CladICT & the Different Types of Information - Tutorial
|
|
- Baldwin Lewis
- 3 years ago
- Views:
Transcription
1 Michael Clarkson and Fred B. Schneider Cornell University RADICAL May 10, 2010
2 Goal Information-theoretic Quantification of programs impact on Integrity of Information [Denning 1982] (relationship to database privacy) Clarkson: Quantification of Integrity 2
3 What is Integrity? Databases: Constraints that relations must satisfy Provenance of data Utility of anonymized data Common Criteria: Protection of assets from unauthorized modification Biba (1977): Guarantee that a subsystem will perform as it was intended; Isolation necessary for protection from subversion; Dual to confidentiality no universal definition Clarkson: Quantification of Integrity 3
4 Our Notions of Integrity Corruption: damage to integrity Starting Point Taint analysis Program correctness Corruption Measure Contamination Suppression Contamination: bad information present in output Suppression: good information lost from output distinct, but interact Clarkson: Quantification of Integrity 4
5 Contamination Goal: model taint analysis untrusted trusted Attacker User Program Attacker User Untrusted input contaminates trusted output Clarkson: Quantification of Integrity 5
6 Contamination o:=(t,u) u contaminates o (Can t u be filtered from o?) Clarkson: Quantification of Integrity 6
7 Quantification of Contamination Use information theory: information is surprise X, Y, Z: distributions I(X,Y): mutual information between X and Y (in bits) I(X,Y Z): conditional mutual information Clarkson: Quantification of Integrity 7
8 Quantification of Contamination U in untrusted trusted Attacker User Program Attacker User T in T out Contamination = I(U in,t out T in ) [Newsome et al. 2009] Dual of [Clark et al. 2005, 2007] Clarkson: Quantification of Integrity 8
9 Example of Contamination o:=(t,u) Contamination = I(U, O T) = k bits if U is uniform on [0,2 k -1] Clarkson: Quantification of Integrity 9
10 Our Notions of Integrity Corruption: damage to integrity Starting Point Taint analysis Program correctness Corruption Measure Contamination Suppression Contamination: bad information present in output Suppression: good information lost from output Clarkson: Quantification of Integrity 10
11 Program Suppression Goal: model program (in)correctness Sender Specification correct Receiver untrusted Attacker Attacker Implementation trusted Sender real Receiver Information about correct output is suppressed from real output Clarkson: Quantification of Integrity 11
12 Example of Program Suppression Spec. for (i=0; i<m; i++) { s := s + a[i]; } a[0..m-1]: trusted Impl. 1 Impl. 2 for (i=1; i<m; i++) { s := s + a[i]; } for (i=0; i<=m; i++) { s := s + a[i]; } Suppression a[0] missing No contamination Suppression a[m] added Contamination Clarkson: Quantification of Integrity 12
13 Suppression vs. Contamination output := input Contamination Attacker Attacker * * Suppression Clarkson: Quantification of Integrity 13
14 Quantification of Program Suppression In Spec Sender Specification Receiver untrusted trusted Attacker Sender U in T in Implementation Impl Attacker Receiver Program transmission = I(Spec, Impl) Clarkson: Quantification of Integrity 14
15 Quantification of Program Suppression H(X): entropy (uncertainty) of X H(X Y): conditional entropy of X given Y Program Transmission = I(Spec, Impl) Info actually learned about Spec by observing Impl = H(Spec) H(Spec Impl) Total info to learn about Spec Info NOT learned about Spec by observing Impl Clarkson: Quantification of Integrity 15
16 Quantification of Program Suppression H(X): entropy (uncertainty) of X H(X Y): conditional entropy of X given Y Program Transmission = I(Spec, Impl) = H(Spec) H(Spec Impl) Program Suppression = H(Spec Impl) Clarkson: Quantification of Integrity 16
