defining some terms
What is VNC VNC Solutions and Related Security Concerns VNC is basically a remote desktop protocol. VNC stands for Virtual Network Computing. VNC is cross platform making it an ideal solution for IT environments
More informationPractical Overview on responsibilities of Data Protection Officers. Security measures
Practical Overview on responsibilities of Data Protection Officers Security measures Manuel Villaseca Spanish Data Protection Agency mvl@agpd.es Security measures Agenda: The rol of DPO on security measures
More informationWhite Paper. Simplify SSL Certificate Management Across the Enterprise
WHITE PAPER: SIMPLIFY SSL CERTIFICATE MANAGEMENT ACROSS THE ENTERPRISE White Paper Simplify SSL Certificate Management Across the Enterprise Simplify SSL Certificate Management Across the Enterprise Contents
More informationReverse Auction-based Resource Allocation Policy for Service Broker in Hybrid Cloud Environment
Reverse Auction-based Resource Allocation Policy for Service Broker in Hybrid Cloud Environment Sunghwan Moon, Jaekwon Kim, Taeyoung Kim, Jongsik Lee Department of Computer and Information Engineering,
More informationWindows Remote Access
Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by
More informationSTRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction
Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationInformation security controls. Briefing for clients on Experian information security controls
Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face
More informationDOBUS And SBL Cloud Services Brochure
01347 812100 www.softbox.co.uk DOBUS And SBL Cloud Services Brochure enquiries@softbox.co.uk DOBUS Overview The traditional DOBUS service is a non-internet reliant, resilient, high availability trusted
More informationBusiness In the Cloud. Mitigating Risk. Fred Pinkett VP of Product Management Security Innovation
Business In the Cloud Mitigating Risk Fred Pinkett VP of Product Management Security Innovation About Security Innovation Application & Crypto Security Experts 10+ years research on vulnerabilities and
More informationAssumption Busters Workshop - Cloud Computing
Assumption Busters Workshop - Cloud Computing Background: In 2011, the U.S. Federal Cyber Research Community conducted a series of four workshops designed to examine key assumptions that underlie current
More informationBit Chat: A Peer-to-Peer Instant Messenger
Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare shreyas@technitium.com https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one
More informationUNCLASSIFIED Version 1.0 May 2012
Secure By Default: Platforms Computing platforms contain vulnerabilities that can be exploited for malicious purposes. Often exploitation does not require a high degree of expertise, as tools and advice
More informationThe next generation of knowledge and expertise Wireless Security Basics
The next generation of knowledge and expertise Wireless Security Basics HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404 (fax), www.hta-inc.com
More informationCOMP3441 Lecture 9: Security Architecture
COMP3441 Lecture 9: Security Architecture Ron van der Meyden (University of New South Wales Sydney, Australia) May 6, 2014 Overview Security Design Principles Security Architecture Security Design in the
More informationSecure VidyoConferencing SM TECHNICAL NOTE. Protecting your communications. www.vidyo.com 1.866.99.VIDYO
TECHNICAL NOTE Secure VidyoConferencing SM Protecting your communications 2012 Vidyo, Inc. All rights reserved. Vidyo, VidyoTechnology, VidyoConferencing, VidyoLine, VidyoRouter, VidyoPortal,, VidyoRouter,
More informationRecent Advances in Applied & Biomedical Informatics and Computational Engineering in Systems Applications
Comparison of Technologies for Software ization PETR SUBA, JOSEF HORALEK, MARTIN HATAS Faculty of Informatics and Management, University of Hradec Králové, Rokitanského 62, 500 03 Hradec Kralove Czech
More informationMicrosoft Systems Architecture 2.0 (MSA 2.0) Security Review An analysis by Foundstone, Inc.
Microsoft Systems Architecture 2.0 (MSA 2.0) Security Review An analysis by Foundstone, Inc. Foundstone Labs October, 2003 Table of Contents Table of Contents...2 Introduction...3 Scope and Approach...3
More informationIndex Terms: DDOS, Flash Crowds, Flow Correlation Coefficient, Packet Arrival Patterns, Information Distance, Probability Metrics.
Volume 3, Issue 6, June 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Techniques to Differentiate
More informationCyber Security Awareness
Cyber Security Awareness User IDs and Passwords Home Computer Protection Protecting your Information Firewalls Malicious Code Protection Mobile Computing Security Wireless Security Patching Possible Symptoms
More informationUnderstanding Sage CRM Cloud
Understanding Sage CRM Cloud Data centre and platform security whitepaper Document version 2016 Table of Contents 1.0 Introduction 3 2.0 Sage CRM Cloud Data centre Infrastructure 4 2.1 Site location 4
More informationNetwork Access Control in Virtual Environments. Technical Note
Contents Security Considerations in.... 3 Addressing Virtualization Security Challenges using NAC and Endpoint Compliance... 3 Visibility and Profiling of VMs.... 4 Identification of Rogue or Unapproved
More informationA Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments
IJSTE - International Journal of Science Technology & Engineering Volume 1 Issue 10 April 2015 ISSN (online): 2349-784X A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining
More informationEmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions
EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions Security and Encryption Overview... 2 1. What is encryption?... 2 2. What is the AES encryption standard?... 2 3. What is key management?...
More informationDriving Company Security is Challenging. Centralized Management Makes it Simple.
