Science.gov

Sample records for access control security

  1. CAS. Controlled Access Security

    SciTech Connect

    Martinez, B.; Pomeroy, G.

    1989-12-01

    The Security Alarm System is a data acquisition and control system which collects data from intrusion sensors and displays the information in a real-time environment for operators. The Access Control System monitors and controls the movement of personnel with the use of card readers and biometrics hand readers.

  2. 33 CFR 106.260 - Security measures for access control.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental Shelf (OCS) Facility Security Requirements § 106.260 Security measures for access control. (a) General... 49 CFR 1572.19(f); (ii) The individual can present another identification credential that meets...

  3. 33 CFR 106.260 - Security measures for access control.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental Shelf (OCS) Facility Security Requirements § 106.260 Security measures for access control. (a) General... 49 CFR 1572.19(f); (ii) The individual can present another identification credential that meets...

  4. 33 CFR 106.260 - Security measures for access control.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental Shelf (OCS) Facility Security Requirements § 106.260 Security measures for access control. (a) General... 49 CFR 1572.19(f); (ii) The individual can present another identification credential that meets...

  5. 33 CFR 106.260 - Security measures for access control.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental Shelf (OCS) Facility Security Requirements § 106.260 Security measures for access control. (a) General... 49 CFR 1572.19(f); (ii) The individual can present another identification credential that meets...

  6. Modeling mandatory access control in role-based security systems

    SciTech Connect

    Nyanchama, M.; Osborn, S.

    1996-12-31

    This paper discusses the realization of mandatory access control in role-based protection systems. Starting from the basic definitions of roles, their application in security and the basics of the concept of mandatory access control, we develop a scheme of role-based protection that realizes mandatory access control. The basis of this formulation develops from the recognition that roles can be seen as facilitating access to some given information context. By handling each of the role contexts as independent security levels of information, we simulate mandatory access by imposing the requirements of mandatory access control. Among the key considerations, we propose a means of taming Trojan horses by imposing acyclic information flow among contexts in role-based protection systems. The acyclic information flows and suitable access rules incorporate secrecy which is an essential component of mandatory access control.

  7. Secure Dynamic access control scheme of PHR in cloud computing.

    PubMed

    Chen, Tzer-Shyong; Liu, Chia-Hui; Chen, Tzer-Long; Chen, Chin-Sheng; Bau, Jian-Guo; Lin, Tzu-Ching

    2012-12-01

    With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system "personal health records (PHR)" is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access

  8. A Service Access Security Control Model in Cyberspace

    NASA Astrophysics Data System (ADS)

    Qianmu, Li; Jie, Yin; Jun, Hou; Jian, Xu; Hong, Zhang; Yong, Qi

    A service access control model in cyberspace is proposed, which provides a generalized and effective mechanism of security management with some items constraint specifications. These constraint specifications are organized to form a construction, and an enact process is proposed to make it scalable and flexible to meet the need of diversified service application systems in cyberspace. The model of this paper erases the downward information flow by extended rules of read/write, which is the breakthrough of the limitations when applying the standard role-based access control in cyberspace.

  9. Hand geometry biometric device for secure access control

    SciTech Connect

    Colbert, C.; Moles, D.R. )

    1991-01-01

    This paper reports that the authors developed for the Air Force the Mark VI Personal Identity Verifier (PIV) for controlling access to a fixed or mobile ICBM site, a computer terminal, or mainframe. The Mark VI records the digitized silhouettes of four fingers of each hand on an AT and T smart card. Like fingerprints, finger shapes, lengths, and widths constitute an unguessable biometric password. A Security Officer enrolls an authorized person who places each hand, in turn, on a backlighted panel. An overhead scanning camera records the right and left hand reference templates on the smart card. The Security Officer adds to the card: name, personal identification number (PIN), and access restrictions such as permitted days of the week, times of day, and doors. To gain access, cardowner inserts card into a reader slot and places either hand on the panel. Resulting access template is matched to the reference template by three sameness algorithms. The final match score is an average of 12 scores (each of the four fingers, matched for shape, length, and width), expressing the degree of sameness. (A perfect match would score 100.00.) The final match score is compared to a predetermined score (threshold), generating an accept or reject decision.

  10. 76 FR 67019 - Tenth Meeting: RTCA Special Committee 224, Airport Security Access Control

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-10-28

    ... Federal Aviation Administration Tenth Meeting: RTCA Special Committee 224, Airport Security Access Control... RTCA Special Committee 224, Airport Security Access Control. SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224, Airport Security Access Control. DATES:...

  11. RDFacl: A Secure Access Control Model Based on RDF Triple

    NASA Astrophysics Data System (ADS)

    Kim, Jaehoon; Park, Seog

    An expectation for more intelligent Web is recently being reflected through the new research field called Semantic Web. In this paper, related with Semantic Web security, we introduce an RDF triple based access control model having explicit authorization propagation by inheritance and implicit authorization propagation by inference. Especially, we explain an authorization conflict problem between the explicit and the implicit authorization propagation, which is an important concept in access control for Semantic Web. We also propose a novel conflict detection algorithm using graph labeling techniques in order to efficiently find authorization conflicts. Some experimental results show that the proposed detection algorithm has much better performance than the existing detection algorithm when data size and number of specified authorizations become larger.

  12. 77 FR 71474 - Seventeenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-30

    ... Federal Aviation Administration Seventeenth Meeting: RTCA Special Committee 224, Airport Security Access...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held December 13,...

  13. 78 FR 22025 - Twenty First Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-04-12

    ... Federal Aviation Administration Twenty First Meeting: RTCA Special Committee 224, Airport Security Access...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held April 9-10,...

  14. 75 FR 80886 - Third Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-12-23

    ... Federal Aviation Administration Third Meeting: RTCA Special Committee 224: Airport Security Access Control... meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224: Airport Security Access...

  15. 77 FR 2343 - Eleventh Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-01-17

    ... Federal Aviation Administration Eleventh Meeting: RTCA Special Committee 224, Airport Security Access...). ACTION: Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY: The FAA..., Airport Security Access Control Systems. DATES: The meeting will be held February 9, 2012, from 10...

  16. 77 FR 64838 - Sixteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-10-23

    ... Federal Aviation Administration Sixteenth Meeting: RTCA Special Committee 224, Airport Security Access...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held November 15,...

  17. 77 FR 55894 - Fifteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-09-11

    ... Federal Aviation Administration Fifteenth Meeting: RTCA Special Committee 224, Airport Security Access...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems DATES: The meeting will be held September 27-28,...

  18. 76 FR 9632 - Fifth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-02-18

    ... Federal Aviation Administration Fifth Meeting: RTCA Special Committee 224: Airport Security Access Control... meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224: Airport Security Access...

  19. 77 FR 15448 - Twelfth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-03-15

    ... Federal Aviation Administration Twelfth Meeting: RTCA Special Committee 224, Airport Security Access...). ACTION: Notice of meeting RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... 224, Airport Security Access Control Systems DATES: The meeting will be held April 5, 2012, from 10...

  20. 76 FR 59481 - Ninth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-26

    ... TRANSPORTATION Federal Aviation Administration Ninth Meeting: RTCA Special Committee 224: Airport Security Access... Committee 224 meeting: Airport Security Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224: Airport Security Access Control...

  1. 78 FR 43963 - Twenty-Third Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-07-22

    ... Federal Aviation Administration Twenty-Third Meeting: RTCA Special Committee 224, Airport Security Access...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held on June 20,...

  2. 76 FR 16470 - Sixth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-03-23

    ... Federal Aviation Administration Sixth Meeting: RTCA Special Committee 224: Airport Security Access Control... meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224: Airport Security Access...

  3. 78 FR 16757 - Twentieth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-03-18

    ... Federal Aviation Administration Twentieth Meeting: RTCA Special Committee 224, Airport Security Access...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held April 4, 2013 from...

  4. 75 FR 61819 - First Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-10-06

    ... Federal Aviation Administration First Meeting: RTCA Special Committee 224: Airport Security Access Control... meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224: Airport Security Access...

  5. 33 CFR 104.265 - Security measures for access control.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... individual has reported the TWIC as lost, damaged, or stolen to TSA as required in 49 CFR 1572.19(f); (ii... persons seeking unescorted access to secure areas must present their TWIC for inspection before being allowed unescorted access, in accordance with § 101.514 of this subchapter. Inspection must include: (i)...

  6. 33 CFR 104.265 - Security measures for access control.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... individual has reported the TWIC as lost, damaged, or stolen to TSA as required in 49 CFR 1572.19(f); (ii... persons seeking unescorted access to secure areas must present their TWIC for inspection before being allowed unescorted access, in accordance with § 101.514 of this subchapter. Inspection must include: (i)...

  7. 33 CFR 104.265 - Security measures for access control.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... individual has reported the TWIC as lost, damaged, or stolen to TSA as required in 49 CFR 1572.19(f); (ii... persons seeking unescorted access to secure areas must present their TWIC for inspection before being allowed unescorted access, in accordance with § 101.514 of this subchapter. Inspection must include: (i)...

  8. 77 FR 25525 - Thirteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems.

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-04-30

    ... TRANSPORTATION Federal Aviation Administration Thirteenth Meeting: RTCA Special Committee 224, Airport Security... (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems... Committee 224, Airport Security Access Control Systems DATES: The meeting will be held May 30, 2012, from...

  9. 76 FR 50811 - Eighth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-08-16

    ... TRANSPORTATION Federal Aviation Administration Eighth Meeting: RTCA Special Committee 224: Airport Security... Committee 224 meeting: Airport Security Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224: Airport Security Access Control...

  10. 78 FR 7850 - Nineteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-02-04

    ...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held February 21, 2013... Federal Aviation Administration Nineteenth Meeting: RTCA Special Committee 224, Airport Security...

  11. 78 FR 31627 - Twenty-Second Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-05-24

    ...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held on June 20, 2013... Federal Aviation Administration Twenty-Second Meeting: RTCA Special Committee 224, Airport Security...

  12. Secure Remote Access Issues in a Control Center Environment

    NASA Technical Reports Server (NTRS)

    Pitts, Lee; McNair, Ann R. (Technical Monitor)

    2002-01-01

    The ISS finally reached an operational state and exists for local and remote users. Onboard payload systems are managed by the Huntsville Operations Support Center (HOSC). Users access HOSC systems by internet protocols in support of daily operations, preflight simulation, and test. In support of this diverse user community, a modem security architecture has been implemented. The architecture has evolved over time from an isolated but open system to a system which supports local and remote access to the ISS over broad geographic regions. This has been accomplished through the use of an evolved security strategy, PKI, and custom design. Through this paper, descriptions of the migration process and the lessons learned are presented. This will include product decision criteria, rationale, and the use of commodity products in the end architecture. This paper will also stress the need for interoperability of various products and the effects of seemingly insignificant details.

  13. 78 FR 51810 - Twenty-Fourth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-08-21

    ... Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control... RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held on... TRANSPORTATION Federal Aviation Administration Twenty-Fourth Meeting: RTCA Special Committee 224,...

  14. 33 CFR 105.255 - Security measures for access control.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... individual has reported the TWIC as lost, damaged, or stolen to TSA as required in 49 CFR 1572.19(f); (ii... control. 105.255 Section 105.255 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND... measures for access control. (a) General. The facility owner or operator must ensure the implementation...

  15. 33 CFR 105.255 - Security measures for access control.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... individual has reported the TWIC as lost, damaged, or stolen to TSA as required in 49 CFR 1572.19(f); (ii... control. 105.255 Section 105.255 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND... measures for access control. (a) General. The facility owner or operator must ensure the implementation...

  16. 76 FR 3931 - Fourth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-01-21

    ... Federal Aviation Administration Fourth Meeting: RTCA Special Committee 224: Airport Security Access... Committee 224 Meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224: Airport...

  17. 75 FR 71790 - Second Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-11-24

    ... Federal Aviation Administration Second Meeting: RTCA Special Committee 224: Airport Security Access... Committee 224 meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224: Airport...

  18. 76 FR 38742 - Seventh Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-01

    ... Federal Aviation Administration Seventh Meeting: RTCA Special Committee 224: Airport Security Access... Committee 224 meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224: Airport...

  19. A threat intelligence framework for access control security in the oil industry

    NASA Astrophysics Data System (ADS)

    Alaskandrani, Faisal T.

    The research investigates the problem raised by the rapid development in the technology industry giving security concerns in facilities built by the energy industry containing diverse platforms. The difficulty of continuous updates to network security architecture and assessment gave rise to the need to use threat intelligence frameworks to better assess and address networks security issues. Focusing on access control security to the ICS and SCADA systems that is being utilized to carry out mission critical and life threatening operations. The research evaluates different threat intelligence frameworks that can be implemented in the industry seeking the most suitable and applicable one that address the issue and provide more security measures. The validity of the result is limited to the same environment that was researched as well as the technologies being utilized. The research concludes that it is possible to utilize a Threat Intelligence framework to prioritize security in Access Control Measures in the Oil Industry.

  20. An Annotated and Cross-Referenced Bibliography on Computer Security and Access Control in Computer Systems.

    ERIC Educational Resources Information Center

    Bergart, Jeffrey G.; And Others

    This paper represents a careful study of published works on computer security and access control in computer systems. The study includes a selective annotated bibliography of some eighty-five important published results in the field and, based on these papers, analyzes the state of the art. In annotating these works, the authors try to be…

  1. Toward Federated Security and Data Access Control within a Services Oriented Architecture for Publishing Hydrologic Data

    NASA Astrophysics Data System (ADS)

    Horsburgh, J. S.; Tarboton, D. G.; Schreuders, K.; Patil, K. S.

    2010-12-01

    , while restricting access to preliminary or raw versions of the data; and 6) integrate data organization, management, and publication rather than maintaining separate systems for each of these functions. To address the need for controlling access to data within the CUAHSI HIS, we describe the design for new HydroServer functionality for enabling security and access control via the existing HIS services oriented architecture. This design addresses the significant challenges of identity management, authorization, and access control for hydrologic data resources hosted on separate HydroServers that make up a federated, web service-based data publication system. The core of this new security extension is a new security web service and a related database where local HydroServer managers and their delegates determine the exact access allowed for their own data. We invite input and feedback from the Hydrologic Science Community in meeting the specific needs for data security and access control. Details of the CUAHSI HIS can be found at http://his.cuahsi.org, and details of the design for security and data access control can be found on the HydroServer collaboration site http://hydroserver.codeplex.com.

  2. Security analysis and improvements of authentication and access control in the Internet of Things.

    PubMed

    Ndibanje, Bruce; Lee, Hoon-Jae; Lee, Sang-Gon

    2014-01-01

    Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al. (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18-21 June 2012, pp. 588-592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost. PMID:25123464

  3. Security Analysis and Improvements of Authentication and Access Control in the Internet of Things

    PubMed Central

    Ndibanje, Bruce; Lee, Hoon-Jae; Lee, Sang-Gon

    2014-01-01

    Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18–21 June 2012, pp. 588–592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost. PMID:25123464

  4. Secure Access Control and Large Scale Robust Representation for Online Multimedia Event Detection

    PubMed Central

    Liu, Changyu; Li, Huiling

    2014-01-01

    We developed an online multimedia event detection (MED) system. However, there are a secure access control issue and a large scale robust representation issue when we want to integrate traditional event detection algorithms into the online environment. For the first issue, we proposed a tree proxy-based and service-oriented access control (TPSAC) model based on the traditional role based access control model. Verification experiments were conducted on the CloudSim simulation platform, and the results showed that the TPSAC model is suitable for the access control of dynamic online environments. For the second issue, inspired by the object-bank scene descriptor, we proposed a 1000-object-bank (1000OBK) event descriptor. Feature vectors of the 1000OBK were extracted from response pyramids of 1000 generic object detectors which were trained on standard annotated image datasets, such as the ImageNet dataset. A spatial bag of words tiling approach was then adopted to encode these feature vectors for bridging the gap between the objects and events. Furthermore, we performed experiments in the context of event classification on the challenging TRECVID MED 2012 dataset, and the results showed that the robust 1000OBK event descriptor outperforms the state-of-the-art approaches. PMID:25147840

  5. Computer Security Systems Enable Access.

    ERIC Educational Resources Information Center

    Riggen, Gary

    1989-01-01

    A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

  6. Dynamic Key Management Schemes for Secure Group Access Control Using Hierarchical Clustering in Mobile Ad Hoc Networks

    NASA Astrophysics Data System (ADS)

    Tsaur, Woei-Jiunn; Pai, Haw-Tyng

    2008-11-01

    The applications of group computing and communication motivate the requirement to provide group access control in mobile ad hoc networks (MANETs). The operation in MANETs' groups performs a decentralized manner and accommodated membership dynamically. Moreover, due to lack of centralized control, MANETs' groups are inherently insecure and vulnerable to attacks from both within and outside the groups. Such features make access control more challenging in MANETs. Recently, several researchers have proposed group access control mechanisms in MANETs based on a variety of threshold signatures. However, these mechanisms cannot actually satisfy MANETs' dynamic environments. This is because the threshold-based mechanisms cannot be achieved when the number of members is not up to the threshold value. Hence, by combining the efficient elliptic curve cryptosystem, self-certified public key cryptosystem and secure filter technique, we construct dynamic key management schemes based on hierarchical clustering for securing group access control in MANETs. Specifically, the proposed schemes can constantly accomplish secure group access control only by renewing the secure filters of few cluster heads, when a cluster head joins or leaves a cross-cluster. In such a new way, we can find that the proposed group access control scheme can be very effective for securing practical applications in MANETs.

  7. Computer access security code system

    NASA Technical Reports Server (NTRS)

    Collins, Earl R., Jr. (Inventor)

    1990-01-01

    A security code system for controlling access to computer and computer-controlled entry situations comprises a plurality of subsets of alpha-numeric characters disposed in random order in matrices of at least two dimensions forming theoretical rectangles, cubes, etc., such that when access is desired, at least one pair of previously unused character subsets not found in the same row or column of the matrix is chosen at random and transmitted by the computer. The proper response to gain access is transmittal of subsets which complete the rectangle, and/or a parallelepiped whose opposite corners were defined by first groups of code. Once used, subsets are not used again to absolutely defeat unauthorized access by eavesdropping, and the like.

  8. Improving School Access Control

    ERIC Educational Resources Information Center

    National Clearinghouse for Educational Facilities, 2008

    2008-01-01

    Few things are more important for school safety and security than controlling access to buildings and grounds. It is relatively easy to incorporate effective access control measures in new school designs but more difficult in existing schools, where most building and site features cannot be readily altered or reconfigured. The National…

  9. An effective and secure key-management scheme for hierarchical access control in E-medicine system.

    PubMed

    Odelu, Vanga; Das, Ashok Kumar; Goswami, Adrijit

    2013-04-01

    Recently several hierarchical access control schemes are proposed in the literature to provide security of e-medicine systems. However, most of them are either insecure against 'man-in-the-middle attack' or they require high storage and computational overheads. Wu and Chen proposed a key management method to solve dynamic access control problems in a user hierarchy based on hybrid cryptosystem. Though their scheme improves computational efficiency over Nikooghadam et al.'s approach, it suffers from large storage space for public parameters in public domain and computational inefficiency due to costly elliptic curve point multiplication. Recently, Nikooghadam and Zakerolhosseini showed that Wu-Chen's scheme is vulnerable to man-in-the-middle attack. In order to remedy this security weakness in Wu-Chen's scheme, they proposed a secure scheme which is again based on ECC (elliptic curve cryptography) and efficient one-way hash function. However, their scheme incurs huge computational cost for providing verification of public information in the public domain as their scheme uses ECC digital signature which is costly when compared to symmetric-key cryptosystem. In this paper, we propose an effective access control scheme in user hierarchy which is only based on symmetric-key cryptosystem and efficient one-way hash function. We show that our scheme reduces significantly the storage space for both public and private domains, and computational complexity when compared to Wu-Chen's scheme, Nikooghadam-Zakerolhosseini's scheme, and other related schemes. Through the informal and formal security analysis, we further show that our scheme is secure against different attacks and also man-in-the-middle attack. Moreover, dynamic access control problems in our scheme are also solved efficiently compared to other related schemes, making our scheme is much suitable for practical applications of e-medicine systems. PMID:23392626

  10. Wireless digital-ultrasonic sensors for proximity ID, access control, firearm control, and C3I in homeland security and law enforcement applications

    NASA Astrophysics Data System (ADS)

    Forcier, Bob

    2003-09-01

    This paper describes a new patent-pending digital-ultrasonic sensor network technology, which provides a "security protection sphere" around the authorized user(s) and the infrastructure system or system(s) to achieve C3I in Homeland Security and Law Enforcement Applications. If the system device, such as a firearm, a secure computer, PDA, or vehicle is misplaced, stolen or removed from the security protective sphere, an alarm is activated. A digital-ultrasonic sensor/tag utilizes the system"s physical structure to form a 2 to 20 Meter programmable protection sphere around the device and the authorized user. In addition, the system allows only authorized users to utilize the system, thereby creating personalized weapons, secure vehicle access or secure computer hardware. If an unauthorized individual accesses the system device, the system becomes inoperative and an alarm is activated. As the command and control, the authorized individual is provided a secure wristwatch/PDA. Access control is provided by "touch" and is controlled through the wristwatch/PDA/smartcard with a unique digital-ultrasonic coding and matching protocol that provides a very high level of security for each wireless sensor.

  11. Central venous Access device SeCurement And Dressing Effectiveness (CASCADE) in paediatrics: protocol for pilot randomised controlled trials

    PubMed Central

    Gibson, Victoria; Long, Debbie A; Williams, Tara; Hallahan, Andrew; Mihala, Gabor; Cooke, Marie; Rickard, Claire M

    2016-01-01

    Introduction Paediatric central venous access devices (CVADs) are associated with a 25% incidence of failure. Securement and dressing are strategies used to reduce failure and complication; however, innovative technologies have not been evaluated for their effectiveness across device types. The primary aim of this research is to evaluate the feasibility of launching a full-scale randomised controlled efficacy trial across three CVAD types regarding CVAD securement and dressing, using predefined feasibility criteria. Methods and analysis Three feasibility randomised, controlled trials are to be undertaken at the Royal Children's Hospital and the Lady Cilento Children's Hospital, Brisbane, Australia. CVAD securement and dressing interventions under examination compare current practice with sutureless securement devices, integrated securement dressings and tissue adhesive. In total, 328 paediatric patients requiring a peripherally inserted central catheter (n=100); non-tunnelled CVAD (n=180) and tunnelled CVAD (n=48) to be inserted will be recruited and randomly allocated to CVAD securement and dressing products. Primary outcomes will be study feasibility measured by eligibility, recruitment, retention, attrition, missing data, parent/staff satisfaction and effect size. CVAD failure and complication (catheter-associated bloodstream infection, local infection, venous thrombosis, occlusion, dislodgement and breakage) will be compared between groups. Ethics and dissemination Ethical approval to conduct the research has been obtained. All dissemination will be undertaken using the CONSORT Statement recommendations. Additionally, the results will be sent to the relevant organisations which lead CVAD focused clinical practice guidelines development. Trial registration numbers ACTRN12614001327673; ACTRN12615000977572; ACTRN12614000280606. PMID:27259529

  12. Utilizing SELinux to mandate ultra-secure access control of medical records.

    PubMed

    Croll, Peter R; Henricksen, Matt; Caelli, Bill; Liu, Vicky

    2007-01-01

    Ongoing concerns have been raised over the effectiveness of information technology products and systems in maintaining privacy protection for sensitive data. The aim is to ensure that sensitive health information can be adequately protected yet still be accessible only to those that "need-to-know". To achieve this and ensure sustainability over the longer term, it is advocated that an alternative, stable and secure system architecture is required. This paper considers the adoption of a model targeted at health information that provides much higher degrees of protection. A purpose built demonstrator that was developed based on enterprise-level systems software products is detailed. The long term aim is to provide a viable solution by utilizing contemporary, commercially supported operating system and allied software. The advantages and limitations in its application with a medical database are discussed. The future needs in terms of research, software development and changes in organizational policy for healthcare providers, are outlined. PMID:17911767

  13. Securing America's access to space

    SciTech Connect

    Rendine, M.; Wood, L.

    1990-05-23

    We review pertinent aspects of the history of the space launch capabilities of the United States and survey its present status and near-term outlook. Steps which must be taken, pitfalls which much be avoided, and a core set of National options for re-acquiring in the near term the capability to access the space environment with large payloads are discussed. We devote considerable attention to the prospect of creating an interim heavy-lift space launch vehicle of at least 100,000 pound payload-orbiting capacity to serve National needs during the next dozen years, suggesting that such a capability can be demonstrated within 5 years for less than $1 B. Such capability will apparently be essential for meeting the first-phase goals of the President's Space Exploration Initiative. Some other high-leverage aspects of securing American access to space are also noted briefly, emphasizing unconventional technological approaches of presently high promise.

  14. Mobile access control vestibule

    NASA Astrophysics Data System (ADS)

    DePoy, Jennifer M.

    1998-12-01

    The mobile access control vestibule (MACV) is an adaptation of techniques developed for mobile military command centers. The overall configuration of modules acts as an entry control/screening facility or transportable command center. The system would provide the following capabilities: (1) A key element for force protection, rapid deployment units sent to areas having no prepositioned equipment or where there has been a degradation of that equipment as a result of natural disasters or civil unrest. (2) A rapidly deployable security control center to upgrade the security at nonmilitary sites (e.g., diplomatic or humanitarian organizations). (3) Personnel screening, package screening, badge/identification card production for authorized personnel, centralized monitoring of deployed perimeter sensors, and centralized communications for law enforcement personnel. (4) Self-contained screening and threat detection systems, including explosives detection using the system developed by Sandia National Laboratories for the FAA. When coupled with transportable electric generators, the system is self-sufficient. The communication system for the MACV would be a combination of physically wired and wireless communication units that supports by ad hoc networking.

  15. Reflective Database Access Control

    ERIC Educational Resources Information Center

    Olson, Lars E.

    2009-01-01

    "Reflective Database Access Control" (RDBAC) is a model in which a database privilege is expressed as a database query itself, rather than as a static privilege contained in an access control list. RDBAC aids the management of database access controls by improving the expressiveness of policies. However, such policies introduce new interactions…

  16. 49 CFR 1542.207 - Access control systems.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 49 Transportation 9 2010-10-01 2010-10-01 false Access control systems. 1542.207 Section 1542.207..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Operations § 1542.207 Access control... individuals authorized to have unescorted access to the secured area are able to gain entry; (2) Ensure...

  17. 49 CFR 1542.207 - Access control systems.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 49 Transportation 9 2014-10-01 2014-10-01 false Access control systems. 1542.207 Section 1542.207 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Operations § 1542.207 Access control systems. (a) Secured...

  18. 10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a... have access to matter revealing Secret or Confidential National Security Information or Restricted...

  19. 10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a... have access to matter revealing Secret or Confidential National Security Information or Restricted...

  20. 10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a... have access to matter revealing Secret or Confidential National Security Information or Restricted...

  1. 10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a... have access to matter revealing Secret or Confidential National Security Information or Restricted...

  2. 10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a... have access to matter revealing Secret or Confidential National Security Information or Restricted...

  3. Apparatus and method supporting wireless access to multiple security layers in an industrial control and automation system or other system

    DOEpatents

    Chen, Yu-Gene T.

    2013-04-16

    A method includes receiving a message at a first wireless node. The first wireless node is associated with a first wired network, and the first wired network is associated with a first security layer. The method also includes transmitting the message over the first wired network when at least one destination of the message is located in the first security layer. The method further includes wirelessly transmitting the message for delivery to a second wireless node when at least one destination of the message is located in a second security layer. The second wireless node is associated with a second wired network, and the second wired network is associated with the second security layer. The first and second security layers may be associated with different security paradigms and/or different security domains. Also, the message could be associated with destinations in the first and second security layers.

  4. ACCESS Pointing Control System

    NASA Technical Reports Server (NTRS)

    Brugarolas, Paul; Alexander, James; Trauger, John; Moody, Dwight; Egerman, Robert; Vallone, Phillip; Elias, Jason; Hejal, Reem; Camelo, Vanessa; Bronowicki, Allen; O'Connor, David; Partrick, Richard; Orzechowski, Pawel; Spitter, Connie; Lillie, Chuck

    2010-01-01

    ACCESS (Actively-Corrected Coronograph for Exoplanet System Studies) was one of four medium-class exoplanet concepts selected for the NASA Astrophysics Strategic Mission Concept Study (ASMCS) program in 2008/2009. The ACCESS study evaluated four major coronograph concepts under a common space observatory. This paper describes the high precision pointing control system (PCS) baselined for this observatory.

  5. A voice password system for access security

    SciTech Connect

    Birnbaum, M.; Cohen, L.A.; Welsh, F.X.

    1986-09-01

    A voice password system for access security using speaker verification technology has been designed for use over dial-up telephone lines. The voice password system (VPS) can provide secure access to telephone networks, computers, rooms, and buildings. It also has application in office automation systems, electric funds transfer, and ''smart cards'' (interactive computers embedded in credit-card-sized packages). As increasing attention is focused on access security in the public, private, and government sectors, the voice password system can provide a timely solution to the security dilemma. The VPS uses modes of communication available to almost everyone (the human voice and the telephone). A user calls the VPS, enters his or her identification number (ID) by touch-tone telephone, and then speaks a password. This is usually a phrase or a sentence of about seven syllables. On initial calls, the VPS creates a model of the user's voice, called a reference template, and labels it with the caller's unique user ID. To gain access later, the user calls the system, enters the proper user ID, and speaks the password phrase. The VPS compares the user's stored reference template with the spoken password and produces a distance score.

  6. 49 CFR 1542.207 - Access control systems.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 49 Transportation 9 2011-10-01 2011-10-01 false Access control systems. 1542.207 Section 1542.207 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Operations § 1542.207 Access...

  7. 49 CFR 1542.207 - Access control systems.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 49 Transportation 9 2012-10-01 2012-10-01 false Access control systems. 1542.207 Section 1542.207 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Operations § 1542.207 Access...

  8. 49 CFR 1542.207 - Access control systems.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 49 Transportation 9 2013-10-01 2013-10-01 false Access control systems. 1542.207 Section 1542.207 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Operations § 1542.207 Access...

  9. Network Access Control List Situation Awareness

    ERIC Educational Resources Information Center

    Reifers, Andrew

    2010-01-01

    Network security is a large and complex problem being addressed by multiple communities. Nevertheless, current theories in networking security appear to overestimate network administrators' ability to understand network access control lists (NACLs), providing few context specific user analyses. Consequently, the current research generally seems to…

  10. LANSCE personnel access control system

    SciTech Connect

    Sturrock, J.C.; Gallegos, F.R.; Hall, M.J.

    1997-01-01

    The Radiation Security System (RSS) at the Los Alamos Neutron Science Center (LANSCE) provides personnel protection from prompt radiation due to accelerated beam. The Personnel Access Control System (PACS) is a component of the RSS that is designed to prevent personnel access to areas where prompt radiation is a hazard. PACS was designed to replace several older personnel safety systems (PSS) with a single modem unified design. Lessons learned from the operation over the last 20 years were incorporated into a redundant sensor, single-point failure safe, fault tolerant, and tamper-resistant system that prevents access to the beam areas by controlling the access keys and beam stoppers. PACS uses a layered philosophy to the physical and electronic design. The most critical assemblies are battery backed up, relay logic circuits; less critical devices use Programmable Logic Controllers (PLCs) for timing functions and communications. Outside reviewers have reviewed the operational safety of the design. The design philosophy, lessons learned, hardware design, software design, operation, and limitations of the device are described.

  11. Efficient Access Control in Multimedia Social Networks

    NASA Astrophysics Data System (ADS)

    Sachan, Amit; Emmanuel, Sabu

    Multimedia social networks (MMSNs) have provided a convenient way to share multimedia contents such as images, videos, blogs, etc. Contents shared by a person can be easily accessed by anybody else over the Internet. However, due to various privacy, security, and legal concerns people often want to selectively share the contents only with their friends, family, colleagues, etc. Access control mechanisms play an important role in this situation. With access control mechanisms one can decide the persons who can access a shared content and who cannot. But continuously growing content uploads and accesses, fine grained access control requirements (e.g. different access control parameters for different parts in a picture), and specific access control requirements for multimedia contents can make the time complexity of access control to be very large. So, it is important to study an efficient access control mechanism suitable for MMSNs. In this chapter we present an efficient bit-vector transform based access control mechanism for MMSNs. The proposed approach is also compatible with other requirements of MMSNs, such as access rights modification, content deletion, etc. Mathematical analysis and experimental results show the effectiveness and efficiency of our proposed approach.

  12. Physical security workshop summary: entry control

    SciTech Connect

    Eaton, M.J.

    1982-01-01

    Entry control hardware has been used extensively in the past to assist security forces in separating the authorized from the unauthorized at the plant perimeter. As more attention is being focused on the insider threat, these entry control elements are being used to extend the security inspectors' presence into the plant by compartmentalizing access and monitoring vital components. This paper summarizes the experiences expressed by the participants at the March 16 to 19, 1982 INMM Physical Protection Workshop in utilizing access control and contraband detection hardware for plant wide entry control applications.

  13. 14 CFR § 1203a.103 - Access to security areas.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 14 Aeronautics and Space 5 2014-01-01 2014-01-01 false Access to security areas. § 1203a.103 Section § 1203a.103 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION NASA SECURITY AREAS § 1203a.103 Access to security areas. (a) Only those NASA employees, NASA contractor...

  14. 14 CFR 1203a.103 - Access to security areas.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 14 Aeronautics and Space 5 2012-01-01 2012-01-01 false Access to security areas. 1203a.103 Section 1203a.103 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION NASA SECURITY AREAS § 1203a.103 Access to security areas. (a) Only those NASA employees, NASA contractor employees,...

  15. 14 CFR 1203a.103 - Access to security areas.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Access to security areas. 1203a.103 Section 1203a.103 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION NASA SECURITY AREAS § 1203a.103 Access to security areas. (a) Only those NASA employees, NASA contractor employees,...

  16. 14 CFR 1203a.103 - Access to security areas.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Access to security areas. 1203a.103 Section 1203a.103 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION NASA SECURITY AREAS § 1203a.103 Access to security areas. (a) Only those NASA employees, NASA contractor employees,...

  17. 14 CFR 1203a.103 - Access to security areas.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 14 Aeronautics and Space 5 2013-01-01 2013-01-01 false Access to security areas. 1203a.103 Section 1203a.103 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION NASA SECURITY AREAS § 1203a.103 Access to security areas. (a) Only those NASA employees, NASA contractor employees,...

  18. Identity and Access Management and Security in Higher Education.

    ERIC Educational Resources Information Center

    Bruhn, Mark; Gettes, Michael; West, Ann

    2003-01-01

    Discusses the drivers for an identity management system (IdM), components of this system, and its role within a school security strategy, focusing on: basic access management; requirements for access management; middleware support for an access management system; IdM implementation considerations (e.g., access eligibilities, authentication…

  19. 49 CFR 1548.15 - Access to cargo: Security threat assessments for individuals having unescorted access to cargo.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 49 Transportation 9 2010-10-01 2010-10-01 false Access to cargo: Security threat assessments for... SECURITY CIVIL AVIATION SECURITY INDIRECT AIR CARRIER SECURITY § 1548.15 Access to cargo: Security threat... must successfully complete a security threat assessment or comparable security threat...

  20. Access control and confidentiality in radiology

    NASA Astrophysics Data System (ADS)

    Noumeir, Rita; Chafik, Adil

    2005-04-01

    A medical record contains a large amount of data about the patient such as height, weight and blood pressure. It also contains sensitive information such as fertility, abortion, psychiatric data, sexually transmitted diseases and diagnostic results. Access to this information must be carefully controlled. Information technology has greatly improved patient care. The recent extensive deployment of digital medical images made diagnostic images promptly available to healthcare decision makers, regardless of their geographic location. Medical images are digitally archived, transferred on telecommunication networks, and visualized on computer screens. However, with the widespread use of computing and communication technologies in healthcare, the issue of data security has become increasingly important. Most of the work until now has focused on the security of data communication to ensure its integrity, authentication, confidentiality and user accountability. The mechanisms that have been proposed to achieve the security of data communication are not specific to healthcare. Data integrity can be achieved with data signature. Data authentication can be achieved with certificate exchange. Data confidentiality can be achieved with encryption. User accountability can be achieved with audits. Although these mechanisms are essential to ensure data security during its transfer on the network, access control is needed in order to ensure data confidentiality and privacy within the information system application. In this paper, we present and discuss an access control mechanism that takes into account the notion of a care process. Radiology information is categorized and a model to enforce data privacy is proposed.

  1. Establishing a Secure Data Center with Remote Access: Preprint

    SciTech Connect

    Gonder, J.; Burton, E.; Murakami, E.

    2012-04-01

    Access to existing travel data is critical for many analysis efforts that lack the time or resources to support detailed data collection. High-resolution data sets provide particular value, but also present a challenge for preserving the anonymity of the original survey participants. To address this dilemma of providing data access while preserving privacy, the National Renewable Energy Laboratory and the U.S. Department of Transportation have launched the Transportation Secure Data Center (TSDC). TSDC data sets include those from regional travel surveys and studies that increasingly use global positioning system devices. Data provided by different collecting agencies varies with respect to formatting, elements included and level of processing conducted in support of the original purpose. The TSDC relies on a number of geospatial and other analysis tools to ensure data quality and to generate useful information outputs. TSDC users can access the processed data in two different ways. The first is by downloading summary results and second-by-second vehicle speed profiles (with latitude/longitude information removed) from a publicly-accessible website. The second method involves applying for a remote connection account to a controlled-access environment where spatial analysis can be conducted, but raw data cannot be removed.

  2. Bibliographic Access and Control System.

    ERIC Educational Resources Information Center

    Kelly, Betsy; And Others

    1982-01-01

    Presents a brief summary of the functions of the Bibliographic Access & Control System (BACS) implemented at the Washington University School of Medicine Library, and outlines the design, development, and uses of the system. Bibliographic control of books and serials and user access to the system are also discussed. (Author/JL)

  3. Access Control Management for SCADA Systems

    NASA Astrophysics Data System (ADS)

    Hong, Seng-Phil; Ahn, Gail-Joon; Xu, Wenjuan

    The information technology revolution has transformed all aspects of our society including critical infrastructures and led a significant shift from their old and disparate business models based on proprietary and legacy environments to more open and consolidated ones. Supervisory Control and Data Acquisition (SCADA) systems have been widely used not only for industrial processes but also for some experimental facilities. Due to the nature of open environments, managing SCADA systems should meet various security requirements since system administrators need to deal with a large number of entities and functions involved in critical infrastructures. In this paper, we identify necessary access control requirements in SCADA systems and articulate access control policies for the simulated SCADA systems. We also attempt to analyze and realize those requirements and policies in the context of role-based access control that is suitable for simplifying administrative tasks in large scale enterprises.