17 Example of Program Suppression Spec. for (i=0; i<m; i++) { s := s + a[i]; } Impl. 1 Impl. 2 for (i=1; i<m; i++) { s := s + a[i]; } for (i=0; i<=m; i++) { s := s + a[i]; } Suppression = H(A) Suppression H(A) A = distribution of individual array elements Clarkson: Quantification of Integrity 17
18 Suppression and Confidentiality Declassifier: program that reveals (leaks) some information; suppresses rest Leakage: [Denning 1982, Millen 1987, Gray 1991, Lowe 2002, Clark et al. 2005, 2007, Clarkson et al. 2005, McCamant & Ernst 2008, Backes et al. 2009] m. Leakage + Suppression is a constant What isn t leaked is suppressed Clarkson: Quantification of Integrity 18
19 Database Privacy Statistical database anonymizes query results: Database response Anonymizer User query User anonymized response sacrifices utility for privacy s sake suppresses to avoid leakage sacrifices integrity for confidentiality s sake Clarkson: Quantification of Integrity 19
20 k-anonymity DB: Every individual must be anonymous within set of size k. [Sweeney 2002] Programs: Every output corresponds to k inputs. But what about background knowledge? no bound on leakage no bound on suppression Clarkson: Quantification of Integrity 20
21 L-diversity DB: Every individual s sensitive information should appear to have L (roughly) equally likely values. [Machanavajjhala et al. 2007] Entropy L-diversity: H(anon. block) log L [Øhrn and Ohno-Machado 1999, Machanavajjhala et al. 2007] Program: H(T in t out ) log L implies suppression log L (if T in uniform) Clarkson: Quantification of Integrity 21
22 Summary Measures of information corruption: Contamination (generalizes taint analysis) Suppression (generalizes program correctness) Application: database privacy (model anonymizers; relate utility and privacy) Clarkson: Quantification of Integrity 22
23 More Integrity Measures Channel suppression same as channel model from information theory, but with attacker Attacker- and program-controlled suppression Belief-based measures [Clarkson et al. 2005] generalize information-theoretic measures Granularity: Average over all executions Single executions Sequences of executions Clarkson: Quantification of Integrity 23
Database security. André Zúquete Security 1. Advantages of using databases. Shared access Many users use one common, centralized data set
Database security André Zúquete Security 1 Advantages of using databases Shared access Many users use one common, centralized data set Minimal redundancy Individual users do not have to collect and maintain
More informationCS346: Advanced Databases
CS346: Advanced Databases Alexandra I. Cristea A.I.Cristea@warwick.ac.uk Data Security and Privacy Outline Chapter: Database Security in Elmasri and Navathe (chapter 24, 6 th Edition) Brief overview of
More informationRecap: Tracking Anonymous Peer-to- Peer VoIP Calls on the Internet. Scott E. Coull and Amos Wetherbee April 7, 2006
Recap: Tracking Anonymous Peer-to- Peer VoIP Calls on the Internet Scott E. Coull and Amos Wetherbee April 7, 2006 Encoding a bit 1. Packet flow of n bits 2. Select 2r packets from the first n-d packets
More informationConfinement Problem. The confinement problem Isolating entities. Example Problem. Server balances bank accounts for clients Server security issues:
Confinement Problem The confinement problem Isolating entities Virtual machines Sandboxes Covert channels Mitigation 1 Example Problem Server balances bank accounts for clients Server security issues:
More informationOverview of Information Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Information Security Murat Kantarcioglu Pag. 1 Purdue University Outline Information Security: basic concepts Privacy: basic
More informationMACs Message authentication and integrity. Table of contents
MACs Message authentication and integrity Foundations of Cryptography Computer Science Department Wellesley College Table of contents Introduction MACs Constructing Secure MACs Secure communication and
More informationArnab Roy Fujitsu Laboratories of America and CSA Big Data WG
Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG 1 The Big Data Working Group (BDWG) will be identifying scalable techniques for data-centric security and privacy problems. BDWG s investigation
More informationPolicy-based Pre-Processing in Hadoop
Policy-based Pre-Processing in Hadoop Yi Cheng, Christian Schaefer Ericsson Research Stockholm, Sweden yi.cheng@ericsson.com, christian.schaefer@ericsson.com Abstract While big data analytics provides
More informationTop Ten Security and Privacy Challenges for Big Data and Smartgrids. Arnab Roy Fujitsu Laboratories of America
1 Top Ten Security and Privacy Challenges for Big Data and Smartgrids Arnab Roy Fujitsu Laboratories of America 2 User Roles and Security Concerns [SKCP11] Users and Security Concerns [SKCP10] Utilities:
More informationComputer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University
Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two
More informationObfuscation of sensitive data in network flows 1
Obfuscation of sensitive data in network flows 1 D. Riboni 2, A. Villani 1, D. Vitali 1 C. Bettini 2, L.V. Mancini 1 1 Dipartimento di Informatica,Universitá di Roma, Sapienza. E-mail: {villani, vitali,
More informationAn Introduction to Information Theory
An Introduction to Information Theory Carlton Downey November 12, 2013 INTRODUCTION Today s recitation will be an introduction to Information Theory Information theory studies the quantification of Information
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 1 January 9, 2012 CPSC 467b, Lecture 1 1/22 Course Overview Symmetric Cryptography CPSC 467b, Lecture 1 2/22 Course Overview CPSC
More informationChapter 23. Database Security. Security Issues. Database Security
Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database
More informationSecurity/Privacy Models for "Internet of things": What should be studied from RFID schemes? Daisuke Moriyama and Shin ichiro Matsuo NICT, Japan
Security/Privacy Models for "Internet of things": What should be studied from RFID schemes? Daisuke Moriyama and Shin ichiro Matsuo NICT, Japan 1 Internet of Things (IoT) CASAGRAS defined that: A global
More informationOn the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments
On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments Suman Jana, Sriram Nandha Premnath Mike Clark, Sneha K. Kasera, Neal Patwari University of Utah Srikanth
More informationNational Sun Yat-Sen University CSE Course: Information Theory. Gambling And Entropy
Gambling And Entropy 1 Outline There is a strong relationship between the growth rate of investment in a horse race and the entropy of the horse race. The value of side information is related to the mutual
More informationUsing Data Encryption to Achieve HIPAA Safe Harbor in the Cloud
Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud 1 Contents The Obligation to Protect Patient Data in the Cloud................................................... Complying with the HIPAA
More informationDATA MINING - 1DL360
DATA MINING - 1DL360 Fall 2013" An introductory class in data mining http://www.it.uu.se/edu/course/homepage/infoutv/per1ht13 Kjell Orsborn Uppsala Database Laboratory Department of Information Technology,
More informationDatasäkerhet och integritet
Chapter 9 Data Protection Introduction Data Protection: Backup Backup Media and RAID Data Storage Policies Database Security Data Loss Prevention Data s Role In Business Data are the principal elements
More informationSecure information flow: opportunities and challenges for security & forensics
flow: and for flow: and for Michael 1 1 Department of Computing Imperial College London flow: and for Talk for ACSF1, 13 July 2006 Liverpool, United Kingdom flow: and for 1 flow: and for 2 3 4 flow: and
More informationMobile & Security? Brice Mees Security Services Operations Manager
Mobile & Security? Brice Mees Security Services Operations Manager Telenet for Business Agenda Mobile Trends Where to start? Risks and Threats Risk mitigation Conclusion Agenda Mobile Trends Where to start?