Driving Company Security is Challenging. Centralized Management Makes it Simple. Overview - P3 Security Threats, Downtime and High Costs - P3 Threats to Company Security and Profitability - P4 A Revolutionary
More informationA Catechistic Method for Traffic Pattern Discovery in MANET
A Catechistic Method for Traffic Pattern Discovery in MANET R. Saranya 1, R. Santhosh 2 1 PG Scholar, Computer Science and Engineering, Karpagam University, Coimbatore. 2 Assistant Professor, Computer
More informationStorage Cloud Infrastructures
Storage Cloud Infrastructures Detection and Mitigation of MITM Attacks Presenter: Jaqueline Carmilema CyberSecurity for the Next Generation South American Round, Quito 31 January 1 February, 2013 PAGE
More informationICT Security. High-Quality Information and Know How Protection. Design and implementation of security. Covering almost all of ICT security
ICT High-Quality Information and Know How Protection Design and implementation of security solutions optimised to meet the client s needs Implementing state-of-the-art hardware and software security products
More informationAttack Graph Techniques
Chapter 2 Attack Graph Techniques 2.1 An example scenario Modern attack-graph techniques can automatically discover all possible ways an attacker can compromise an enterprise network by analyzing configuration
More informationAdditional Security Considerations and Controls for Virtual Private Networks
CYBER SECURITY OPERATIONS CENTRE APRIL 2013 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL REFERENCES
More informationSecurity Features: Lettings & Property Management Software
Security Features: Lettings & Property Management Software V 2.0 (23/02/2015) Table of Contents Introduction to Web Application Security... 2 Potential Security Vulnerabilities for Web Applications...
More informationProtein Protein Interaction Networks
Functional Pattern Mining from Genome Scale Protein Protein Interaction Networks Young-Rae Cho, Ph.D. Assistant Professor Department of Computer Science Baylor University it My Definition of Bioinformatics
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationWireless Sensor Network Security. Seth A. Hellbusch CMPE 257
Wireless Sensor Network Security Seth A. Hellbusch CMPE 257 Wireless Sensor Networks (WSN) 2 The main characteristics of a WSN include: Power consumption constrains for nodes using batteries or energy
More informationCyber Security Awareness
Cyber Security Awareness William F. Pelgrin Chair Page 1 Introduction Information is a critical asset. Therefore, it must be protected from unauthorized modification, destruction and disclosure. This brochure
More informationWeighted Total Mark. Weighted Exam Mark
CMP4103 Computer Systems and Network Security Period per Week Contact Hour per Semester Weighted Total Mark Weighted Exam Mark Weighted Continuous Assessment Mark Credit Units LH PH TH CH WTM WEM WCM CU
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More informationINTOSAI EDP COMMITTEE PERFORMANCE AUDIT SEMINAR, SLOVENIA 14-16 MAY 2001 COUNTRY PAPER OF THE OFFICE OF THE AUDITOR-GENERAL: REPUBLIC OF SOUTH AFRICA
INTOSAI EDP COMMITTEE PERFORMANCE AUDIT SEMINAR, SLOVENIA 14-16 MAY 2001 COUNTRY PAPER OF THE OFFICE OF THE AUDITOR-GENERAL: REPUBLIC OF SOUTH AFRICA AUDITING IN A NETWORKED PUBLIC SECTOR Prepared by:
More informationCourse Bachelor of Information Technology majoring in Network Security or Data Infrastructure Engineering
Course Bachelor of Information Technology majoring in Network Security or Data Infrastructure Engineering Course Number HE20524 Location Meadowbank OVERVIEW OF SUBJECT REQUIREMENTS Note: This document
More informationPART II. OPS-based metro area networks
PART II OPS-based metro area networks Chapter 3 Introduction to the OPS-based metro area networks Some traffic estimates for the UK network over the next few years [39] indicate that when access is primarily
More informationOctober 2015 Issue No: 1.1. Security Procedures Windows Server 2012 Hyper-V
October 2015 Issue No: 1.1 Security Procedures Windows Server 2012 Hyper-V Security Procedures Windows Server 2012 Hyper-V Issue No: 1.1 October 2015 This document describes the manner in which this product
More informationETSI ETR 278 TECHNICAL March 1996 REPORT
ETSI ETR 278 TECHNICAL March 1996 REPORT Source: ETSI TC-SAGE Reference: DTR/SAGE-00014 ICS: 33.020 Key words: GSM, cipher algorithm Security Algorithms Group of Experts (SAGE); Report on the specification
More informationA Brief Discussion of Network Denial of Service Attacks. by Eben Schaeffer 0040014 SE 4C03 Winter 2004 Last Revised: Thursday, March 31
A Brief Discussion of Network Denial of Service Attacks by Eben Schaeffer 0040014 SE 4C03 Winter 2004 Last Revised: Thursday, March 31 Introduction There has been a recent dramatic increase in the number
More informationVMware vrealize Operations for Horizon Security
VMware vrealize Operations for Horizon Security vrealize Operations for Horizon 6.2 This document supports the version of each product listed and supports all subsequent versions until the document is
More informationDatabase and Data Mining Security
Database and Data Mining Security 1 Threats/Protections to the System 1. External procedures security clearance of personnel password protection controlling application programs Audit 2. Physical environment
More informationGetting started with API testing
Technical white paper Getting started with API testing Test all layers of your composite applications, not just the GUI Table of contents Executive summary... 3 Introduction... 3 Who should read this document?...
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationHang Seng HSBCnet Security. May 2016
Hang Seng HSBCnet Security May 2016 1 Security The Bank aims to provide you with a robust, reliable and secure online environment in which to do business. We seek to achieve this through the adoption of
More informationA Review on Zero Day Attack Safety Using Different Scenarios
Available online www.ejaet.com European Journal of Advances in Engineering and Technology, 2015, 2(1): 30-34 Review Article ISSN: 2394-658X A Review on Zero Day Attack Safety Using Different Scenarios
More informationApplication of Neural Network in User Authentication for Smart Home System
Application of Neural Network in User Authentication for Smart Home System A. Joseph, D.B.L. Bong, D.A.A. Mat Abstract Security has been an important issue and concern in the smart home systems. Smart
More information