  4. Atom-Role-Based Access Control Model

    NASA Astrophysics Data System (ADS)

    Cai, Weihong; Huang, Richeng; Hou, Xiaoli; Wei, Gang; Xiao, Shui; Chen, Yindong

    Role-based access control (RBAC) model has been widely recognized as an efficient access control model and becomes a hot research topic of information security at present. However, in the large-scale enterprise application environments, the traditional RBAC model based on the role hierarchy has the following deficiencies: Firstly, it is unable to reflect the role relationships in complicated cases effectively, which does not accord with practical applications. Secondly, the senior role unconditionally inherits all permissions of the junior role, thus if a user is under the supervisor role, he may accumulate all permissions, and this easily causes the abuse of permission and violates the least privilege principle, which is one of the main security principles. To deal with these problems, we, after analyzing permission types and role relationships, proposed the concept of atom role and built an atom-role-based access control model, called ATRBAC, by dividing the permission set of each regular role based on inheritance path relationships. Through the application-specific analysis, this model can well meet the access control requirements.

  5. The Battle to Secure Our Public Access Computers

    ERIC Educational Resources Information Center

    Sendze, Monique

    2006-01-01

    Securing public access workstations should be a significant part of any library's network and information-security strategy because of the sensitive information patrons enter on these workstations. As the IT manager for the Johnson County Library in Kansas City, Kan., this author is challenged to make sure that thousands of patrons get the access…

  6. Analysis of Access Control Policies in Operating Systems

    ERIC Educational Resources Information Center

    Chen, Hong

    2009-01-01

    Operating systems rely heavily on access control mechanisms to achieve security goals and defend against remote and local attacks. The complexities of modern access control mechanisms and the scale of policy configurations are often overwhelming to system administrators and software developers. Therefore, mis-configurations are common, and the…

  7. 10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... information for parties; security clearances. 2.905 Section 2.905 Energy NUCLEAR REGULATORY COMMISSION AGENCY... Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access to restricted data and national security......

  8. 10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... information for parties; security clearances. 2.905 Section 2.905 Energy NUCLEAR REGULATORY COMMISSION AGENCY... Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access to restricted data and national security......

  9. Implementing context and team based access control in healthcare intranets.

    PubMed

    Georgiadis, Christos K; Mavridis, Ioannis K; Nikolakopoulou, Georgia; Pangalos, George I

    2002-09-01

    The establishment of an efficient access control system in healthcare intranets is a critical security issue directly related to the protection of patients' privacy. Our C-TMAC (Context and Team-based Access Control) model is an active security access control model that layers dynamic access control concepts on top of RBAC (Role-based) and TMAC (Team-based) access control models. It also extends them in the sense that contextual information concerning collaborative activities is associated with teams of users and user permissions are dynamically filtered during runtime. These features of C-TMAC meet the specific security requirements of healthcare applications. In this paper, an experimental implementation of the C-TMAC model is described. More specifically, we present the operational architecture of the system that is used to implement C-TMAC security components in a healthcare intranet. Based on the technological platform of an Oracle Data Base Management System and Application Server, the application logic is coded with stored PL/SQL procedures that include Dynamic SQL routines for runtime value binding purposes. The resulting active security system adapts to current need-to-know requirements of users during runtime and provides fine-grained permission granularity. Apart from identity certificates for authentication, it uses attribute certificates for communicating critical security metadata, such as role membership and team participation of users. PMID:12507264

  10. Quantum secured gigabit optical access networks.

    PubMed

    Fröhlich, Bernd; Dynes, James F; Lucamarini, Marco; Sharpe, Andrew W; Tam, Simon W-B; Yuan, Zhiliang; Shields, Andrew J

    2015-01-01

    Optical access networks connect multiple endpoints to a common network node via shared fibre infrastructure. They will play a vital role to scale up the number of users in quantum key distribution (QKD) networks. However, the presence of power splitters in the commonly used passive network architecture makes successful transmission of weak quantum signals challenging. This is especially true if QKD and data signals are multiplexed in the passive network. The splitter introduces an imbalance between quantum signal and Raman noise, which can prevent the recovery of the quantum signal completely. Here we introduce a method to overcome this limitation and demonstrate coexistence of multi-user QKD and full power data traffic from a gigabit passive optical network (GPON) for the first time. The dual feeder implementation is compatible with standard GPON architectures and can support up to 128 users, highlighting that quantum protected GPON networks could be commonplace in the future. PMID:26656307

  11. Quantum secured gigabit optical access networks

    NASA Astrophysics Data System (ADS)

    Fröhlich, Bernd; Dynes, James F.; Lucamarini, Marco; Sharpe, Andrew W.; Tam, Simon W.-B.; Yuan, Zhiliang; Shields, Andrew J.

    2015-12-01

    Optical access networks connect multiple endpoints to a common network node via shared fibre infrastructure. They will play a vital role to scale up the number of users in quantum key distribution (QKD) networks. However, the presence of power splitters in the commonly used passive network architecture makes successful transmission of weak quantum signals challenging. This is especially true if QKD and data signals are multiplexed in the passive network. The splitter introduces an imbalance between quantum signal and Raman noise, which can prevent the recovery of the quantum signal completely. Here we introduce a method to overcome this limitation and demonstrate coexistence of multi-user QKD and full power data traffic from a gigabit passive optical network (GPON) for the first time. The dual feeder implementation is compatible with standard GPON architectures and can support up to 128 users, highlighting that quantum protected GPON networks could be commonplace in the future.

  12. Quantum secured gigabit optical access networks

    PubMed Central

    Fröhlich, Bernd; Dynes, James F.; Lucamarini, Marco; Sharpe, Andrew W.; Tam, Simon W.-B.; Yuan, Zhiliang; Shields, Andrew J.

    2015-01-01

    Optical access networks connect multiple endpoints to a common network node via shared fibre infrastructure. They will play a vital role to scale up the number of users in quantum key distribution (QKD) networks. However, the presence of power splitters in the commonly used passive network architecture makes successful transmission of weak quantum signals challenging. This is especially true if QKD and data signals are multiplexed in the passive network. The splitter introduces an imbalance between quantum signal and Raman noise, which can prevent the recovery of the quantum signal completely. Here we introduce a method to overcome this limitation and demonstrate coexistence of multi-user QKD and full power data traffic from a gigabit passive optical network (GPON) for the first time. The dual feeder implementation is compatible with standard GPON architectures and can support up to 128 users, highlighting that quantum protected GPON networks could be commonplace in the future. PMID:26656307

  13. Access Control of Cloud Service Based on UCON

    NASA Astrophysics Data System (ADS)

    Danwei, Chen; Xiuli, Huang; Xunyi, Ren

    Cloud computing is an emerging computing paradigm, and cloud service is also becoming increasingly relevant. Most research communities have recently embarked in the area, and research challenges in every aspect. This paper mainly discusses cloud service security. Cloud service is based on Web Services, and it will face all kinds of security problems including what Web Services face. The development of cloud service closely relates to its security, so the research of cloud service security is a very important theme. This paper introduces cloud computing and cloud service firstly, and then gives cloud services access control model based on UCON and negotiation technologies, and also designs the negotiation module.

  14. Authenticated IGMP for Controlling Access to Multicast Distribution Tree

    NASA Astrophysics Data System (ADS)

    Park, Chang-Seop; Kang, Hyun-Sun

    A receiver access control scheme is proposed to protect the multicast distribution tree from DoS attack induced by unauthorized use of IGMP, by extending the security-related functionality of IGMP. Based on a specific network and business model adopted for commercial deployment of IP multicast applications, a key management scheme is also presented for bootstrapping the proposed access control as well as accounting and billing for CP (Content Provider), NSP (Network Service Provider), and group members.

  15. Controlling Access to Suicide Means

    PubMed Central

    Sarchiapone, Marco; Mandelli, Laura; Iosue, Miriam; Andrisano, Costanza; Roy, Alec

    2011-01-01

    Background: Restricting access to common means of suicide, such as firearms, toxic gas, pesticides and other, has been shown to be effective in reducing rates of death in suicide. In the present review we aimed to summarize the empirical and clinical literature on controlling the access to means of suicide. Methods: This review made use of both MEDLINE, ISI Web of Science and the Cochrane library databases, identifying all English articles with the keywords “suicide means”, “suicide method”, “suicide prediction” or “suicide prevention” and other relevant keywords. Results: A number of factors may influence an individual’s decision regarding method in a suicide act, but there is substantial support that easy access influences the choice of method. In many countries, restrictions of access to common means of suicide has lead to lower overall suicide rates, particularly regarding suicide by firearms in USA, detoxification of domestic and motor vehicle gas in England and other countries, toxic pesticides in rural areas, barriers at jumping sites and hanging, by introducing “safe rooms” in prisons and hospitals. Moreover, decline in prescription of barbiturates and tricyclic antidepressants (TCAs), as well as limitation of drugs pack size for paracetamol and salicylate has reduced suicides by overdose, while increased prescription of SSRIs seems to have lowered suicidal rates. Conclusions: Restriction to means of suicide may be particularly effective in contexts where the method is popular, highly lethal, widely available, and/or not easily substituted by other similar methods. However, since there is some risk of means substitution, restriction of access should be implemented in conjunction with other suicide prevention strategies. PMID:22408588

  16. Securing TCP/IP and Dial-up Access to Administrative Data.

    ERIC Educational Resources Information Center

    Conrad, L. Dean

    1992-01-01

    This article describes Arizona State University's solution to security risk inherent in general access systems such as TCP/IP (Transmission Control Protocol/INTERNET Protocol). Advantages and disadvantages of various options are compared, and the process of selecting a log-on authentication approach involving generation of a different password at…

  17. High-Performance Secure Database Access Technologies for HEP Grids

    SciTech Connect

    Matthew Vranicar; John Weicher

    2006-04-17

    The Large Hadron Collider (LHC) at the CERN Laboratory will become the largest scientific instrument in the world when it starts operations in 2007. Large Scale Analysis Computer Systems (computational grids) are required to extract rare signals of new physics from petabytes of LHC detector data. In addition to file-based event data, LHC data processing applications require access to large amounts of data in relational databases: detector conditions, calibrations, etc. U.S. high energy physicists demand efficient performance of grid computing applications in LHC physics research where world-wide remote participation is vital to their success. To empower physicists with data-intensive analysis capabilities a whole hyperinfrastructure of distributed databases cross-cuts a multi-tier hierarchy of computational grids. The crosscutting allows separation of concerns across both the global environment of a federation of computational grids and the local environment of a physicist’s computer used for analysis. Very few efforts are on-going in the area of database and grid integration research. Most of these are outside of the U.S. and rely on traditional approaches to secure database access via an extraneous security layer separate from the database system core, preventing efficient data transfers. Our findings are shared by the Database Access and Integration Services Working Group of the Global Grid Forum, who states that "Research and development activities relating to the Grid have generally focused on applications where data is stored in files. However, in many scientific and commercial domains, database management systems have a central role in data storage, access, organization, authorization, etc, for numerous applications.” There is a clear opportunity for a technological breakthrough, requiring innovative steps to provide high-performance secure database access technologies for grid computing. We believe that an innovative database architecture where the

  18. Secure Payload Access to the International Space Station

    NASA Technical Reports Server (NTRS)

    Pitts, R. Lee; Reid, Chris

    2002-01-01

    The ISS finally reached an operational state and exists for local and remote users. Onboard payload systems are managed by the Huntsville Operations Support Center (HOSC). Users access HOSC systems by internet protocols in support of daily operations, preflight simulation, and test. In support of this diverse user community, a modem security architecture has been implemented. The architecture has evolved over time from an isolated but open system to a system which supports local and remote access to the ISS over broad geographic regions. This has been accomplished through the use of an evolved security strategy, PKI, and custom design. Through this paper, descriptions of the migration process and the lessons learned are presented. This will include product decision criteria, rationale, and the use of commodity products in the end architecture. This paper will also stress the need for interoperability of various products and the effects of seemingly insignificant details.

  19. 32 CFR 552.109 - Routine security controls.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... 32 National Defense 3 2011-07-01 2009-07-01 true Routine security controls. 552.109 Section 552.109 National Defense Department of Defense (Continued) DEPARTMENT OF THE ARMY MILITARY RESERVATIONS AND NATIONAL CEMETERIES REGULATIONS AFFECTING MILITARY RESERVATIONS Regulation Controlling the Access to the Fort Lewis Main Cantonment Area...

  20. 32 CFR 552.109 - Routine security controls.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 32 National Defense 3 2010-07-01 2010-07-01 true Routine security controls. 552.109 Section 552.109 National Defense Department of Defense (Continued) DEPARTMENT OF THE ARMY MILITARY RESERVATIONS AND NATIONAL CEMETERIES REGULATIONS AFFECTING MILITARY RESERVATIONS Regulation Controlling the Access to the Fort Lewis Main Cantonment Area...

  1. Type-Based Access Control in Data-Centric Systems

    NASA Astrophysics Data System (ADS)

    Caires, Luís; Pérez, Jorge A.; Seco, João Costa; Vieira, Hugo Torres; Ferrão, Lúcio

    Data-centric multi-user systems, such as web applications, require flexible yet fine-grained data security mechanisms. Such mechanisms are usually enforced by a specially crafted security layer, which adds extra complexity and often leads to error prone coding, easily causing severe security breaches. In this paper, we introduce a programming language approach for enforcing access control policies to data in data-centric programs by static typing. Our development is based on the general concept of refinement type, but extended so as to address realistic and challenging scenarios of permission-based data security, in which policies dynamically depend on the database state, and flexible combinations of column- and row-level protection of data are necessary. We state and prove soundness and safety of our type system, stating that well-typed programs never break the declared data access control policies.

  2. IT Security Support for the Spaceport Command Control System Development

    NASA Technical Reports Server (NTRS)

    Varise, Brian

    2014-01-01

    My job title is IT Security support for the Spaceport Command & Control System Development. As a cyber-security analyst it is my job to ensure NASA's information stays safe from cyber threats, such as, viruses, malware and denial-of-service attacks by establishing and enforcing system access controls. Security is very important in the world of technology and it is used everywhere from personal computers to giant networks ran by Government agencies worldwide. Without constant monitoring analysis, businesses, public organizations and government agencies are vulnerable to potential harmful infiltration of their computer information system. It is my responsibility to ensure authorized access by examining improper access, reporting violations, revoke access, monitor information request by new programming and recommend improvements. My department oversees the Launch Control System and networks. An audit will be conducted for the LCS based on compliance with the Federal Information Security Management Act (FISMA) and The National Institute of Standards and Technology (NIST). I recently finished analyzing the SANS top 20 critical controls to give cost effective recommendations on various software and hardware products for compliance. Upon my completion of this internship, I will have successfully completed my duties as well as gain knowledge that will be helpful to my career in the future as a Cyber Security Analyst.

  3. Access Control of Web- and Java-Based Applications

    NASA Technical Reports Server (NTRS)

    Tso, Kam S.; Pajevski, Michael J.

    2013-01-01

    Cybersecurity has become a great concern as threats of service interruption, unauthorized access, stealing and altering of information, and spreading of viruses have become more prevalent and serious. Application layer access control of applications is a critical component in the overall security solution that also includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. An access control solution, based on an open-source access manager augmented with custom software components, was developed to provide protection to both Web-based and Javabased client and server applications. The DISA Security Service (DISA-SS) provides common access control capabilities for AMMOS software applications through a set of application programming interfaces (APIs) and network- accessible security services for authentication, single sign-on, authorization checking, and authorization policy management. The OpenAM access management technology designed for Web applications can be extended to meet the needs of Java thick clients and stand alone servers that are commonly used in the JPL AMMOS environment. The DISA-SS reusable components have greatly reduced the effort for each AMMOS subsystem to develop its own access control strategy. The novelty of this work is that it leverages an open-source access management product that was designed for Webbased applications to provide access control for Java thick clients and Java standalone servers. Thick clients and standalone servers are still commonly used in businesses and government, especially for applications that require rich graphical user interfaces and high-performance visualization that cannot be met by thin clients running on Web browsers

  4. An authentication scheme for secure access to healthcare services.

    PubMed

    Khan, Muhammad Khurram; Kumari, Saru

    2013-08-01

    Last few decades have witnessed boom in the development of information and communication technologies. Health-sector has also been benefitted with this advancement. To ensure secure access to healthcare services some user authentication mechanisms have been proposed. In 2012, Wei et al. proposed a user authentication scheme for telecare medical information system (TMIS). Recently, Zhu pointed out offline password guessing attack on Wei et al.'s scheme and proposed an improved scheme. In this article, we analyze both of these schemes for their effectiveness in TMIS. We show that Wei et al.'s scheme and its improvement proposed by Zhu fail to achieve some important characteristics necessary for secure user authentication. We find that security problems of Wei et al.'s scheme stick with Zhu's scheme; like undetectable online password guessing attack, inefficacy of password change phase, traceability of user's stolen/lost smart card and denial-of-service threat. We also identify that Wei et al.'s scheme lacks forward secrecy and Zhu's scheme lacks session key between user and healthcare server. We therefore propose an authentication scheme for TMIS with forward secrecy which preserves the confidentiality of air messages even if master secret key of healthcare server is compromised. Our scheme retains advantages of Wei et al.'s scheme and Zhu's scheme, and offers additional security. The security analysis and comparison results show the enhanced suitability of our scheme for TMIS. PMID:23828650

  5. 10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... information for parties; security clearances. 2.905 Section 2.905 Energy NUCLEAR REGULATORY COMMISSION RULES... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a)...

  6. 10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... information for parties; security clearances. 2.905 Section 2.905 Energy NUCLEAR REGULATORY COMMISSION RULES... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a)...

  7. 10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... information for parties; security clearances. 2.905 Section 2.905 Energy NUCLEAR REGULATORY COMMISSION RULES... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a)...

  8. ACCESS: Detector Control and Performance

    NASA Astrophysics Data System (ADS)

    Morris, Matthew J.; Kaiser, M.; McCandliss, S. R.; Rauscher, B. J.; Kimble, R. A.; Kruk, J. W.; Wright, E. L.; Bohlin, R.; Kurucz, R. L.; Riess, A. G.; Pelton, R.; Deustua, S. E.; Dixon, W. V.; Sahnow, D. J.; Mott, D. B.; Wen, Y.; Benford, D. J.; Gardner, J. P.; Feldman, P. D.; Moos, H. W.; Lampton, M.; Perlmutter, S.; Woodgate, B. E.

    2014-01-01

    ACCESS, Absolute Color Calibration Experiment for Standard Stars, is a series of rocket-borne sub-orbital missions and ground-based experiments that will enable improvements in the precision of the astrophysical flux scale through the transfer of absolute laboratory detector standards from the National Institute of Standards and Technology (NIST) to a network of stellar standards with a calibration accuracy of 1% and a spectral resolving power of 500 across the 0.35 to 1.7 micron bandpass (companion poster, Kaiser et al.). The flight detector and detector spare have been selected and integrated with their electronics and flight mount. The controller electronics have been flight qualified. Vibration testing to launch loads and thermal vacuum testing of the detector, mount, and housing have been successfully performed. Further improvements to the flight controller housing have been made. A cryogenic ground test system has been built. Dark current and read noise tests have been performed, yielding results consistent with the initial characterization tests of the detector performed by Goddard Space Flight Center’s Detector Characterization Lab (DCL). Detector control software has been developed and implemented for ground testing. Performance and integration of the detector and controller with the flight software will be presented. NASA APRA sounding rocket grant NNX08AI65G supports this work.

  9. Application-Defined Decentralized Access Control.

    PubMed

    Xu, Yuanzhong; Dunn, Alan M; Hofmann, Owen S; Lee, Michael Z; Mehdi, Syed Akbar; Witchel, Emmett

    2014-01-01

    DCAC is a practical OS-level access control system that supports application-defined principals. It allows normal users to perform administrative operations within their privilege, enabling isolation and privilege separation for applications. It does not require centralized policy specification or management, giving applications freedom to manage their principals while the policies are still enforced by the OS. DCAC uses hierarchically-named attributes as a generic framework for user-defined policies such as groups defined by normal users. For both local and networked file systems, its execution time overhead is between 0%-9% on file system microbenchmarks, and under 1% on applications. This paper shows the design and implementation of DCAC, as well as several real-world use cases, including sandboxing applications, enforcing server applications' security policies, supporting NFS, and authenticating user-defined sub-principals in SSH, all with minimal code changes. PMID:25426493

  10. Application-Defined Decentralized Access Control

    PubMed Central

    Xu, Yuanzhong; Dunn, Alan M.; Hofmann, Owen S.; Lee, Michael Z.; Mehdi, Syed Akbar; Witchel, Emmett

    2014-01-01

    DCAC is a practical OS-level access control system that supports application-defined principals. It allows normal users to perform administrative operations within their privilege, enabling isolation and privilege separation for applications. It does not require centralized policy specification or management, giving applications freedom to manage their principals while the policies are still enforced by the OS. DCAC uses hierarchically-named attributes as a generic framework for user-defined policies such as groups defined by normal users. For both local and networked file systems, its execution time overhead is between 0%–9% on file system microbenchmarks, and under 1% on applications. This paper shows the design and implementation of DCAC, as well as several real-world use cases, including sandboxing applications, enforcing server applications’ security policies, supporting NFS, and authenticating user-defined sub-principals in SSH, all with minimal code changes. PMID:25426493

  11. 75 FR 5609 - Privacy Act of 1974; Department of Homeland Security/ALL-024 Facility and Perimeter Access...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-03

    ...In accordance with the Privacy Act of 1974 the Department of Homeland Security proposes to update and reissue Department of Homeland Security/ALL--024 Facility and Perimeter Access Control and Visitor Management System of Records to include record systems within the Federal Protective Service. Categories of individuals, categories of records, purpose and routine uses of this system have been......

  12. Efficient identity management and access control in cloud environment

    NASA Astrophysics Data System (ADS)

    Gloster, Jonathan

    2013-05-01

    As more enterprises are enticed to move data to a cloud environment to enhance data sharing and reduce operating costs by exploiting shared resources, concerns have risen over the ability to secure information within the cloud. This paper examines how a traditional Identity and Access Control (IDAM) architecture can be adapted to address security concerns of a cloud environment. We propose changing the paradigm of IDAM form a pure trust model to a risk based model will enable information to be protected securely in a cloud environment without impacting efficiencies of cloud environments.

  13. Logical Access Control Mechanisms in Computer Systems.

    ERIC Educational Resources Information Center

    Hsiao, David K.

    The subject of access control mechanisms in computer systems is concerned with effective means to protect the anonymity of private information on the one hand, and to regulate the access to shareable information on the other hand. Effective means for access control may be considered on three levels: memory, process and logical. This report is a…

  14. Access Control of Web and Java Based Applications

    NASA Technical Reports Server (NTRS)

    Tso, Kam S.; Pajevski, Michael J.; Johnson, Bryan

    2011-01-01

    Cyber security has gained national and international attention as a result of near continuous headlines from financial institutions, retail stores, government offices and universities reporting compromised systems and stolen data. Concerns continue to rise as threats of service interruption, and spreading of viruses become ever more prevalent and serious. Controlling access to application layer resources is a critical component in a layered security solution that includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. In this paper we discuss the development of an application-level access control solution, based on an open-source access manager augmented with custom software components, to provide protection to both Web-based and Java-based client and server applications.

  15. An efficient and secure attribute based signcryption scheme with LSSS access structure.

    PubMed

    Hong, Hanshu; Sun, Zhixin

    2016-01-01

    Attribute based encryption (ABE) and attribute based signature (ABS) provide flexible access control with authentication for data sharing between users, but realizing both functions will bring about too much computation burden. In this paper, we combine the advantages of CP-ABE with ABS and propose a ciphertext policy attribute based signcryption scheme. In our scheme, only legal receivers can decrypt the ciphertext and verify the signature signed by data owner. Furthermore, we use linear secret sharing scheme instead of tree structure to avoid the frequent calls of recursive algorithm. By security and performance analysis, we prove that our scheme is secure as well as gains higher efficiency. PMID:27330910

  16. Security Controls Hurt Research, NAS Warns.

    ERIC Educational Resources Information Center

    Kolata, Gina

    1982-01-01

    A National Academy of Sciences (NAS) report found no evidence that leaks of technical information from universities or other research centers have damaged national security. However, in areas where control is warranted, decisions should be based on criteria. These criteria and issues related to security control and technological transfer are…

  17. Common Badging and Access Control System (CBACS)

    NASA Technical Reports Server (NTRS)

    Dischinger, Portia

    2005-01-01

    This slide presentation presents NASA's Common Badging and Access Control System. NASA began a Smart Card implementation in January 2004. Following site surveys, it was determined that NASA's badging and access control systems required upgrades to common infrastructure in order to provide flexibly, usability, and return on investment prior to a smart card implantation. Common Badging and Access Control System (CBACS) provides the common infrastructure from which FIPS-201 compliant processes, systems, and credentials can be developed and used.

  18. 10 CFR 110.121 - Security clearances and access to classified information.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 10 Energy 2 2010-01-01 2010-01-01 false Security clearances and access to classified information... EQUIPMENT AND MATERIAL Special Procedures for Classified Information in Hearings § 110.121 Security clearances and access to classified information. (a) No person without a security clearance will have...

  19. 10 CFR 110.121 - Security clearances and access to classified information.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 10 Energy 2 2011-01-01 2011-01-01 false Security clearances and access to classified information... EQUIPMENT AND MATERIAL Special Procedures for Classified Information in Hearings § 110.121 Security clearances and access to classified information. (a) No person without a security clearance will have...

  20. 10 CFR 110.121 - Security clearances and access to classified information.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 10 Energy 2 2014-01-01 2014-01-01 false Security clearances and access to classified information... EQUIPMENT AND MATERIAL Special Procedures for Classified Information in Hearings § 110.121 Security clearances and access to classified information. (a) No person without a security clearance will have...

  1. 10 CFR 110.121 - Security clearances and access to classified information.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 10 Energy 2 2012-01-01 2012-01-01 false Security clearances and access to classified information... EQUIPMENT AND MATERIAL Special Procedures for Classified Information in Hearings § 110.121 Security clearances and access to classified information. (a) No person without a security clearance will have...

  2. 10 CFR 110.121 - Security clearances and access to classified information.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 10 Energy 2 2013-01-01 2013-01-01 false Security clearances and access to classified information... EQUIPMENT AND MATERIAL Special Procedures for Classified Information in Hearings § 110.121 Security clearances and access to classified information. (a) No person without a security clearance will have...

  3. 10 CFR 1016.8 - Approval for processing access permittees for security facility approval.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 10 Energy 4 2010-01-01 2010-01-01 false Approval for processing access permittees for security facility approval. 1016.8 Section 1016.8 Energy DEPARTMENT OF ENERGY (GENERAL PROVISIONS) SAFEGUARDING OF RESTRICTED DATA Physical Security § 1016.8 Approval for processing access permittees for security...

  4. 10 CFR 1016.8 - Approval for processing access permittees for security facility approval.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 10 Energy 4 2011-01-01 2011-01-01 false Approval for processing access permittees for security facility approval. 1016.8 Section 1016.8 Energy DEPARTMENT OF ENERGY (GENERAL PROVISIONS) SAFEGUARDING OF RESTRICTED DATA Physical Security § 1016.8 Approval for processing access permittees for security...

  5. 10 CFR 1016.8 - Approval for processing access permittees for security facility approval.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 10 Energy 4 2013-01-01 2013-01-01 false Approval for processing access permittees for security facility approval. 1016.8 Section 1016.8 Energy DEPARTMENT OF ENERGY (GENERAL PROVISIONS) SAFEGUARDING OF RESTRICTED DATA Physical Security § 1016.8 Approval for processing access permittees for security...

  6. 10 CFR 1016.8 - Approval for processing access permittees for security facility approval.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 10 Energy 4 2012-01-01 2012-01-01 false Approval for processing access permittees for security facility approval. 1016.8 Section 1016.8 Energy DEPARTMENT OF ENERGY (GENERAL PROVISIONS) SAFEGUARDING OF RESTRICTED DATA Physical Security § 1016.8 Approval for processing access permittees for security...

  7. 10 CFR 1016.8 - Approval for processing access permittees for security facility approval.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 10 Energy 4 2014-01-01 2014-01-01 false Approval for processing access permittees for security facility approval. 1016.8 Section 1016.8 Energy DEPARTMENT OF ENERGY (GENERAL PROVISIONS) SAFEGUARDING OF RESTRICTED DATA Physical Security § 1016.8 Approval for processing access permittees for security...

  8. Multiparty-controlled quantum secure direct communication

    SciTech Connect

    Xiu, X.-M. Dong, L.; Gao, Y.-J.; Chi, F.

    2007-12-15

    A theoretical scheme of a multiparty-controlled quantum secure direct communication is proposed. The supervisor prepares a communication network with Einstein-Podolsky-Rosen pairs and auxiliary particles. After passing a security test of the communication network, a supervisor tells the users the network is secure and they can communicate. If the controllers allow the communicators to communicate, the controllers should perform measurements and inform the communicators of the outcomes. The communicators then begin to communicate after they perform a security test of the quantum channel and verify that it is secure. The recipient can decrypt the secret message in a classical message from the sender depending on the protocol. Any two users in the network can communicate through the above processes under the control of the supervisor and the controllers.

  9. Global Access-controlled Transfer e-frame (GATe)

    SciTech Connect

    2012-05-30

    Global Access-controlled Transfer e-frame (GATe) was designed to take advantage of the patterns that occur during an electronic record transfer process. The e-frame (or electronic framework or platform) is the foundation for developing secure information transfer to meet classified and unclassified business processes and is particularly useful when there is a need to share information with various entities in a controlled and secure environment. It can share, search, upload, download and retrieve sensitive information, as well as provides reporting capabilities.

  10. Global Access-controlled Transfer e-frame (GATe)

    2012-05-30

    Global Access-controlled Transfer e-frame (GATe) was designed to take advantage of the patterns that occur during an electronic record transfer process. The e-frame (or electronic framework or platform) is the foundation for developing secure information transfer to meet classified and unclassified business processes and is particularly useful when there is a need to share information with various entities in a controlled and secure environment. It can share, search, upload, download and retrieve sensitive information, asmore » well as provides reporting capabilities.« less

  11. Secure, Autonomous, Intelligent Controller for Integrating Distributed Sensor Webs

    NASA Technical Reports Server (NTRS)

    Ivancic, William D.

    2007-01-01

    This paper describes the infrastructure and protocols necessary to enable near-real-time commanding, access to space-based assets, and the secure interoperation between sensor webs owned and controlled by various entities. Select terrestrial and aeronautics-base sensor webs will be used to demonstrate time-critical interoperability between integrated, intelligent sensor webs both terrestrial and between terrestrial and space-based assets. For this work, a Secure, Autonomous, Intelligent Controller and knowledge generation unit is implemented using Virtual Mission Operation Center technology.

  12. Access and control of information and intellectual property

    NASA Astrophysics Data System (ADS)

    Lang, Gerald S.

    1996-03-01

    This paper introduces the technology of two pioneering patents for the secure distribution of information and intellectual property. The seminal technology has been used in the control of sensitive material such as medical records and imagery in distributed networks. It lends itself to the implementation of an open architecture access control system that provides local or remote user selective access to digital information stored on any computer system or storage medium, down to the data element, pixel, and sub-pixel levels. Use of this technology is especially suited for electronic publishing, health care records, MIS, and auditing.

  13. 10 CFR 36.23 - Access control.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 10 Energy 1 2012-01-01 2012-01-01 false Access control. 36.23 Section 36.23 Energy NUCLEAR REGULATORY COMMISSION LICENSES AND RADIATION SAFETY REQUIREMENTS FOR IRRADIATORS Design and Performance Requirements for Irradiators § 36.23 Access control. (a) Each entrance to a radiation room at a panoramic irradiator must have a door or other...

  14. 47 CFR 95.645 - Control accessibility.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 47 Telecommunication 5 2013-10-01 2013-10-01 false Control accessibility. 95.645 Section 95.645 Telecommunication FEDERAL COMMUNICATIONS COMMISSION (CONTINUED) SAFETY AND SPECIAL RADIO SERVICES PERSONAL RADIO SERVICES Technical Regulations Certification Requirements § 95.645 Control accessibility. (a) No...

  15. 47 CFR 95.645 - Control accessibility.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 47 Telecommunication 5 2014-10-01 2014-10-01 false Control accessibility. 95.645 Section 95.645 Telecommunication FEDERAL COMMUNICATIONS COMMISSION (CONTINUED) SAFETY AND SPECIAL RADIO SERVICES PERSONAL RADIO SERVICES Technical Regulations Certification Requirements § 95.645 Control accessibility. (a) No...

  16. 47 CFR 95.645 - Control accessibility.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 47 Telecommunication 5 2011-10-01 2011-10-01 false Control accessibility. 95.645 Section 95.645 Telecommunication FEDERAL COMMUNICATIONS COMMISSION (CONTINUED) SAFETY AND SPECIAL RADIO SERVICES PERSONAL RADIO SERVICES Technical Regulations Certification Requirements § 95.645 Control accessibility. (a) No...

  17. 47 CFR 95.645 - Control accessibility.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 47 Telecommunication 5 2010-10-01 2010-10-01 false Control accessibility. 95.645 Section 95.645 Telecommunication FEDERAL COMMUNICATIONS COMMISSION (CONTINUED) SAFETY AND SPECIAL RADIO SERVICES PERSONAL RADIO SERVICES Technical Regulations Certification Requirements § 95.645 Control accessibility. (a) No...

  18. Proximity Displays for Access Control

    ERIC Educational Resources Information Center

    Vaniea, Kami

    2012-01-01

    Managing access to shared digital information, such as photographs and documents. is difficult for end users who are accumulating an increasingly large and diverse collection of data that they want to share with others. Current policy-management solutions require a user to proactively seek out and open a separate policy-management interface when…

  19. Joint robustness security in optical OFDM access system with Turbo-coded subcarrier rotation.

    PubMed

    Zhang, Lijia; Liu, Bo; Xin, Xiangjun; Wang, Yongjun

    2015-01-12

    This paper proposes a novel robust physical secure method for optical orthogonal frequency division multiplexing (OFDM) access system based on Turbo-coded subcarrier rotation. It can realize a secure communication while keep robustness to channel noise. The subcarrier rotation is controlled by the interleaver module of Turbo coding, which is under the charge of Logistic map. The random puncturing can further enhance the security. The channel feedback can ensure the puncturing module working at a suitable coding rate. A 72.28 Gb/s encrypted 16QAM-OFDM signal is successfully demonstrated in the experiment. The results show robust performance under different channel noise conditions and good resistance to illegal optical network unit (ONU). PMID:25835649

  20. Privacy and Access Control for IHE-Based Systems

    NASA Astrophysics Data System (ADS)

    Katt, Basel; Breu, Ruth; Hafner, Micahel; Schabetsberger, Thomas; Mair, Richard; Wozak, Florian

    Electronic Health Record (EHR) is the heart element of any e-health system, which aims at improving the quality and efficiency of healthcare through the use of information and communication technologies. The sensitivity of the data contained in the health record poses a great challenge to security. In this paper we propose a security architecture for EHR systems that are conform with IHE profiles. In this architecture we are tackling the problems of access control and privacy. Furthermore, a prototypical implementation of the proposed model is presented.

  1. Applying the Earth System Grid Security System in a Heterogeneous Environment of Data Access Services

    NASA Astrophysics Data System (ADS)

    Kershaw, Philip; Lawrence, Bryan; Lowe, Dominic; Norton, Peter; Pascoe, Stephen

    2010-05-01

    CEDA (Centre for Environmental Data Archival) based at STFC Rutherford Appleton Laboratory is host to the BADC (British Atmospheric Data Centre) and NEODC (NERC Earth Observation Data Centre) with data holdings of over half a Petabyte. In the coming months this figure is set to increase by over one Petabyte through the BADC's role as one of three data centres to host the CMIP5 (Coupled Model Intercomparison Project Phase 5) core archive of climate model data. Quite apart from the problem of managing the storage of such large volumes there is the challenge of collating the data together from the modelling centres around the world and enabling access to these data for the user community. An infrastructure to support this is being developed under the US Earth System Grid (ESG) and related projects bringing together participating organisations together in a federation. The ESG architecture defines Gateways, the web interfaces that enable users to access data and data serving applications organised into Data Nodes. The BADC has been working in collaboration with US Earth System Grid team and other partners to develop a security system to restrict access to data. This provides single sign-on via both OpenID and PKI based means and uses role based authorisation facilitated by SAML and OpenID based interfaces for attribute retrieval. This presentation will provide an overview of the access control architecture and look at how this has been implemented for CEDA. CEDA has developed an expertise in data access and information services over several years through a number of projects to develop and enhance these capabilities. Participation in CMIP5 comes at a time when a number of other software development activities are coming to fruition. New services are in the process of being deployed alongside services making up the system for ESG. The security system must apply access control across this heterogeneous environment of different data services and technologies. One strand

  2. Control Systems Cyber Security Standards Support Activities

    SciTech Connect

    Robert Evans

    2009-01-01

    The Department of Homeland Security’s Control Systems Security Program (CSSP) is working with industry to secure critical infrastructure sectors from cyber intrusions that could compromise control systems. This document describes CSSP’s current activities with industry organizations in developing cyber security standards for control systems. In addition, it summarizes the standards work being conducted by organizations within the sector and provides a brief listing of sector meetings and conferences that might be of interest for each sector. Control systems cyber security standards are part of a rapidly changing environment. The participation of CSSP in the development effort for these standards has provided consistency in the technical content of the standards while ensuring that information developed by CSSP is included.

  3. Access control in healthcare: the methodology from legislation to practice.

    PubMed

    Ferreira, Ana; Correia, Ricardo; Chadwick, David; Antunes, Luis

    2010-01-01

    Translating legislation and regulations into access control systems in healthcare is, in practice, not a straightforward task. Excessive regulation can create barriers to appropriate patient treatment. The main objective of this paper is to present a new methodology that can define, from legislation to practice, an access control policy as well as a RBAC model, in order to comprise generic legislation and regulation issues together with the access control needs from the ends users of a healthcare information system. The methodology includes the use of document analysis as well as grounded theory and mixed methods research. This methodology can be easily applied within a healthcare practice or any other domain with similar requirements. It helps to bridge the gap between legislation and end users' needs, while integrating information security into the healthcare processes in a more meaningful way. PMID:20841770

  4. Current status of link access control and encryption system

    SciTech Connect

    Springer, E.

    1984-01-01

    The purpose of this project is to develop necessary technologies for the secure protection of data communication networks. Data encryption equipment, using the federal government's Data Encryption Standard (DES) algorithm, was designed and developed. This equipment is the Link Access Control and Encryption (Link ACE) system. It protects unclassified sensitive data transmissions over unprotected lines between central computers and remote terminals. Link ACE units have been installed and are operational in the Department of Energy's Central Personnel Clearance Index (CPCI) system.

  5. Secure and Efficient Routable Control Systems

    SciTech Connect

    Edgar, Thomas W.; Hadley, Mark D.; Manz, David O.; Winn, Jennifer D.