More informationDatabase and Data Mining Security
Database and Data Mining Security 1 Threats/Protections to the System 1. External procedures security clearance of personnel password protection controlling application programs Audit 2. Physical environment
More informationIntroduction to Learning & Decision Trees
Artificial Intelligence: Representation and Problem Solving 5-38 April 0, 2007 Introduction to Learning & Decision Trees Learning and Decision Trees to learning What is learning? - more than just memorizing
More informationLarge-Scale IP Traceback in High-Speed Internet
2004 IEEE Symposium on Security and Privacy Large-Scale IP Traceback in High-Speed Internet Jun (Jim) Xu Networking & Telecommunications Group College of Computing Georgia Institute of Technology (Joint
More informationCatch Me If You Can: A Practical Framework to Evade Censorship in Information-Centric Networks
Catch Me If You Can: A Practical Framework to Evade Censorship in Information-Centric Networks Reza Tourani, Satyajayant (Jay) Misra, Joerg Kliewer, Scott Ortegel, Travis Mick Computer Science Department
More informationCapacity Limits of MIMO Channels
Tutorial and 4G Systems Capacity Limits of MIMO Channels Markku Juntti Contents 1. Introduction. Review of information theory 3. Fixed MIMO channels 4. Fading MIMO channels 5. Summary and Conclusions References
More informationUsing Adversary Structures to Analyze Network Models,
MTAT.07.007 Graduate seminar in cryptography Using Adversary Structures to Analyze Network Models University of Tartu db@ut.ee 1 Outline of the talk Problems in distributed systems Adversary Structure
More informationIoT Security Platform
IoT Security Platform 2 Introduction Wars begin when the costs of attack are low, the benefits for a victor are high, and there is an inability to enforce law. The same is true in cyberwars. Today there
More informationWhat is a secret? Ruth Nelson
What is a Secret - and - What does that have to do with Computer Security? Ruth Nelson Information System Security 48 Hardy Avenue, Watertown, MA 02172 Abstract This paper questions some of the basic assumptions
More informationComputer Security (EDA263 / DIT 641)
Computer Security (EDA263 / DIT 641) Lecture 12: Database Security Erland Jonsson Department of Computer Science and Engineering Chalmers University of Technology Sweden Outline Introduction to databases
More informationCourse Title: Penetration Testing: Network Threat Testing, 1st Edition
Course Title: Penetration Testing: Network Threat Testing, 1st Edition Page 1 of 6 Course Description: The Security Analyst Series from EC-Council Press is comprised of five books covering a broad base
More informationChapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security
Chapter 12 Network Security Security Policy Life Cycle A method for the development of a comprehensive network security policy is known as the security policy development life cycle (SPDLC). Network Security
More informationHow To Research Security And Privacy Using Data Science
Research Topics in Security and Privacy using Data Science School of Informatics University of Edinburgh David Aspinall David.Aspinall@ed.ac.uk http://secpriv.inf.ed.ac.uk/ http://cybersec.ed.ac.uk/ Outline
More informationPrivacy and Security in the Internet of Things: Theory and Practice. Bob Baxley; bob@bastille.io HitB; 28 May 2015
Privacy and Security in the Internet of Things: Theory and Practice Bob Baxley; bob@bastille.io HitB; 28 May 2015 Internet of Things (IoT) THE PROBLEM By 2020 50 BILLION DEVICES NO SECURITY! OSI Stack
More informationPrivacy Issues and Data Protection in Technology Enhanced Learning. Seda Gürses COSIC, K.U. Leuven datatel 2011 Alpines Rendez-vous
Privacy Issues and Data Protection in Technology Enhanced Learning Seda Gürses COSIC, K.U. Leuven datatel 2011 Alpines Rendez-vous 1 - mendeley: - group: privacy and datatel - slides: - after talk: - http://www.esat.kuleuven.be/~sguerses/
More informationYALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 1 (rev. 1) Professor M. J. Fischer September 3, 2008 1 Course Overview Lecture Notes 1 This course is
More informationSSARES: Secure Searchable Automated Remote Email