    2010-05-01

    This document provides the methods to secure routable control system communication in the electric sector. The approach of this document yields a long-term vision for a future of secure communication, while also providing near term steps and a roadmap. The requirements for the future secure control system environment were spelled out to provide a final target. Additionally a survey and evaluation of current protocols was used to determine if any existing technology could achieve this goal. In the end a four-step path was described that brought about increasing requirement completion and culminates in the realization of the long term vision.

  6. Security of social network credentials for accessing course portal: Users' experience

    NASA Astrophysics Data System (ADS)

    Katuk, Norliza; Fong, Choo Sok; Chun, Koo Lee

    2015-12-01

    Social login (SL) has recently emerged as a solution for single sign-on (SSO) within the web and mobile environments. It allows users to use their existing social network credentials (SNC) to login to third party web applications without the need to create a new identity in the intended applications' database. Although it has been used by many web application providers, its' applicability in accessing learning materials is not yet fully investigated. Hence, this research aims to explore users' (i.e., instructors' and students') perception and experience on the security of SL for accessing learning contents. A course portal was developed for students at a higher learning institution and it provides two types of user authentications (i) traditional user authentication, and (ii) SL facility. Users comprised instructors and students evaluated the login facility of the course portal through a controlled lab experimental study following the within-subject design. The participants provided their feedback in terms of the security of SL for accessing learning contents. The study revealed that users preferred to use SL over the traditional authentication, however, they concerned on the security of SL and their privacy.

  7. Fine-Grained Access Control for Electronic Health Record Systems

    NASA Astrophysics Data System (ADS)

    Hue, Pham Thi Bach; Wohlgemuth, Sven; Echizen, Isao; Thuy, Dong Thi Bich; Thuc, Nguyen Dinh

    There needs to be a strategy for securing the privacy of patients when exchanging health records between various entities over the Internet. Despite the fact that health care providers such as Google Health and Microsoft Corp.'s Health Vault comply with the U.S Health Insurance Portability and Accountability Act (HIPAA), the privacy of patients is still at risk. Several encryption schemes and access control mechanisms have been suggested to protect the disclosure of a patient's health record especially from unauthorized entities. However, by implementing these approaches, data owners are not capable of controlling and protecting the disclosure of the individual sensitive attributes of their health records. This raises the need to adopt a secure mechanism to protect personal information against unauthorized disclosure. Therefore, we propose a new Fine-grained Access Control (FGAC) mechanism that is based on subkeys, which would allow a data owner to further control the access to his data at the column-level. We also propose a new mechanism to efficiently reduce the number of keys maintained by a data owner in cases when the users have different access privileges to different columns of the data being shared.

  8. Efficient Controlled Quantum Secure Direct Communication Protocols

    NASA Astrophysics Data System (ADS)

    Patwardhan, Siddharth; Moulick, Subhayan Roy; Panigrahi, Prasanta K.

    2016-03-01

    We study controlled quantum secure direct communication (CQSDC), a cryptographic scheme where a sender can send a secret bit-string to an intended recipient, without any secure classical channel, who can obtain the complete bit-string only with the permission of a controller. We report an efficient protocol to realize CQSDC using Cluster state and then go on to construct a (2-3)-CQSDC using Brown state, where a coalition of any two of the three controllers is required to retrieve the complete message. We argue both protocols to be unconditionally secure and analyze the efficiency of the protocols to show it to outperform the existing schemes while maintaining the same security specifications.

  9. Efficient Controlled Quantum Secure Direct Communication Protocols

    NASA Astrophysics Data System (ADS)

    Patwardhan, Siddharth; Moulick, Subhayan Roy; Panigrahi, Prasanta K.

    2016-07-01

    We study controlled quantum secure direct communication (CQSDC), a cryptographic scheme where a sender can send a secret bit-string to an intended recipient, without any secure classical channel, who can obtain the complete bit-string only with the permission of a controller. We report an efficient protocol to realize CQSDC using Cluster state and then go on to construct a (2-3)-CQSDC using Brown state, where a coalition of any two of the three controllers is required to retrieve the complete message. We argue both protocols to be unconditionally secure and analyze the efficiency of the protocols to show it to outperform the existing schemes while maintaining the same security specifications.

  10. 42 CFR 73.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 42 Public Health 1 2014-10-01 2014-10-01 false Restricting access to select agents and toxins; security risk assessments. 73.10 Section 73.10 Public Health PUBLIC HEALTH SERVICE, DEPARTMENT OF HEALTH AND HUMAN SERVICES QUARANTINE, INSPECTION, LICENSING SELECT AGENTS AND TOXINS § 73.10 Restricting access to select agents and toxins; security...

  11. 48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 48 Federal Acquisition Regulations System 7 2012-10-01 2012-10-01 false Security requirements for access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470 Section 3004.470 Federal Acquisition Regulations System DEPARTMENT OF HOMELAND SECURITY, HOMELAND SECURITY ACQUISITION REGULATION (HSAR)...

  12. 48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 48 Federal Acquisition Regulations System 7 2014-10-01 2014-10-01 false Security requirements for access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470 Section 3004.470 Federal Acquisition Regulations System DEPARTMENT OF HOMELAND SECURITY, HOMELAND SECURITY ACQUISITION REGULATION (HSAR)...

  13. Recommended Practice for Securing Control System Modems

    SciTech Connect

    James R. Davidson; Jason L. Wright

    2008-01-01

    This paper addresses an often overlooked “backdoor” into critical infrastructure control systems created by modem connections. A modem’s connection to the public telephone system is similar to a corporate network connection to the Internet. By tracing typical attack paths into the system, this paper provides the reader with an analysis of the problem and then guides the reader through methods to evaluate existing modem security. Following the analysis, a series of methods for securing modems is provided. These methods are correlated to well-known networking security methods.

  14. Restricted access processor - An application of computer security technology

    NASA Technical Reports Server (NTRS)

    Mcmahon, E. M.

    1985-01-01

    This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

  15. Selecting RMF Controls for National Security Systems

    SciTech Connect

    Witzke, Edward L.

    2015-08-01

    In 2014, the United States Department of Defense started tra nsitioning the way it performs risk management and accreditation of informatio n systems to a process entitled Risk Management Framework for DoD Information Technology or RMF for DoD IT. There are many more security and privacy contro ls (and control enhancements) from which to select in RMF, than there w ere in the previous Information Assurance process. This report is an attempt t o clarify the way security controls and enhancements are selected. After a brief overview and comparison of RMF for DoD I T with the previously used process, this report looks at the determination of systems as National Security Systems (NSS). Once deemed to be an NSS, this report addr esses the categorization of the information system with respect to impact level s of the various security objectives and the selection of an initial baseline o f controls. Next, the report describes tailoring the controls through the use of overl ays and scoping considerations. Finally, the report discusses organizatio n-defined values for tuning the security controls to the needs of the information system.

  16. Cyber secure systems approach for NPP digital control systems

    SciTech Connect

    McCreary, T. J.; Hsu, A.

    2006-07-01

    disrupt network communications by entering the system from an attached utility network or utilizing a modem connected to a control system PC that is in turn connected to a publicly accessible phone; 2)Threat from a user connecting an unauthorized computer to the control network; 3)Threat from a security attack when an unauthorized user gains access to a PC connected to the plant network;. 4)Threat from internal disruption (by plant staff, whether, malicious or otherwise) by unauthorized usage of files or file handling media that opens the system to security threat (as typified in current situation in most control rooms). The plant I and C system cyber security design and the plant specific procedures should adequately demonstrate protection from the four pertinent classes of cyber security attacks. The combination of these features should demonstrate that the system is not vulnerable to any analyzed cyber security attacks either from internal sources or through network connections. The authors will provide configurations that will demonstrate the Cyber Security Zone. (authors)

  17. Emergency access authorization for personally controlled online health care data.

    PubMed

    Chen, Tingting; Zhong, Sheng

    2012-02-01

    Personally controlled health records (PCHR) systems have emerged to allow patients to control their own medical data. In a PCHR system, all the access privileges to a patient's data are granted by the patient. However, in many emergency cases, it is impossible for the patient to participate in access authorization on site when immediate medical treatment is needed. To solve the emergency access authorization problem in the absence of patients, we consider two cases: a) the requester is already in the PCHR system but has not obtained the access privilege of the patient's health records, and b) the requester does not even have an account in the PCHR system to submit its request. For each of the two cases, we present a method for emergency access authorization, utilizing the weighted voting and source authentication cryptographic techniques. Our methods provide an effective, secure and private solution for emergency access authorization, that makes the existing PCHR system frameworks more practical and thus improves the patients' experiences of health care when using PCHR systems. We have implemented a prototype system as a proof of concept. PMID:20703719

  18. Store Security: Internal Shrinkage Control.

    ERIC Educational Resources Information Center

    Everhardt, Richard M.

    The document presents a 10-week training program designed to provide helpful and proven methods for controlling internal shrinkage in retail stores. Shrinkage includes the three problems of shoplifting, employee theft, and errors, each of which is addressed by the course. Ohio's laws are also discussed. The format for the course content section is…

  19. Primer Control System Cyber Security Framework and Technical Metrics

    SciTech Connect

    Wayne F. Boyer; Miles A. McQueen

    2008-05-01

    The Department of Homeland Security National Cyber Security Division supported development of a control system cyber security framework and a set of technical metrics to aid owner-operators in tracking control systems security. The framework defines seven relevant cyber security dimensions and provides the foundation for thinking about control system security. Based on the developed security framework, a set of ten technical metrics are recommended that allow control systems owner-operators to track improvements or degradations in their individual control systems security posture.

  20. The Ins and Outs of Access Control.

    ERIC Educational Resources Information Center

    Longworth, David

    1999-01-01

    Presents basic considerations when school districts plan to acquire an access-control system for their education facilities. Topics cover cards and readers, controllers, software, automation, card technology, expandability, price, specification of needs beyond the canned specifications already supplied, and proper usage training to cardholders.…

  1. Secure Control Systems for the Energy Sector

    SciTech Connect

    Smith, Rhett; Campbell, Jack; Hadley, Mark

    2012-03-31

    Schweitzer Engineering Laboratories (SEL) will conduct the Hallmark Project to address the need to reduce the risk of energy disruptions because of cyber incidents on control systems. The goals is to develop solutions that can be both applied to existing control systems and designed into new control systems to add the security measures needed to mitigate energy network vulnerabilities. The scope of the Hallmark Project contains four primary elements: 1. Technology transfer of the Secure Supervisory Control and Data Acquisition (SCADA) Communications Protocol (SSCP) from Pacific Northwest National Laboratories (PNNL) to Schweitzer Engineering Laboratories (SEL). The project shall use this technology to develop a Federal Information Processing Standard (FIPS) 140-2 compliant original equipment manufacturer (OEM) module to be called a Cryptographic Daughter Card (CDC) with the ability to directly connect to any PC enabling that computer to securely communicate across serial to field devices. Validate the OEM capabilities with another vendor. 2. Development of a Link Authenticator Module (LAM) using the FIPS 140-2 validated Secure SCADA Communications Protocol (SSCP) CDC module with a central management software kit. 3. Validation of the CDC and Link Authenticator modules via laboratory and field tests. 4. Creation of documents that record the impact of the Link Authenticator to the operators of control systems and on the control system itself. The information in the documents can assist others with technology deployment and maintenance.

  2. Access control and privacy in large distributed systems

    NASA Technical Reports Server (NTRS)

    Leiner, B. M.; Bishop, M.

    1986-01-01

    Large scale distributed systems consists of workstations, mainframe computers, supercomputers and other types of servers, all connected by a computer network. These systems are being used in a variety of applications including the support of collaborative scientific research. In such an environment, issues of access control and privacy arise. Access control is required for several reasons, including the protection of sensitive resources and cost control. Privacy is also required for similar reasons, including the protection of a researcher's proprietary results. A possible architecture for integrating available computer and communications security technologies into a system that meet these requirements is described. This architecture is meant as a starting point for discussion, rather that the final answer.

  3. Access control violation prevention by low-cost infrared detection

    NASA Astrophysics Data System (ADS)

    Rimmer, Andrew N.

    2004-09-01

    A low cost 16x16 un-cooled pyroelectric detector array, allied with advanced tracking and detection algorithms, has enabled the development of a universal detector with a wide range of applications in people monitoring and homeland security. Violation of access control systems, whether controlled by proximity card, biometrics, swipe card or similar, may occur by 'tailgating' or 'piggybacking' where an 'approved' entrant with a valid entry card is accompanied by a closely spaced 'non-approved' entrant. The violation may be under duress, where the accompanying person is attempting to enter a secure facility by force or threat. Alternatively, the violation may be benign where staff members collude either through habit or lassitude, either with each other or with third parties, without considering the security consequences. Examples of the latter could include schools, hospitals or maternity homes. The 16x16 pyroelectric array is integrated into a detector or imaging system which incorporates data processing, target extraction and decision making algorithms. The algorithms apply interpolation to the array output, allowing a higher level of resolution than might otherwise be expected from such a low resolution array. The pyroelectric detection principle means that the detection will work in variable light conditions and even in complete darkness, if required. The algorithms can monitor the shape, form, temperature and number of persons in the scene and utilise this information to determine whether a violation has occurred or not. As people are seen as 'hot blobs' and are not individually recognisable, civil liberties are not infringed in the detection process. The output from the detector is a simple alarm signal which may act as input to the access control system as an alert or to trigger CCTV image display and storage. The applications for a tailgate detector can be demonstrated across many medium security applications where there are no physical means to prevent this

  4. Comparison of Routable Control System Security Approaches

    SciTech Connect

    Edgar, Thomas W.; Hadley, Mark D.; Carroll, Thomas E.; Manz, David O.; Winn, Jennifer D.

    2011-06-01

    This document is an supplement to the 'Secure and Efficient Routable Control Systems.' It addressed security in routable control system communication. The control system environment that monitors and manages the power grid historically has utilized serial communication mechanisms. Leased-line serial communication environments operating at 1200 to 9600 baud rates are common. However, recent trends show that communication media such as fiber, optical carrier 3 (OC-3) speeds, mesh-based high-speed wireless, and the Internet are becoming the media of choice. In addition, a dichotomy has developed between the electrical transmission and distribution environments, with more modern communication infrastructures deployed by transmission utilities. The preceding diagram represents a typical control system. The Communication Links cloud supports all of the communication mechanisms a utility might deploy between the control center and devices in the field. Current methodologies used for security implementations are primarily led by single vendors or standards bodies. However, these entities tend to focus on individual protocols. The result is an environment that contains a mixture of security solutions that may only address some communication protocols at an increasing operational burden for the utility. A single approach is needed that meets operational requirements, is simple to operate, and provides the necessary level of security for all control system communication. The solution should be application independent (e.g., Distributed Network Protocol/Internet Protocol [DNP/IP], International Electrotechnical Commission [IEC] C37.118, Object Linking and Embedding for Process Control [OPC], etc.) and focus on the transport layer. In an ideal setting, a well-designed suite of standards for control system communication will be used for vendor implementation and compliance testing. An expected outcome of this effort is an international standard.

  5. Security guide for subcontractors

    SciTech Connect

    Adams, R.C.

    1991-01-01

    This security guide of the Department of Energy covers contractor and subcontractor access to DOE and Mound facilities. The topics of the security guide include responsibilities, physical barriers, personnel identification system, personnel and vehicular access controls, classified document control, protecting classified matter in use, storing classified matter repository combinations, violations, security education clearance terminations, security infractions, classified information nondisclosure agreement, personnel security clearances, visitor control, travel to communist-controlled or sensitive countries, shipment security, and surreptitious listening devices.

  6. A secure and reliable monitor and control system for remote observing with the Large Millimeter Telescope

    NASA Astrophysics Data System (ADS)

    Wallace, Gary; Souccar, Kamal; Malin, Daniella

    2004-09-01

    Remote access to telescope monitor and control capabilities necessitates strict security mechanisms to protect the telescope and instruments from malicious or unauthorized use, and to prevent data from being stolen, altered, or corrupted. The Large Millimeter Telescope (LMT) monitor and control system (LMTMC) utilizes the Common Object Request Broker Architecture (CORBA) middleware technology to connect remote software components. The LMTMC provides reliable and secure remote observing by automatically generating SSLIOP enabled CORBA objects. TAO, the ACE open source Object Request Broker (ORB), now supports secure communications by implementing the Secure Socket Layer Inter-ORB Protocol (SSLIOP) as a pluggable protocol. This capability supplies the LMTMC with client and server authentication, data integrity, and encryption. Our system takes advantage of the hooks provided by TAO SSLIOP to implement X.509 certificate based authorization. This access control scheme includes multiple authorization levels to enable granular access control.

  7. Access and privacy rights using web security standards to increase patient empowerment.

    PubMed

    Falcão-Reis, Filipa; Costa-Pereira, Altamiro; Correia, Manuel E

    2008-01-01

    Electronic Health Record (EHR) systems are becoming more and more sophisticated and include nowadays numerous applications, which are not only accessed by medical professionals, but also by accounting and administrative personnel. This could represent a problem concerning basic rights such as privacy and confidentiality. The principles, guidelines and recommendations compiled by the OECD protection of privacy and trans-border flow of personal data are described and considered within health information system development. Granting access to an EHR should be dependent upon the owner of the record; the patient: he must be entitled to define who is allowed to access his EHRs, besides the access control scheme each health organization may have implemented. In this way, it's not only up to health professionals to decide who have access to what, but the patient himself. Implementing such a policy is walking towards patient empowerment which society should encourage and governments should promote. The paper then introduces a technical solution based on web security standards. This would give patients the ability to monitor and control which entities have access to their personal EHRs, thus empowering them with the knowledge of how much of his medical history is known and by whom. It is necessary to create standard data access protocols, mechanisms and policies to protect the privacy rights and furthermore, to enable patients, to automatically track the movement (flow) of their personal data and information in the context of health information systems. This solution must be functional and, above all, user-friendly and the interface should take in consideration some heuristics of usability in order to provide the user with the best tools. The current official standards on confidentiality and privacy in health care, currently being developed within the EU, are explained, in order to achieve a consensual idea of the guidelines that all member states should follow to transfer

  8. Mandatory and Location-Aware Access Control for Relational Databases

    NASA Astrophysics Data System (ADS)

    Decker, Michael

    Access control is concerned with determining which operations a particular user is allowed to perform on a particular electronic resource. For example, an access control decision could say that user Alice is allowed to perform the operation read (but not write) on the resource research report. With conventional access control this decision is based on the user's identity whereas the basic idea of Location-Aware Access Control (LAAC) is to evaluate also a user's current location when making the decision if a particular request should be granted or denied. LAAC is an interesting approach for mobile information systems because these systems are exposed to specific security threads like the loss of a device. Some data models for LAAC can be found in literature, but almost all of them are based on RBAC and none of them is designed especially for Database Management Systems (DBMS). In this paper we therefore propose a LAAC-approach for DMBS and describe a prototypical implementation of that approach that is based on database triggers.

  9. Research on a dynamic workflow access control model

    NASA Astrophysics Data System (ADS)

    Liu, Yiliang; Deng, Jinxia

    2007-12-01

    In recent years, the access control technology has been researched widely in workflow system, two typical technologies of that are RBAC (Role-Based Access Control) and TBAC (Task-Based Access Control) model, which has been successfully used in the role authorizing and assigning in a certain extent. However, during the process of complicating a system's structure, these two types of technology can not be used in minimizing privileges and separating duties, and they are inapplicable when users have a request of frequently changing on the workflow's process. In order to avoid having these weakness during the applying, a variable flow dynamic role_task_view (briefly as DRTVBAC) of fine-grained access control model is constructed on the basis existed model. During the process of this model applying, an algorithm is constructed to solve users' requirements of application and security needs on fine-grained principle of privileges minimum and principle of dynamic separation of duties. The DRTVBAC model is implemented in the actual system, the figure shows that the task associated with the dynamic management of role and the role assignment is more flexible on authority and recovery, it can be met the principle of least privilege on the role implement of a specific task permission activated; separated the authority from the process of the duties completing in the workflow; prevented sensitive information discovering from concise and dynamic view interface; satisfied with the requirement of the variable task-flow frequently.

  10. Secure web-based access to radiology: forms and databases for fast queries

    NASA Astrophysics Data System (ADS)

    McColl, Roderick W.; Lane, Thomas J.

    2002-05-01

    Currently, Web-based access to mini-PACS or similar databases commonly utilizes either JavaScript, Java applets or ActiveX controls. Many sites do not permit applets or controls or other binary objects for fear of viruses or worms sent by malicious users. In addition, the typical CGI query mechanism requires several parameters to be sent with the http GET/POST request, which may identify the patient in some way; this in unacceptable for privacy protection. Also unacceptable are pages produced by server-side scripts which can be cached by the browser, since these may also contain sensitive information. We propose a simple mechanism for access to patient information, including images, which guarantees security of information, makes it impossible to bookmark the page, or to return to the page after some defined length of time. In addition, this mechanism is simple, therefore permitting rapid access without the need to initially download an interface such as an applet or control. In addition to image display, the design of the site allows the user to view and save movies of multi-phasic data, or to construct multi-frame datasets from entire series. These capabilities make the site attractive for research purposes such as teaching file preparation.

  11. 47 CFR 76.1204 - Availability of equipment performing conditional access or security functions.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... COMMISSION (CONTINUED) BROADCAST RADIO SERVICES MULTICHANNEL VIDEO AND CABLE TELEVISION SERVICE Competitive... security functions. (a)(1) A multichannel video programming distributor that utilizes navigation devices to... access functions of such devices. Commencing on July 1, 2007, no multichannel video...

  12. 10 CFR 36.23 - Access control.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... required by 10 CFR 20.1902. Radiation postings for panoramic irradiators must comply with the posting requirements of 10 CFR 20.1902, except that signs may be removed, covered, or otherwise made inoperative when... 10 Energy 1 2010-01-01 2010-01-01 false Access control. 36.23 Section 36.23 Energy...

  13. 10 CFR 36.23 - Access control.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... required by 10 CFR 20.1902. Radiation postings for panoramic irradiators must comply with the posting requirements of 10 CFR 20.1902, except that signs may be removed, covered, or otherwise made inoperative when... 10 Energy 1 2013-01-01 2013-01-01 false Access control. 36.23 Section 36.23 Energy...

  14. 10 CFR 36.23 - Access control.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... required by 10 CFR 20.1902. Radiation postings for panoramic irradiators must comply with the posting requirements of 10 CFR 20.1902, except that signs may be removed, covered, or otherwise made inoperative when... 10 Energy 1 2011-01-01 2011-01-01 false Access control. 36.23 Section 36.23 Energy...

  15. 10 CFR 36.23 - Access control.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... required by 10 CFR 20.1902. Radiation postings for panoramic irradiators must comply with the posting requirements of 10 CFR 20.1902, except that signs may be removed, covered, or otherwise made inoperative when... 10 Energy 1 2014-01-01 2014-01-01 false Access control. 36.23 Section 36.23 Energy...

  16. 28 CFR 16.74 - Exemption of National Security Division Systems-limited access.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... 28 Judicial Administration 1 2014-07-01 2014-07-01 false Exemption of National Security Division Systems-limited access. 16.74 Section 16.74 Judicial Administration DEPARTMENT OF JUSTICE PRODUCTION OR DISCLOSURE OF MATERIAL OR INFORMATION Exemption of Records Systems Under the Privacy Act § 16.74 Exemption of National Security...

  17. An effective access control approach to support mobility in IPv6 networks

    NASA Astrophysics Data System (ADS)

    Peng, Xue-hai; Lin, Chuang

    2005-11-01

    Access control is an important method to improve network security and prevent protected resources from being used by some nodes without authority. Moreover, mobility is an important trend of internet. In this paper, based on the architecture of hierarchical mobile IPv6, we proposed an effective access control approach to support mobility in IPv6 networks, which can ensure the operation of access control when a mobile node roams in these domains with different polices, with decreased delay of access negotiation and cost of delivering messages.

  18. Control Systems Cyber Security:Defense in Depth Strategies

    SciTech Connect

    David Kuipers; Mark Fabro

    2006-05-01

    Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecture that requires: Maintenance of various field devices, telemetry collection, and/or industrial-level process systems Access to facilities via remote data link or modem Public facing services for customer or corporate operations A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.

  19. Access Control Model for Sharing Composite Electronic Health Records

    NASA Astrophysics Data System (ADS)

    Jin, Jing; Ahn, Gail-Joon; Covington, Michael J.; Zhang, Xinwen

    The adoption of electronically formatted medical records, so called Electronic Health Records (EHRs), has become extremely important in healthcare systems to enable the exchange of medical information among stakeholders. An EHR generally consists of data with different types and sensitivity degrees which must be selectively shared based on the need-to-know principle. Security mechanisms are required to guarantee that only authorized users have access to specific portions of such critical record for legitimate purposes. In this paper, we propose a novel approach for modelling access control scheme for composite EHRs. Our model formulates the semantics and structural composition of an EHR document, from which we introduce a notion of authorized zones of the composite EHR at different granularity levels, taking into consideration of several important criteria such as data types, intended purposes and information sensitivities.

  20. Speed control system for an access gate

    SciTech Connect

    Bzorgi, Fariborz M.

    2012-03-20

    An access control apparatus for an access gate. The access gate typically has a rotator that is configured to rotate around a rotator axis at a first variable speed in a forward direction. The access control apparatus may include a transmission that typically has an input element that is operatively connected to the rotator. The input element is generally configured to rotate at an input speed that is proportional to the first variable speed. The transmission typically also has an output element that has an output speed that is higher than the input speed. The input element and the output element may rotate around a common transmission axis. A retardation mechanism may be employed. The retardation mechanism is typically configured to rotate around a retardation mechanism axis. Generally the retardation mechanism is operatively connected to the output element of the transmission and is configured to retard motion of the access gate in the forward direction when the first variable speed is above a control-limit speed. In many embodiments the transmission axis and the retardation mechanism axis are substantially co-axial. Some embodiments include a freewheel/catch mechanism that has an input connection that is operatively connected to the rotator. The input connection may be configured to engage an output connection when the rotator is rotated at the first variable speed in a forward direction and configured for substantially unrestricted rotation when the rotator is rotated in a reverse direction opposite the forward direction. The input element of the transmission is typically operatively connected to the output connection of the freewheel/catch mechanism.

  1. A Delicate Balance: National Security vs. Public Access

    ERIC Educational Resources Information Center

    Klein, Bonnie; Schwalb, Sandy

    2005-01-01

    Sometimes people want to see data that the government thinks should be kept under wraps. How does the Department of Defense balance the scales of justice while still ensuring information security? In the aftermath of September 11, 2001, the Defense Technical Information Center (DTIC) found itself in the spotlight as journalists, academics, and…

  2. Role-based access control through on-demand classification of electronic health record.

    PubMed

    Tiwari, Basant; Kumar, Abhay

    2015-01-01

    Electronic health records (EHR) provides convenient method to exchange medical information of patients between different healthcare providers. Access control mechanism in healthcare services characterises authorising users to access EHR records. Role Based Access Control helps to restrict EHRs to users in a certain role. Significant works have been carried out for access control since last one decade but little emphasis has been given to on-demand role based access control. Presented work achieved access control through physical data isolation which is more robust and secure. We propose an algorithm in which selective combination of policies for each user of the EHR database has been defined. We extend well known data mining technique 'classification' to group EHRs with respect to the given role. Algorithm works by taking various roles as class and defined their features as a vector. Here, features are used as a Feature Vector for classification to describe user authority. PMID:26559071

  3. Common Badging and Access Control System (CBACS)

    NASA Technical Reports Server (NTRS)

    Baldridge, Tim

    2005-01-01

    The goals of the project are: Achieve high business value through a common badging and access control system that integrates with smart cards. Provide physical (versus logical) deployment of smart cards initially. Provides a common consistent and reliable environment into which to release the smart card. Gives opportunity to develop agency-wide consistent processes, practices and policies. Enables enterprise data capture and management. Promotes data validation prior to SC issuance.

  4. OVERALL view OF CONTROL BUILDING AND SECURITY GATE. view TO ...

    Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

    OVERALL view OF CONTROL BUILDING AND SECURITY GATE. view TO EAST. - Plattsburgh Air Force Base, Security Police Entry Control Building, Off Perimeter Road in Weapons Storage Area, Plattsburgh, Clinton County, NY

  5. OVERALL VIEW OF CONTROL BUILDING AND SECURITY GATE. VIEW TO ...

    Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

    OVERALL VIEW OF CONTROL BUILDING AND SECURITY GATE. VIEW TO NORTH. - Plattsburgh Air Force Base, Security Police Entry Control Building, Off Perimeter Road in SAC Alert Area, Plattsburgh, Clinton County, NY

  6. External access to ALICE controls conditions data

    NASA Astrophysics Data System (ADS)

    Jadlovský, J.; Jadlovská, A.; Sarnovský, J.; Jajčišin, Š.; Čopík, M.; Jadlovská, S.; Papcun, P.; Bielek, R.; Čerkala, J.; Kopčík, M.; Chochula, P.; Augustinus, A.

    2014-06-01

    ALICE Controls data produced by commercial SCADA system WINCCOA is stored in ORACLE database on the private experiment network. The SCADA system allows for basic access and processing of the historical data. More advanced analysis requires tools like ROOT and needs therefore a separate access method to the archives. The present scenario expects that detector experts create simple WINCCOA scripts, which retrieves and stores data in a form usable for further studies. This relatively simple procedure generates a lot of administrative overhead - users have to request the data, experts needed to run the script, the results have to be exported outside of the experiment network. The new mechanism profits from database replica, which is running on the CERN campus network. Access to this database is not restricted and there is no risk of generating a heavy load affecting the operation of the experiment. The developed tools presented in this paper allow for access to this data. The users can use web-based tools to generate the requests, consisting of the data identifiers and period of time of interest. The administrators maintain full control over the data - an authorization and authentication mechanism helps to assign privileges to selected users and restrict access to certain groups of data. Advanced caching mechanism allows the user to profit from the presence of already processed data sets. This feature significantly reduces the time required for debugging as the retrieval of raw data can last tens of minutes. A highly configurable client allows for information retrieval bypassing the interactive interface. This method is for example used by ALICE Offline to extract operational conditions after a run is completed. Last but not least, the software can be easily adopted to any underlying database structure and is therefore not limited to WINCCOA.

  7. Authorisation and access control for electronic health record systems.

    PubMed

    Blobel, Bernd

    2004-03-31

    Enabling the shared care paradigm, centralised or even decentralised electronic health record (EHR) systems increasingly become core applications in hospital information systems and health networks. For realising multipurpose use and reuse as well as inter-operability at knowledge level, EHR have to meet special architectural requirements. The component-oriented and model-based architecture should meet international standards. Especially in extended health networks realising inter-organisational communication and co-operation, authorisation cannot be organised at user level anymore. Therefore, models, methods and tools must be established to allow formal and structured policy definition, policy agreements, role definition, authorisation and access control. Based on the author's international engagement in EHR architecture and security standards referring to the revision of CEN ENV 13606, the GEHR/open EHR approach, HL7 and CORBA, models for health-specific and EHR-related roles, for authorisation management and access control have been developed. The basic concept is the separation of structural roles defining organisational entity-to-entity relationships and enabling specific acts on the one hand, and functional roles bound to specific activities and realising rights and duties on the other hand. Aggregation of organisational, functional, informational and technological components follows specific rules. Using UML and XML, the principles as well as some examples for analysis, design, implementation and maintenance of policy and authorisation management as well as access control have been practically implemented. PMID:15066555

  8. A network access control framework for 6LoWPAN networks.

    PubMed

    Oliveira, Luís M L; Rodrigues, Joel J P C; de Sousa, Amaro F; Lloret, Jaime

    2013-01-01

    Low power over wireless personal area networks (LoWPAN), in particular wireless sensor networks, represent an emerging technology with high potential to be employed in critical situations like security surveillance, battlefields, smart-grids, and in e-health applications. The support of security services in LoWPAN is considered a challenge. First, this type of networks is usually deployed in unattended environments, making them vulnerable to security attacks. Second, the constraints inherent to LoWPAN, such as scarce resources and limited battery capacity, impose a careful planning on how and where the security services should be deployed. Besides protecting the network from some well-known threats, it is important that security mechanisms be able to withstand attacks that have not been identified before. One way of reaching this goal is to control, at the network access level, which nodes can be attached to the network and to enforce their security compliance. This paper presents a network access security framework that can be used to control the nodes that have access to the network, based on administrative approval, and to enforce security compliance to the authorized nodes. PMID:23334610

  9. A Network Access Control Framework for 6LoWPAN Networks

    PubMed Central

    Oliveira, Luís M. L.; Rodrigues, Joel J. P. C.; de Sousa, Amaro F.; Lloret, Jaime

    2013-01-01

    Low power over wireless personal area networks (LoWPAN), in particular wireless sensor networks, represent an emerging technology with high potential to be employed in critical situations like security surveillance, battlefields, smart-grids, and in e-health applications. The support of security services in LoWPAN is considered a challenge. First, this type of networks is usually deployed in unattended environments, making them vulnerable to security attacks. Second, the constraints inherent to LoWPAN, such as scarce resources and limited battery capacity, impose a careful planning on how and where the security services should be deployed. Besides protecting the network from some well-known threats, it is important that security mechanisms be able to withstand attacks that have not been identified before. One way of reaching this goal is to control, at the network access level, which nodes can be attached to the network and to enforce their security compliance. This paper presents a network access security framework that can be used to control the nodes that have access to the network, based on administrative approval, and to enforce security compliance to the authorized nodes. PMID:23334610

  10. Secure Web-Site Access with Tickets and Message-Dependent Digests

    USGS Publications Warehouse

    Donato, David I.

    2008-01-01

    Although there are various methods for restricting access to documents stored on a World Wide Web (WWW) site (a Web site), none of the widely used methods is completely suitable for restricting access to Web applications hosted on an otherwise publicly accessible Web site. A new technique, however, provides a mix of features well suited for restricting Web-site or Web-application access to authorized users, including the following: secure user authentication, tamper-resistant sessions, simple access to user state variables by server-side applications, and clean session terminations. This technique, called message-dependent digests with tickets, or MDDT, maintains secure user sessions by passing single-use nonces (tickets) and message-dependent digests of user credentials back and forth between client and server. Appendix 2 provides a working implementation of MDDT with PHP server-side code and JavaScript client-side code.

  11. Control Systems Security Test Center - FY 2004 Program Summary

    SciTech Connect

    Robert E. Polk; Alen M. Snyder

    2005-04-01

    In May 2004, the US-CERT Control Systems Security Center (CSSC) was established at Idaho National Laboratory to execute assessment activities to reduce the vulnerability of the nation’s critical infrastructure control systems to terrorist attack. The CSSC implements a program to accomplish the five goals presented in the US-CERT National Strategy for Control Systems Security. This report summarizes the first year funding of startup activities and program achievements that took place in FY 2004 and early FY 2005. This document was prepared for the US-CERT Control Systems Security Center of the National Cyber Security Division of the Department of Homeland Security (DHS). DHS has been tasked under the Homeland Security Act of 2002 to coordinate the overall national effort to enhance the protection of the national critical infrastructure. Homeland Security Presidential Directive HSPD-7 directs federal departments to identify and prioritize the critical infrastructure and protect it from terrorist attack. The US-CERT National Strategy for Control Systems Security was prepared by the National Cyber Security Division to address the control system security component addressed in the National Strategy to Secure Cyberspace and the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets. The US-CERT National Strategy for Control Systems Security identified five high-level strategic goals for improving cyber security of control systems.

  12. 14 CFR 420.53 - Control of public access.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 14 Aeronautics and Space 4 2014-01-01 2014-01-01 false Control of public access. 420.53 Section....53 Control of public access. (a) A licensee shall prevent unauthorized access to the launch site, and unauthorized, unescorted access to explosive hazard facilities or other hazard areas not otherwise...

  13. 49 CFR 1546.213 - Access to cargo: Security threat assessments for cargo personnel in the United States.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 49 Transportation 9 2014-10-01 2014-10-01 false Access to cargo: Security threat assessments for cargo personnel in the United States. 1546.213 Section 1546.213 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY FOREIGN AIR...

  14. A dynamic access control method based on QoS requirement

    NASA Astrophysics Data System (ADS)

    Li, Chunquan; Wang, Yanwei; Yang, Baoye; Hu, Chunyang

    2013-03-01

    A dynamic access control method is put forward to ensure the security of the sharing service in Cloud Manufacturing, according to the application characteristics of cloud manufacturing collaborative task. The role-based access control (RBAC) model is extended according to the characteristics of cloud manufacturing in this method. The constraints are considered, which are from QoS requirement of the task context to access control, based on the traditional static authorization. The fuzzy policy rules are established about the weighted interval value of permissions. The access control authorities of executable service by users are dynamically adjusted through the fuzzy reasoning based on the QoS requirement of task. The main elements of the model are described. The fuzzy reasoning algorithm of weighted interval value based QoS requirement is studied. An effective method is provided to resolve the access control of cloud manufacturing.

  15. Climate Change and Global Food Security: Food Access, Utilization, and the US Food System

    NASA Astrophysics Data System (ADS)

    Brown, M. E.; Antle, J. M.; Backlund, P. W.; Carr, E. R.; Easterling, W. E.; Walsh, M.; Ammann, C. M.; Attavanich, W.; Barrett, C. B.; Bellemare, M. F.; Dancheck, V.; Funk, C.; Grace, K.; Ingram, J. S. I.; Jiang, H.; Maletta, H.; Mata, T.; Murray, A.; Ngugi, M.; Ojima, D. S.; O'Neill, B. C.; Tebaldi, C.

    2015-12-01

    This paper will summarize results from the USDA report entitled 'Climate change, Global Food Security and the U.S. Food system'. The report focuses on the impact of climate change on global food security, defined as "when all people at all times have physical, social, and economic access to sufficient, safe, and nutritious food to meet their dietary needs and food preferences for an active and healthy life". The assessment brought together authors and contributors from twenty federal, academic, nongovernmental, intergovernmental, and private organizations in four countries to identify climate change effects on food security through 2100, and analyze the U.S.'s likely connections with that world. This talk will describe how climate change will likely affect food access and food utilization, and summarize how the U.S. food system contributes to global food security, and will be affected by climate change.

  16. Cardea: Dynamic Access Control in Distributed Systems

    NASA Technical Reports Server (NTRS)

    Lepro, Rebekah

    2004-01-01

    Modern authorization systems span domains of administration, rely on many different authentication sources, and manage complex attributes as part of the authorization process. This . paper presents Cardea, a distributed system that facilitates dynamic access control, as a valuable piece of an inter-operable authorization framework. First, the authorization model employed in Cardea and its functionality goals are examined. Next, critical features of the system architecture and its handling of the authorization process are then examined. Then the S A M L and XACML standards, as incorporated into the system, are analyzed. Finally, the future directions of this project are outlined and connection points with general components of an authorization system are highlighted.

  17. PKI-based secure mobile access to electronic health services and data.

    PubMed

    Kambourakis, G; Maglogiannis, I; Rouskas, A

    2005-01-01

    Recent research works examine the potential employment of public-key cryptography schemes in e-health environments. In such systems, where a Public Key Infrastructure (PKI) is established beforehand, Attribute Certificates (ACs) and public key enabled protocols like TLS, can provide the appropriate mechanisms to effectively support authentication, authorization and confidentiality services. In other words, mutual trust and secure communications between all the stakeholders, namely physicians, patients and e-health service providers, can be successfully established and maintained. Furthermore, as the recently introduced mobile devices with access to computer-based patient record systems are expanding, the need of physicians and nurses to interact increasingly with such systems arises. Considering public key infrastructure requirements for mobile online health networks, this paper discusses the potential use of Attribute Certificates (ACs) in an anticipated trust model. Typical trust interactions among doctors, patients and e-health providers are presented, indicating that resourceful security mechanisms and trust control can be obtained and implemented. The application of attribute certificates to support medical mobile service provision along with the utilization of the de-facto TLS protocol to offer competent confidentiality and authorization services is also presented and evaluated through experimentation, using both the 802.11 WLAN and General Packet Radio Service (GPRS) networks. PMID:16340094

  18. Controlled Bidirectional Quantum Secure Direct Communication

    PubMed Central

    Chou, Yao-Hsin; Lin, Yu-Ting; Zeng, Guo-Jyun; Lin, Fang-Jhu; Chen, Chi-Yuan

    2014-01-01

    We propose a novel protocol for controlled bidirectional quantum secure communication based on a nonlocal swap gate scheme. Our proposed protocol would be applied to a system in which a controller (supervisor/Charlie) controls the bidirectional communication with quantum information or secret messages between legitimate users (Alice and Bob). In this system, the legitimate users must obtain permission from the controller in order to exchange their respective quantum information or secret messages simultaneously; the controller is unable to obtain any quantum information or secret messages from the decoding process. Moreover, the presence of the controller also avoids the problem of one legitimate user receiving the quantum information or secret message before the other, and then refusing to help the other user decode the quantum information or secret message. Our proposed protocol is aimed at protecting against external and participant attacks on such a system, and the cost of transmitting quantum bits using our protocol is less than that achieved in other studies. Based on the nonlocal swap gate scheme, the legitimate users exchange their quantum information or secret messages without transmission in a public channel, thus protecting against eavesdroppers stealing the secret messages. PMID:25006596

  19. Experimental realization of an entanglement access network and secure multi-party computation

    NASA Astrophysics Data System (ADS)

    Chang, X.-Y.; Deng, D.-L.; Yuan, X.-X.; Hou, P.-Y.; Huang, Y.-Y.; Duan, L.-M.

    2016-07-01

    To construct a quantum network with many end users, it is critical to have a cost-efficient way to distribute entanglement over different network ends. We demonstrate an entanglement access network, where the expensive resource, the entangled photon source at the telecom wavelength and the core communication channel, is shared by many end users. Using this cost-efficient entanglement access network, we report experimental demonstration of a secure multiparty computation protocol, the privacy-preserving secure sum problem, based on the network quantum cryptography.

  20. Experimental realization of an entanglement access network and secure multi-party computation

    PubMed Central

    Chang, X.-Y.; Deng, D.-L.; Yuan, X.-X.; Hou, P.-Y.; Huang, Y.-Y.; Duan, L.-M.

    2016-01-01

    To construct a quantum network with many end users, it is critical to have a cost-efficient way to distribute entanglement over different network ends. We demonstrate an entanglement access network, where the expensive resource, the entangled photon source at the telecom wavelength and the core communication channel, is shared by many end users. Using this cost-efficient entanglement access network, we report experimental demonstration of a secure multiparty computation protocol, the privacy-preserving secure sum problem, based on the network quantum cryptography. PMID:27404561

  1. Experimental realization of an entanglement access network and secure multi-party computation.

    PubMed

    Chang, X-Y; Deng, D-L; Yuan, X-X; Hou, P-Y; Huang, Y-Y; Duan, L-M

    2016-01-01

    To construct a quantum network with many end users, it is critical to have a cost-efficient way to distribute entanglement over different network ends. We demonstrate an entanglement access network, where the expensive resource, the entangled photon source at the telecom wavelength and the core communication channel, is shared by many end users. Using this cost-efficient entanglement access network, we report experimental demonstration of a secure multiparty computation protocol, the privacy-preserving secure sum problem, based on the network quantum cryptography. PMID:27404561

  2. A human engineering and ergonomic evaluation of the security access panel interface

    SciTech Connect

    Hartney, C.; Banks, W.W.

    1995-02-01

    The purpose of this study was to empirically determine which of several security hardware interface designs produced the highest levels of end-user performance and acceptance. The FESSP Security Alarms and Monitoring Systems program area commissioned the authors study as decision support for upgrading the Argus security system`s primary user interface so that Argus equipment will support the new DOE and DoD security access badges. Twenty-two test subjects were repeatedly tested using six remote access panel (RAP) designs. Lawrence Livermore National Laboratory (LLNL) uses one of these interface designs in its security access booths. Along with the RAP B insert-style reader, the authors tested five prototype RAP variants, each with a different style of swipe badge reader, through which a badge is moved or swiped. The authors asked the untrained test subjects to use each RAP while they described how they thought they should respond so that the system would operate correctly in reading the magnetic strip on a security badge. With each RAP variant, subjects were required to make four successful card reads (swipes) in which the card reader correctly read and logged the transaction. After each trial, a subject completed a 10-item interface acceptance evaluation before approaching the next RAP. After interacting with the RAP interfaces (for a total of the six RAP trials), each subject completed a 7-item overview evaluation that compared and ranked the five experimental RAPs, using the original (RAP B) insert style as a standard.

  3. K-12 access to internet: Securing the legal framework

    NASA Astrophysics Data System (ADS)

    Blauassociate, Andrew

    1993-09-01

    While many people in government, education, and industry have lauded the potential educational value of Internet access for students in grades K-12, there is as yet no legal or regulatory framework within which this new medium is being offered to students. The Communications Policy Forum, a nonpartisan project of the Electronic Frontier Foundation, recently convened a roundtable to discuss some of the legal issues that arise when K-12 schools provide Internet access to their students. Approximately 15 people, representing carriers who provide connections to the Internet, schools or school systems who are connected to the Internet, and legal experts with expertise in this and related areas, met to discuss questions of legal liability as this new medium enters an educational setting for minors. The following attempts to capture the major issues, suggestions, and directions for further collaborative efforts raised during the course of that discussion. In brief, the group identified statutory language aimed at other types of electronic communication that may offer some guidance; was briefed on a host of state laws that could be used to prosecute providers of certain materials found on the Internet; and concluded that there is no case law that clearly applies to this setting. The discussion revealed an interest in anticipating issues and developing responses before problems arose, and the need for shared approaches to allow carriers to move forward in serving and expanding this field. Members of the group offered to pursue these issues jointly and agreed upon a handful of concrete steps for further exploration and discussion.

  4. Multiparty Controlled Deterministic Secure Quantum Communication Through Entanglement Swapping

    NASA Astrophysics Data System (ADS)

    Dong, Li; Xiu, Xiao-Ming; Gao, Ya-Jun; Chi, Feng

    A three-party controlled deterministic secure quantum communication scheme through entanglement swapping is proposed firstly. In the scheme, the sender needs to prepare a class of Greenberger-Horne-Zeilinger (GHZ) states which are used as quantum channel. The two communicators may securely communicate under the control of the controller if the quantum channel is safe. The roles of the sender, the receiver, and the controller can be exchanged owing to the symmetry of the quantum channel. Different from other controlled quantum secure communication schemes, the scheme needs lesser additional classical information for transferring secret information. Finally, it is generalized to a multiparty controlled deterministic secure quantum communication scheme.

  5. A Quality of Context-Aware Approach to Access Control in Pervasive Environments

    NASA Astrophysics Data System (ADS)

    Toninelli, Alessandra; Corradi, Antonio; Montanari, Rebecca

    The widespread diffusion of wireless-enabled portable devices creates novel opportunities for users to share resources anywhere and anytime, but makes access control a crucial issue. User/device mobility and heterogeneity, together with network topology and conditions variability, complicate access control and call for novel solutions to dynamically adapt access decisions to the different operating conditions. Several research efforts have emerged in recent years that propose to exploit context-awareness to control access to resources based on context visibility and changes. Context-based access control requires, however, to take into account the quality of context information used to drive access decisions (QoC). Quality of context has in fact a profound impact on the correct behavior of any context-aware access control framework. Using context information with insufficient quality might increase the risk of incorrect access control decisions, thus leading to dangerous security breaches in resource sharing. In this paper we propose a QoC-aware approach to access control for anywhere, anytime resource sharing. The paper describes the design, implementation and evaluation of the Proteus policy framework, which combines two design guidelines to enable dynamic adaptation of policies depending on context changes: context-awareness with QoC guarantees and semantic technologies to allow high-level description of context/policy specification and reasoning about context/policies.

  6. Nevada National Security Site Radiological Control Manual

    SciTech Connect

    Radiological Control Managers’ Council

    2012-03-26

    This document supersedes DOE/NV/25946--801, 'Nevada Test Site Radiological Control Manual,' Revision 1 issued in February 2010. Brief Description of Revision: A complete revision to reflect a recent change in name for the NTS; changes in name for some tenant organizations; and to update references to current DOE policies, orders, and guidance documents. Article 237.2 was deleted. Appendix 3B was updated. Article 411.2 was modified. Article 422 was re-written to reflect the wording of DOE O 458.1. Article 431.6.d was modified. The glossary was updated. This manual contains the radiological control requirements to be used for all radiological activities conducted by programs under the purview of the U.S. Department of Energy (DOE) and the U.S. Department of Energy, National Nuclear Security Administration Nevada Site Office (NNSA/NSO). Compliance with these requirements will ensure compliance with Title 10 Code of Federal Regulations (CFR) Part 835, 'Occupational Radiation Protection.' Programs covered by this manual are located at the Nevada National Security Site (NNSS); Nellis Air Force Base and North Las Vegas, Nevada; Santa Barbara and Livermore, California; and Andrews Air Force Base, Maryland. In addition, fieldwork by NNSA/NSO at other locations is covered by this manual. Current activities at NNSS include operating low-level radioactive and mixed waste disposal facilities for United States defense-generated waste, assembly and execution of subcritical experiments, assembly/disassembly of special experiments, the storage and use of special nuclear materials, performing criticality experiments, emergency responder training, surface cleanup and site characterization of contaminated land areas, environmental activity by the University system, and nonnuclear test operations, such as controlled spills of hazardous materials at the Hazardous Materials Spill Center. Currently, the major potential for occupational radiation exposure is associated with the burial of

  7. High security chaotic multiple access scheme for visible light communication systems with advanced encryption standard interleaving

    NASA Astrophysics Data System (ADS)

    Qiu, Junchao; Zhang, Lin; Li, Diyang; Liu, Xingcheng

    2016-06-01

    Chaotic sequences can be applied to realize multiple user access and improve the system security for a visible light communication (VLC) system. However, since the map patterns of chaotic sequences are usually well known, eavesdroppers can possibly derive the key parameters of chaotic sequences and subsequently retrieve the information. We design an advanced encryption standard (AES) interleaving aided multiple user access scheme to enhance the security of a chaotic code division multiple access-based visible light communication (C-CDMA-VLC) system. We propose to spread the information with chaotic sequences, and then the spread information is interleaved by an AES algorithm and transmitted over VLC channels. Since the computation complexity of performing inverse operations to deinterleave the information is high, the eavesdroppers in a high speed VLC system cannot retrieve the information in real time; thus, the system security will be enhanced. Moreover, we build a mathematical model for the AES-aided VLC system and derive the theoretical information leakage to analyze the system security. The simulations are performed over VLC channels, and the results demonstrate the effectiveness and high security of our presented AES interleaving aided chaotic CDMA-VLC system.

  8. 9 CFR 121.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 9 Animals and Animal Products 1 2010-01-01 2010-01-01 false Restricting access to select agents and toxins; security risk assessments. 121.10 Section 121.10 Animals and Animal Products ANIMAL AND PLANT HEALTH INSPECTION SERVICE, DEPARTMENT OF AGRICULTURE VIRUSES, SERUMS, TOXINS, AND ANALOGOUS PRODUCTS; ORGANISMS AND VECTORS POSSESSION, USE,...

  9. 9 CFR 121.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 9 Animals and Animal Products 1 2012-01-01 2012-01-01 false Restricting access to select agents and toxins; security risk assessments. 121.10 Section 121.10 Animals and Animal Products ANIMAL AND PLANT HEALTH INSPECTION SERVICE, DEPARTMENT OF AGRICULTURE VIRUSES, SERUMS, TOXINS, AND ANALOGOUS PRODUCTS; ORGANISMS AND VECTORS POSSESSION, USE,...

  10. 47 CFR 76.1204 - Availability of equipment performing conditional access or security functions.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... security functions. (a)(1) A multichannel video programming distributor that utilizes navigation devices to... access functions of such devices. Commencing on July 1, 2007, no multichannel video programming... requirement shall not apply to a multichannel video programming distributor that supports the active use...

  11. Context-Based E-Health System Access Control Mechanism

    NASA Astrophysics Data System (ADS)

    Al-Neyadi, Fahed; Abawajy, Jemal H.

    E-Health systems logically demand a sufficiently fine-grained authorization policy for access control. The access to medical information should not be just role-based but should also include the contextual condition of the role to access data. In this paper, we present a mechanism to extend the standard role-based access control to incorporate contextual information for making access control decisions in e-health application. We present an architecture consisting of authorisation and context infrastructure that work cooperatively to grant access rights based on context-aware authorization policies and context information.

  12. Help for the Developers of Control System Cyber Security Standards

    SciTech Connect

    Robert P. Evans

    2008-05-01

    A Catalog of Control Systems Security: Recommendations for Standards Developers (Catalog), aimed at assisting organizations to facilitate the development and implementation of control system cyber security standards, has been developed. This catalog contains requirements that can help protect control systems from cyber attacks and can be applied to the Critical Infrastructures and Key Resources of the United States and other nations. The requirements contained in the catalog are a compilation of practices or various industry bodies used to increase the security of control systems from both physical and cyber attacks. They should be viewed as a collection of recommendations to be considered and judiciously employed, as appropriate, when reviewing and developing cyber security standards for control systems. The recommendations in the Catalog are intended to be broad enough to provide any industry using control systems the flexibility needed to develop sound cyber security standards specific to their individual security requirements.

  13. A Stateful Multicast Access Control Mechanism for Future Metro-Area-Networks.

    ERIC Educational Resources Information Center

    Sun, Wei-qiang; Li, Jin-sheng; Hong, Pei-lin

    2003-01-01

    Multicasting is a necessity for a broadband metro-area-network; however security problems exist with current multicast protocols. A stateful multicast access control mechanism, based on MAPE, is proposed. The architecture of MAPE is discussed, as well as the states maintained and messages exchanged. The scheme is flexible and scalable. (Author/AEF)

  14. An Access Control and Trust Management Framework for Loosely-Coupled Multidomain Environments

    ERIC Educational Resources Information Center

    Zhang, Yue

    2010-01-01

    Multidomain environments where multiple organizations interoperate with each other are becoming a reality as can be seen in emerging Internet-based enterprise applications. Access control to ensure secure interoperation in such an environment is a crucial challenge. A multidomain environment can be categorized as "tightly-coupled" and…

  15. Security for grids

    SciTech Connect

    Humphrey, Marty; Thompson, Mary R.; Jackson, Keith R.

    2005-08-14

    Securing a Grid environment presents a distinctive set of challenges. This paper groups the activities that need to be secured into four categories: naming and authentication; secure communication; trust, policy, and authorization; and enforcement of access control. It examines the current state of the art in securing these processes and introduces new technologies that promise to meet the security requirements of Grids more completely.

  16. Securing optical code-division multiple-access networks with a postswitching coding scheme of signature reconfiguration

    NASA Astrophysics Data System (ADS)

    Huang, Jen-Fa; Meng, Sheng-Hui; Lin, Ying-Chen

    2014-11-01

    The optical code-division multiple-access (OCDMA) technique is considered a good candidate for providing optical layer security. An enhanced OCDMA network security mechanism with a pseudonoise (PN) random digital signals type of maximal-length sequence (M-sequence) code switching to protect against eavesdropping is presented. Signature codes unique to individual OCDMA-network users are reconfigured according to the register state of the controlling electrical shift registers. Examples of signature reconfiguration following state switching of the controlling shift register for both the network user and the eavesdropper are numerically illustrated. Dynamically changing the PN state of the shift register to reconfigure the user signature sequence is shown; this hinders eavesdroppers' efforts to decode correct data sequences. The proposed scheme increases the probability of eavesdroppers committing errors in decoding and thereby substantially enhances the degree of an OCDMA network's confidentiality.

  17. 14 CFR 420.53 - Control of public access.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 14 Aeronautics and Space 4 2011-01-01 2011-01-01 false Control of public access. 420.53 Section 420.53 Aeronautics and Space COMMERCIAL SPACE TRANSPORTATION, FEDERAL AVIATION ADMINISTRATION....53 Control of public access. (a) A licensee shall prevent unauthorized access to the launch site,...

  18. 49 CFR 1544.228 - Access to cargo and cargo screening: Security threat assessments for cargo personnel in the...

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 49 Transportation 9 2010-10-01 2010-10-01 false Access to cargo and cargo screening: Security... COMMERCIAL OPERATORS Operations § 1544.228 Access to cargo and cargo screening: Security threat assessments... authorizes to screen cargo or to supervise the screening of cargo under § 1544.205....

  19. Mitigations for Security Vulnerabilities Found in Control System Networks

    SciTech Connect

    Trent D. Nelson

    2006-05-01

    Industry is aware of the need for Control System (CS) security, but in on-site assessments, Idaho National Laboratory (INL) has observed that security procedures and devices are not consistently and effectively implemented. The Department of Homeland Security (DHS), National Cyber Security Division (NCSD), established the Control Systems Security Center (CSSC) at INL to help industry and government improve the security of the CSs used in the nation's critical infrastructures. One of the main CSSC objectives is to identify control system vulnerabilities and develop effective mitigations for them. This paper discusses common problems and vulnerabilities seen in on-site CS assessments and suggests mitigation strategies to provide asset owners with the information they need to better protect their systems from common security flows.

  20. Process Control Systems in the Chemical Industry: Safety vs. Security

    SciTech Connect

    Jeffrey Hahn; Thomas Anderson

    2005-04-01

    Traditionally, the primary focus of the chemical industry has been safety and productivity. However, recent threats to our nation’s critical infrastructure have prompted a tightening of security measures across many different industry sectors. Reducing vulnerabilities of control systems against physical and cyber attack is necessary to ensure the safety, security and effective functioning of these systems. The U.S. Department of Homeland Security has developed a strategy to secure these vulnerabilities. Crucial to this strategy is the Control Systems Security and Test Center (CSSTC) established to test and analyze control systems equipment. In addition, the CSSTC promotes a proactive, collaborative approach to increase industry's awareness of standards, products and processes that can enhance the security of control systems. This paper outlines measures that can be taken to enhance the cybersecurity of process control systems in the chemical sector.

  1. Bureau of Prisons access control system: functional and operational requirements

    NASA Astrophysics Data System (ADS)

    Janus, Michael; Carlson, Peter M.; Kane, Thomas

    1997-01-01

    The Federal Bureau of Prisons (BOP) operates 86 correctional institutions nationwide. The BOP has grown dramatically, the size of its inmate population growing from just over 41,000 inmates in 1987 to over 100,000 today. The number of BOP staff managing these facilities has grown correspondingly, more than doubling in number in the same ten year period. Technology has paid a major role in keeping up with this growth while maintaining high standards of security in BOP institutions. In an attempt to further enhance security in its institutions, the BOP has recently begun pilot testing an access control and entry system (ACES). ACES is intended to provide an automated record of very entry and exit to a correctional institution. ACES takes advantage of several methods of identifying an individual (inmate, staff or visitor) to assure that the individual exiting the institution is the same as the individual entering. The pilot test has raised a number of questions regarding the implementation of a technologically sophisticated system in a correctional institution. Questions of training, support, 'ownership,' cost effectiveness, and future potential all influence the deployment of this system. Preliminary results indicate that an adequate training and support system is essential to the performance of any sophisticated system and that other organizational issues need to be addressed before the decision to implement is made.

  2. Control Systems Cyber Security: Defense-in-Depth Strategies

    SciTech Connect

    Mark Fabro

    2007-10-01

    Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecture that requires: • Maintenance of various field devices, telemetry collection, and/or industrial-level process systems • Access to facilities via remote data link or modem • Public facing services for customer or corporate operations • A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.

  3. 49 CFR 1546.213 - Access to cargo: Security threat assessments for cargo personnel in the United States.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 49 Transportation 9 2010-10-01 2010-10-01 false Access to cargo: Security threat assessments for...: Security threat assessments for cargo personnel in the United States. This section applies in the United...— (1) Each individual must successfully complete a security threat assessment or comparable...

  4. 49 CFR 1544.228 - Access to cargo and cargo screening: Security threat assessments for cargo personnel in the...

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 49 Transportation 9 2014-10-01 2014-10-01 false Access to cargo and cargo screening: Security threat assessments for cargo personnel in the United States. 1544.228 Section 1544.228 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION...

  5. Ver-i-Fus: an integrated access control and information monitoring and management system

    NASA Astrophysics Data System (ADS)

    Thomopoulos, Stelios C.; Reisman, James G.; Papelis, Yiannis E.

    1997-01-01

    This paper describes the Ver-i-Fus Integrated Access Control and Information Monitoring and Management (IAC-I2M) system that INTELNET Inc. has developed. The Ver-i-Fus IAC-I2M system has been designed to meet the most stringent security and information monitoring requirements while allowing two- way communication between the user and the system. The systems offers a flexible interface that permits to integrate practically any sensing device, or combination of sensing devices, including a live-scan fingerprint reader, thus providing biometrics verification for enhanced security. Different configurations of the system provide solutions to different sets of access control problems. The re-configurable hardware interface, tied together with biometrics verification and a flexible interface that allows to integrate Ver-i-Fus with an MIS, provide an integrated solution to security, time and attendance, labor monitoring, production monitoring, and payroll applications.

  6. Catheter Securement Systems for Peripherally Inserted and Nontunneled Central Vascular Access Devices

    PubMed Central

    Krenik, Karen M.; Smith, Graham E.

    2016-01-01

    Sutureless catheter securement systems are intended to eliminate risks associated with sutures. The clinical acceptability of a novel system was investigated compared with the current method of securement for peripherally inserted central catheters (19 facilities using StatLock or sutures) or nontunneled central vascular access devices (3 facilities using StatLock or sutures or HubGuard + Sorbaview Shield). More than 94% of respondents rated the novel system as same, better, or much better than their current product. More than 82% of respondents were willing to replace their current system with the new one. PMID:27379679

  7. A Study on Automated Context-aware Access Control Model Using Ontology

    NASA Astrophysics Data System (ADS)

    Jang, Bokman; Jang, Hyokyung; Choi, Euiin

    Applications in context-aware computing environment will be connected wireless network and various devices. According to, recklessness access of information resource can make trouble of system. So, access authority management is very important issue both information resource and adapt to system through founding security policy of needed system. But, existing security model is easy of approach to resource through simply user ID and password. This model has a problem that is not concerned about user's environment information. In this paper, propose model of automated context-aware access control using ontology that can more efficiently control about resource through inference and judgment of context information that collect user's information and user's environment context information in order to ontology modeling.

  8. 21 CFR 1301.76 - Other security controls for practitioners.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Other security controls for practitioners. 1301.76 Section 1301.76 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements § 1301.76...

  9. 21 CFR 1301.75 - Physical security controls for practitioners.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 21 Food and Drugs 9 2012-04-01 2012-04-01 false Physical security controls for practitioners. 1301.75 Section 1301.75 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements §...

  10. 21 CFR 1301.75 - Physical security controls for practitioners.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Physical security controls for practitioners. 1301.75 Section 1301.75 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements §...

  11. 21 CFR 1301.76 - Other security controls for practitioners.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 21 Food and Drugs 9 2011-04-01 2011-04-01 false Other security controls for practitioners. 1301.76 Section 1301.76 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements § 1301.76...

  12. 21 CFR 1301.75 - Physical security controls for practitioners.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 21 Food and Drugs 9 2011-04-01 2011-04-01 false Physical security controls for practitioners. 1301.75 Section 1301.75 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements §...

  13. 21 CFR 1301.76 - Other security controls for practitioners.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 21 Food and Drugs 9 2013-04-01 2013-04-01 false Other security controls for practitioners. 1301.76 Section 1301.76 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements § 1301.76...

  14. 21 CFR 1301.75 - Physical security controls for practitioners.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 21 Food and Drugs 9 2014-04-01 2014-04-01 false Physical security controls for practitioners. 1301.75 Section 1301.75 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements §...

  15. 21 CFR 1301.76 - Other security controls for practitioners.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 21 Food and Drugs 9 2014-04-01 2014-04-01 false Other security controls for practitioners. 1301.76 Section 1301.76 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements § 1301.76...

  16. 21 CFR 1301.75 - Physical security controls for practitioners.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 21 Food and Drugs 9 2013-04-01 2013-04-01 false Physical security controls for practitioners. 1301.75 Section 1301.75 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements §...

  17. 21 CFR 1301.76 - Other security controls for practitioners.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 21 Food and Drugs 9 2012-04-01 2012-04-01 false Other security controls for practitioners. 1301.76 Section 1301.76 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements § 1301.76...

  18. Command and Control during Security Incidents/Emergencies

    SciTech Connect

    Knipper, W.

    2013-10-16

    This presentation builds on our response to events that pose, or have the potential to pose, a serious security or law enforcement risk and must be responded to and controlled in a clear a decisive fashion. We will examine some common concepts in the command and control of security-centric events.

  19. Arms Control and National Security: An Introduction. Advance Edition.

    ERIC Educational Resources Information Center

    Arms Control Association, Washington, DC.

    Suitable for use with high school students, this booklet on arms control and national security provides background information, describes basic concepts, reviews recent history, and offers suggestions for further reading. The first section, on American attitudes toward national security and arms control, defines five types of limits on weapons…

  20. Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

    SciTech Connect

    Hadley, Mark D.; Clements, Samuel L.

    2009-01-01

    Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets are considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.

  1. Ideal Based Cyber Security Technical Metrics for Control Systems

    SciTech Connect

    W. F. Boyer; M. A. McQueen

    2007-10-01

    Much of the world's critical infrastructure is at risk from attack through electronic networks connected to control systems. Security metrics are important because they provide the basis for management decisions that affect the protection of the infrastructure. A cyber security technical metric is the security relevant output from an explicit mathematical model that makes use of objective measurements of a technical object. A specific set of technical security metrics are proposed for use by the operators of control systems. Our proposed metrics are based on seven security ideals associated with seven corresponding abstract dimensions of security. We have defined at least one metric for each of the seven ideals. Each metric is a measure of how nearly the associated ideal has been achieved. These seven ideals provide a useful structure for further metrics development. A case study shows how the proposed metrics can be applied to an operational control system.

  2. 7. LAUNCH CONTROL SUPPORT BUILDING. INTERIOR OF SECURITY OFFICE. VIEW ...

    Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

    7. LAUNCH CONTROL SUPPORT BUILDING. INTERIOR OF SECURITY OFFICE. VIEW TO NORTH. - Minuteman III ICBM Launch Control Facility November-1, 1.5 miles North of New Raymer & State Highway 14, New Raymer, Weld County, CO

  3. 6. LAUNCH CONTROL SUPPORT BUILDING. INTERIOR OF SECURITY OFFICE. VIEW ...

    Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

    6. LAUNCH CONTROL SUPPORT BUILDING. INTERIOR OF SECURITY OFFICE. VIEW TO WEST. - Minuteman III ICBM Launch Control Facility November-1, 1.5 miles North of New Raymer & State Highway 14, New Raymer, Weld County, CO

  4. On the Evaluation of a Secure Solution to Access 802.11 Networks

    NASA Astrophysics Data System (ADS)

    da Costa, Fernando; Gaspary, Luciano; Barbosa, Jorge; Cavalheiro, Gerson; Pfitscher, Luciano; Ramos, José Dirceu G.

    Despite offering the possibility to develop and distribute a new set of applications to its users, the widespread and unrestricted use of mobile computing depends on the provisioning of a secure network environment. Regarding the communication established from mobile devices such as PDAs (Personal Digital Assistants), one of the most currently used standards is the IEEE 802.11b, which presents known security flaws. To overcome them, some alternative setups are commonly deployed, based on link, network, transport or application-layer. In this paper we evaluate the impact on data reception rate and energy consumption of IPSec-based PDAs access to 802.11b (WiFi) wireless LANs. As a result of this work we identify the overhead imposed by the security mechanisms and the capacity of the device to run CPU and network-intensive applications.

  5. Isolated user security enhancement in optical code division multiple access network against eavesdropping

    NASA Astrophysics Data System (ADS)

    Jyoti, Vishav; Kaler, Rajinder Singh

    2012-09-01

    A novel virtual user system is modeled for enhancing the security of an optical code division multiple access (OCDMA) network. Although the OCDMA system implementing code shift keying (CSK) is secure against a conventional power detector, it is susceptible to differential eavesdropping. An analytical framework is developed for the CSK-OCDMA system to show eavesdropper's code interception performance for a single transmitting user in the presence of a virtual user. It is shown that the eavesdropper's probability of correct bit interception decreases from 7.1×10-1 to 1.85×10-5 with the inclusion of the virtual user. Furthermore, the results confirm that the proposed virtual user scheme increases the confidentiality of the CSK-OCDMA system and outperforms the conventional OCDMA scheme in terms of security.

  6. Efforts to secure universal access to HIV/AIDS treatment: a comparison of BRICS countries.

    PubMed

    Sun, Jing; Boing, Alexandra Crispim; Silveira, Marysabel P T; Bertoldi, Andréa D; Ziganshina, Liliya E; Khaziakhmetova, Veronica N; Khamidulina, Rashida M; Chokshi, Maulik R; McGee, Shelley; Suleman, Fatima

    2014-02-01

    This article illustrates how the BRICS countries have been building their focused leadership, making important high level commitment and national policy changes, and improving their health systems, in addressing the HIV/AIDS epidemics in respective settings. Specific aspects are focused on efforts of creating public provisions to secure universal access to ARVs from the aspects of active responsive system and national program, health system strengthening, fostering local production of ARVs, supply chain management, and information system strengthening. Challenges in each BRICS country are analyzed respectively. The most important contributors to the success of response to HIV/AIDS include: creating legal basis for healthcare as a fundamental human right; political commitment to necessary funding for universal access and concrete actions to secure equal quality care; comprehensive system to secure demands that all people in need are capable of accessing prevention, treatment and care; active community involvement; decentralization of the management system considering the local settings; integration of treatment and prevention; taking horizontal approach to strengthen health systems; fully use of the TRIPS flexibility; and regular monitoring and evaluation to serve evidence based decision making. PMID:25155561

  7. Open versus Controlled-Access Data | Office of Cancer Genomics

    Cancer.gov

    OCG employs stringent human subjects’ protection and data access policies to protect the privacy and confidentiality of the research participants. Depending on the risk of patient identification, OCG programs data are available to the scientific community in two tiers: open or controlled access. Both types of data can be accessed through its corresponding OCG program-specific data matrix or portal. Open-access Data

  8. 17 CFR 240.15c3-5 - Risk management controls for brokers or dealers with market access.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Risk management controls for... Markets § 240.15c3-5 Risk management controls for brokers or dealers with market access. (a) For the... establish, document, and maintain a system of risk management controls and supervisory procedures...

  9. 17 CFR 240.15c3-5 - Risk management controls for brokers or dealers with market access.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Risk management controls for... Markets § 240.15c3-5 Risk management controls for brokers or dealers with market access. (a) For the... establish, document, and maintain a system of risk management controls and supervisory procedures...

  10. 17 CFR 240.15c3-5 - Risk management controls for brokers or dealers with market access.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 17 Commodity and Securities Exchanges 3 2011-04-01 2011-04-01 false Risk management controls for... Markets § 240.15c3-5 Risk management controls for brokers or dealers with market access. (a) For the... establish, document, and maintain a system of risk management controls and supervisory procedures...

  11. 17 CFR 240.15c3-5 - Risk management controls for brokers or dealers with market access.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 17 Commodity and Securities Exchanges 3 2012-04-01 2012-04-01 false Risk management controls for... Markets § 240.15c3-5 Risk management controls for brokers or dealers with market access. (a) For the... establish, document, and maintain a system of risk management controls and supervisory procedures...

  12. New Advanced Technologies to Provide Decentralised and Secure Access to Medical Records: Case Studies in Oncology

    PubMed Central

    Quantin, Catherine; Coatrieux, Gouenou; Allaert, François André; Fassa, Maniane; Bourquard, Karima; Boire, Jean-Yves; de Vlieger, Paul; Maigne, Lydia; Breton, Vincent

    2009-01-01

    The main problem for health professionals and patients in accessing information is that this information is very often distributed over many medical records and locations. This problem is particularly acute in cancerology because patients may be treated for many years and undergo a variety of examinations. Recent advances in technology make it feasible to gain access to medical records anywhere and anytime, allowing the physician or the patient to gather information from an “ephemeral electronic patient record”. However, this easy access to data is accompanied by the requirement for improved security (confidentiality, traceability, integrity, ...) and this issue needs to be addressed. In this paper we propose and discuss a decentralised approach based on recent advances in information sharing and protection: Grid technologies and watermarking methodologies. The potential impact of these technologies for oncology is illustrated by the examples of two experimental cases: a cancer surveillance network and a radiotherapy treatment plan. It is expected that the proposed approach will constitute the basis of a future secure “google-like” access to medical records. PMID:19718446

  13. Cyber Security Testing and Training Programs for Industrial Control Systems

    SciTech Connect

    Daniel Noyes

    2012-03-01

    Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

  14. Process Control System Cyber Security Standards - An Overview

    SciTech Connect

    Robert P. Evans

    2006-05-01

    The use of cyber security standards can greatly assist in the protection of process control systems by providing guidelines and requirements for the implementation of computer-controlled systems. These standards are most effective when the engineers and operators, using the standards, understand what each standard addresses. This paper provides an overview of several standards that deal with the cyber security of process measurements and control systems.

  15. 14 CFR 420.53 - Control of public access.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 14 Aeronautics and Space 4 2010-01-01 2010-01-01 false Control of public access. 420.53 Section 420.53 Aeronautics and Space COMMERCIAL SPACE TRANSPORTATION, FEDERAL AVIATION ADMINISTRATION, DEPARTMENT OF TRANSPORTATION LICENSING LICENSE TO OPERATE A LAUNCH SITE Responsibilities of a Licensee § 420.53 Control of public access. (a) A...

  16. 14 CFR 420.53 - Control of public access.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 14 Aeronautics and Space 4 2012-01-01 2012-01-01 false Control of public access. 420.53 Section 420.53 Aeronautics and Space COMMERCIAL SPACE TRANSPORTATION, FEDERAL AVIATION ADMINISTRATION, DEPARTMENT OF TRANSPORTATION LICENSING LICENSE TO OPERATE A LAUNCH SITE Responsibilities of a Licensee § 420.53 Control of public access. (a) A...

  17. 14 CFR 420.53 - Control of public access.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 14 Aeronautics and Space 4 2013-01-01 2013-01-01 false Control of public access. 420.53 Section 420.53 Aeronautics and Space COMMERCIAL SPACE TRANSPORTATION, FEDERAL AVIATION ADMINISTRATION, DEPARTMENT OF TRANSPORTATION LICENSING LICENSE TO OPERATE A LAUNCH SITE Responsibilities of a Licensee § 420.53 Control of public access. (a) A...

  18. UGV: security analysis of subsystem control network

    NASA Astrophysics Data System (ADS)

    Abbott-McCune, Sam; Kobezak, Philip; Tront, Joseph; Marchany, Randy; Wicks, Al

    2013-05-01

    Unmanned Ground vehicles (UGVs) are becoming prolific in the heterogeneous superset of robotic platforms. The sensors which provide odometry, localization, perception, and vehicle diagnostics are fused to give the robotic platform a sense of the environment it is traversing. The automotive industry CAN bus has dominated the industry due to the fault tolerance and the message structure allowing high priority messages to reach the desired node in a real time environment. UGVs are being researched and produced at an accelerated rate to preform arduous, repetitive, and dangerous missions that are associated with a military action in a protracted conflict. The technology and applications of the research will inevitably be turned into dual-use platforms to aid civil agencies in the performance of their various operations. Our motivation is security of the holistic system; however as subsystems are outsourced in the design, the overall security of the system may be diminished. We will focus on the CAN bus topology and the vulnerabilities introduced in UGVs and recognizable security vulnerabilities that are inherent in the communications architecture. We will show how data can be extracted from an add-on CAN bus that can be customized to monitor subsystems. The information can be altered or spoofed to force the vehicle to exhibit unwanted actions or render the UGV unusable for the designed mission. The military relies heavily on technology to maintain information dominance, and the security of the information introduced onto the network by UGVs must be safeguarded from vulnerabilities that can be exploited.

  19. Security Encryption Scheme for Communication of Web Based Control Systems

    NASA Astrophysics Data System (ADS)

    Robles, Rosslin John; Kim, Tai-Hoon

    A control system is a device or set of devices to manage, command, direct or regulate the behavior of other devices or systems. The trend in most systems is that they are connected through the Internet. Traditional Supervisory Control and Data Acquisition Systems (SCADA) is connected only in a limited private network Since the internet Supervisory Control and Data Acquisition Systems (SCADA) facility has brought a lot of advantages in terms of control, data viewing and generation. Along with these advantages, are security issues regarding web SCADA, operators are pushed to connect Control Systems through the internet. Because of this, many issues regarding security surfaced. In this paper, we discuss web SCADA and the issues regarding security. As a countermeasure, a web SCADA security solution using crossed-crypto-scheme is proposed to be used in the communication of SCADA components.

  20. An interaction-based access control model (IBAC) for collaborative services

    SciTech Connect

    Altunay, Mine; Byrd, Gregory T.; Brown, Doug E.; Dean, Ralph A.; /North Carolina State U.

    2008-04-01

    A collaboration is a collection of services that work together to achieve a common goal. Although collaborations help when tackling difficult problems, they lead to security issues. First, a collaboration is often performed by services that are drawn from different security domains. Second, a service interacts with multiple peer services during the collaboration. These interactions are not isolated from one another--e.g., data may flow through a sequence of different services. As a result, a service is exposed to multiple peer services in varying degrees, leading to different security threats. We identify the types of interactions that can be present in collaborations, and discuss the security threats due to each type. We propose a model for representing the collaboration context so that a service can be made aware of the existing interactions. We provide an access control model for a service participating in a collaboration. We couple our access control model with a policy model, so that the access requirements from collaborations can be expressed and evaluated.