SSARES: Secure Searchable Automated Remote Email A usable, secure email system on a remote untrusted server Adam J. Aviv, Michael E. Locasto, Shaya Potter Angelos D. Keromytis Columbia University Network
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 1 September 2, 2015 CPSC 467, Lecture 1 1/13 Protecting Information Information security Security principles Crypto as a security
More informationTowards Privacy aware Big Data analytics
Towards Privacy aware Big Data analytics Pietro Colombo, Barbara Carminati, and Elena Ferrari Department of Theoretical and Applied Sciences, University of Insubria, Via Mazzini 5, 21100 - Varese, Italy
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationProtecting Regulated Information in Cloud Storage with DLP
Protecting Regulated Information in Cloud Storage with DLP Protection of Regulated Information in cloud storage can be provided by an appropriate Data Loss Prevention, DLP, solution. The steps involved
More informationHang Seng HSBCnet Security. May 2016
Hang Seng HSBCnet Security May 2016 1 Security The Bank aims to provide you with a robust, reliable and secure online environment in which to do business. We seek to achieve this through the adoption of
More informationChapter 23. Database Security. Security Issues. Database Security
Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database
More informationAircloak Analytics: Anonymized User Data without Data Loss
Aircloak Analytics: Anonymized User Data without Data Loss An Aircloak White Paper Companies need to protect the user data they store for business analytics. Traditional data protection, however, is costly
More informationCHASE Survey on 6 Most Important Topics in Hardware Security
University of Connecticut CHASE Survey on 6 Most Important Topics in Hardware Security Prepared By Prof. M. Tehranipoor Charles H. Knapp Associate Professor in Engineering Innovation Topics! Counterfeit
More informationSENSE Security overview 2014
SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2
More informationDefining and Enforcing Privacy in Data Sharing
Defining and Enforcing Privacy in Data Sharing Ashwin Kumar V. Machanavajjhala June 26, 2008 Abstract. Recent advances in processing and storing information has led to an explosion of data collection.
More informationNetwork Security Technology Network Management
COMPUTER NETWORKS Network Security Technology Network Management Source Encryption E(K,P) Decryption D(K,C) Destination The author of these slides is Dr. Mark Pullen of George Mason University. Permission
More informationSQuAD: Application Security Testing
SQuAD: Application Security Testing Terry Morreale Ben Whaley June 8, 2010 Why talk about security? There has been exponential growth of networked digital systems in the past 15 years The great things
More informationVulnerability Assessment for Middleware
Vulnerability Assessment for Middleware Elisa Heymann, Eduardo Cesar Universitat Autònoma de Barcelona, Spain Jim Kupsch, Barton Miller University of Wisconsin-Madison Barcelona, September 21st 2009 Key
More informationResearch Data Administration in CITIES Project
1 / 14 Research Data Administration in CITIES Project Xiufeng Liu, Postdoc. xiuli@dtu.dk Department of Engineering Management, DTU 26 October 2015 2 / 14 Table of Contents 1 Introduction 2 The Proposed
More informationThe Data Quality Continuum*
The Data Quality Continuum* * Adapted from the KDD04 tutorial by Theodore Johnson e Tamraparni Dasu, AT&T Labs Research The Data Quality Continuum Data and information is not static, it flows in a data
More informationProject 2: Firewall Design (Phase I)
Project 2: Firewall Design (Phase I) CS 161 - Joseph/Tygar November 12, 2006 1 Edits If we need to make clarifications or corrections to this document after distributing it, we will post a new version
More informationPrivacy Policy. Effective Date: November 20, 2014
Privacy Policy Effective Date: November 20, 2014 Welcome to the American Born Moonshine website (this Site ). This policy describes the Privacy Policy (this Policy ) for this Site and describes how Windy
More informationBig Data and Privacy. Fritz Henglein Dept. of Computer Science, University of Copenhagen. Finance IT Day Riga, 2015-03-26