  1. Measurable Control System Security through Ideal Driven Technical Metrics

    SciTech Connect

    Miles McQueen; Wayne Boyer; Sean McBride; Marie Farrar; Zachary Tudor

    2008-01-01

    The Department of Homeland Security National Cyber Security Division supported development of a small set of security ideals as a framework to establish measurable control systems security. Based on these ideals, a draft set of proposed technical metrics was developed to allow control systems owner-operators to track improvements or degradations in their individual control systems security posture. The technical metrics development effort included review and evaluation of over thirty metrics-related documents. On the bases of complexity, ambiguity, or misleading and distorting effects the metrics identified during the reviews were determined to be weaker than necessary to aid defense against the myriad threats posed by cyber-terrorism to human safety, as well as to economic prosperity. Using the results of our metrics review and the set of security ideals as a starting point for metrics development, we identified thirteen potential technical metrics - with at least one metric supporting each ideal. Two case study applications of the ideals and thirteen metrics to control systems were then performed to establish potential difficulties in applying both the ideals and the metrics. The case studies resulted in no changes to the ideals, and only a few deletions and refinements to the thirteen potential metrics. This led to a final proposed set of ten core technical metrics. To further validate the security ideals, the modifications made to the original thirteen potential metrics, and the final proposed set of ten core metrics, seven separate control systems security assessments performed over the past three years were reviewed for findings and recommended mitigations. These findings and mitigations were then mapped to the security ideals and metrics to assess gaps in their coverage. The mappings indicated that there are no gaps in the security ideals and that the ten core technical metrics provide significant coverage of standard security issues with 87% coverage. Based

  2. A secure WDM ring access network employing silicon micro-ring based remote node

    NASA Astrophysics Data System (ADS)

    Sung, Jiun-Yu; Chow, Chi-Wai; Yeh, Chien-Hung; Xu, Ke; Hsu, Chin-Wei; Su, Hong-Quan; Tsang, Hon-Ki

    2014-08-01

    A secure and scalable wavelength-division-multiplexing (WDM) ring-based access network is proposed and demonstrated using proof-of-concept experiments. In the remote node (RN), wavelength hopping for specific optical networking unit (ONU) is deployed by using silicon micro-ring resonators (SMR). Using silicon-based devices could be cost-effective for the cost-sensitive access network. Hence the optical physical layer security is introduced. The issues of denial of service (DOS) attacks, eavesdropping and masquerading can be made more difficult in the proposed WDM ring-based access network. Besides, the SMRs with different dropped wavelengths can be cascaded, such that the signals pass through the preceding SMRs can be dropped by a succeeding SMR. This can increase the scalability of the RN for supporting more ONUs for future upgrade. Here, error-free 10 Gb/s downlink and 1.25 Gb/s uplink transmission are demonstrated to show the feasibility of the proposed network.

  3. DOE`s nation-wide system for access control can solve problems for the federal government

    SciTech Connect

    Callahan, S.; Tomes, D.; Davis, G.; Johnson, D.; Strait, S.

    1996-07-01

    The U.S. Department of Energy`s (DOE`s) ongoing efforts to improve its physical and personnel security systems while reducing its costs, provide a model for federal government visitor processing. Through the careful use of standardized badges, computer databases, and networks of automated access control systems, the DOE is increasing the security associated with travel throughout the DOE complex, and at the same time, eliminating paperwork, special badging, and visitor delays. The DOE is also improving badge accountability, personnel identification assurance, and access authorization timeliness and accuracy. Like the federal government, the DOE has dozens of geographically dispersed locations run by many different contractors operating a wide range of security systems. The DOE has overcome these obstacles by providing data format standards, a complex-wide virtual network for security, the adoption of a standard high security system, and an open-systems-compatible link for any automated access control system. If the location`s level of security requires it, positive visitor identification is accomplished by personal identification number (PIN) and/or by biometrics. At sites with automated access control systems, this positive identification is integrated into the portals.

  4. 47 CFR Appendix B to Part 64 - Priority Access Service (PAS) for National Security and Emergency Preparedness (NSEP)

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... Security and Emergency Preparedness (NSEP) B Appendix B to Part 64 Telecommunication FEDERAL COMMUNICATIONS.... 64, App. B Appendix B to Part 64—Priority Access Service (PAS) for National Security and Emergency...'s Order to CMRS providers and users to comply with policies and procedures establishing the...

  5. 47 CFR Appendix B to Part 64 - Priority Access Service (PAS) for National Security and Emergency Preparedness (NSEP)

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... Security and Emergency Preparedness (NSEP) B Appendix B to Part 64 Telecommunication FEDERAL COMMUNICATIONS.... 64, App. B Appendix B to Part 64—Priority Access Service (PAS) for National Security and Emergency...'s Order to CMRS providers and users to comply with policies and procedures establishing the...

  6. Controlled Secure Direct Communication with Six-Qubit Entangled States

    NASA Astrophysics Data System (ADS)

    Li, Yuan-hua; Li, Xiao-lan; Nie, Li-ping; Sang, Ming-huang

    2016-02-01

    We propose an experimentally feasible scheme for implementing controlled quantum secure direct communication by using six-qubit entangled states. According to the results measured by the sender and the controller, the receiver can obtain different secret messages in a deterministic way with unit successful probability. In our scheme, the information-carrying qubits do not need to be transmitted over the public channel. Therefore, the scheme is determinate and secure.

  7. A design of tamper resistant prescription RFID access control system.

    PubMed

    Chen, Yu-Yi; Huang, Der-Chen; Tsai, Meng-Lin; Jan, Jinn-Ke

    2012-10-01

    In this paper, we propose a tamper resistant prescription RFID access control protocol for different authorized readers. Not only the authentication mechanism but also the access right authorization mechanism is designed in our scheme. Only the specific doctor, usually the patient's doctor, can access the tag. Moreover, some related information of patient's prescription is attached to a RFID tag for tamper resistance. The patients' rights will be guaranteed. PMID:21751015

  8. Optical code division multiple access secure communications systems with rapid reconfigurable polarization shift key user code

    NASA Astrophysics Data System (ADS)

    Gao, Kaiqiang; Wu, Chongqing; Sheng, Xinzhi; Shang, Chao; Liu, Lanlan; Wang, Jian

    2015-09-01

    An optical code division multiple access (OCDMA) secure communications system scheme with rapid reconfigurable polarization shift key (Pol-SK) bipolar user code is proposed and demonstrated. Compared to fix code OCDMA, by constantly changing the user code, the performance of anti-eavesdropping is greatly improved. The Pol-SK OCDMA experiment with a 10 Gchip/s user code and a 1.25 Gb/s user data of payload has been realized, which means this scheme has better tolerance and could be easily realized.

  9. How to implement security controls for an information security program at CBRN facilities

    SciTech Connect

    Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

    2015-12-01

    This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

  10. Resource reliability, accessibility and governance: pillars for managing water resources to achieve water security in Nepal

    NASA Astrophysics Data System (ADS)

    Biggs, E. M.; Duncan, J.; Atkinson, P.; Dash, J.

    2013-12-01

    As one of the world's most water-abundant countries, Nepal has plenty of water yet resources are both spatially and temporally unevenly distributed. With a population heavily engaged in subsistence farming, whereby livelihoods are entirely dependent on rain-fed agriculture, changes in freshwater resources can substantially impact upon survival. The two main sources of water in Nepal come from monsoon precipitation and glacial runoff. The former is essential for sustaining livelihoods where communities have little or no access to perennial water resources. Much of Nepal's population live in the southern Mid-Hills and Terai regions where dependency on the monsoon system is high and climate-environment interactions are intricate. Any fluctuations in precipitation can severely affect essential potable resources and food security. As the population continues to expand in Nepal, and pressures build on access to adequate and clean water resources, there is a need for institutions to cooperate and increase the effectiveness of water management policies. This research presents a framework detailing three fundamental pillars for managing water resources to achieve sustainable water security in Nepal. These are (i) resource reliability; (ii) adequate accessibility; and (iii) effective governance. Evidence is presented which indicates that water resources are adequate in Nepal to sustain the population. In addition, aspects of climate change are having less impact than previously perceived e.g. results from trend analysis of precipitation time-series indicate a decrease in monsoon extremes and interannual variation over the last half-century. However, accessibility to clean water resources and the potential for water storage is limiting the use of these resources. This issue is particularly prevalent given the heterogeneity in spatial and temporal distributions of water. Water governance is also ineffective due to government instability and a lack of continuity in policy

  11. Managed Access by Controlled Sensing (MACS)

    SciTech Connect

    Curtiss, J.A.; Indusi, J.P.

    1994-08-01

    During chemical weapons challenge inspections, the CWC treaty allows ``alternate means`` of access to be proposed by the nation challenged. BNL`s Safeguards, Safety and Nonproliferation Division is funded by the Defense Nuclear Agency to develop a system to provide the challenge inspection team with a ``virtual presence`` within the facility while denying personal access. A general purpose configuration of a mobile station manned by site personnel and a base station manned by the challenge inspector, supported by a flexible communication system, will allow facility personnel to tailor the basic model to their site. Design of the MACS system is based on maximum use of commercial equipment that is available on the international market. Design requirements for the MACS system include methods of establishing geographical position, distance measuring equipment for use in verifying dimensions on floor plans, video and two-way audio links between the mobile unit and the base station, and portability and versatility of the equipment. The MACS platform will also support deployment of selected instrumentation which the site may offer to the challenge inspection team. This paper describes the design and construction of the prototype MACS system.

  12. Urban Studies: A Study of Bibliographic Access and Control.

    ERIC Educational Resources Information Center

    Anderson, Barbara E.

    This paper analyzes: (1) the bibliographic access to publications in urban studies via printed secondary sources; (2) development and scope of classification systems and of vocabulary control for urban studies; and (3) currently accessible automated collections of bibliographic citations. Urban studies is defined as "an agglomeration of…

  13. Role Based Access Control system in the ATLAS experiment

    NASA Astrophysics Data System (ADS)

    Valsan, M. L.; Dobson, M.; Lehmann Miotto, G.; Scannicchio, D. A.; Schlenker, S.; Filimonov, V.; Khomoutnikov, V.; Dumitru, I.; Zaytsev, A. S.; Korol, A. A.; Bogdantchikov, A.; Avolio, G.; Caramarcu, C.; Ballestrero, S.; Darlea, G. L.; Twomey, M.; Bujor, F.

    2011-12-01

    The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The RBAC implementation uses a directory service based on Lightweight Directory Access Protocol to store the users (~3000), roles (~320), groups (~80) and access policies. The information is kept in sync with various other databases and directory services: human resources, central CERN IT, CERN Active Directory and the Access Control Database used by DCS. The paper concludes with a detailed description of the integration across all areas of the system.

  14. Automated biometric access control system for two-man-rule enforcement

    SciTech Connect

    Holmes, J.P.; Maxwell, R.L. ); Henderson, R.W. )

    1991-01-01

    This paper describes a limited access control system for nuclear facilities which makes use of the eye retinal identity verifier to control the passage of personnel into and out of one or a group of security controlled working areas. This access control system requires no keys, cards or credentials. The user simply enters his Personal Identification Number (PIN) and takes an eye reading to request passage. The PIN does not have to be kept secret. The system then relies on biometric identity verification of the user, along with other system information, to make the decision of whether or not to unlock the door. It also enforces multiple zones control with personnel tracking and the two-man-rule.

  15. Improving Control System Security through the Evaluation of Current Trends in Computer Security Research

    SciTech Connect

    Rolston

    2005-03-01

    At present, control system security efforts are primarily technical and reactive in nature. What has been overlooked is the need for proactive efforts, focused on the IT security research community from which new threats might emerge. Evaluating cutting edge IT security research and how it is evolving can provide defenders with valuable information regarding what new threats and tools they can anticipate in the future. Only known attack methodologies can be blocked, and there is a gap between what is known to the general security community and what is being done by cutting edge researchers --both those trying to protect systems and those trying to compromise them. The best security researchers communicate with others in their field; they know what cutting edge research is being done; what software can be penetrated via this research; and what new attack techniques and methodologies are being circulated in the black hat community. Standardization of control system applications, operating systems, and networking protocols is occurring at a rapid rate, following a path similar to the standardization of modern IT networks. Many attack methodologies used on IT systems can be ported over to the control system environment with little difficulty. It is extremely important to take advantage of the lag time between new research, its use on traditional IT networks, and the time it takes to port the research over for use on a control system network. Analyzing nascent trends in IT security and determining their applicability to control system networks provides significant information regarding defense mechanisms needed to secure critical infrastructure more effectively. This work provides the critical infrastructure community with a better understanding of how new attacks might be launched, what layers of defense will be needed to deter them, how the attacks could be detected, and how their impact could be limited.

  16. A Framework for Federated Two-Factor Authentication Enabling Cost-Effective Secure Access to Distributed Cyberinfrastructure

    SciTech Connect

    Ezell, Matthew A; Rogers, Gary L; Peterson, Gregory D.

    2012-01-01

    As cyber attacks become increasingly sophisticated, the security measures used to mitigate the risks must also increase in sophistication. One time password (OTP) systems provide strong authentication because security credentials are not reusable, thus thwarting credential replay attacks. The credential changes regularly, making brute-force attacks significantly more difficult. In high performance computing, end users may require access to resources housed at several different service provider locations. The ability to share a strong token between multiple computing resources reduces cost and complexity. The National Science Foundation (NSF) Extreme Science and Engineering Discovery Environment (XSEDE) provides access to digital resources, including supercomputers, data resources, and software tools. XSEDE will offer centralized strong authentication for services amongst service providers that leverage their own user databases and security profiles. This work implements a scalable framework built on standards to provide federated secure access to distributed cyberinfrastructure.

  17. Access control within military C4ISR systems

    NASA Astrophysics Data System (ADS)

    Maschino, Mike

    2003-07-01

    Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR) tactical battlefield systems must provide the right information and resources to the right individuals at the right time. At the same time, the C4ISR system must enforce access controls to prevent the wrong individuals from obtaining sensitive information, or consuming scarce resources. Because lives, missions and property depend upon them, these access control mechanisms must be effective, reliable, efficient and flexible. The mechanisms employed must suit the nature of the items that are to be protected, as well as the varieties of access policies that must be enforced, and the types of access that will be made to these items. Some access control technologies are inherently centralized, while others are suitable for distributed implementation. The C4ISR architect must select from among the available technologies a combination of mechanisms that eases the burden of policy administration, but is inherently survivable, accurate, resource efficient, and which provides low latency. This paper explores various alternative access enforcement mechanisms, and assesses their effectiveness in managing policy-driven access control within the battlespace.

  18. Communication Security for Control Systems in Smart Grid

    NASA Astrophysics Data System (ADS)

    Robles, Rosslin John; Kim, Tai-Hoon

    As an example of Control System, Supervisory Control and Data Acquisition systems can be relatively simple, such as one that monitors environmental conditions of a small office building, or incredibly complex, such as a system that monitors all the activity in a nuclear power plant or the activity of a municipal water system. SCADA systems are basically Process Control Systems, designed to automate systems such as traffic control, power grid management, waste processing etc. Connecting SCADA to the Internet can provide a lot of advantages in terms of control, data viewing and generation. SCADA infrastructures like electricity can also be a part of a Smart Grid. Connecting SCADA to a public network can bring a lot of security issues. To answer the security issues, a SCADA communication security solution is proposed.

  19. A Flexible Component based Access Control Architecture for OPeNDAP Services

    NASA Astrophysics Data System (ADS)

    Kershaw, Philip; Ananthakrishnan, Rachana; Cinquini, Luca; Lawrence, Bryan; Pascoe, Stephen; Siebenlist, Frank

    2010-05-01

    Network data access services such as OPeNDAP enable widespread access to data across user communities. However, without ready means to restrict access to data for such services, data providers and data owners are constrained from making their data more widely available. Even with such capability, the range of different security technologies available can make interoperability between services and user client tools a challenge. OPeNDAP is a key data access service in the infrastructure under development to support the CMIP5 (Couple Model Intercomparison Project Phase 5). The work is being carried out as part of an international collaboration including the US Earth System Grid and Curator projects and the EU funded IS-ENES and Metafor projects. This infrastructure will bring together Petabytes of climate model data and associated metadata from over twenty modelling centres around the world in a federation with a core archive mirrored at three data centres. A security system is needed to meet the requirements of organisations responsible for model data including the ability to restrict data access to registered users, keep them up to date with changes to data and services, audit access and protect finite computing resources. Individual organisations have existing tools and services such as OPeNDAP with which users in the climate research community are already familiar. The security system should overlay access control in a way which maintains the usability and ease of access to these services. The BADC (British Atmospheric Data Centre) has been working in collaboration with the Earth System Grid development team and partner organisations to develop the security architecture. OpenID and MyProxy were selected at an early stage in the ESG project to provide single sign-on capability across the federation of participating organisations. Building on the existing OPeNDAP specification an architecture based on pluggable server side components has been developed at the BADC

  20. Personnel Access Control System Evaluation for National Ignition Facility Operations

    SciTech Connect

    Altenbach, T; Brereton, S.; Hermes, G.; Singh, M.

    2001-06-01

    The purpose of this document is to analyze the baseline Access Control System for the National Ignition Facility (NIF), and to assess its effectiveness at controlling access to hazardous locations during full NIF operations. It reviews the various hazards present during a NIF shot sequence, and evaluates the effectiveness of the applicable set of controls at preventing access while the hazards are present. It considers only those hazards that could potentially be lethal. In addition, various types of technologies that might be applicable at NIF are reviewed, as are systems currently in use at other facilities requiring access control for safety reasons. Recommendations on how this system might be modified to reduce risk are made.

  1. Secure VM for Monitoring Industrial Process Controllers

    SciTech Connect

    Dasgupta, Dipankar; Ali, Mohammad Hassan; Abercrombie, Robert K; Schlicher, Bob G; Sheldon, Frederick T; Carvalho, Marco

    2011-01-01

    In this paper, we examine the biological immune system as an autonomic system for self-protection, which has evolved over millions of years probably through extensive redesigning, testing, tuning and optimization process. The powerful information processing capabilities of the immune system, such as feature extraction, pattern recognition, learning, memory, and its distributive nature provide rich metaphors for its artificial counterpart. Our study focuses on building an autonomic defense system, using some immunological metaphors for information gathering, analyzing, decision making and launching threat and attack responses. In order to detection Stuxnet like malware, we propose to include a secure VM (or dedicated host) to the SCADA Network to monitor behavior and all software updates. This on-going research effort is not to mimic the nature but to explore and learn valuable lessons useful for self-adaptive cyber defense systems.

  2. Pace: Privacy-Protection for Access Control Enforcement in P2P Networks

    NASA Astrophysics Data System (ADS)

    Sánchez-Artigas, Marc; García-López, Pedro

    In open environments such as peer-to-peer (P2P) systems, the decision to collaborate with multiple users — e.g., by granting access to a resource — is hard to achieve in practice due to extreme decentralization and the lack of trusted third parties. The literature contains a plethora of applications in which a scalable solution for distributed access control is crucial. This fact motivates us to propose a protocol to enforce access control, applicable to networks consisting entirely of untrusted nodes. The main feature of our protocol is that it protects both sensitive permissions and sensitive policies, and does not rely on any centralized authority. We analyze the efficiency (computational effort and communication overhead) as well as the security of our protocol.

  3. A method for protecting and controlling access to JPEG2000 images

    NASA Astrophysics Data System (ADS)

    Serrão, Carlos; Serra, Antonio; Fonseca, Pedro; Salles Dias, Jose M.

    2003-11-01

    The image compression standard JPEG2000 brings not only powerful compression performance but also new functionality unavailable in previous standards (such as region of interest, scalability and random access to image data, through flexible code stream description of the image). ISO/IEC JTC1/SC29/WG1, which is the ISO Committee working group for JPEG2000 standardization is currently defining additional parts to the standard that will allow extended functionalities. One of these extensions is Part 8 JPSEC - JPEG2000 security, which deals with the protection and access control of JPEG2000 code-stream. This paper reports the JPSEC activities detailing with the three core experiments which are in progress to supply the JPEG2000 ISO Committee, with the appropriate protection technology. These core experiments are focusing on the protection of the code-stream itself and on the overall security infrastructure that is needed to manage the access rights of users and applications to that protected code-stream. Regarding the encryption/scrambling process, this one deals with the JPEG2000 code stream in such a way that only the packets, which contain image data information are encrypted. All the other code-stream data will be in clear mode. This paper will also advance details of one of the JPSEC proposed solutions for the security infrastructure - OpenSDRM (Open and Secure Digital Rights Management), which provides security and rights management from the content provider to the content final user. A use case where this security infrastructure was successfully used will also be provided.

  4. IT Security Support for Spaceport Command and Control System

    NASA Technical Reports Server (NTRS)

    McLain, Jeffrey

    2013-01-01

    During the fall 2013 semester, I worked at the Kennedy Space Center as an IT Security Intern in support of the Spaceport Command and Control System under the guidance of the IT Security Lead Engineer. Some of my responsibilities included assisting with security plan documentation collection, system hardware and software inventory, and malicious code and malware scanning. Throughout the semester, I had the opportunity to work on a wide range of security related projects. However, there are three projects in particular that stand out. The first project I completed was updating a large interactive spreadsheet that details the SANS Institutes Top 20 Critical Security Controls. My task was to add in all of the new commercial of the shelf (COTS) software listed on the SANS website that can be used to meet their Top 20 controls. In total, there are 153 unique security tools listed by SANS that meet one or more of their 20 controls. My second project was the creation of a database that will allow my mentor to keep track of the work done by the contractors that report to him in a more efficient manner by recording events as they occur throughout the quarter. Lastly, I expanded upon a security assessment of the Linux machines being used on center that I began last semester. To do this, I used a vulnerability and configuration tool that scans hosts remotely through the network and presents the user with an abundance of information detailing each machines configuration. The experience I gained from working on each of these projects has been invaluable, and I look forward to returning in the spring semester to continue working with the IT Security team.

  5. Secure access control to hidden data by biometric features

    NASA Astrophysics Data System (ADS)

    Cancellaro, M.; Carli, M.; Egiazarian, K.; Neri, A.

    2007-04-01

    In this paper, a novel authentications system combining biometric cryptosystems with digital watermarking is presented. One of the main vulnerabilities of the existing data hiding systems is the public knowledge of the embedding domain. We propose the use of biometric data, minutiae fingerprint set, for generating the encryption key needed to decompose an image in the Tree structured Haar transform. The uniqueness of the biometrics key together with other, embedded, biometric information guarantee the authentication of the user. Experimental tests show the effectiveness of the proposed system.

  6. 33 CFR 104.265 - Security measures for access control.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... individual has reported the TWIC as lost, damaged, or stolen to TSA as required in 49 CFR 1572.19(f); (ii... match of the photo on the TWIC to the individual presenting the TWIC; (ii) Verification that the...

  7. 33 CFR 106.260 - Security measures for access control.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 49 CFR 1572.19(f); (ii) The individual can present another identification credential that meets the... subchapter. Inspection must include: (i) A match of the photo on the TWIC to the individual presenting...

  8. 33 CFR 105.255 - Security measures for access control.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... individual has reported the TWIC as lost, damaged, or stolen to TSA as required in 49 CFR 1572.19(f); (ii... include: (i) A match of the photo on the TWIC to the individual presenting the TWIC; (ii)...

  9. 33 CFR 105.255 - Security measures for access control.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... individual has reported the TWIC as lost, damaged, or stolen to TSA as required in 49 CFR 1572.19(f); (ii... include: (i) A match of the photo on the TWIC to the individual presenting the TWIC; (ii)...

  10. 33 CFR 104.265 - Security measures for access control.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... individual has reported the TWIC as lost, damaged, or stolen to TSA as required in 49 CFR 1572.19(f); (ii... prohibition to be applied and the means of enforcing them; (3) The means used to establish the identity of... individual's claim of loss or theft. (3) If an individual cannot present his or her TWIC for any other...

  11. 33 CFR 105.255 - Security measures for access control.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... individual has reported the TWIC as lost, damaged, or stolen to TSA as required in 49 CFR 1572.19(f); (ii... prohibitions to be applied and the means of enforcing them; (3) The means used to establish the identity of... individual's claim of loss or theft. (3) If an individual cannot present his or her TWIC for any other...

  12. 32 CFR 552.109 - Routine security controls.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... 32 National Defense 3 2012-07-01 2009-07-01 true Routine security controls. 552.109 Section 552.109 National Defense Department of Defense (Continued) DEPARTMENT OF THE ARMY MILITARY RESERVATIONS AND NATIONAL CEMETERIES REGULATIONS AFFECTING MILITARY RESERVATIONS Regulation Controlling the...

  13. 32 CFR 552.109 - Routine security controls.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... 32 National Defense 3 2013-07-01 2013-07-01 false Routine security controls. 552.109 Section 552.109 National Defense Department of Defense (Continued) DEPARTMENT OF THE ARMY MILITARY RESERVATIONS AND NATIONAL CEMETERIES REGULATIONS AFFECTING MILITARY RESERVATIONS Regulation Controlling the...

  14. 32 CFR 552.109 - Routine security controls.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... 32 National Defense 3 2014-07-01 2014-07-01 false Routine security controls. 552.109 Section 552.109 National Defense Department of Defense (Continued) DEPARTMENT OF THE ARMY MILITARY RESERVATIONS AND NATIONAL CEMETERIES REGULATIONS AFFECTING MILITARY RESERVATIONS Regulation Controlling the...

  15. [National pharmaceutical policy in Colombia and social security reform: access and rational use of medicines].

    PubMed

    Mejia Restrepo, Samuel; Velez Arango, Alba Lucía; Buritica Arboleda, Olga Clemencia; Arango Mejia, María Cristina; Rio Gomez, Jaime Alberto del

    2002-01-01

    Based on the new social security system in Colombia (1993), which establishes equity and mandatory care as the basis for public health care provision, the authors analyze whether the formulation and implementation of pharmaceutical policy promote accessibility, availability, and rational use of medicines, thereby contributing to equity in health. Two approaches were used: a macro approach centered on the legal framework and various actors in the reform process and a micro approach related to the processes and results in the drug supply system. The authors studied the legal instruments backing the country's pharmaceutical policy and evaluated their application, using indicators and a specific disease (diabetes mellitus) as a marker. Although there is a legal framework providing the people's right to access health care services and essential medicines, the country lacks a comprehensive pharmaceuticals policy. Most of the institutions experience problems in distributing the medicines listed under the Mandatory Health Plan, a low percentage of medicines is dispensed at zero cost, and a major portion of patients purchase medicines through associations of diabetics or rely on alternative medicine. The study unveiled several obstacles to equity in health care coverage and access to essential medicines. PMID:12118308

  16. System and method for secure group transactions

    DOEpatents

    Goldsmith, Steven Y.

    2006-04-25

    A method and a secure system, processing on one or more computers, provides a way to control a group transaction. The invention uses group consensus access control and multiple distributed secure agents in a network environment. Each secure agent can organize with the other secure agents to form a secure distributed agent collective.

  17. Disclosure Control of Natural Language Information to Enable Secure and Enjoyable Communication over the Internet

    NASA Astrophysics Data System (ADS)

    Kataoka, Haruno; Utsumi, Akira; Hirose, Yuki; Yoshiura, Hiroshi

    Disclosure control of natural language information (DCNL), which we are trying to realize, is described. DCNL will be used for securing human communications over the internet, such as through blogs and social network services. Before sentences in the communications are disclosed, they are checked by DCNL and any phrases that could reveal sensitive information are transformed or omitted so that they are no longer revealing. DCNL checks not only phrases that directly represent sensitive information but also those that indirectly suggest it. Combinations of phrases are also checked. DCNL automatically learns the knowledge of sensitive phrases and the suggestive relations between phrases by using co-occurrence analysis and Web retrieval. The users' burden is therefore minimized, i.e., they do not need to define many disclosure control rules. DCNL complements the traditional access control in the fields where reliability needs to be balanced with enjoyment and objects classes for the access control cannot be predefined.

  18. Visualization for cyber security command and control

    NASA Astrophysics Data System (ADS)

    Langton, John T.; Newey, Brent; Havig, Paul R.

    2010-04-01

    To address the unique requirements of cyber Command and Control (C2), new visualization methods are needed to provide situation awareness and decision support within the cyber domain. A key challenge is the complexity of relevant data: it is immense and multidimensional, includes streaming and log data, and comes from multiple, disparate applications and devices. Decision makers must be afforded a view of a) the current state of the cyber battlespace, b) enemy and friendly capabilities and vulnerabilities, c) correlations between cyber events, and d) potential effects of alternative courses of action within cyberspace. In this paper we present requirements and designs for Visualization for Integrated Cyber Command and Control (VIC3).

  19. Integrated safeguards & security for material protection, accounting, and control.

    SciTech Connect

    Duran, Felicia Angelica; Cipiti, Benjamin B.

    2009-10-01

    Traditional safeguards and security design for fuel cycle facilities is done separately and after the facility design is near completion. This can result in higher costs due to retrofits and redundant use of data. Future facilities will incorporate safeguards and security early in the design process and integrate the systems to make better use of plant data and strengthen both systems. The purpose of this project was to evaluate the integration of materials control and accounting (MC&A) measurements with physical security design for a nuclear reprocessing plant. Locations throughout the plant where data overlap occurs or where MC&A data could be a benefit were identified. This mapping is presented along with the methodology for including the additional data in existing probabilistic assessments to evaluate safeguards and security systems designs.

  20. Secure attachment promotes the development of effortful control in boys.

    PubMed

    Viddal, Kristine Rensvik; Berg-Nielsen, Turid Suzanne; Wan, Ming Wai; Green, Jonathan; Hygen, Beate Wold; Wichstrøm, Lars

    2015-01-01

    Although effortful control (EC), a regulatory aspect of temperament, is associated with a wide range of developmental outcomes, knowledge about EC promoters is scarce. This study explored whether secure attachment promoted the development of EC from preschool to school age in a community sample of 903 Norwegian children. EC was measured using the parent-reported Children's Behavior Questionnaire at four (T1) and six (T2) years of age, and attachment was measured using the Manchester Child Attachment Story Task at T1. Previous research has indicated that a child's gender and socioeconomic status are possible covariates of EC; hence, these factors were included in the analyses. Despite considerable rank-order stability in EC, secure attachment contributed to an increase in EC. Furthermore, gender moderated the effect of attachment: secure attachment promoted EC in boys only. These findings emphasize preschool boys' need for emotional security to facilitate effortful capacities in their transition to school. PMID:25659572

  1. The Smart Card concept applied to access control

    SciTech Connect

    Seidman, S.

    1986-01-01

    Passwords tend to be handled carelessly, and so are easily lost or stolen. Because they are intangible, their loss or theft generally goes unnoticed. Because they are constant, they may be used by anyone for as long as they remain in active use by a legitimate user. A step up in password security is offered by a new range of products which generate a new code each time the device is used. Devices are being produced in packages as small as a standard plastic credit card, including internal battery power, integral keyboard and LCD display. Security features of the Smart Card are reviewed, and several random access code generators currently available in the commercial marketplace are described.

  2. Control with a random access protocol and packet dropouts

    NASA Astrophysics Data System (ADS)

    Wang, Liyuan; Guo, Ge

    2016-08-01

    This paper investigates networked control systems whose actuators communicate with the controller via a limited number of unreliable channels. The access to the channels is decided by a so-called group random access protocol, which is modelled as a binary Markov sequence. Data packet dropouts in the channels are modelled as independent Bernoulli processes. For such systems, a systematic characterisation for controller synthesis is established and stated in terms of the transition probabilities of the Markov protocol and the packet dropout probabilities. The results are illustrated via a numerical example.

  3. Process Control System Cyber Security Standards - An Overview

    SciTech Connect

    Robert P. Evans; V Stanley Scown; Rolf Carlson; Shabbir Shamsuddin; George Shaw; Jeff Dagle; Paul W Oman; Jeannine Schmidt

    2005-10-01

    The use of cyber security standards can greatly assist in the protection of critical infrastructure by providing guidelines and requisite imperatives in the implementation of computer-controlled systems. These standards are most effective when the engineers and operators using the standards understand what each of the standards addresses and does not address. This paper provides a review and comparison of ten documents dealing with control system cyber security. It is not meant to be a complete treatment of all applicable standards; rather, this is an exemplary analysis showing the benefits of comparing and contrasting differing documents.

  4. Critical issues in process control system security : DHS spares project.

    SciTech Connect

    Hernandez, Jacquelynne; McIntyre, Annie; Henrie, Morgan

    2010-10-01

    The goals of this event are: (1) Discuss the next-generation issues and emerging risks in cyber security for control systems; (2) Review and discuss common control system architectures; (3) Discuss the role of policy, standards, and supply chain issues; (4) Interact to determine the most pertinent risks and most critical areas of the architecture; and (5) Merge feedback from Control System Managers, Engineers, IT, and Auditors.

  5. Layered Multicast Encryption of Motion JPEG2000 Code Streams for Flexible Access Control

    NASA Astrophysics Data System (ADS)

    Nakachi, Takayuki; Toyoshima, Kan; Tonomura, Yoshihide; Fujii, Tatsuya

    In this paper, we propose a layered multicast encryption scheme that provides flexible access control to motion JPEG2000 code streams. JPEG2000 generates layered code streams and offers flexible scalability in characteristics such as resolution and SNR. The layered multicast encryption proposal allows a sender to multicast the encrypted JPEG2000 code streams such that only designated groups of users can decrypt the layered code streams. While keeping the layering functionality, the proposed method offers useful properties such as 1) video quality control using only one private key, 2) guaranteed security, and 3) low computational complexity comparable to conventional non-layered encryption. Simulation results show the usefulness of the proposed method.

  6. Security guide for subcontractors

    SciTech Connect

    Adams, R.C.

    1993-06-01

    This guide is provided to aid in the achievement of security objectives in the Department of Energy (DOE) contractor/subcontractor program. The objectives of security are to protect information that, if released, would endanger the common defense and security of the nation and to safeguard plants and installations of the DOE and its contractors to prevent the interruption of research and production programs. The security objective and means of achieving the objective are described. Specific security measures discussed in this guide include physical barriers, personnel identification systems, personnel and vehicular access control, classified document control, protection of classified matter in use, storing classified matter, and repository combinations. Means of dealing with security violations and security infractions are described. Maintenance of a security education program is discussed. Also discussed are methods of handling clearance terminations, visitor control, travel to sensitive countries, and shipment security. The Technical Surveillance Countermeasures Program (TSCM), the Computer Security Program, and the Operations Security Plan (OPSEC) are examined.

  7. Secure Control Systems for the Energy Sector

    SciTech Connect

    Smith, Rhett; Stewart, John; Chavez, Adrian

    2014-10-22

    The Padlock Project is an alliance between Tennessee Valley Authority (TVA), Sandia National Laboratories (SNL), and Schweitzer Engineering Laboratories Inc. (SEL). SEL is the prime contractor on the Padlock project. Rhett Smith (SEL) is the project director and Adrian Chaves (SNL) and John Stewart (TVA) are principle investigators. SEL is the world’s leader in microprocessor-based electronic equipment for protecting electric power systems. The Tennessee Valley Authority, a corporation owned by the U.S. government, provides electricity for 9 million people in parts of seven southeastern states at prices below the national average. TVA, which receives no taxpayer money and makes no profits, also provides flood control, navigation and land management for the Tennessee River system and assists utilities, and state and local governments with economic development.

  8. Ontology based log content extraction engine for a posteriori security control.

    PubMed

    Azkia, Hanieh; Cuppens-Boulahia, Nora; Cuppens, Frédéric; Coatrieux, Gouenou

    2012-01-01

    In a posteriori access control, users are accountable for actions they performed and must provide evidence, when required by some legal authorities for instance, to prove that these actions were legitimate. Generally, log files contain the needed data to achieve this goal. This logged data can be recorded in several formats; we consider here IHE-ATNA (Integrating the healthcare enterprise-Audit Trail and Node Authentication) as log format. The difficulty lies in extracting useful information regardless of the log format. A posteriori access control frameworks often include a log filtering engine that provides this extraction function. In this paper we define and enforce this function by building an IHE-ATNA based ontology model, which we query using SPARQL, and show how the a posteriori security controls are made effective and easier based on this function. PMID:22874291

  9. MPEG-21 as an access control tool for the National Health Service Care Records Service.

    PubMed

    Brox, Georg A

    2005-01-01

    Since the launch of the National Health Service (NHS) Care Records Service with plans to share patient information across England, there has been an emphasis on the need for manageable access control methods. MPEG-21 is a structured file format which includes an Intellectual Property Management and Protection (IPMP) function using XML to present all digitally stored items in the patient record. Using DICreator software, patient records consisting of written text, audio-recordings, non-X-ray digital imaging and video sequences were linked up successfully. Audio records were created using Talk-Back 2002 to standardize and optimize recording quality. The recorded reports were then linked and archived using iTunes. A key was used each time the file was displayed to secure access to confidential patient data. The building of the correct file structure could be monitored during the entire creation of the file. The results demonstrated the ability to ensure secure access of the MPEG-21 file by both health-care professionals and patients by use of different keys and a specific MPEG-21 browser. The study also showed that the enabling of IPMP will provide accurate audit trails to authenticate appropriate access to medical information. PMID:16035983

  10. Controlling user access to electronic resources without password

    SciTech Connect

    Smith, Fred Hewitt

    2015-06-16

    Described herein are devices and techniques for remotely controlling user access to a restricted computer resource. The process includes pre-determining an association of the restricted computer resource and computer-resource-proximal environmental information. Indicia of user-proximal environmental information are received from a user requesting access to the restricted computer resource. Received indicia of user-proximal environmental information are compared to associated computer-resource-proximal environmental information. User access to the restricted computer resource is selectively granted responsive to a favorable comparison in which the user-proximal environmental information is sufficiently similar to the computer-resource proximal environmental information. In at least some embodiments, the process further includes comparing user-supplied biometric measure and comparing it with a predetermined association of at least one biometric measure of an authorized user. Access to the restricted computer resource is granted in response to a favorable comparison.

  11. Secure Communications in High Speed Fiber Optical Networks Using Code Division Multiple Access (CDMA) Transmission

    SciTech Connect

    Han, I; Bond, S; Welty, R; Du, Y; Yoo, S; Reinhardt, C; Behymer, E; Sperry, V; Kobayashi, N

    2004-02-12

    This project is focused on the development of advanced components and system technologies for secure data transmission on high-speed fiber optic data systems. This work capitalizes on (1) a strong relationship with outstanding faculty at the University of California-Davis who are experts in high speed fiber-optic networks, (2) the realization that code division multiple access (CDMA) is emerging as a bandwidth enhancing technique for fiber optic networks, (3) the realization that CDMA of sufficient complexity forms the basis for almost unbreakable one-time key transmissions, (4) our concepts for superior components for implementing CDMA, (5) our expertise in semiconductor device processing and (6) our Center for Nano and Microtechnology, which is where the majority of the experimental work was done. Here we present a novel device concept, which will push the limits of current technology, and will simultaneously solve system implementation issues by investigating new state-of-the-art fiber technologies. This will enable the development of secure communication systems for the transmission and reception of messages on deployed commercial fiber optic networks, through the CDMA phase encoding of broad bandwidth pulses. CDMA technology has been developed as a multiplexing technology, much like wavelength division multiplexing (WDM) or time division multiplexing (TDM), to increase the potential number of users on a given communication link. A novel application of the techniques created for CDMA is to generate secure communication through physical layer encoding. Physical layer encoding devices are developed which utilize semiconductor waveguides with fast carrier response times to phase encode spectral components of a secure signal. Current commercial technology, most commonly a spatial light modulator, allows phase codes to be changed at rates of only 10's of Hertz ({approx}25ms response). The use of fast (picosecond to nanosecond) carrier dynamics of semiconductors, as

  12. Secure Data Transfer Guidance for Industrial Control and SCADA Systems

    SciTech Connect

    Mahan, Robert E.; Fluckiger, Jerry D.; Clements, Samuel L.; Tews, Cody W.; Burnette, John R.; Goranson, Craig A.; Kirkham, Harold

    2011-09-01

    This document was developed to provide guidance for the implementation of secure data transfer in a complex computational infrastructure representative of the electric power and oil and natural gas enterprises and the control systems they implement. For the past 20 years the cyber security community has focused on preventative measures intended to keep systems secure by providing a hard outer shell that is difficult to penetrate. Over time, the hard exterior, soft interior focus changed to focus on defense-in-depth adding multiple layers of protection, introducing intrusion detection systems, more effective incident response and cleanup, and many other security measures. Despite much larger expenditures and more layers of defense, successful attacks have only increased in number and severity. Consequently, it is time to re-focus the conventional approach to cyber security. While it is still important to implement measures to keep intruders out, a new protection paradigm is warranted that is aimed at discovering attempted or real compromises as early as possible. Put simply, organizations should take as fact that they have been, are now, or will be compromised. These compromises may be intended to steal information for financial gain as in the theft of intellectual property or credentials that lead to the theft of financial resources, or to lie silent until instructed to cause physical or electronic damage and/or denial of services. This change in outlook has been recently confirmed by the National Security Agency [19]. The discovery of attempted and actual compromises requires an increased focus on monitoring events by manual and/or automated log monitoring, detecting unauthorized changes to a system's hardware and/or software, detecting intrusions, and/or discovering the exfiltration of sensitive information and/or attempts to send inappropriate commands to ICS/SCADA (Industrial Control System/Supervisory Control And Data Acquisition) systems.

  13. Security controls in the Stockpoint Logistics Integrated Communications Environment (SPLICE)

    NASA Astrophysics Data System (ADS)

    Arseneault, D. S.

    1985-03-01

    This thesis examines security controls specified and implemented in the Stock Point Logistics Integrated Communications Environment (SPLICE) project. Controls provided by the Defense Data Network and the Tandem operating system are reviewed. Alternatives from current literature in areas of authentication, encryption, and dial-port protection are reviewed for the purpose of suggesting enhancements. Issues discussed apply to most interactive/decentralized systems in operation today and include administrative as well as technical recommendations.

  14. Building a Secure Library System.

    ERIC Educational Resources Information Center

    Benson, Allen C.

    1998-01-01

    Presents tips for building a secure library system to guard against threats like hackers, viruses, and theft. Topics include: determining what is at risk; recovering from disasters; developing security policies; developing front-end security; securing menu systems; accessing control programs; protecting against damage from viruses; developing…

  15. Joint Access Control Based on Access Ratio and Resource Utilization for High-Speed Railway Communications

    NASA Astrophysics Data System (ADS)

    Zhou, Yuzhe; Ai, Bo

    2015-05-01

    The fast development of high-speed rails makes people's life more and more convenient. However, provisioning of quality of service of multimedia applications for users on the high-speed train is a critical task for wireless communications. Therefore, new solutions are desirable to be found to address this kind of problem. Current researches mainly focus on providing seamless broadband wireless access for high-speed mobile terminals. In this paper, an algorithm to calculate the optimal resource reservation fraction of handovers is proposed. A joint access control scheme for high-speed railway communication handover scenario is proposed. Metrics of access ratio and resource utilization ratio are considered jointly in the analysis and the performance evaluation. Simulation results show that the proposed algorithm and the scheme improve quality of service compared with other conventional schemes.

  16. Balancing Security and Learning. School Security Supplement.

    ERIC Educational Resources Information Center

    Kennedy, Mike

    2002-01-01

    Discusses ways to provide vital safety to schools without inhibiting the learning environment for students. Describes security efforts at Orange County, Florida schools, such as using video cameras, school police officers, and access-control systems. (EV)

  17. Access Control for Agent-based Computing: A Distributed Approach.

    ERIC Educational Resources Information Center

    Antonopoulos, Nick; Koukoumpetsos, Kyriakos; Shafarenko, Alex

    2001-01-01

    Discusses the mobile software agent paradigm that provides a foundation for the development of high performance distributed applications and presents a simple, distributed access control architecture based on the concept of distributed, active authorization entities (lock cells), any combination of which can be referenced by an agent to provide…

  18. Access control and interlock system at the Advanced Photon Source

    SciTech Connect

    Forrestal, J.; Hogrefe, R.; Knott, M.; McDowell, W.; Reigle, D.; Solita, L.; Koldenhoven, R.; Haid, D.

    1997-08-01

    The Advanced Photon Source (APS) consists of a linac, position accumulator ring (PAR), booster synchrotron, storage ring, and up to 70 experimental beamlines. The Access Control and Interlock System (ACIS) utilizes redundant programmable logic controllers (PLCs) and a third hard-wired chain to protect personnel from prompt radiation generated by the linac, PAR, synchrotron, and storage ring. This paper describes the ACIS`s design philosophy, configuration, hardware, functionality, validation requirements, and operational experience.

  19. Accessibility

    MedlinePlus

    ... www.nlm.nih.gov/medlineplus/accessibility.html MedlinePlus Accessibility To use the sharing features on this page, ... Subscribe to RSS Follow us Disclaimers Copyright Privacy Accessibility Quality Guidelines Viewers & Players MedlinePlus Connect for EHRs ...

  20. Secure quantum network coding for controlled repeater networks

    NASA Astrophysics Data System (ADS)

    Shang, Tao; Li, Jiao; Liu, Jian-wei

    2016-04-01

    To realize efficient quantum communication based on quantum repeater, we propose a secure quantum network coding scheme for controlled repeater networks, which adds a controller as a trusted party and is able to control the process of EPR-pair distribution. As the key operations of quantum repeater, local operations and quantum communication are designed to adopt quantum one-time pad to enhance the function of identity authentication instead of local operations and classical communication. Scheme analysis shows that the proposed scheme can defend against active attacks for quantum communication and realize long-distance quantum communication with minimal resource consumption.

  1. Secure quantum network coding for controlled repeater networks

    NASA Astrophysics Data System (ADS)

    Shang, Tao; Li, Jiao; Liu, Jian-wei

    2016-07-01

    To realize efficient quantum communication based on quantum repeater, we propose a secure quantum network coding scheme for controlled repeater networks, which adds a controller as a trusted party and is able to control the process of EPR-pair distribution. As the key operations of quantum repeater, local operations and quantum communication are designed to adopt quantum one-time pad to enhance the function of identity authentication instead of local operations and classical communication. Scheme analysis shows that the proposed scheme can defend against active attacks for quantum communication and realize long-distance quantum communication with minimal resource consumption.

  2. INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY

    SciTech Connect

    Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

    2011-07-01

    Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

  3. Distributed reservation control protocols for random access broadcasting channels

    NASA Technical Reports Server (NTRS)

    Greene, E. P.; Ephremides, A.

    1981-01-01

    Attention is given to a communication network consisting of an arbitrary number of nodes which can communicate with each other via a time-division multiple access (TDMA) broadcast channel. The reported investigation is concerned with the development of efficient distributed multiple access protocols for traffic consisting primarily of single packet messages in a datagram mode of operation. The motivation for the design of the protocols came from the consideration of efficient multiple access utilization of moderate to high bandwidth (4-40 Mbit/s capacity) communication satellite channels used for the transmission of short (1000-10,000 bits) fixed length packets. Under these circumstances, the ratio of roundtrip propagation time to packet transmission time is between 100 to 10,000. It is shown how a TDMA channel can be adaptively shared by datagram traffic and constant bandwidth users such as in digital voice applications. The distributed reservation control protocols described are a hybrid between contention and reservation protocols.

  4. T3: Secure, Scalable, Distributed Data Movement and Remote System Control for Enterprise Level Cyber Security

    SciTech Connect

    Thomas, Gregory S.; Nickless, William K.; Thiede, David R.; Gorton, Ian; Pitre, Bill J.; Christy, Jason E.; Faultersack, Elizabeth M.; Mauth, Jeffery A.

    2009-07-20

    Enterprise level cyber security requires the deployment, operation, and monitoring of many sensors across geographically dispersed sites. Communicating with the sensors to gather data and control behavior is a challenging task when the number of sensors is rapidly growing. This paper describes the system requirements, design, and implementation of T3, the third generation of our transport software that performs this task. T3 relies on open source software and open Internet standards. Data is encoded in MIME format messages and transported via NNTP, which provides scalability. OpenSSL and public key cryptography are used to secure the data. Robustness and ease of development are increased by defining an internal cryptographic API, implemented by modules in C, Perl, and Python. We are currently using T3 in a production environment. It is freely available to download and use for other projects.

  5. Secure control systems with application to cyber-physical systems

    SciTech Connect

    Dong, Jin; Djouadi, Seddik M; Nutaro, James J; Kuruganti, Phani Teja

    2014-01-01

    Control systems are computer-based systems with networked units consisting of sensors, actuators, control processing units, and communication devices. The role of control system is to interact, monitor, and control physical processes. Reactive power control is a fundamental issue in ensuring the security of the power network. It is claimed that Synchronous Condensers (SC) have been used at both distribution and transmission voltage levels to improve stability and to maintain voltages within desired limits under changing load conditions and contingency situations. Performance of PI controller corresponding to various tripping faults are analyzed for SC systems. Most of the eort in protecting these systems has been in protection against random failures or reliability. However, besides failures these systems are subject to various signal attacks for which new analysis are discussed here. When a breach does occur, it is necessary to react in a time commensurate with the physical dynamics of the system as it responds to the attack. Failure to act swiftly enough may result in undesirable, and possibly irreversible, physical eects. Therefore, it is meaningful to evaluate the security of a cyber-physical system, especially to protect it from cyber-attack. Illustrative numerical examples are provided together with an application to the SC systems.

  6. 7 CFR 331.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... individual is approved by the Administrator or the HHS Secretary following a security risk assessment by the... risk assessment to the Attorney General. (e) An individual's security risk assessment may be...

  7. Controlling multiple security robots in a warehouse environment

    NASA Technical Reports Server (NTRS)

    Everett, H. R.; Gilbreath, G. A.; Heath-Pastore, T. A.; Laird, R. T.

    1994-01-01

    The Naval Command Control and Ocean Surveillance Center (NCCOSC) has developed an architecture to provide coordinated control of multiple autonomous vehicles from a single host console. The multiple robot host architecture (MRHA) is a distributed multiprocessing system that can be expanded to accommodate as many as 32 robots. The initial application will employ eight Cybermotion K2A Navmaster robots configured as remote security platforms in support of the Mobile Detection Assessment and Response System (MDARS) Program. This paper discusses developmental testing of the MRHA in an operational warehouse environment, with two actual and four simulated robotic platforms.

  8. 9 CFR 121.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... Administrator or the HHS Secretary following a security risk assessment by the Attorney General. (b) An... approval, each individual must submit the information necessary to conduct a security risk assessment to the Attorney General. (e) An individual's security risk assessment may be expedited upon...

  9. 7 CFR 331.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... individual is approved by the Administrator or the HHS Secretary following a security risk assessment by the... risk assessment to the Attorney General. (e) An individual's security risk assessment may be expedited...; security risk assessments. 331.10 Section 331.10 Agriculture Regulations of the Department of...

  10. 42 CFR 73.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... Administrator, following a security risk assessment by the Attorney General. (b) An individual will be deemed to... individual must submit the information necessary to conduct a security risk assessment to the Attorney General. (e) An individual's security risk assessment may be expedited upon written request by...

  11. 7 CFR 331.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... individual is approved by the Administrator or the HHS Secretary following a security risk assessment by the... risk assessment to the Attorney General. (e) An individual's security risk assessment may be expedited...; security risk assessments. 331.10 Section 331.10 Agriculture Regulations of the Department of...

  12. 42 CFR 73.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... Administrator, following a security risk assessment by the Attorney General. (b) An individual will be deemed to... individual must submit the information necessary to conduct a security risk assessment to the Attorney General. (e) An individual's security risk assessment may be expedited upon written request by...

  13. 42 CFR 73.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... Administrator, following a security risk assessment by the Attorney General. (b) An individual will be deemed to... individual must submit the information necessary to conduct a security risk assessment to the Attorney General. (e) An individual's security risk assessment may be expedited upon written request by...

  14. 9 CFR 121.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... Administrator or the HHS Secretary following a security risk assessment by the Attorney General. (b) An... approval, each individual must submit the information necessary to conduct a security risk assessment to... for a specified period of time. (f) An individual's security risk assessment may be expedited...

  15. 9 CFR 121.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... Administrator or the HHS Secretary following a security risk assessment by the Attorney General. (b) An... approval, each individual must submit the information necessary to conduct a security risk assessment to... for a specified period of time. (f) An individual's security risk assessment may be expedited...

  16. 42 CFR 73.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... Administrator, following a security risk assessment by the Attorney General. (b) An individual will be deemed to... individual must submit the information necessary to conduct a security risk assessment to the Attorney... period of time. (f) An individual's security risk assessment may be expedited upon written request by...

  17. Catheter Securement Systems for Peripherally Inserted and Nontunneled Central Vascular Access Devices: Clinical Evaluation of a Novel Sutureless Device.

    PubMed

    Krenik, Karen M; Smith, Graham E; Bernatchez, Stéphanie F

    2016-01-01

    Sutureless catheter securement systems are intended to eliminate risks associated with sutures. The clinical acceptability of a novel system was investigated compared with the current method of securement for peripherally inserted central catheters (19 facilities using StatLock or sutures) or nontunneled central vascular access devices (3 facilities using StatLock or sutures or HubGuard + Sorbaview Shield). More than 94% of respondents rated the novel system as same, better, or much better than their current product. More than 82% of respondents were willing to replace their current system with the new one. PMID:27379679

  18. Rural providers' access to online resources: a randomized controlled trial

    PubMed Central

    Hall, Laura J.; McElfresh, Karen R.; Warner, Teddy D.; Stromberg, Tiffany L.; Trost, Jaren; Jelinek, Devin A.

    2016-01-01

    Objective The research determined the usage and satisfaction levels with one of two point-of-care (PoC) resources among health care providers in a rural state. Methods In this randomized controlled trial, twenty-eight health care providers in rural areas were stratified by occupation and region, then randomized into either the DynaMed or the AccessMedicine study arm. Study participants were physicians, physician assistants, and nurses. A pre- and post-study survey measured participants' attitudes toward different information resources and their information-seeking activities. Medical student investigators provided training and technical support for participants. Data analyses consisted of analysis of variance (ANOVA), paired t tests, and Cohen's d statistic to compare pre- and post-study effects sizes. Results Participants in both the DynaMed and the AccessMedicine arms of the study reported increased satisfaction with their respective PoC resource, as expected. Participants in both arms also reported that they saved time in finding needed information. At baseline, both arms reported too little information available, which increased to “about right amounts of information” at the completion of the study. DynaMed users reported a Cohen's d increase of +1.50 compared to AccessMedicine users' reported use of 0.82. DynaMed users reported d2 satisfaction increases of 9.48 versus AccessMedicine satisfaction increases of 0.59 using a Cohen's d. Conclusion Participants in the DynaMed arm of the study used this clinically oriented PoC more heavily than the users of the textbook-based AccessMedicine. In terms of user satisfaction, DynaMed users reported higher levels of satisfaction than the users of AccessMedicine. PMID:26807050

  19. Statistical process control testing of electronic security equipment

    SciTech Connect

    Murray, D.W.; Spencer, D.D.

    1994-06-01

    Statistical Process Control testing of manufacturing processes began back in the 1940`s with the development of Process Control Charts by Dr. Walter A. Shewart. Sandia National Laboratories has developed an application of the SPC method for performance testing of electronic security equipment. This paper documents the evaluation of this testing methodology applied to electronic security equipment and an associated laptop computer-based system for obtaining and analyzing the test data. Sandia developed this SPC sensor performance testing method primarily for use on portal metal detectors, but, has evaluated it for testing of an exterior intrusion detection sensor and other electronic security devices. This method is an alternative to the traditional binomial (alarm or no-alarm) performance testing. The limited amount of information in binomial data drives the number of tests necessary to meet regulatory requirements to unnecessarily high levels. For example, a requirement of a 0.85 probability of detection with a 90% confidence requires a minimum of 19 alarms out of 19 trials. By extracting and analyzing measurement (variables) data whenever possible instead of the more typical binomial data, the user becomes more informed about equipment health with fewer tests (as low as five per periodic evaluation).

  20. Integration of access control and ancillary information systems

    SciTech Connect

    Rodriguez, J.R.; Ahrens, J.S.

    1995-07-01

    The DOE has identified the Lawrence Livermore National Laboratory ARGUS system as the standard entry control system for the DOE Complex. ARGUS integrates several key functions, specifically, badging, entry control, and verification of clearance status. Not all sites need or can afford an ARGUS system. Such sites are therefore limited to commercial equipment which provide ARGUS like features. In this project an alternative way to integrate commercial equipment into an integrated system to include badging, access control, property control, and automated verification of clearance status has been investigated. Such a system would provide smaller sites the same functionality as is provided by ARGUS. Further, it would allow sites to fully participate in the DOE`s concept of Complex wide access control. This multi-year task is comprised of three phases. Phase 1, system requirements and definitions, and phase 2, software and hardware development, were completed during fiscal year 1994. This report covers these two phases and the demonstration system which resulted. Phase three would employ the demonstration system to evaluate system performance, identify operational limits and to integrate additional features. The demonstration system includes a badging station, a database server, a managers workstation, an entry control system, and a property protection system. The functions have been integrated through the use of custom interfaces and operator screens which greatly increase ease of use.

  1. An approach to access control in electronic health record.

    PubMed

    Sucurovic, Snezana

    2010-08-01

    OASIS is a non-for-profit consortium that drives the development convergence and adoption of open standards for the global information society. It involves more than 600 organizations and individuals as well as IT leaders Sun, Microsoft, IBM and Oracle. One of its standards is XACML which appeared a few years ago and now there are about 150,000 hits on Google. XACML (eXtensible Access Control Markup Language) is not technology related. Sun published in 2004 open source Sun XACML which is in compliance with XACML 1.0. specification and now works to make it comply with XACML 2.0. The heart of XACML are attributes values of defined type and name that is to be attached to a subject, a resource, an action and an environment in which a subject request action on resource. In that way XACML is to replace Role Based Access Control which dominated for years. The paper examines performances in CEN 13 606 and ISO 22 600 based healthcare system which uses XACML for access control. PMID:20703920

  2. Segmented proportional spacing medium access control protocol for APONs

    NASA Astrophysics Data System (ADS)

    Wang, Hongbin; Yu, Yiqing; Zhou, Dongru; Meng, Bo

    2004-04-01

    Combining asynchronous transfer mode (ATM) over a passive optical network (APON) can provide broadband services as defined by the international telecommunications union (ITU). The medium access control (MAC) layer is of primary importance to the access scheme as in controls the flow of traffic in the access network. This paper presents a novel MAC protocol-segmented proportional spacing MAC protocol, which complies with ITU-T recommendations, is firstly designed for APON system based on the analysis of different type of bandwidth allocation algorithms. The main idea of protocol is: frame structure adopts the structure regulated by ITU; fine time division for the optical network unit (ONU) to apply bandwidth; the bandwidth"s application is not based on the T-interface but ONU, the bandwidth allocation algorithm uses segmented proportional spacing algorithm. At last, we compare our protocol to other MAC protocols, the results show that proportional spacing and segmented bandwidth allocation control the cell jitter with satisfactory and improve the system bandwidth efficiency at same time, the correlative conclusions are given finally.

  3. DOE/DHS INDUSTRIAL CONTROL SYSTEM CYBER SECURITY PROGRAMS: A MODEL FOR USE IN NUCLEAR FACILITY SAFEGUARDS AND SECURITY

    SciTech Connect

    Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

    2011-07-01

    Many critical infrastructure sectors have been investigating cyber security issues for several years especially with the help of two primary government programs. The U.S. Department of Energy (DOE) National SCADA Test Bed and the U.S. Department of Homeland Security (DHS) Control Systems Security Program have both implemented activities aimed at securing the industrial control systems that operate the North American electric grid along with several other critical infrastructure sectors (ICS). These programs have spent the last seven years working with industry including asset owners, educational institutions, standards and regulating bodies, and control system vendors. The programs common mission is to provide outreach, identification of cyber vulnerabilities to ICS and mitigation strategies to enhance security postures. The success of these programs indicates that a similar approach can be successfully translated into other sectors including nuclear operations, safeguards, and security. The industry regulating bodies have included cyber security requirements and in some cases, have incorporated sets of standards with penalties for non-compliance such as the North American Electric Reliability Corporation Critical Infrastructure Protection standards. These DOE and DHS programs that address security improvements by both suppliers and end users provide an excellent model for nuclear facility personnel concerned with safeguards and security cyber vulnerabilities and countermeasures. It is not a stretch to imagine complete surreptitious collapse of protection against the removal of nuclear material or even initiation of a criticality event as witnessed at Three Mile Island or Chernobyl in a nuclear ICS inadequately protected against the cyber threat.

  4. Coalition Warfare Program (CWP): secure policy controlled information query and dissemination over a Bices network

    NASA Astrophysics Data System (ADS)

    Toth, Andrew; Pham, Tien; Karr, Todd; Bent, Graham; Harries, Dominic; Knox, Alan

    2013-05-01

    In 2006, the US Army Research Laboratory (ARL) and the UK Ministry of Defence (MoD) established a collaborative research alliance with academia and industry, called the International Technology Alliance (ITA) to address fundamental issues concerning Network and Information Sciences. Under the ITA research program, a US-UK transition project on "ITA Policy Controlled Information Query and Dissemination" was funded in 2011 by OSD's Coalition Warfare Program (CWP). The goal of this CWP project is to develop an extensible capability of performing distributed federated query and information dissemination across a coalition network of distributed disparate data/information sources with access­ controlled policies. The CWP project is lead by US Army Research Laboratory (ARL) and UK Defence Science Technology Laboratory (Dstl) with software development by IBM UK and IBM US. The CWP project exploits two key technology components developed within the ITA, namely the Gaian Database and integrated Access Policy Decision and Enforcement mechanisms. The Gaian Database (GaianDB) is a Dynamic Distributed Federated Database (DDFD) that addresses a need to share information among coalition members by providing a means for policy-controlled access to data across a network of heterogeneous data sources. GaianDB implements a SQL-compliant Store-Locally-Query-Anywhere (SLQA) approach providing software applications with global access to data from any node in the database network via standard SQL queries. Security policy is stored locally and enforced at the database node level, reducing potential for unauthorized data access and waste of network bandwidth. A key metric of success for a CWP project is the transition of coalition-related technology from TRL-3 or 4 to TRL-6 or higher. Thus, the end goal of this CWP project was to demonstrate the GaianDB and policy technology within an operational environment at the NATO Intelligence Fusion Centre (NIFC) at Molesworth RAF. An initial

  5. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    SciTech Connect

    Robert P. Evans

    2005-09-01

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was selected from the list of standards identified

  6. Creating and Maintaining Security on Campus.

    ERIC Educational Resources Information Center

    Polensky, David W.

    2002-01-01

    Describes the various components of an effective campus security program, including the master plan/needs assessment, law enforcement staffing, security technology, access control, closed circuit television systems, and emergency planning. (EV)

  7. 28 CFR 16.74 - Exemption of National Security Division Systems-limited access.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... provide the target of a surveillance or collection activity with the disclosure accounting records... the interests of national security, it is necessary to retain this information to aid in establishing... activity and compromise national security. For example, a target could, once made aware that...

  8. 28 CFR 16.74 - Exemption of National Security Division Systems-limited access.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... provide the target of a surveillance or collection activity with the disclosure accounting records... the interests of national security, it is necessary to retain this information to aid in establishing... activity and compromise national security. For example, a target could, once made aware that...

  9. 28 CFR 16.74 - Exemption of National Security Division Systems-limited access.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... provide the target of a surveillance or collection activity with the disclosure accounting records... the interests of national security, it is necessary to retain this information to aid in establishing... activity and compromise national security. For example, a target could, once made aware that...

  10. 7 CFR 331.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... individual is approved by the Administrator or the HHS Secretary following a security risk assessment by the... risk assessment to the Attorney General. (e) A person with valid approval from the HHS Secretary or... individual or entity for a specified period of time. (f) An individual's security risk assessment may...

  11. Automated passage control for security, cost efficiency, and convenience

    SciTech Connect

    Smart, D.C.

    1990-01-01

    The purpose of this paper is to describe new methods of passage control through automatic computer processes and electromechanical identity and surveillance devices. It is now possible for a person to be identified with objective certainty by computer without interaction of a guard or duty officer. In addition, the presence of just one person is also confirmed automatically BEFORE passage is allowed into a secured area. There can be no tailgating of intruders during a valid, authorized entry process. The advantage to the facility using this new equipment is improved security through elimination of the subjective decision process of guards who may be right on or who may be off that day. The objective decisions of the automated passage control computers determine a positive identity and passage authority, or else interdicts the passage attempt. There can be no indecision, argument, or waffling about authorization to enter. Each person's Logical Presence is known at all times, and a permanent audit trail is maintained. There is an almost immediate return on investment through the furloughing of expensive guards and inspectors at entry points.

  12. Security Implications of OPC, OLE, DCOM, and RPC in Control Systems

    SciTech Connect

    Not Available

    2006-01-01

    OPC is a collection of software programming standards and interfaces used in the process control industry. It is intended to provide open connectivity and vendor equipment interoperability. The use of OPC technology simplifies the development of control systems that integrate components from multiple vendors and support multiple control protocols. OPC-compliant products are available from most control system vendors, and are widely used in the process control industry. OPC was originally known as OLE for Process Control; the first standards for OPC were based on underlying services in the Microsoft Windows computing environment. These underlying services (OLE [Object Linking and Embedding], DCOM [Distributed Component Object Model], and RPC [Remote Procedure Call]) have been the source of many severe security vulnerabilities. It is not feasible to automatically apply vendor patches and service packs to mitigate these vulnerabilities in a control systems environment. Control systems using the original OPC data access technology can thus inherit the vulnerabilities associated with these services. Current OPC standardization efforts are moving away from the original focus on Microsoft protocols, with a distinct trend toward web-based protocols that are independent of any particular operating system. However, the installed base of OPC equipment consists mainly of legacy implementations of the OLE for Process Control protocols.

  13. Secure portal.

    SciTech Connect

    Nelson, Cynthia Lee

    2007-09-01

    There is a need in security systems to rapidly and accurately grant access of authorized personnel to a secure facility while denying access to unauthorized personnel. In many cases this role is filled by security personnel, which can be very costly. Systems that can perform this role autonomously without sacrificing accuracy or speed of throughput are very appealing. To address the issue of autonomous facility access through the use of technology, the idea of a ''secure portal'' is introduced. A secure portal is a defined zone where state-of-the-art technology can be implemented to grant secure area access or to allow special privileges for an individual. Biometric technologies are of interest because they are generally more difficult to defeat than technologies such as badge swipe and keypad entry. The biometric technologies selected for this concept were facial and gait recognition. They were chosen since they require less user cooperation than other biometrics such as fingerprint, iris, and hand geometry and because they have the most potential for flexibility in deployment. The secure portal concept could be implemented within the boundaries of an entry area to a facility. As a person is approaching a badge and/or PIN portal, face and gait information can be gathered and processed. The biometric information could be fused for verification against the information that is gathered from the badge. This paper discusses a facial recognition technology that was developed for the purposes of providing high verification probabilities with low false alarm rates, which would be required of an autonomous entry control system. In particular, a 3-D facial recognition approach using Fisher Linear Discriminant Analysis is described. Gait recognition technology, based on Hidden Markov Models has been explored, but those results are not included in this paper. Fusion approaches for combining the results of the biometrics would be the next step in realizing the secure portal

  14. Statistical process control based chart for information systems security

    NASA Astrophysics Data System (ADS)

    Khan, Mansoor S.; Cui, Lirong

    2015-07-01

    Intrusion detection systems have a highly significant role in securing computer networks and information systems. To assure the reliability and quality of computer networks and information systems, it is highly desirable to develop techniques that detect intrusions into information systems. We put forward the concept of statistical process control (SPC) in computer networks and information systems intrusions. In this article we propose exponentially weighted moving average (EWMA) type quality monitoring scheme. Our proposed scheme has only one parameter which differentiates it from the past versions. We construct the control limits for the proposed scheme and investigate their effectiveness. We provide an industrial example for the sake of clarity for practitioner. We give comparison of the proposed scheme with EWMA schemes and p chart; finally we provide some recommendations for the future work.

  15. CS2SAT: THE CONTROL SYSTEMS CYBER SECURITY SELF-ASSESSMENT TOOL

    SciTech Connect

    Kathleen A. Lee

    2008-01-01

    The Department of Homeland Security National Cyber Security Division has developed the Control System Cyber Security Self-Assessment Tool (CS2SAT) that provides users with a systematic and repeatable approach for assessing the cyber-security posture of their industrial control system networks. The CS2SAT was developed by cyber security experts from Department of Energy National Laboratories and with assistance from the National Institute of Standards and Technology. The CS2SAT is a desktop software tool that guides users through a step-by-step process to collect facility-specific control system information and then makes appropriate recommendations for improving the system’s cyber-security posture. The CS2SAT provides recommendations from a database of industry available cyber-security practices, which have been adapted specifically for application to industry control system networks and components. Each recommendation is linked to a set of actions that can be applied to remediate-specific security vulnerabilities.

  16. 48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470... Technology resources, and sensitive information. ... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive...

  17. 48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470... Technology resources, and sensitive information. ... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive...

  18. 48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470... Technology resources, and sensitive information. ... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive...

  19. 76 FR 60398 - Exemption to Prohibition on Circumvention of Copyright Protection Systems for Access Control...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-29

    ... Protection Systems for Access Control Technologies, 65 FR 64556, 64564, published in the Federal Register... Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies, 68 FR 62011... Circumvention of Copyright Protection Systems for Access Control Technologies, 71 FR 68472, 68480, published...

  20. School Security, 2000.

    ERIC Educational Resources Information Center

    Agron, Joe, Ed.; Anderson, Larry, Ed.

    This supplement, a collaboration of "American School & University" and "Access Control & Security Systems Integration" magazines, presents four articles examining equipment and management strategies to ensure school safety. "School Security by the Numbers" (Joe Agron; Larry Anderson) defines the parameters and quantifies the trend in the school…

  1. Controlled Access under Review: Improving the Governance of Genomic Data Access.

    PubMed

    Shabani, Mahsa; Dyke, Stephanie O M; Joly, Yann; Borry, Pascal

    2015-12-01

    In parallel with massive genomic data production, data sharing practices have rapidly expanded over the last decade. To ensure authorized access to data, access review by data access committees (DACs) has been utilized as one potential solution. Here we discuss core elements to be integrated into the fabric of access review by both established and emerging DACs in order to foster fair, efficient, and responsible access to datasets. We particularly highlight the fact that the access review process could be adversely influenced by the potential conflicts of interest of data producers, particularly when they are directly involved in DACs management. Therefore, in structuring DACs and access procedures, possible data withholding by data producers should receive thorough attention. PMID:26720729

  2. Controlled Access under Review: Improving the Governance of Genomic Data Access

    PubMed Central

    Shabani, Mahsa; Dyke, Stephanie O. M.; Joly, Yann; Borry, Pascal

    2015-01-01

    In parallel with massive genomic data production, data sharing practices have rapidly expanded over the last decade. To ensure authorized access to data, access review by data access committees (DACs) has been utilized as one potential solution. Here we discuss core elements to be integrated into the fabric of access review by both established and emerging DACs in order to foster fair, efficient, and responsible access to datasets. We particularly highlight the fact that the access review process could be adversely influenced by the potential conflicts of interest of data producers, particularly when they are directly involved in DACs management. Therefore, in structuring DACs and access procedures, possible data withholding by data producers should receive thorough attention. PMID:26720729

  3. Trust-based Access Control in Virtual Learning Community

    NASA Astrophysics Data System (ADS)

    Wang, Shujuan; Liu, Qingtang

    The virtual learning community is an important application pattern of E-Learning. It emphasizes the cooperation of the members in the community, the members would like to share their learning resources, to exchange their experience and complete the study task together. This instructional mode has already been proved as an effective way to improve the quality and efficiency of instruction. At the present time, the virtual learning communities are mostly designed using static access control policy by which the access permission rights are authorized by the super administrator, the super administrator assigns different rights to different roles, but the virtual and social characteristics of virtual learning community make information sharing and collaboration a complex problem, the community realizes its instructional goal only if the members in it believe that others will offer the knowledge they owned and believe the knowledge others offered is well-meaning and worthy. This paper tries to constitute an effective trust mechanism, which could promise favorable interaction and lasting knowledge sharing.

  4. First Experiences Using XACML for Access Control in Distributed Systems

    NASA Technical Reports Server (NTRS)

    Lorch, Marcus; Proctor, Seth; Lepro, Rebekah; Kafura, Dennis; Shah, Sumit

    2003-01-01

    Authorization systems today are increasingly complex. They span domains of administration, rely on many different authentication sources, and manage permissions that can be as complex as the system itself. Worse still, while there are many standards that define authentication mechanisms, the standards that address authorization are less well defined and tend to work only within homogeneous systems. This paper presents XACML, a standard access control language, as one component of a distributed and inter-operable authorization framework. Several emerging systems which incorporate XACML are discussed. These discussions illustrate how authorization can be deployed in distributed, decentralized systems. Finally, some new and future topics are presented to show where this work is heading and how it will help connect the general components of an authorization system.

  5. 10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 10 Energy 2 2014-01-01 2014-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material...

  6. 10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 10 Energy 2 2012-01-01 2012-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material...

  7. 10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 10 Energy 2 2010-01-01 2010-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material...

  8. 10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 10 Energy 2 2011-01-01 2011-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material...

  9. 10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 10 Energy 2 2013-01-01 2013-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material...

  10. Safety systems and access control in the National Ignition Facility.

    PubMed

    Reed, Robert K; Bell, Jayce C

    2013-06-01

    The National Ignition Facility (NIF) is the world's largest and most energetic laser system. The facility has the potential to generate ionizing radiation due to the interaction between the laser beams and target material, with neutrons and gamma rays being produced during deuterium-tritium fusion reactions. To perform these experiments, several types of hazards must be mitigated and controlled to ensure personnel safety. NIF uses a real-time safety system to monitor and mitigate the hazards presented by the facility. The NIF facility Safety Interlock System (SIS) monitors for oxygen deficiency and controls access to the facility preventing exposure to laser light and radiation from the Radiation Generating Devices. It also interfaces to radiation monitoring and other radiological monitoring and alarm systems. The SIS controls permissives to the hazard-generating equipment and annunciates hazard levels in the facility. To do this reliably and safely, the SIS has been designed as a fail-safe system with a proven performance record now spanning over 10 y. This paper discusses the SIS, its design, implementation, operator interfaces, validation/verification, and the hazard mitigation approaches employed in the NIF. A brief discussion of the Failure Modes and Effect Analysis supporting the SIS will also be presented. The paper ends with a general discussion of SIS do's and don'ts and common design flaws that should be avoided in SIS design. PMID:23629061

  11. A Framework for Context Sensitive Risk-Based Access Control in Medical Information Systems

    PubMed Central

    Choi, Donghee; Kim, Dohoon; Park, Seog

    2015-01-01

    Since the access control environment has changed and the threat of insider information leakage has come to the fore, studies on risk-based access control models that decide access permissions dynamically have been conducted vigorously. Medical information systems should protect sensitive data such as medical information from insider threat and enable dynamic access control depending on the context such as life-threatening emergencies. In this paper, we suggest an approach and framework for context sensitive risk-based access control suitable for medical information systems. This approach categorizes context information, estimating and applying risk through context- and treatment-based permission profiling and specifications by expanding the eXtensible Access Control Markup Language (XACML) to apply risk. The proposed framework supports quick responses to medical situations and prevents unnecessary insider data access through dynamic access authorization decisions in accordance with the severity of the context and treatment. PMID:26075013

  12. A Framework for Context Sensitive Risk-Based Access Control in Medical Information Systems.

    PubMed

    Choi, Donghee; Kim, Dohoon; Park, Seog

    2015-01-01

    Since the access control environment has changed and the threat of insider information leakage has come to the fore, studies on risk-based access control models that decide access permissions dynamically have been conducted vigorously. Medical information systems should protect sensitive data such as medical information from insider threat and enable dynamic access control depending on the context such as life-threatening emergencies. In this paper, we suggest an approach and framework for context sensitive risk-based access control suitable for medical information systems. This approach categorizes context information, estimating and applying risk through context- and treatment-based permission profiling and specifications by expanding the eXtensible Access Control Markup Language (XACML) to apply risk. The proposed framework supports quick responses to medical situations and prevents unnecessary insider data access through dynamic access authorization decisions in accordance with the severity of the context and treatment. PMID:26075013

  13. 78 FR 7334 - Port Authority Access to Facility Vulnerability Assessments and the Integration of Security Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-02-01

    ...This notice requests comments from facility owners and operators, State and local law enforcement agencies, port authorities, relevant security industry participants, and all other interested members of the public regarding how to best implement Section 822 of the Coast Guard Authorization Act of 2010. In particular, this notice discusses the Coast Guard's preliminary thoughts on how owners or......

  14. Against All Odds: Latinas Activate Agency to Secure Access to College

    ERIC Educational Resources Information Center

    Sapp, Vicki T.; Kiyama, Judy Marquez; Dache-Gerbino, Amalia

    2016-01-01

    This qualitative study seeks to understand Latinas' college-going behaviors by examining their agency and role in securing opportunity for college. The authors examine the activation of agency among 16 urban Latinas when navigating the structures influencing college opportunity through a cultural ecological model. Examples of agency are…

  15. Improving the security and actuation of wireless controlled microvalve

    NASA Astrophysics Data System (ADS)

    Tikka, Ajay Chandra; Al-Sarawi, Said; Abbott, Derek; Wong, Maggie S. K.; Schutz, Jordan D.