Big Data and Privacy Fritz Henglein Dept. of Computer Science, University of Copenhagen Finance IT Day Riga, 2015-03-26 About me Professor, Programming Languages and Systems, University of Copenhagen Director,
More informationSecurity Issues for the Semantic Web
Security Issues for the Semantic Web Dr. Bhavani Thuraisingham Program Director Data and Applications Security The National Science Foundation Arlington, VA On leave from The MITRE Corporation Bedford,
More informationBig Data Security Challenges and Recommendations
International Journal of Computer Sciences and Engineering Open Access Review Paper Volume-4, Issue-1 E-ISSN: 2347-2693 Big Data Security Challenges and Recommendations Renu Bhandari 1, Vaibhav Hans 2*
More informationSignature Schemes. CSG 252 Fall 2006. Riccardo Pucella
Signature Schemes CSG 252 Fall 2006 Riccardo Pucella Signatures Signatures in real life have a number of properties They specify the person responsible for a document E.g. that it has been produced by
More informationFREQUENCY RESPONSE ANALYZERS
FREQUENCY RESPONSE ANALYZERS Dynamic Response Analyzers Servo analyzers When you need to stabilize feedback loops to measure hardware characteristics to measure system response BAFCO, INC. 717 Mearns Road
More informationINTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002
INTERNET SECURITY: FIREWALLS AND BEYOND Mehernosh H. Amroli 4-25-2002 Preview History of Internet Firewall Technology Internet Layer Security Transport Layer Security Application Layer Security Before
More informationA Novel Frame Work to Detect Malicious Attacks in Web Applications
Technology, Volume-2, Issue-1, January-March, 2014, pp. 23-28, IASTER 2014, www.iaster.com, Online:2347-5099, Print:2348-0009 A Novel Frame Work to Detect Malicious Attacks in Web Applications N. Jayakanthan
More informationA GENERAL SURVEY OF PRIVACY-PRESERVING DATA MINING MODELS AND ALGORITHMS
Chapter 2 A GENERAL SURVEY OF PRIVACY-PRESERVING DATA MINING MODELS AND ALGORITHMS Charu C. Aggarwal IBM T. J. Watson Research Center Hawthorne, NY 10532 charu@us.ibm.com Philip S. Yu IBM T. J. Watson
More informationSolutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance
White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA
More informationKey Agreement from Close Secrets over Unsecured Channels Winter 2010
Key Agreement from Close Secrets over Unsecured Channels Winter 2010 Andreas Keller Contens 1. Motivation 2. Introduction 3. Building Blocks 4. Protocol Extractor Secure Sketches (MAC) message authentication
More informationTraffic Analysis. Scott E. Coull RedJack, LLC. Silver Spring, MD USA. Side-channel attack, information theory, cryptanalysis, covert channel analysis
Traffic Analysis Scott E. Coull RedJack, LLC. Silver Spring, MD USA Related Concepts and Keywords Side-channel attack, information theory, cryptanalysis, covert channel analysis Definition Traffic analysis
More informationMutual Anonymous Communications: A New Covert Channel Based on Splitting Tree MAC
Mutual Anonymous Communications: A New Covert Channel Based on Splitting Tree MAC Zhenghong Wang 1, Jing Deng 2, and Ruby B. Lee 1 1 Dept. of Electrical Engineering Princeton University Princeton, NJ 08544,
More informationAudit Logging. Overall Goals
Audit Logging Security Training by Arctec Group (www.arctecgroup.net) 1 Overall Goals Building Visibility In Audit Logging Domain Model 2 1 Authentication, Authorization, and Auditing 3 4 2 5 6 3 Auditing
More informationICTN 4040. Enterprise Database Security Issues and Solutions
Huff 1 ICTN 4040 Section 001 Enterprise Information Security Enterprise Database Security Issues and Solutions Roger Brenton Huff East Carolina University Huff 2 Abstract This paper will review some of
More informationAnalyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
More informationEx. 2.1 (Davide Basilio Bartolini)
ECE 54: Elements of Information Theory, Fall 00 Homework Solutions Ex.. (Davide Basilio Bartolini) Text Coin Flips. A fair coin is flipped until the first head occurs. Let X denote the number of flips
More informationTrusted Platforms for Homeland Security
Trusted Platforms for Homeland Security By Kevin Schutz, Product Manager Secure Products Summary Ongoing threats from hackers, viruses, and worms continue to make security a top priority for IT and business
More informationReport cover page. Report title: Description: Generated on: Generated by: Date filter: Event logs: Other filters: Signature: Reviewed by:
Report cover page Report title: Event Log health report Description: The report is based on important events in the system log, with source EventLog. It displays events like log full, log file corrupt,
More informationInformation Security in Big Data using Encryption and Decryption
International Research Journal of Computer Science (IRJCS) ISSN: 2393-9842 Information Security in Big Data using Encryption and Decryption SHASHANK -PG Student II year MCA S.K.Saravanan, Assistant Professor
More informationA Framework for Secure and Verifiable Logging in Public Communication Networks
A Framework for Secure and Verifiable Logging in Public Communication Networks Vassilios Stathopoulos, Panayiotis Kotzanikolaou and Emmanouil Magkos {v.stathopoulos, p.kotzanikolaou}@adae.gr emagos@ionio.gr
More informationARX A Comprehensive Tool for Anonymizing Biomedical Data
ARX A Comprehensive Tool for Anonymizing Biomedical Data Fabian Prasser, Florian Kohlmayer, Klaus A. Kuhn Chair of Biomedical Informatics Institute of Medical Statistics and Epidemiology Rechts der Isar
More informationDELEGATING LOG MANAGEMENT TO THE CLOUD USING SECURE LOGGING
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320 088X IJCSMC, Vol. 3, Issue.
More informationPh.D.-FSTC-5-2009 The Faculty of Sciences, Technology and Communication DISSERTATION. Defense held on 09/06/2009 in Luxembourg
Ph.D.-FSTC-5-2009 The Faculty of Sciences, Technology and Communication DISSERTATION Defense held on 09/06/2009 in Luxembourg in candidature for the degree of DOCTOR OF THE UNIVERSITY OF LUXEMBOURG IN
More informationInformation, Entropy, and Coding
Chapter 8 Information, Entropy, and Coding 8. The Need for Data Compression To motivate the material in this chapter, we first consider various data sources and some estimates for the amount of data associated
More informationVolume 2, Issue 2, February 2014 International Journal of Advance Research in Computer Science and Management Studies
Volume 2, Issue 2, February 2014 International Journal of Advance Research in Computer Science and Management Studies Research Article / Paper / Case Study Available online at: www.ijarcsms.com ISSN: 2321-7782
More informationRevolutionized DB2 Test Data Management
Revolutionized DB2 Test Data Management TestBase's Patented Slice Feature Provides a Fresh Solution to an Old Set of DB2 Application Testing Problems The challenge in creating realistic representative
More informationAn Empirical Bandwidth Analysis of Interrupt-Related Covert Channels
An Empirical Bandwidth Analysis of Interrupt-Related Covert Channels Richard Gay, Heiko Mantel, and Henning Sudbrock Department of Computer Science, TU Darmstadt, Germany {gay,mantel,sudbrock}@mais.informatik.tu-darmstadt.de
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationNetApp FAS Hybrid Array Flash Efficiency. Silverton Consulting, Inc. StorInt Briefing
NetApp FAS Hybrid Array Flash Efficiency Silverton Consulting, Inc. StorInt Briefing PAGE 2 OF 7 Introduction Hybrid storage arrays (storage systems with both disk and flash capacity) have become commonplace
More informationComputer Security (EDA263 / DIT 641)
Computer Security (EDA263 / DIT 641) Lecture in EDA263: Database Security Erland Jonsson Department of Computer Science and Engineering Chalmers University of Technology Sweden Outline Introduction to
More informationEntropy and Mutual Information
ENCYCLOPEDIA OF COGNITIVE SCIENCE 2000 Macmillan Reference Ltd Information Theory information, entropy, communication, coding, bit, learning Ghahramani, Zoubin Zoubin Ghahramani University College London
More informationMobile Healthcare Security Whitepaper
Mobile Healthcare Security Whitepaper aycan OsiriX PRO, aycan mobile and Apple's ipad as DICOM image distribution enhancement for PACS environments. Copyright aycan Digitalsysteme GmbH 2013 ayc_mobile_healthcare_security_whitepaper_130529_sp_ds.