    2007-01-01

    A wireless microvalve would have a wide range of applications, including biomedical applications such as fertility control and nano-litre drug delivery. Arguably the most important aspect for such a device is a secure method to actuate the valve, such that it is not actuated through the spectrum of electromagnetic radiation already present in the surrounding environment. Additionally, many of the possible applications are sensitive to electromagnetic (EM) radiation so the device should be designed to only require the minimum amount of EM input to actuate the valve. To overcome this problem, we propose the use of a coded interdigital transducer (IDT) to respond only to a coded signal. For the wireless microvalve to be useful in biomedical applications, the IDT's response to a specifically coded RF signal must be much greater than its response to another coded RF signal, even if the two codes are very similar, i.e. improve the signal ratio of the device. In this research we demonstrate a number of code sequences that have a correlation function such that the peak response is unique and can be used to provide a high signal-to-noise ratio (SNR) surface acoustic wave. That results in a unique activation of the device when the interrogating RF signal code sequence matches the stored code sequence in the device. Also we will investigate the trade-off between the needed code length to ensure secure operation and the area constrain of the device within the context of biomedical application. For this purpose, the IDT is modelled as a pulse compression filter, which correlates the input signal with a stored replica.

  16. Dynamic access control model for privacy preserving personalized healthcare in cloud environment.

    PubMed

    Son, Jiseong; Kim, Jeong-Dong; Na, Hong-Seok; Baik, Doo-Kwon

    2015-01-01

    When sharing and storing healthcare data in a cloud environment, access control is a central issue for preserving data privacy as a patient's personal health data may be accessed without permission from many stakeholders. Specifically, dynamic authorization for the access of data is required because personal health data is stored in cloud storage via wearable devices. Therefore, we propose a dynamic access control model for preserving the privacy of personal healthcare data in a cloud environment. The proposed model considers context information for dynamic access. According to the proposed model, access control can be dynamically determined by changing the context information; this means that even for a subject with the same role in the cloud, access permission is defined differently depending on the context information and access condition. Furthermore, we experiment the ability of the proposed model to provide correct responses by representing a dynamic access decision with real-life personalized healthcare system scenarios. PMID:26409546

  17. A case study of the Secure Anonymous Information Linkage (SAIL) Gateway: A privacy-protecting remote access system for health-related research and evaluation☆

    PubMed Central

    Jones, Kerina H.; Ford, David V.; Jones, Chris; Dsilva, Rohan; Thompson, Simon; Brooks, Caroline J.; Heaven, Martin L.; Thayer, Daniel S.; McNerney, Cynthia L.; Lyons, Ronan A.

    2014-01-01

    With the current expansion of data linkage research, the challenge is to find the balance between preserving the privacy of person-level data whilst making these data accessible for use to their full potential. We describe a privacy-protecting safe haven and secure remote access system, referred to as the Secure Anonymised Information Linkage (SAIL) Gateway. The Gateway provides data users with a familiar Windows interface and their usual toolsets to access approved anonymously-linked datasets for research and evaluation. We outline the principles and operating model of the Gateway, the features provided to users within the secure environment, and how we are approaching the challenges of making data safely accessible to increasing numbers of research users. The Gateway represents a powerful analytical environment and has been designed to be scalable and adaptable to meet the needs of the rapidly growing data linkage community. PMID:24440148

  18. External Labeling as a Framework for Access Control

    ERIC Educational Resources Information Center

    Rozenbroek, Thomas H.

    2012-01-01

    With the ever increasing volume of data existing on and passing through on-line resources together with a growing number of legitimate users of that information and potential adversaries, the need for better security and safeguards is immediate and critical. Currently, most of the security and safeguards afforded on-line information are provided…

  19. Security

    ERIC Educational Resources Information Center

    Technology & Learning, 2008

    2008-01-01

    Anytime, anywhere, learning provides opportunities to create digital learning environments for new teaching styles and personalized learning. As part of making sure the program is effective, the safety and security of students and assets are essential--and mandated by law. The Children's Internet Protection Act (CIPA) addresses Internet content…

  20. A Multi-Domain Access Control Infrastructure Based on Diameter and EAP

    NASA Astrophysics Data System (ADS)

    Ben Ayed, Souheil; Teraoka, Fumio

    The evolution of Internet, the growth of Internet users and the new enabled technological capabilities place new requirements to form the Future Internet. Many features improvements and challenges were imposed to build a better Internet, including securing roaming of data and services over multiple administrative domains. In this research, we propose a multi-domain access control infrastructure to authenticate and authorize roaming users through the use of the Diameter protocol and EAP. The Diameter Protocol is a AAA protocol that solves the problems of previous AAA protocols such as RADIUS. The Diameter EAP Application is one of Diameter applications that extends the Diameter Base Protocol to support authentication using EAP. The contributions in this paper are: 1) first implementation of Diameter EAP Application, called DiamEAP, capable of practical authentication and authorization services in a multi-domain environment, 2) extensibility design capable of adding any new EAP methods, as loadable plugins, without modifying the main part, and 3) provision of EAP-TLS plugin as one of the most secure EAP methods. DiamEAP Server basic performances were evaluated and tested in a real multi-domain environment where 200 users attempted to access network using the EAP-TLS method during an event of 4 days. As evaluation results, the processing time of DiamEAP using the EAP-TLS plugin for authentication of 10 requests is about 20ms while that for 400 requests/second is about 1.9 second. Evaluation and operation results show that DiamEAP is scalable and stable with the ability to handle more than 6 hundreds of authentication requests per second without any crashes. DiamEAP is supported by the AAA working group of the WIDE Project.

  1. Collections Security: The Preservation Perspective.

    ERIC Educational Resources Information Center

    Patkus, Beth L.

    1998-01-01

    Provides a brief review of the basic elements of library security and preservation programs as a background for an exploration of security/preservation issues, problems, and policies. Discusses environmental control, disaster preparedness, fire protection, storage and handling, and controlling access to collections. (AEF)

  2. A secure web-based approach for accessing transitional health information for people with traumatic brain injury.

    PubMed

    Lemaire, E D; Deforge, D; Marshall, S; Curran, D

    2006-03-01

    A web-based transitional health record was created to provide regional healthcare professionals with ubiquitous access to information on people with brain injuries as they move through the healthcare system. Participants included public, private, and community healthcare organizations/providers in Eastern Ontario (Canada). One hundred and nineteen service providers and 39 brain injury survivors registered over 6 months. Fifty-eight percent received English and 42% received bilingual services (English-French). Public health providers contacted the regional service coordinator more than private providers (52% urban centres, 26% rural service providers, and 22% both areas). Thirty-five percent of contacts were for technical difficulties, 32% registration inquiries, 21% forms and processes, 6% resources, and 6% education. Seventeen technical enquiries required action by technical support personnel: 41% digital certificates, 29% web forms, and 12% log-in. This web-based approach to clinical information sharing provided access to relevant data as clients moved through or re-entered the health system. Improvements include automated digital certificate management, institutional health records system integration, and more referral tracking tools. More sensitive test data could be accessed on-line with increasing consumer/clinician confidence. In addition to a strong technical infrastructure, human resource issues are a major information security component and require continuing attention to ensure a viable on-line information environment. PMID:16469409

  3. A comprehensive Network Security Risk Model for process control networks.

    PubMed

    Henry, Matthew H; Haimes, Yacov Y

    2009-02-01

    The risk of cyber attacks on process control networks (PCN) is receiving significant attention due to the potentially catastrophic extent to which PCN failures can damage the infrastructures and commodity flows that they support. Risk management addresses the coupled problems of (1) reducing the likelihood that cyber attacks would succeed in disrupting PCN operation and (2) reducing the severity of consequences in the event of PCN failure or manipulation. The Network Security Risk Model (NSRM) developed in this article provides a means of evaluating the efficacy of candidate risk management policies by modeling the baseline risk and assessing expectations of risk after the implementation of candidate measures. Where existing risk models fall short of providing adequate insight into the efficacy of candidate risk management policies due to shortcomings in their structure or formulation, the NSRM provides model structure and an associated modeling methodology that captures the relevant dynamics of cyber attacks on PCN for risk analysis. This article develops the NSRM in detail in the context of an illustrative example. PMID:19000078

  4. Concurrency control and recovery on lightweight directory access protocol

    NASA Astrophysics Data System (ADS)

    Potnis, Rohit R.; Sathaye, Archana S.

    2003-04-01

    In this paper we provide a concurrency control and recovery (CCR) mechanism over cached LDAP objects. An LDAP server can be directly queried using system calls to retrieve data. Existing LDAP implementations do not provide CCR mechanisms. In such cases, it is up to the application to verify that accesses remain serialized. Our mechanism provides an independent layer over an existing LDAP server (Sun One Directory Server), which handles all user requests, serializes them based on 2 Phase Locking and Timestamp Ordering mechanisms and provides XML-based logging for recovery management. Furthermore, while current LDAP servers only provide object-level locking, our scheme serializes transactions on individual attributes of LDAP objects (attribute-level locking). We have developed a Directory Enabled Network (DEN) Simulator that operates on a subset of directory objects on an existing LDAP server to test the proposed mechanism. We perform experiments to show that our mechanism can gracefully address concurrency and recovery related issues over and LDAP server.

  5. Secure remote access to a clinical data repository using a wireless personal digital assistant (PDA).

    PubMed

    Duncan, R G; Shabot, M M

    2000-01-01

    TCP/IP and World-Wide-Web (WWW) technology have become the universal standards for networking and delivery of information. Personal digital assistants (PDAs), cellular telephones, and alphanumeric pagers are rapidly converging on a single pocket device that will leverage wireless TCP/IP networks and WWW protocols and can be used to deliver clinical information and alerts anytime, anywhere. We describe a wireless interface to clinical information for physicians based on Palm Corp.'s Palm VII pocket computer, a wireless digital network, encrypted data transmission, secure web servers, and a clinical data repository (CDR). PMID:11079875

  6. Security of medical multimedia.

    PubMed

    Tzelepi, S; Pangalos, G; Nikolacopoulou, G

    2002-09-01

    The application of information technology to health care has generated growing concern about the privacy and security of medical information. Furthermore, data and communication security requirements in the field of multimedia are higher. In this paper we describe firstly the most important security requirements that must be fulfilled by multimedia medical data, and the security measures used to satisfy these requirements. These security measures are based mainly on modern cryptographic and watermarking mechanisms as well as on security infrastructures. The objective of our work is to complete this picture, exploiting the capabilities of multimedia medical data to define and implement an authorization model for regulating access to the data. In this paper we describe an extended role-based access control model by considering, within the specification of the role-permission relationship phase, the constraints that must be satisfied in order for the holders of the permission to use those permissions. The use of constraints allows role-based access control to be tailored to specifiy very fine-grained and flexible content-, context- and time-based access control policies. Other restrictions, such as role entry restriction also can be captured. Finally, the description of system architecture for a secure DBMS is presented. PMID:12507263

  7. 21 CFR 1301.77 - Security controls for freight forwarding facilities.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 21 Food and Drugs 9 2012-04-01 2012-04-01 false Security controls for freight forwarding facilities. 1301.77 Section 1301.77 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security...

  8. 21 CFR 1301.77 - Security controls for freight forwarding facilities.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 21 Food and Drugs 9 2011-04-01 2011-04-01 false Security controls for freight forwarding facilities. 1301.77 Section 1301.77 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security...

  9. 21 CFR 1301.77 - Security controls for freight forwarding facilities.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 21 Food and Drugs 9 2014-04-01 2014-04-01 false Security controls for freight forwarding facilities. 1301.77 Section 1301.77 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security...

  10. 21 CFR 1301.77 - Security controls for freight forwarding facilities.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 21 Food and Drugs 9 2013-04-01 2013-04-01 false Security controls for freight forwarding facilities. 1301.77 Section 1301.77 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security...

  11. 21 CFR 1301.77 - Security controls for freight forwarding facilities.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Security controls for freight forwarding facilities. 1301.77 Section 1301.77 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security...

  12. Control and Non-Payload Communications (CNPC) Prototype Radio - Generation 2 Security Architecture Lab Test Report

    NASA Technical Reports Server (NTRS)

    Iannicca, Dennis C.; McKim, James H.; Stewart, David H.; Thadhani, Suresh K.; Young, Daniel P.

    2015-01-01

    NASA Glenn Research Center, in cooperation with Rockwell Collins, is working to develop a prototype Control and Non-Payload Communications (CNPC) radio platform as part of NASA Integrated Systems Research Program's (ISRP) Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) project. A primary focus of the project is to work with the FAA and industry standards bodies to build and demonstrate a safe, secure, and efficient CNPC architecture that can be used by industry to evaluate the feasibility of deploying a system using these technologies in an operational capacity. GRC has been working in conjunction with these groups to assess threats, identify security requirements, and to develop a system of standards-based security controls that can be applied to the current GRC prototype CNPC architecture as a demonstration platform. The security controls were integrated into a lab test bed mock-up of the Mobile IPv6 architecture currently being used for NASA flight testing, and a series of network tests were conducted to evaluate the security overhead of the controls compared to the baseline CNPC link without any security. The aim of testing was to evaluate the performance impact of the additional security control overhead when added to the Mobile IPv6 architecture in various modes of operation. The statistics collected included packet captures at points along the path to gauge packet size as the sample data traversed the CNPC network, round trip latency, jitter, and throughput. The effort involved a series of tests of the baseline link, a link with Robust Header Compression (ROHC) and without security controls, a link with security controls and without ROHC, and finally a link with both ROHC and security controls enabled. The effort demonstrated that ROHC is both desirable and necessary to offset the additional expected overhead of applying security controls to the CNPC link.

  13. FACELOCK-Lock Control Security System Using Face Recognition-

    NASA Astrophysics Data System (ADS)

    Hirayama, Takatsugu; Iwai, Yoshio; Yachida, Masahiko

    A security system using biometric person authentication technologies is suited to various high-security situations. The technology based on face recognition has advantages such as lower user’s resistance and lower stress. However, facial appearances change according to facial pose, expression, lighting, and age. We have developed the FACELOCK security system based on our face recognition methods. Our methods are robust for various facial appearances except facial pose. Our system consists of clients and a server. The client communicates with the server through our protocol over a LAN. Users of our system do not need to be careful about their facial appearance.

  14. Access to Network Login by Three-Factor Authentication for Effective Information Security.

    PubMed

    Vaithyasubramanian, S; Christy, A; Saravanan, D

    2016-01-01

    Today's technology development in the field of computer along with internet of things made huge difference in the transformation of our lives. Basic computer framework and web client need to make significant login signify getting to mail, long range interpersonal communication, internet keeping money, booking tickets, perusing online daily papers, and so forth. The login user name and secret key mapping validate if the logging user is the intended client. Secret key is assumed an indispensable part in security. The objective of MFA is to make a layered safeguard and make it more troublesome for an unauthenticated entity to get to an objective, for example, a physical area, processing gadget, system, or database. In the event that one element is bargained or broken, the assailant still has two more boundaries to rupture before effectively breaking into the objective. An endeavor has been made by utilizing three variable types of authentication. In this way managing additional secret key includes an additional layer of security. PMID:27006976

  15. Access to Network Login by Three-Factor Authentication for Effective Information Security

    PubMed Central

    Vaithyasubramanian, S.; Christy, A.; Saravanan, D.

    2016-01-01

    Today's technology development in the field of computer along with internet of things made huge difference in the transformation of our lives. Basic computer framework and web client need to make significant login signify getting to mail, long range interpersonal communication, internet keeping money, booking tickets, perusing online daily papers, and so forth. The login user name and secret key mapping validate if the logging user is the intended client. Secret key is assumed an indispensable part in security. The objective of MFA is to make a layered safeguard and make it more troublesome for an unauthenticated entity to get to an objective, for example, a physical area, processing gadget, system, or database. In the event that one element is bargained or broken, the assailant still has two more boundaries to rupture before effectively breaking into the objective. An endeavor has been made by utilizing three variable types of authentication. In this way managing additional secret key includes an additional layer of security. PMID:27006976

  16. 10 CFR 20.1602 - Control of access to very high radiation areas.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 10 Energy 1 2011-01-01 2011-01-01 false Control of access to very high radiation areas. 20.1602 Section 20.1602 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1602 Control of access to very high radiation areas. In addition to the requirements in...

  17. 10 CFR 20.1601 - Control of access to high radiation areas.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 10 Energy 1 2011-01-01 2011-01-01 false Control of access to high radiation areas. 20.1601 Section 20.1601 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1601 Control of access to high radiation areas. (a) The licensee shall ensure that...

  18. 10 CFR 20.1602 - Control of access to very high radiation areas.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 10 Energy 1 2010-01-01 2010-01-01 false Control of access to very high radiation areas. 20.1602 Section 20.1602 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1602 Control of access to very high radiation...

  19. 10 CFR 20.1601 - Control of access to high radiation areas.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 10 Energy 1 2010-01-01 2010-01-01 false Control of access to high radiation areas. 20.1601 Section 20.1601 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1601 Control of access to high radiation areas....

  20. 10 CFR 20.1601 - Control of access to high radiation areas.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 10 Energy 1 2013-01-01 2013-01-01 false Control of access to high radiation areas. 20.1601 Section 20.1601 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1601 Control of access to high radiation areas....

  1. 10 CFR 20.1601 - Control of access to high radiation areas.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 10 Energy 1 2012-01-01 2012-01-01 false Control of access to high radiation areas. 20.1601 Section 20.1601 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1601 Control of access to high radiation areas....

  2. 10 CFR 20.1602 - Control of access to very high radiation areas.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 10 Energy 1 2013-01-01 2013-01-01 false Control of access to very high radiation areas. 20.1602 Section 20.1602 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1602 Control of access to very high radiation...

  3. 10 CFR 20.1602 - Control of access to very high radiation areas.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 10 Energy 1 2012-01-01 2012-01-01 false Control of access to very high radiation areas. 20.1602 Section 20.1602 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1602 Control of access to very high radiation...

  4. 10 CFR 20.1601 - Control of access to high radiation areas.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 10 Energy 1 2014-01-01 2014-01-01 false Control of access to high radiation areas. 20.1601 Section 20.1601 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1601 Control of access to high radiation areas....

  5. 10 CFR 20.1602 - Control of access to very high radiation areas.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 10 Energy 1 2014-01-01 2014-01-01 false Control of access to very high radiation areas. 20.1602 Section 20.1602 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1602 Control of access to very high radiation...

  6. 21 CFR 1311.130 - Requirements for establishing logical access control-Institutional practitioner.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 21 Food and Drugs 9 2011-04-01 2011-04-01 false Requirements for establishing logical access... Prescriptions § 1311.130 Requirements for establishing logical access control—Institutional practitioner. (a... practitioner that enters permissions for logical access controls into the application. The...

  7. 21 CFR 1311.130 - Requirements for establishing logical access control-Institutional practitioner.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Requirements for establishing logical access...) Electronic Prescriptions § 1311.130 Requirements for establishing logical access control—Institutional... practitioner that enters permissions for logical access controls into the application. The...

  8. A Security Framework for Online Distance Learning and Training.

    ERIC Educational Resources Information Center

    Furnell, S. M.; Onions, P. D.; Bleimann, U.; Gojny, U.; Knahl, M.; Roder, H. F.; Sanders, P. W.

    1998-01-01

    Presents a generic reference model for online distance learning and discusses security issues for each stage (enrollment, study, completion, termination, suspension). Discusses a security framework (authentication and accountability, access control, intrusion detection, network communications, nonrepudiation, learning resources provider…

  9. Broadband passive optical network media access control protocols

    NASA Astrophysics Data System (ADS)

    Quayle, Alan

    1996-11-01

    Most telecommunication operators are currently deciding on how to respond to customers' needs stimulated by the synergy between compression coding of multimedia and the emergence of broadband digital networks. This paper describes a range of broadband access architectures under consideration in the full services access network initiative. All architectures have a common requirement for a broadband ATM PON. A common broadband PON applicable to many operators increases the world-wide market for the product. With greater production volumes manufacturers' costs reduce because of the experience curve effect making broadband access systems economic.

  10. Layered mode selection logic control for border security

    NASA Astrophysics Data System (ADS)

    Born, T.; Ferrer, G.; Wright, A. M.; Wright, A. B.

    2007-04-01

    Challenges in border security may be resolved through a team of autonomous mobile robots configured as a flexible sensor array. The robots will have a prearranged formation along a section of a border, and each robot will attempt to maintain a uniform distance with its nearest neighbors. The robots will carry sensor packages which can detect a signature that is representative of a human (for instance, a thermal signature). When a robot detects an intruder, it will move away such that it attempts to maintain a constant distance from the intruder and move away from the border (i.e. into its home territory). As the robot moves away from the border, its neighbors will move away from the border to maintain a uniform distance with the moving robot and with their fixed neighbors. The pattern of motion in the team of robots can be identified, either algorithmically by a computer or by a human monitor of a display. Unique patterns are indicative of animal movement, human movement, and mass human movement. To realize such a scheme, a new control architecture must be developed. This architecture must be fault tolerant to sensor and manipulator failures, scalable in number of agents, and adaptable to different robotic base platforms (for instance, a UGV may be appropriate at the southern border and a UAV may be appropriate at the northern border). The Central Arkansas Robotics Consortium has developed an architecture, called Layered Mode Selection Logic (LMSL), which addresses all of these concerns. The overall LMSL scheme as applied to a multi-agent flexible sensor array is described in this paper.

  11. 33 CFR 104.106 - Passenger access area.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... measures for access control, of a ferry, passenger vessel, or cruise ship that is open to passengers. It is... 33 Navigation and Navigable Waters 1 2014-07-01 2014-07-01 false Passenger access area. 104.106... SECURITY MARITIME SECURITY: VESSELS General § 104.106 Passenger access area. (a) A ferry, passenger...

  12. 33 CFR 104.107 - Employee access area.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... measures for access control, of a ferry or passenger vessel that is open only to employees and not to... 33 Navigation and Navigable Waters 1 2014-07-01 2014-07-01 false Employee access area. 104.107... SECURITY MARITIME SECURITY: VESSELS General § 104.107 Employee access area. (a) A ferry or passenger...

  13. 33 CFR 104.106 - Passenger access area.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... measures for access control, of a ferry, passenger vessel, or cruise ship that is open to passengers. It is... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Passenger access area. 104.106... SECURITY MARITIME SECURITY: VESSELS General § 104.106 Passenger access area. (a) A ferry, passenger...

  14. 33 CFR 104.107 - Employee access area.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... measures for access control, of a ferry or passenger vessel that is open only to employees and not to... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Employee access area. 104.107... SECURITY MARITIME SECURITY: VESSELS General § 104.107 Employee access area. (a) A ferry or passenger...

  15. Preserving Smart Objects Privacy through Anonymous and Accountable Access Control for a M2M-Enabled Internet of Things

    PubMed Central

    Hernández-Ramos, José L.; Bernabe, Jorge Bernal; Moreno, M. Victoria; Skarmeta, Antonio F.

    2015-01-01

    As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the Machine-to-Machine (M2M) nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things. PMID:26140349

  16. Preserving Smart Objects Privacy through Anonymous and Accountable Access Control for a M2M-Enabled Internet of Things.

    PubMed

    Hernández-Ramos, José L; Bernabe, Jorge Bernal; Moreno, M Victoria; Skarmeta, Antonio F

    2015-01-01

    As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the Machine-to-Machine (M2M) nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things. PMID:26140349

  17. Management of Control System Information SecurityI: Control System Patch Management

    SciTech Connect

    Quanyan Zhu; Miles McQueen; Craig Rieger; Tamer Basar

    2011-09-01

    The use of information technologies in control systems poses additional potential threats due to the frequent disclosure of software vulnerabilities. The management of information security involves a series of policy-making on the vulnerability discovery, disclosure, patch development and patching. In this paper, we use a system approach to devise a model to understand the interdependencies of these decision processes. In more details, we establish a theoretical framework for making patching decision for control systems, taking into account the requirement of functionability of control systems. We illustrate our results with numerical simulations and show that the optimal operation period of control systems given the currently estimated attack rate is roughly around a half a month.

  18. IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

    NASA Technical Reports Server (NTRS)

    Branch, Drew A.

    2014-01-01

    Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere has heightened from airports to the communication among the military branches legionnaires. With advanced persistent threats (APT's) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning, and configuration of network devices i.e. routers and IDS's/IPS's. In addition, I will be completing security assessments on software and hardware, vulnerability assessments and reporting, and conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out the tasks stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, as well as policies and procedures.

  19. IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

    NASA Technical Reports Server (NTRS)

    Branch, Drew

    2013-01-01

    Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere was heightened from Airports to the communication among the military branches legionnaires. With advanced persistent threats (APTs) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning and configuration of network devices i.e. routers and IDSsIPSs. In addition I will be completing security assessments on software and hardware, vulnerability assessments and reporting, conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, policies and procedures.

  20. Equity in access to health care provision under the medicare security for small scale entrepreneurs in Dar es Salaam.

    PubMed

    Urassa, J A E

    2012-03-01

    The main objective of this study was to assess equity in access to health care provision under the Medicare Security for Small Scale Entrepreneurs (SSE). Methodological triangulation was used to an exploratory and randomized cross- sectional study in order to supplement information on the topic under investigation. Questionnaires were administered to 281 respondents and 6 Focus Group Discussions (FGDs) were held with males and females. Documentary review was also used. For quantitative aspect of the study, significant associations were measured using confidence intervals (95% CI) testing. Qualitative data were analyzed with assistance of Open code software. The results show that inequalities in access to health care services were found in respect to affordability of medical care costs, distance from home to health facilities, availability of drugs as well as medical equipments and supplies. As the result of existing inequalities some of clients were not satisfied with the provided health services. The study concludes by drawing policy and research implications of the findings. PMID:23120940

  1. Main control computer security model of closed network systems protection against cyber attacks

    NASA Astrophysics Data System (ADS)

    Seymen, Bilal

    2014-06-01

    The model that brings the data input/output under control in closed network systems, that maintains the system securely, and that controls the flow of information through the Main Control Computer which also brings the network traffic under control against cyber-attacks. The network, which can be controlled single-handedly thanks to the system designed to enable the network users to make data entry into the system or to extract data from the system securely, intends to minimize the security gaps. Moreover, data input/output record can be kept by means of the user account assigned for each user, and it is also possible to carry out retroactive tracking, if requested. Because the measures that need to be taken for each computer on the network regarding cyber security, do require high cost; it has been intended to provide a cost-effective working environment with this model, only if the Main Control Computer has the updated hardware.

  2. Making the Grade with School Security.

    ERIC Educational Resources Information Center

    Fickes, Michael

    2000-01-01

    Shows how technology is helping school security directors prevent violence and protect students. One school's use of a state-of-the-art security system involving closed-circuit television, access control for doors, vehicles equipped with global positioning technology, and hand-held computers for security officers is discussed. (GR)

  3. A secure open system?

    NASA Astrophysics Data System (ADS)

    Crowe, James A.

    1993-08-01

    The notion of a large distributed computing system in support of a program like EOSDIS, carries with it the requirement that the system provide the user with guarantees about the integrity of the data and certain assurances about the security of the network of computing systems. This paper examines the challenges of providing a `secure' open system and how these challenges may be addressed from both an architectural as well as functional viewpoint. The role of discretionary access control, mandatory access control, and detection and control of computer viruses is discussed. It has often been observed that the role of the security engineer is one of restricting access to data, whereas the role of the system architect, of an open system that is encouraging research, should make data easy to obtain and utilize. This paradox is manifest in a system such a EOSDIS where to be useful, the systems data must be easy to obtain, but to ensure the integrity of the data it must exercise some level of security. This paper address the use and role of the Security Services of the OSF Distributed Computing Environment in support of networked applications, such as those that may be used in the implementation of the EOS Science Network. It further examines the role of mandatory access control mechanisms to provide data integrity guarantees. The paper further discusses how a system like EOSDIS may prevent computer viruses using a system of automated detection mechanisms and configuration control.

  4. Kindergarten children's attachment security, inhibitory control, and the internalization of rules of conduct

    PubMed Central

    Heikamp, Tobias; Trommsdorff, Gisela; Druey, Michel D.; Hübner, Ronald; von Suchodoletz, Antje

    2013-01-01

    Starting from research on relations between attachment and the development of self-regulation, the present study aimed to investigate research questions on relations among inhibitory control, internalization of rules of conduct (i.e., behavior regulation, concern occasioned by others transgressions, confession, reparation after wrongdoing), and attachment security. Attachment security and internalization of rules of conduct of German kindergarten children (N = 82) were assessed by maternal reports. Children's inhibitory control was measured with the Stop-task. Regression analyses revealed that inhibitory control was positively related to attachment security and to internalization of rules of conduct. Mediational analysis using a bootstrapping approach indicated an indirect effect of attachment security on internalization processes via inhibitory control. Implications for further research on the development of inhibitory control and internalization of rules of conduct are discussed. PMID:23543810

  5. A revised controlled deterministic secure quantum communication with five-photon entangled state

    NASA Astrophysics Data System (ADS)

    Xiu, Xiao-Ming; Dong, Li; Gao, Ya-Jun; Chi, Feng; Ren, Yuan-Peng; Liu, Hui-Wei

    2010-01-01

    A revised controlled deterministic secure quantum communication protocol using five-photon entangled state is proposed. It amends the security loopholes pointed by Qin et al. in [S.J. Qin, Q.Y. Wen, L.M. Meng, F.C. Zhu, Opt. Commun. 282 (2009) 2656] in the original protocol proposed by Xiu et al. in [X.M. Xiu, L. Dong, Y.J. Gao, F. Chi, Opt. Commun. 282 (2009) 333]. The security loopholes are solved by using order rearrangement of transmission photons and two-step security test.

  6. Usable SPACE: Security, Privacy, and Context for the Mobile User

    NASA Astrophysics Data System (ADS)

    Jutla, Dawn

    Users breach the security of data within many financial applications daily as human and/or business expediency to access and use information wins over corporate security policy guidelines. Recognizing that changing user context often requires different security mechanisms, we discuss end-to-end solutions combining several security and context mechanisms for relevant security control and information presentation in various mobile user situations. We illustrate key concepts using Dimitri Kanevskys (IBM Research) early 2000s patented inventions for voice security and classification.

  7. Discretionary access control in a heterogeneous distributed data base management system

    SciTech Connect

    Wang, C.Y.

    1986-01-01

    An important technical problem in building a distributed database management system (DDBMS) is access control which prevents unauthorized access or malicious destruction of a database. Consider a DDBMS that uses a uniform global data model to integrate the local schemes of existing DBMSs at the sites of a network. The local DBMSs are unchanged, and the DDBMS is implemented as a module on top of the existing DBMSs at each site. The DBMS at each site is expected to retain its autonomy. That is, the local DBMS at each site maintains control of the data stored at that site. Each local DBMS decides for itself if a user (of the local DBMS or of the DDBMS) may access the data it manages. The design of the access control system for the database in such an environment presents several problems. First, the DBMSs at different sites may have different and incompatible access control mechanisms. Second, queries involving data from multiple sites must be processed by the access control mechanisms of multiple and possible different local DBMSs. Coordinating the access control mechanisms of these DBMSs to provide a consistent access control facility to the users of the heterogeneous DDBMS is a difficult task. This research discusses the problem described above. A general architecture for a DDBMS was developed. Data abstraction techniques were adapted to specify the architecture. A formal verification for the specification was completed.

  8. Autonomous Information Unit for Fine-Grain Data Access Control and Information Protection in a Net-Centric System

    NASA Technical Reports Server (NTRS)

    Chow, Edward T.; Woo, Simon S.; James, Mark; Paloulian, George K.

    2012-01-01

    As communication and networking technologies advance, networks will become highly complex and heterogeneous, interconnecting different network domains. There is a need to provide user authentication and data protection in order to further facilitate critical mission operations, especially in the tactical and mission-critical net-centric networking environment. The Autonomous Information Unit (AIU) technology was designed to provide the fine-grain data access and user control in a net-centric system-testing environment to meet these objectives. The AIU is a fundamental capability designed to enable fine-grain data access and user control in the cross-domain networking environments, where an AIU is composed of the mission data, metadata, and policy. An AIU provides a mechanism to establish trust among deployed AIUs based on recombining shared secrets, authentication and verify users with a username, X.509 certificate, enclave information, and classification level. AIU achieves data protection through (1) splitting data into multiple information pieces using the Shamir's secret sharing algorithm, (2) encrypting each individual information piece using military-grade AES-256 encryption, and (3) randomizing the position of the encrypted data based on the unbiased and memory efficient in-place Fisher-Yates shuffle method. Therefore, it becomes virtually impossible for attackers to compromise data since attackers need to obtain all distributed information as well as the encryption key and the random seeds to properly arrange the data. In addition, since policy can be associated with data in the AIU, different user access and data control strategies can be included. The AIU technology can greatly enhance information assurance and security management in the bandwidth-limited and ad hoc net-centric environments. In addition, AIU technology can be applicable to general complex network domains and applications where distributed user authentication and data protection are

  9. Security System Software

    NASA Technical Reports Server (NTRS)

    1993-01-01

    C Language Integration Production System (CLIPS), a NASA-developed expert systems program, has enabled a security systems manufacturer to design a new generation of hardware. C.CURESystem 1 Plus, manufactured by Software House, is a software based system that is used with a variety of access control hardware at installations around the world. Users can manage large amounts of information, solve unique security problems and control entry and time scheduling. CLIPS acts as an information management tool when accessed by C.CURESystem 1 Plus. It asks questions about the hardware and when given the answer, recommends possible quick solutions by non-expert persons.

  10. Poverty, food security and universal access to sexual and reproductive health services: a call for cross-movement advocacy against neoliberal globalisation.

    PubMed

    Sundari Ravindran, T K

    2014-05-01

    Universal access to sexual and reproductive health services is one of the goals of the International Conference on Population and Development of 1994. The Millennium Development Goals were intended above all to end poverty. Universal access to health and health services are among the goals being considered for the post-2015 agenda, replacing or augmenting the MDGs. Yet we are not only far from reaching any of these goals but also appear to have lost our way somewhere along the line. Poverty and lack of food security have, through their multiple linkages to health and access to health care, deterred progress towards universal access to health services, including for sexual and reproductive health needs. A more insidious influence is neoliberal globalisation. This paper describes neoliberal globalisation and the economic policies it has engendered, the ways in which it influences poverty and food security, and the often unequal impact it has had on women as compared to men. It explores the effects of neoliberal economic policies on health, health systems, and universal access to health care services, and the implications for access to sexual and reproductive health. To be an advocate for universal access to health and health care is to become an advocate against neoliberal globalisation. PMID:24908453

  11. Proximity-based access control for context-sensitive information provision in SOA-based systems

    NASA Astrophysics Data System (ADS)

    Rajappan, Gowri; Wang, Xiaofei; Grant, Robert; Paulini, Matthew

    2014-06-01

    Service Oriented Architecture (SOA) has enabled open-architecture integration of applications within an enterprise. For net-centric Command and Control (C2), this elucidates information sharing between applications and users, a critical requirement for mission success. The Information Technology (IT) access control schemes, which arbitrate who gets access to what information, do not yet have the contextual knowledge to dynamically allow this information sharing to happen dynamically. The access control might prevent legitimate users from accessing information relevant to the current mission context, since this context may be very different from the context for which the access privileges were configured. We evaluate a pair of data relevance measures - proximity and risk - and use these as the basis of dynamic access control. Proximity is a measure of the strength of connection between the user and the resource. However, proximity is not sufficient, since some data might have a negative impact, if leaked, which far outweighs importance to the subject's mission. For this, we use a risk measure to quantify the downside of data compromise. Given these contextual measures of proximity and risk, we investigate extending Attribute-Based Access Control (ABAC), which is used by the Department of Defense, and Role-Based Access Control (RBAC), which is widely used in the civilian market, so that these standards-based access control models are given contextual knowledge to enable dynamic information sharing. Furthermore, we consider the use of such a contextual access control scheme in a SOA-based environment, in particular for net-centric C2.

  12. Environmental Assessment for Proposed Access Control and Traffic Improvements at Los Alamos National Laboratory, Los Alamos, New Mexico

    SciTech Connect

    N /A

    2002-08-23

    The National Nuclear Security Administration (NNSA) has assigned a continuing role to Los Alamos National Laboratory (LANL) in carrying out NNSA's national security mission. It is imperative that LANL continue this enduring responsibility and that NNSA adequately safeguard LANL capabilities. NNSA has identified the need to restrict vehicular access to certain areas within LANL for the purpose of permanently enhancing the physical security environment at LANL. It has also identified the need to change certain traffic flow patterns for the purpose of enhancing physical safety at LANL. The Proposed Action would include the construction of eastern and western bypass roads around the LANL Technical Area (TA) 3 area and the installation of vehicle access controls and related improvements to enhance security along Pajarito Road and in the LANL core area. This Proposed Action would modify the current roadway network and traffic patterns. It would also result in traversing Areas of Environmental Interest identified in the LANL Habitat Management Plan, demolition of part of an historic structure at Building 3-40, and traversing several potential release sites and part of the Los Alamos County landfill. The No Action Alternative was also considered. Under this alternative NNSA would not construct the eastern or western bypass roads, any access-control stations, or related improvements. Diamond Drive would continue to serve as the primary conduit for most vehicle traffic within the LANL core area regardless of actual trip destinations. The No Action Alternative does not meet NNSA's purpose and need for action. The proposed bypass road corridors traverse both developed and undeveloped areas. Several potential release sites are present. These would either be sampled and remediated in accordance with New Mexico Environment Department requirements before construction or avoided to allow for future remediation. In some cases, contaminant levels may fall below remediation thresholds

  13. Issues in Public Access: The Solomons Conferences.

    ERIC Educational Resources Information Center

    Sprehe, J. Timothy

    1993-01-01

    Reports on conferences held by federal agencies in 1991 and 1992 that addressed issues of public access to electronic government information. Topics discussed include agency information dissemination programs; public access to federal computers; security controls; and user charges. A working draft policy framework on public access to government…

  14. 75 FR 18857 - Privacy Act of 1974; Department of Homeland Security Citizenship and Immigration Services...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-04-13

    ... security and access policies. Strict controls have been imposed to minimize risk of compromising the... policies, including all applicable DHS automated systems security and access policies. Strict controls have... personal information provided. Docket: For access to the docket to read background documents or...

  15. Control and Non-Payload Communications (CNPC) Prototype Radio - Generation 2 Security Flight Test Report

    NASA Technical Reports Server (NTRS)

    Iannicca, Dennis C.; Ishac, Joseph A.; Shalkhauser, Kurt A.

    2015-01-01

    NASA Glenn Research Center (GRC), in cooperation with Rockwell Collins, is working to develop a prototype Control and Non-Payload Communications (CNPC) radio platform as part of NASA Integrated Systems Research Program's (ISRP) Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) project. A primary focus of the project is to work with the Federal Aviation Administration (FAA) and industry standards bodies to build and demonstrate a safe, secure, and efficient CNPC architecture that can be used by industry to evaluate the feasibility of deploying a system using these technologies in an operational capacity. GRC has been working in conjunction with these groups to assess threats, identify security requirements, and to develop a system of standards-based security controls that can be applied to the GRC prototype CNPC architecture as a demonstration platform. The proposed security controls were integrated into the GRC flight test system aboard our S-3B Viking surrogate aircraft and several network tests were conducted during a flight on November 15th, 2014 to determine whether the controls were working properly within the flight environment. The flight test was also the first to integrate Robust Header Compression (ROHC) as a means of reducing the additional overhead introduced by the security controls and Mobile IPv6. The effort demonstrated the complete end-to-end secure CNPC link in a relevant flight environment.