More informationRecommendations for the PIA. Process for Enterprise Services Bus. Development
Recommendations for the PIA Process for Enterprise Services Bus Development A Report by the Data Privacy and Integrity Advisory Committee This report reflects the consensus recommendations provided by
More informationTowards a Tight Finite Key Analysis for BB84
The Uncertainty Relation for Smooth Entropies joint work with Charles Ci Wen Lim, Nicolas Gisin and Renato Renner Institute for Theoretical Physics, ETH Zurich Group of Applied Physics, University of Geneva
More informationRisk Assessment Guide
KirkpatrickPrice Assessment Guide Designed Exclusively for PRISM International Members KirkpatrickPrice. innovation. integrity. delivered. KirkpatrickPrice Assessment Guide 2 Document Purpose The Assessment
More informationCSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities
CSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities Thomas Moyer Spring 2010 1 Web Applications What has changed with web applications? Traditional applications
More informationFlexible Deterministic Packet Marking: An IP Traceback Scheme Against DDOS Attacks
Flexible Deterministic Packet Marking: An IP Traceback Scheme Against DDOS Attacks Prashil S. Waghmare PG student, Sinhgad College of Engineering, Vadgaon, Pune University, Maharashtra, India. prashil.waghmare14@gmail.com
More informationSurvey of Research on Information Security in Big Data
Survey of Research on Information Security in Big Data Zhang Hongjun 1, Hao Wenning 1, He Dengchao 1, Mao Yuxing 1 1 PLA university of Industry and Technology Nan Jing, China hdchao1989@163.com Abstract.
More informationCSE543 - Introduction to Computer and Network Security. Module: Access Control
CSE543 - Introduction to Computer and Network Security Module: Access Control Professor Trent Jaeger 1 Policy A policy specifies the rules of security Some statement of secure procedure or configuration
More informationDesign. Syntactic Issues
Design A single unified logging process is an essential component of computer security mechanisms. The design of the logging subsystem is an integral part of the overall system design. The auditing mechanism,
More information3 day Workshop on Cyber Security & Ethical Hacking
3 day Workshop on Cyber Security & Ethical Hacking 1 st day-highlights-hands On Phishing Attack Hammad Mashkoor Lari Freelancer What is Cyber Security? What is Ethical hacking? What is Computer Science?
More informationQUIRE: : Lightweight Provenance for Smart Phone Operating Systems
QUIRE: : Lightweight Provenance for Smart Phone Operating Systems Dan S. Wallach Rice University Joint work with Mike Dietz, Yuliy Pisetsky, Shashi Shekhar, and Anhei Shu Android's security is awesome
More informationSeparating Agreement from Execution for Byzantine Fault-Tolerant Services
Separating Agreement from Execution for Byzantine Fault-Tolerant Services Rethinking Replicated State Machines Jian Yin, Jean-Philippe Martin, Arun enkataramani, Lorenzo Alvisi and Mike Dahlin jianyin@us.ibm.com,
More information24 th IEEE Annual Computer Communications Workshop (CCW)
24 th IEEE Annual Computer Communications Workshop (CCW) Exploration of Quantum Cryptography in Network Security Presented by Mehrdad S. Sharbaf Sharbaf & Associates Loyola Marymount University California
More informationSecurity and privacy for multimedia database management systems
Multimed Tools Appl (2007) 33:13 29 DOI 10.1007/s11042-006-0096-1 Security and privacy for multimedia database management systems Bhavani Thuraisingham Published online: 1 March 2007 # Springer Science
More information