  16. WWW--Wealth, Weariness or Waste. Controlled Vocabulary and Thesauri in Support of Online Information Access.

    ERIC Educational Resources Information Center

    Batty, David

    1998-01-01

    Discusses the problems of access to information in a machine-sensible environment, and the potential of modern library techniques to help in solving them. Explains how authors and publishers can make information more accessible by providing indexing information that uses controlled vocabulary, terms from a thesaurus, or other linguistic assistance…

  17. 30 CFR 816.66 - Use of explosives: Blasting signs, warnings, and access control.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 30 Mineral Resources 3 2010-07-01 2010-07-01 false Use of explosives: Blasting signs, warnings, and access control. 816.66 Section 816.66 Mineral Resources OFFICE OF SURFACE MINING RECLAMATION AND... STANDARDS-SURFACE MINING ACTIVITIES § 816.66 Use of explosives: Blasting signs, warnings, and access...

  18. 30 CFR 816.66 - Use of explosives: Blasting signs, warnings, and access control.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... 30 Mineral Resources 3 2011-07-01 2011-07-01 false Use of explosives: Blasting signs, warnings, and access control. 816.66 Section 816.66 Mineral Resources OFFICE OF SURFACE MINING RECLAMATION AND... STANDARDS-SURFACE MINING ACTIVITIES § 816.66 Use of explosives: Blasting signs, warnings, and access...

  19. 48 CFR 1552.235-78 - Data Security for Toxic Substances Control Act Confidential Business Information (DEC 1997).

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 48 Federal Acquisition Regulations System 6 2013-10-01 2013-10-01 false Data Security for Toxic... CONTRACT CLAUSES Texts of Provisions and Clauses 1552.235-78 Data Security for Toxic Substances Control Act...: Data Security for Toxic Substances Control Act Confidential Business Information (DEC 1997)...

  20. 48 CFR 1552.235-78 - Data Security for Toxic Substances Control Act Confidential Business Information (DEC 1997).

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 48 Federal Acquisition Regulations System 6 2011-10-01 2011-10-01 false Data Security for Toxic... CONTRACT CLAUSES Texts of Provisions and Clauses 1552.235-78 Data Security for Toxic Substances Control Act...: Data Security for Toxic Substances Control Act Confidential Business Information (DEC 1997)...

  1. 48 CFR 1552.235-78 - Data Security for Toxic Substances Control Act Confidential Business Information (DEC 1997).

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 48 Federal Acquisition Regulations System 6 2014-10-01 2014-10-01 false Data Security for Toxic... CONTRACT CLAUSES Texts of Provisions and Clauses 1552.235-78 Data Security for Toxic Substances Control Act...: Data Security for Toxic Substances Control Act Confidential Business Information (DEC 1997)...

  2. 48 CFR 1552.235-78 - Data Security for Toxic Substances Control Act Confidential Business Information (DEC 1997).

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 48 Federal Acquisition Regulations System 6 2012-10-01 2012-10-01 false Data Security for Toxic... CONTRACT CLAUSES Texts of Provisions and Clauses 1552.235-78 Data Security for Toxic Substances Control Act...: Data Security for Toxic Substances Control Act Confidential Business Information (DEC 1997)...

  3. 48 CFR 1552.235-78 - Data Security for Toxic Substances Control Act Confidential Business Information (DEC 1997).

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Data Security for Toxic... CONTRACT CLAUSES Texts of Provisions and Clauses 1552.235-78 Data Security for Toxic Substances Control Act...: Data Security for Toxic Substances Control Act Confidential Business Information (DEC 1997)...

  4. Security middleware infrastructure for DICOM images in health information systems.

    PubMed

    Kallepalli, Vijay N V; Ehikioya, Sylvanus A; Camorlinga, Sergio; Rueda, Jose A

    2003-12-01

    In health care, it is mandatory to maintain the privacy and confidentiality of medical data. To achieve this, a fine-grained access control and an access log for accessing medical images are two important aspects that need to be considered in health care systems. Fine-grained access control provides access to medical data only to authorized persons based on priority, location, and content. A log captures each attempt to access medical data. This article describes an overall middleware infrastructure required for secure access to Digital Imaging and Communication in Medicine (DICOM) images, with an emphasis on access control and log maintenance. We introduce a hybrid access control model that combines the properties of two existing models. A trust relationship between hospitals is used to make the hybrid access control model scalable across hospitals. We also discuss events that have to be logged and where the log has to be maintained. A prototype of security middleware infrastructure is implemented. PMID:14747934

  5. 75 FR 43825 - Exemption to Prohibition on Circumvention of Copyright Protection Systems for Access Control...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-07-27

    ...The Librarian of Congress announces that the prohibition against circumvention of technological measures that effectively control access to copyrighted works shall not apply to persons who engage in noninfringing uses of six classes of copyrighted...

  6. 21 CFR 1311.125 - Requirements for establishing logical access control-Individual practitioner.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... controlled substances are current and in good standing. (c) After one individual designated under paragraph... required by the two-factor authentication protocol is lost, stolen, or compromised. Such access must...

  7. 21 CFR 1311.125 - Requirements for establishing logical access control-Individual practitioner.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... controlled substances are current and in good standing. (c) After one individual designated under paragraph... required by the two-factor authentication protocol is lost, stolen, or compromised. Such access must...

  8. 21 CFR 1311.125 - Requirements for establishing logical access control-Individual practitioner.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... controlled substances are current and in good standing. (c) After one individual designated under paragraph... required by the two-factor authentication protocol is lost, stolen, or compromised. Such access must...

  9. 75 FR 47464 - Exemption to Prohibition on Circumvention of Copyright Protection Systems for Access Control...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-08-06

    ...The Copyright Office makes a nonsubstantial correction to its regulation announcing the prohibition against circumvention of technological measures that effectively control access to copyrighted works shall not apply to persons who engage in noninfringing uses of six classes of copyrighted...

  10. Increasing software testability with standard access and control interfaces

    NASA Technical Reports Server (NTRS)

    Nikora, Allen P; Some, Raphael R.; Tamir, Yuval

    2003-01-01

    We describe an approach to improving the testability of complex software systems with software constructs modeled after the hardware JTAG bus, used to provide visibility and controlability in testing digital circuits.

  11. A scheme for secure quantum communication network with authentication using GHZ-like states and cluster states controlled teleportation

    NASA Astrophysics Data System (ADS)

    Naseri, Mosayeb; Raji, Mehrdad Ahmadzadeh; Hantehzadeh, Mohamad Reza; Farouk, Ahmed; Boochani, Arash; Solaymani, Shahram

    2015-11-01

    We propose a scheme for a secure message communication network with authentication following the idea in controlled teleportation. In this scheme, the servers of the network provide the service to prepare the entangled states as quantum channels. For preventing the eavesdropping, a security checking method is suggested. After the security check, any two users in the network may communicate securely and directly under the control of the servers on the network.

  12. Security at a "model" psychiatric center.

    PubMed

    Camacho, H S; Cottrell, P A

    1997-01-01

    The security problems faced by a recently opened psychiatric center located on the campus of a hospital--including staffing, fire safety, access control, patient restraints, and budget cuts--and how they are being dealt with. PMID:10173429

  13. A Healthy Approach to Fitness Center Security.

    ERIC Educational Resources Information Center

    Sturgeon, Julie

    2000-01-01

    Examines techniques for keeping college fitness centers secure while maintaining an inviting atmosphere. Building access control, preventing locker room theft, and suppressing causes for physical violence are discussed. (GR)

  14. The Security Continuum.

    ERIC Educational Resources Information Center

    Thompson, Ian

    2002-01-01

    Discusses the creation of a comprehensive security strategy for schools, including the importance of tailoring it to a specific school's mission and culture. Describes three classes of tactics (natural, organized, and technical) which can be chosen to implement the strategy. Discusses access control as an example of how strategies and tactics…

  15. DOE Integrated Security System (DISS) preliminary communication security analysis

    SciTech Connect

    Sweeney, D.J.

    1993-10-01

    The purpose of this analysis is to document a technical approach to improve DOE Integrated Security System (DISS) dial-up communications security and the requirements to address them. This document is not intended as a comprehensive analysis of the security aspects of the DISS computer system but rather as an analysis of the dial-up communications security as it pertains to the use of the DISS database in the new DOE Automated Visitors Access Control System (DAVACS) procedures. Current access controls into the DISS will be discussed with emphasis on the DAVACS procedures. Recommendations will be provided for increasing the dial-up communications security into DISS as it relates to the automated visit procedures. Finally a design for an encrypted dial-up communication link to DISS will be given.

  16. Cognitive Control and Lexical Access in Younger and Older Bilinguals

    ERIC Educational Resources Information Center

    Bialystok, Ellen; Craik, Fergus; Luk, Gigi

    2008-01-01

    Ninety-six participants, who were younger (20 years) or older (68 years) adults and either monolingual or bilingual, completed tasks assessing working memory, lexical retrieval, and executive control. Younger participants performed most of the tasks better than older participants, confirming the effect of aging on these processes. The effect of…

  17. Fingerprint authentication via joint transform correlator and its application in remote access control of a 3D microscopic system

    NASA Astrophysics Data System (ADS)

    He, Wenqi; Lai, Hongji; Wang, Meng; Liu, Zeyi; Yin, Yongkai; Peng, Xiang

    2014-05-01

    We present a fingerprint authentication scheme based on the optical joint transform correlator (JTC) and further describe its application to the remote access control of a Network-based Remote Laboratory (NRL). It is built to share a 3D microscopy system of our realistic laboratory in Shenzhen University with the remote co-researchers in Stuttgart University. In this article, we would like to focus on the involved security issues, mainly on the verification of various remote visitors to our NRL. By making use of the JTC-based optical pattern recognition technique as well as the Personal Identification Number (PIN), we are able to achieve the aim of authentication and access control for any remote visitors. Note that only the authorized remote visitors could be guided to the Virtual Network Computer (VNC), a cross-platform software, which allows the remote visitor to access the desktop applications and visually manipulate the instruments of our NRL through the internet. Specifically to say, when a remote visitor attempts to access to our NRL, a PIN is mandatory required in advance, which is followed by fingerprint capturing and verification. Only if both the PIN and the fingerprint are correct, can one be regarded as an authorized visitor, and then he/she would get the authority to visit our NRL by the VNC. It is also worth noting that the aforementioned "two-step verification" strategy could be further applied to verify the identity levels of various remote visitors, and therefore realize the purpose of diversified visitor management.

  18. Trust-Based Access Control Model from Sociological Approach in Dynamic Online Social Network Environment

    PubMed Central

    Kim, Seungjoo

    2014-01-01

    There has been an explosive increase in the population of the OSN (online social network) in recent years. The OSN provides users with many opportunities to communicate among friends and family. Further, it facilitates developing new relationships with previously unknown people having similar beliefs or interests. However, the OSN can expose users to adverse effects such as privacy breaches, the disclosing of uncontrolled material, and the disseminating of false information. Traditional access control models such as MAC, DAC, and RBAC are applied to the OSN to address these problems. However, these models are not suitable for the dynamic OSN environment because user behavior in the OSN is unpredictable and static access control imposes a burden on the users to change the access control rules individually. We propose a dynamic trust-based access control for the OSN to address the problems of the traditional static access control. Moreover, we provide novel criteria to evaluate trust factors such as sociological approach and evaluate a method to calculate the dynamic trust values. The proposed method can monitor negative behavior and modify access permission levels dynamically to prevent the indiscriminate disclosure of information. PMID:25374943

  19. A Game-Theoretical Approach to Multimedia Social Networks Security

    PubMed Central

    Liu, Enqiang; Liu, Zengliang; Shao, Fei; Zhang, Zhiyong

    2014-01-01

    The contents access and sharing in multimedia social networks (MSNs) mainly rely on access control models and mechanisms. Simple adoptions of security policies in the traditional access control model cannot effectively establish a trust relationship among parties. This paper proposed a novel two-party trust architecture (TPTA) to apply in a generic MSN scenario. According to the architecture, security policies are adopted through game-theoretic analyses and decisions. Based on formalized utilities of security policies and security rules, the choice of security policies in content access is described as a game between the content provider and the content requester. By the game method for the combination of security policies utility and its influences on each party's benefits, the Nash equilibrium is achieved, that is, an optimal and stable combination of security policies, to establish and enhance trust among stakeholders. PMID:24977226

  20. A Framework for Translating a High Level Security Policy into Low Level Security Mechanisms

    NASA Astrophysics Data System (ADS)

    Hassan, Ahmed A.; Bahgat, Waleed M.

    2010-01-01

    Security policies have different components; firewall, active directory, and IDS are some examples of these components. Enforcement of network security policies to low level security mechanisms faces some essential difficulties. Consistency, verification, and maintenance are the major ones of these difficulties. One approach to overcome these difficulties is to automate the process of translation of high level security policy into low level security mechanisms. This paper introduces a framework of an automation process that translates a high level security policy into low level security mechanisms. The framework is described in terms of three phases; in the first phase all network assets are categorized according to their roles in the network security and relations between them are identified to constitute the network security model. This proposed model is based on organization based access control (OrBAC). However, the proposed model extend the OrBAC model to include not only access control policy but also some other administrative security policies like auditing policy. Besides, the proposed model enables matching of each rule of the high level security policy with the corresponding ones of the low level security policy. Through the second phase of the proposed framework, the high level security policy is mapped into the network security model. The second phase could be considered as a translation of the high level security policy into an intermediate model level. Finally, the intermediate model level is translated automatically into low level security mechanism. The paper illustrates the applicability of proposed approach through an application example.

  1. An Action-Based Fine-Grained Access Control Mechanism for Structured Documents and Its Application

    PubMed Central

    Su, Mang; Li, Fenghua; Tang, Zhi; Yu, Yinyan; Zhou, Bo

    2014-01-01

    This paper presents an action-based fine-grained access control mechanism for structured documents. Firstly, we define a describing model for structured documents and analyze the application scenarios. The describing model could support the permission management on chapters, pages, sections, words, and pictures of structured documents. Secondly, based on the action-based access control (ABAC) model, we propose a fine-grained control protocol for structured documents by introducing temporal state and environmental state. The protocol covering different stages from document creation, to permission specification and usage control are given by using the Z-notation. Finally, we give the implementation of our mechanism and make the comparisons between the existing methods and our mechanism. The result shows that our mechanism could provide the better solution of fine-grained access control for structured documents in complicated networks. Moreover, it is more flexible and practical. PMID:25136651

  2. Security for safety critical space borne systems

    NASA Technical Reports Server (NTRS)

    Legrand, Sue

    1987-01-01

    The Space Station contains safety critical computer software components in systems that can affect life and vital property. These components require a multilevel secure system that provides dynamic access control of the data and processes involved. A study is under way to define requirements for a security model providing access control through level B3 of the Orange Book. The model will be prototyped at NASA-Johnson Space Center.

  3. Generalized access control strategies for integrated services token passing systems

    NASA Astrophysics Data System (ADS)

    Pang, Joseph W. M.; Tobagi, Fouad A.; Boyd, Stephen

    1994-08-01

    The demand for integrated services local area networks is increasing at a rapid pace with the advent of many new and exciting applications: office and factory automation, distributed computing, and multimedia communications. To support these new applications, it is imperative to integrate traffic with diverse statistical characteristics and differing delay requirements on the same network. An attractive approach for integrating traffic has been adopted in two token passing local area network standards, the IEEE 802.4 token bus standard and FDDI. The idea is to control the transmissions of each station based on a distributed timing algorithm, so as to achieve the following goals: (1) to limit the token cycles so that time-critical traffic can be accommodated, and (2) to allocate pre-specified bandwidths to different stations when the network is overloaded. We have investigated the analysis and design of this protocol. In this paper, we generalize the transmission control algorithm used previously. The major advantages of the generalization over the original protocol are: (1) it provides a much expanded design space, (2) it guarantees convergent behavior, and (3) it gives meaningful insights into the dynamics of the basic control algorithm.

  4. Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission

    SciTech Connect

    Sheldon, Frederick T; Abercrombie, Robert K; Mili, Ali

    2008-01-01

    Good security metrics are required to make good decisions about how to design security countermeasures, to choose between alternative security architectures, and to improve security during operations. Therefore, in essence, measurement can be viewed as a decision aid. The lack of sound practical security metrics is severely hampering progress in the development of secure systems. The Cyberspace Security Econometrics System (CSES) offers the following advantages over traditional measurement systems: (1) CSES reflects the variances that exist amongst different stakeholders of the same system. Different stakeholders will typically attach different stakes to the same requirement or service (e.g., a service may be provided by an information technology system or process control system, etc.). (2) For a given stakeholder, CSES reflects the variance that may exist among the stakes she/he attaches to meeting each requirement. The same stakeholder may attach different stakes to satisfying different requirements within the overall system specification. (3) For a given compound specification (e.g., combination(s) of commercial off the shelf software and/or hardware), CSES reflects the variance that may exist amongst the levels of verification and validation (i.e., certification) performed on components of the specification. The certification activity may produce higher levels of assurance across different components of the specification than others. Consequently, this paper introduces the basis, objectives and capabilities for the CSES including inputs/outputs and the basic structural and mathematical underpinnings.

  5. Controlled quantum secure direct communication by entanglement distillation or generalized measurement

    NASA Astrophysics Data System (ADS)

    Tan, Xiaoqing; Zhang, Xiaoqian

    2016-05-01

    We propose two controlled quantum secure communication schemes by entanglement distillation or generalized measurement. The sender Alice, the receiver Bob and the controllers David and Cliff take part in the whole schemes. The supervisors David and Cliff can control the information transmitted from Alice to Bob by adjusting the local measurement angles θ _4 and θ _3. Bob can verify his secret information by classical one-way function after communication. The average amount of information is analyzed and compared for these two methods by MATLAB. The generalized measurement is a better scheme. Our schemes are secure against some well-known attacks because classical encryption and decoy states are used to ensure the security of the classical channel and the quantum channel.

  6. MOD control center automated information systems security evolution

    NASA Technical Reports Server (NTRS)

    Owen, Rich

    1991-01-01

    The role of the technology infusion process in future Control Center Automated Information Systems (AIS) is highlighted. The following subject areas are presented in the form of the viewgraphs: goals, background, threat, MOD's AISS program, TQM, SDLC integration, payback, future challenges, and bottom line.

  7. Novel Multiparty Controlled Bidirectional Quantum Secure Direct Communication Based on Continuous-variable States

    NASA Astrophysics Data System (ADS)

    Yu, Zhen-Bo; Gong, Li-Hua; Wen, Ru-Hong

    2016-03-01

    A novel multiparty controlled bidirectional quantum secure direct communication protocol combining continuous-variable states with qubit block transmission is proposed. Two legitimate communication parties encode their own secret information into entangled optical modes with translation operations, and the secret information of each counterpart can only be recovered under the permission of all controllers. Due to continuous-variable states and block transmission strategy, the proposed protocol is easy to realize with perfect qubit efficiency. Security analyses show that the proposed protocol is free from common attacks, including the man-in-the-middle attack.

  8. Advanced Guidance and Control for Hypersonics and Space Access

    NASA Technical Reports Server (NTRS)

    Hanson, John M.; Hall, Charles E.; Mulqueen, John A.; Jones, Robert E.

    2003-01-01

    Advanced guidance and control (AG&C) technologies are critical for meeting safety, reliability, and cost requirements for the next generation of reusable launch vehicle (RLV), whether it is fully rocket-powered or has air- breathing components. This becomes clear upon examining the number of expendable launch vehicle failures in the recent past where AG&C technologies could have saved a RLV with the same failure mode, the additional vehicle problems where t h i s technology applies, and the costs and time associated with mission design with or without all these failure issues. The state-of-the-art in guidance and control technology, as well as in computing technology, is the point where we can look to the possibility of being able to safely return a RLV in any situation where it can physically be recovered. This paper outlines reasons for AWC, current technology efforts, and the additional work needed for making this goal a reality. There are a number of approaches to AG&C that have the potential for achieving the desired goals. For some of these methods, we compare the results of tests designed to demonstrate the achievement of the goals. Tests up to now have been focused on rocket-powered vehicles; application to hypersonic air-breathers is planned. We list the test cases used to demonstrate that the desired results are achieved, briefly describe an automated test scoring method, and display results of the tests. Some of the technology components have reached the maturity level where they are ready for application to a new vehicle concept, while others are not far along in development.

  9. Critical Infrastructures Security Modeling, Enforcement and Runtime Checking

    NASA Astrophysics Data System (ADS)

    Abou El Kalam, Anas; Deswarte, Yves

    This paper identifies the most relevant security requirements for critical infrastructures (CIs), and according to these requirements, proposes an access control framework. The latter supports the CI security policy modeling and enforcement. Then, it proposes a runtime model checker for the interactions between the organizations forming the CIs, to verify their compliance with previously signed contracts. In this respect, not only our security framework handles secure local and remote accesses, but also audits and verifies the different interactions. In particular, remote accesses are controlled, every deviation from the signed contracts triggers an alarm, the concerned parties are notified, and audits can be used as evidence for sanctioning the party responsible for the deviation.

  10. Steganography-based access control to medical data hidden in electrocardiogram.

    PubMed

    Mai, Vu; Khalil, Ibrahim; Ibaida, Ayman

    2013-01-01

    Steganographic techniques allow secret data to be embedded inside another host data such as an image or a text file without significant changes to the quality of the host data. In this research, we demonstrate how steganography can be used as the main mechanism to build an access control model that gives data owners complete control to their sensitive cardiac health information hidden in their own Electrocardiograms. Our access control model is able to protect the privacy of users, the confidentiality of medical data, reduce storage space and make it more efficient to upload and download large amount of data. PMID:24109934

  11. 50 CFR 622.17 - South Atlantic golden crab controlled access.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 50 Wildlife and Fisheries 12 2012-10-01 2012-10-01 false South Atlantic golden crab controlled... ATLANTIC Effort Limitations § 622.17 South Atlantic golden crab controlled access. (a) General. In accordance with the procedures specified in the Fishery Management Plan for the Golden Crab Fishery of...

  12. 50 CFR 622.241 - South Atlantic golden crab controlled access.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 50 Wildlife and Fisheries 12 2013-10-01 2013-10-01 false South Atlantic golden crab controlled..., AND SOUTH ATLANTIC Golden Crab Fishery of the South Atlantic Region § 622.241 South Atlantic golden crab controlled access. (a) General. In accordance with the procedures specified in the...

  13. 50 CFR 622.241 - South Atlantic golden crab controlled access.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 50 Wildlife and Fisheries 12 2014-10-01 2014-10-01 false South Atlantic golden crab controlled..., AND SOUTH ATLANTIC Golden Crab Fishery of the South Atlantic Region § 622.241 South Atlantic golden crab controlled access. (a) General. In accordance with the procedures specified in the...

  14. 50 CFR 622.17 - South Atlantic golden crab controlled access.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 50 Wildlife and Fisheries 10 2011-10-01 2011-10-01 false South Atlantic golden crab controlled... ATLANTIC Effort Limitations § 622.17 South Atlantic golden crab controlled access. (a) General. In accordance with the procedures specified in the Fishery Management Plan for the Golden Crab Fishery of...

  15. 76 FR 38293 - Risk Management Controls for Brokers or Dealers With Market Access

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-06-30

    ... reports.\\10\\ \\1\\ See Exchange Act Release No. 63241 (Nov. 3, 2010), 75 FR 69792 (Nov. 15, 2010) (``Rule... COMMISSION 17 CFR Part 240 RIN 3235-AK53 Risk Management Controls for Brokers or Dealers With Market Access... establish, document, and maintain a system of risk management controls and supervisory procedures...

  16. 50 CFR 648.82 - Effort-control program for NE multispecies limited access vessels.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 50 Wildlife and Fisheries 10 2011-10-01 2011-10-01 false Effort-control program for NE...-control program for NE multispecies limited access vessels. (a) Except as provided in §§ 648.17 and 648.82... program described in this section, unless otherwise provided elsewhere in this part. (1) End-of-year...

  17. 75 FR 4007 - Risk Management Controls for Brokers or Dealers With Market Access

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-01-26

    .... 40354 (August 24, 1998), 63 FR 46264 (August 31, 1998) (NASD NTM-98-66). Certain market participants may... subscribers to ATSs, appropriately control the risks associated with market access, so as not to jeopardize... unaware of the trading activity occurring under its market identifier and have no mechanism to control...

  18. Analysis of Decision Factors for the Application of Information Access Controls within the Organization

    ERIC Educational Resources Information Center

    Foerster, Carl A.

    2013-01-01

    The application of access controls on internal information necessarily impacts the availability of that information for sharing inside the enterprise. The decisions establishing the degree of control are a crucial first step to balance the requirements to protect and share. This research develops a set of basic decision factors and examines other…

  19. 15. Front security entrance to the perimeter acquisition radar building, ...

    Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

    15. Front security entrance to the perimeter acquisition radar building, showing rotogates 1 and 2 and entrance door to security operations control center (SOCC), room #108 - Stanley R. Mickelsen Safeguard Complex, Perimeter Acquisition Radar Building, Limited Access Area, between Limited Access Patrol Road & Service Road A, Nekoma, Cavalier County, ND

  20. Cryptographically secure hardware random number generator dedicated for distributed measurement and control systems

    NASA Astrophysics Data System (ADS)

    Czernik, Pawel

    The chaotic signal generator based on the theory of nonlinear dynamical systems for applications in cryptographically secure distributed measurement and control systems with asymmetric resources is presented. This system was implemented on the basis of the physical chaotic electronic vibration generator in which the resonant circuit is composed of two capacitors, two resistors, coil and transistor, called the Colpitts oscillator. The presented system was designed, programmed and thoroughly tested in the term of cryptographic security in our laboratory, what there is the most important part of this publication. True cryptographic security was tested based on the author's software and the software environment called RDieHarder. The obtained results will be here presented and analyzed in detail with particular reference to the specificity of distributed measurement and control systems with asymmetric resources.

  1. Cyber Security for the Spaceport Command and Control System: Vulnerability Management and Compliance Analysis

    NASA Technical Reports Server (NTRS)

    Gunawan, Ryan A.

    2016-01-01

    With the rapid development of the Internet, the number of malicious threats to organizations is continually increasing. In June of 2015, the United States Office of Personnel Management (OPM) had a data breach resulting in the compromise of millions of government employee records. The National Aeronautics and Space Administration (NASA) is not exempt from these attacks. Cyber security is becoming a critical facet to the discussion of moving forward with projects. The Spaceport Command and Control System (SCCS) project at the Kennedy Space Center (KSC) aims to develop the launch control system for the next generation launch vehicle in the coming decades. There are many ways to increase the security of the network it uses, from vulnerability management to ensuring operating system images are compliant with securely configured baselines recommended by the United States Government.

  2. Automatic Learning of Fine Operating Rules for Online Power System Security Control.

    PubMed

    Sun, Hongbin; Zhao, Feng; Wang, Hao; Wang, Kang; Jiang, Weiyong; Guo, Qinglai; Zhang, Boming; Wehenkel, Louis

    2016-08-01

    Fine operating rules for security control and an automatic system for their online discovery were developed to adapt to the development of smart grids. The automatic system uses the real-time system state to determine critical flowgates, and then a continuation power flow-based security analysis is used to compute the initial transfer capability of critical flowgates. Next, the system applies the Monte Carlo simulations to expected short-term operating condition changes, feature selection, and a linear least squares fitting of the fine operating rules. The proposed system was validated both on an academic test system and on a provincial power system in China. The results indicated that the derived rules provide accuracy and good interpretability and are suitable for real-time power system security control. The use of high-performance computing systems enables these fine operating rules to be refreshed online every 15 min. PMID:25680217

  3. Governmental Control of the Internet in addressing Law Enforcement and National Security

    NASA Astrophysics Data System (ADS)

    Watney, Murdoch

    Some people contended that governmental regulation of the Internet would not be possible due to its inherent characteristics. This paper relates how governments, in addressing law enforcement and national security, have taken control of the Internet by means of legislation. Consideration is given to the influence and impact of powerful governments on the legal regulation of the Internet. It is pointed out that when addressing law enforcement and national security the borderless nature of the Internet is in reality bordered. It is concluded that in striving towards law enforcement and national security, enforcement of governmental control of the Internet is not easily achieved without the assistance of the Internet Service Provider (ISP) as well as international assistance and co-operation.

  4. Improving Control System Cyber-State Awareness using Known Secure Sensor Measurements

    SciTech Connect

    Ondrej Linda; Milos Manic; Miles McQueen

    2012-09-01

    Abstract—This paper presents design and simulation of a low cost and low false alarm rate method for improved cyber-state awareness of critical control systems - the Known Secure Sensor Measurements (KSSM) method. The KSSM concept relies on physical measurements to detect malicious falsification of the control systems state. The KSSM method can be incrementally integrated with already installed control systems for enhanced resilience. This paper reviews the previously developed theoretical KSSM concept and then describes a simulation of the KSSM system. A simulated control system network is integrated with the KSSM components. The effectiveness of detection of various intrusion scenarios is demonstrated on several control system network topologies.

  5. Security and SCADA protocols

    SciTech Connect

    Igure, V. M.; Williams, R. D.

    2006-07-01

    Supervisory control and data acquisition (SCADA) networks have replaced discrete wiring for many industrial processes, and the efficiency of the network alternative suggests a trend toward more SCADA networks in the future. This paper broadly considers SCADA to include distributed control systems (DCS) and digital control systems. These networks offer many advantages, but they also introduce potential vulnerabilities that can be exploited by adversaries. Inter-connectivity exposes SCADA networks to many of the same threats that face the public internet and many of the established defenses therefore show promise if adapted to the SCADA differences. This paper provides an overview of security issues in SCADA networks and ongoing efforts to improve the security of these networks. Initially, a few samples from the range of threats to SCADA network security are offered. Next, attention is focused on security assessment of SCADA communication protocols. Three challenges must be addressed to strengthen SCADA networks. Access control mechanisms need to be introduced or strengthened, improvements are needed inside of the network to enhance security and network monitoring, and SCADA security management improvements and policies are needed. This paper discusses each of these challenges. This paper uses the Profibus protocol as an example to illustrate some of the vulnerabilities that arise within SCADA networks. The example Profibus security assessment establishes a network model and an attacker model before proceeding to a list of example attacks. (authors)

  6. 10 CFR 20.1801 - Security of stored material.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 10 Energy 1 2010-01-01 2010-01-01 false Security of stored material. 20.1801 Section 20.1801 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Storage and Control of Licensed Material § 20.1801 Security of stored material. The licensee shall secure from unauthorized removal or access licensed materials that...

  7. Secure Information Sharing

    2005-09-09

    We are develoing a peer-to-peer system to support secure, location independent information sharing in the scientific community. Once complete, this system will allow seamless and secure sharing of information between multiple collaborators. The owners of information will be able to control how the information is stored, managed. ano shared. In addition, users will have faster access to information updates within a collaboration. Groups collaborating on scientific experiments have a need to share information and data.more » This information and data is often represented in the form of files and database entries. In a typical scientific collaboration, there are many different locations where data would naturally be stored. This makes It difficult for collaborators to find and access the information they need. Our goal is to create a lightweight file-sharing system that makes it’easy for collaborators to find and use the data they need. This system must be easy-to-use, easy-to-administer, and secure. Our information-sharing tool uses group communication, in particular the InterGroup protocols, to reliably deliver each query to all of the current participants in a scalable manner, without having to discover all of their identities. We will use the Secure Group Layer (SGL) and Akenti to provide security to the participants of our environment, SGL will provide confldentiality, integrity, authenticity, and authorization enforcement for the InterGroup protocols and Akenti will provide access control to other resources.« less

  8. 27 CFR 73.12 - What security controls must I use for identification codes and passwords?

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 27 Alcohol, Tobacco Products and Firearms 2 2014-04-01 2014-04-01 false What security controls must I use for identification codes and passwords? 73.12 Section 73.12 Alcohol, Tobacco Products and Firearms ALCOHOL AND TOBACCO TAX AND TRADE BUREAU, DEPARTMENT OF THE TREASURY (CONTINUED) PROCEDURES...

  9. 27 CFR 73.12 - What security controls must I use for identification codes and passwords?

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 27 Alcohol, Tobacco Products and Firearms 2 2012-04-01 2011-04-01 true What security controls must I use for identification codes and passwords? 73.12 Section 73.12 Alcohol, Tobacco Products and Firearms ALCOHOL AND TOBACCO TAX AND TRADE BUREAU, DEPARTMENT OF THE TREASURY (CONTINUED) PROCEDURES...

  10. 27 CFR 73.12 - What security controls must I use for identification codes and passwords?

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 27 Alcohol, Tobacco Products and Firearms 2 2011-04-01 2011-04-01 false What security controls must I use for identification codes and passwords? 73.12 Section 73.12 Alcohol, Tobacco Products and Firearms ALCOHOL AND TOBACCO TAX AND TRADE BUREAU, DEPARTMENT OF THE TREASURY (CONTINUED) PROCEDURES...

  11. 27 CFR 73.12 - What security controls must I use for identification codes and passwords?

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 27 Alcohol, Tobacco Products and Firearms 2 2010-04-01 2010-04-01 false What security controls must I use for identification codes and passwords? 73.12 Section 73.12 Alcohol, Tobacco Products and Firearms ALCOHOL AND TOBACCO TAX AND TRADE BUREAU, DEPARTMENT OF THE TREASURY (CONTINUED) PROCEDURES...

  12. 27 CFR 73.12 - What security controls must I use for identification codes and passwords?

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 27 Alcohol, Tobacco Products and Firearms 2 2013-04-01 2013-04-01 false What security controls must I use for identification codes and passwords? 73.12 Section 73.12 Alcohol, Tobacco Products and Firearms ALCOHOL AND TOBACCO TAX AND TRADE BUREAU, DEPARTMENT OF THE TREASURY (CONTINUED) PROCEDURES...

  13. 77 FR 23492 - Announcement of Funding Awards; Capital Fund Safety and Security Grants; Fiscal Year 2011

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-04-19

    ... Terrace, Hartford, CT Security Lighting, 06106-3728. Video Recorders. Housing Authority of the City of 244.../ 249,932 Security Access Control 2\\ Monroe Street, Norwalk, CT System/Security 06856-2926. Lighting... Lighting. FL 32202-3938. Newnan Housing Authority, 48 Ball 250,000 Security Camera System/ Street,...

  14. 17 CFR 38.607 - Direct access.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 17 Commodity and Securities Exchanges 1 2013-04-01 2013-04-01 false Direct access. 38.607 Section 38.607 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION DESIGNATED CONTRACT... financial risk, such as automated pre-trade controls that enable member futures commission merchants...

  15. 17 CFR 38.607 - Direct access.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 1 2014-04-01 2014-04-01 false Direct access. 38.607 Section 38.607 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION DESIGNATED CONTRACT... financial risk, such as automated pre-trade controls that enable member futures commission merchants...

  16. Joint Random Access and Power Control Game in Ad Hoc Networks with Noncooperative Users

    NASA Astrophysics Data System (ADS)

    Long, Chengnian; Guan, Xinping

    We consider a distributed joint random access and power control scheme for interference management in wireless ad hoc networks. To derive decentralized solutions that do not require any cooperation among the users, we formulate this problem as non-cooperative joint random access and power control game, in which each user minimizes its average transmission cost with a given rate constraint. Using supermodular game theory, the existence and uniqueness of Nash equilibrium are established. Furthermore, we present an asynchronous distributed algorithm to compute the solution of the game based on myopic best response updates, which converges to Nash equilibrium globally.

  17. Real time test bed development for power system operation, control and cyber security

    NASA Astrophysics Data System (ADS)

    Reddi, Ram Mohan

    The operation and control of the power system in an efficient way is important in order to keep the system secure, reliable and economical. With advancements in smart grid, several new algorithms have been developed for improved operation and control. These algorithms need to be extensively tested and validated in real time before applying to the real electric power grid. This work focuses on the development of a real time test bed for testing and validating power system control algorithms, hardware devices and cyber security vulnerability. The test bed developed utilizes several hardware components including relays, phasor measurement units, phasor data concentrator, programmable logic controllers and several software tools. Current work also integrates historian for power system monitoring and data archiving. Finally, two different power system test cases are simulated to demonstrate the applications of developed test bed. The developed test bed can also be used for power system education.

  18. Security during the Construction of New Nuclear Power Plants: Technical Basis for Access Authorization and Fitness-For-Duty Requirements

    SciTech Connect

    Branch, Kristi M.; Baker, Kathryn A.

    2009-09-01

    A technical letter report to the NRC summarizing the findings of a benchmarking study, literature review, and workshop with experts on current industry standards and expert judgments about needs for security during the construction phase of critical infrastructure facilities in the post-September 11 U.S. context, with a special focus on the construction phase of nuclear power plants and personnel security measures.

  19. Performance Evaluation of Virtualization Techniques for Control and Access of Storage Systems in Data Center Applications

    NASA Astrophysics Data System (ADS)

    Ahmadi, Mohammad Reza

    2013-09-01

    Virtualization is a new technology that creates virtual environments based on the existing physical resources. This article evaluates effect of virtualization techniques on control servers and access method in storage systems [1, 2]. In control server virtualization, we have presented a tile based evaluation based on heterogeneous workloads to compare several key parameters and demonstrate effectiveness of virtualization techniques. Moreover, we have evaluated the virtualized model using VMotion techniques and maximum consolidation. In access method, we have prepared three different scenarios using direct, semi-virtual, and virtual attachment models. We have evaluated the proposed models with several workloads including OLTP database, data streaming, file server, web server, etc. Results of evaluation for different criteria confirm that server virtualization technique has high throughput and CPU usage as well as good performance with noticeable agility. Also virtual technique is a successful alternative for accessing to the storage systems especially in large capacity systems. This technique can therefore be an effective solution for expansion of storage area and reduction of access time. Results of different evaluation and measurements demonstrate that the virtualization in control server and full virtual access provide better performance and more agility as well as more utilization in the systems and improve business continuity plan.

  20. Nonorthogonal CSK/CDMA with Received-Power Adaptive Access Control Scheme

    NASA Astrophysics Data System (ADS)

    Komuro, Nobuyoshi; Habuchi, Hiromasa; Tsuboi, Toshinori

    The measurements for Multiple Access Interference (MAI) problems and the improvement of the data rate are key issues on the advanced wireless networks. In this paper, the nonorthogonal Code Shift Keying Code Division Multiple Access (CSK/CDMA) with received-power adaptive access control scheme is proposed. In our system, a user who is ready to send measures the received power from other users, and then the user decides whether to transmit or refrain from transmission according to the received power and a pre-decided threshold. Not only overcoming the MAI problems, but our system also improve the throughput performance. The throughput performance of the proposed system is evaluated by theoretical analysis. Consequently, the nonorthogonal CSK/CDMA system improves by applying received-power adaptive access control. It was also found that the throughput performance of the nonorthogonal CSK/CDMA system is better than that of the orthogonal CSK/CDMA system at any Eb/N0. We conclude that the nonorthogonal CSK/CDMA system with received-power adaptive access control scheme is expected to be effective in advanced wireless networks.