Science.gov

Sample records for addressing software security

  1. Addressing Software Security

    NASA Technical Reports Server (NTRS)

    Bailey, Brandon

    2015-01-01

    Historically security within organizations was thought of as an IT function (web sites/servers, email, workstation patching, etc.) Threat landscape has evolved (Script Kiddies, Hackers, Advanced Persistent Threat (APT), Nation States, etc.) Attack surface has expanded -Networks interconnected!! Some security posture factors Network Layer (Routers, Firewalls, etc.) Computer Network Defense (IPS/IDS, Sensors, Continuous Monitoring, etc.) Industrial Control Systems (ICS) Software Security (COTS, FOSS, Custom, etc.)

  2. Addressing software security risk mitigations in the life cycle

    NASA Technical Reports Server (NTRS)

    Gilliam, David; Powell, John; Haugh, Eric; Bishop, Matt

    2003-01-01

    The NASA Office of Safety and Mission Assurance (OSMA) has funded the Jet Propulsion Laboratory (JPL) with a Center Initiative, 'Reducing Software Security Risk through an Integrated Approach' (RSSR), to address this need. The Initiative is a formal approach to addressing software security in the life cycle through the instantiation of a Software Security Assessment Instrument (SSAI) for the development and maintenance life cycles.

  3. Addressing software security and mitigations in the life cycle

    NASA Technical Reports Server (NTRS)

    Gilliam, David; Powell, John; Haugh, Eric; Bishop, Matt

    2003-01-01

    Traditionally, security is viewed as an organizational and Information Technology (IIJ systems function comprising of Firewalls, intrusion detection systems (IDS), system security settings and patches to the operating system (OS) and applications running on it. Until recently, little thought has been given to the importance of security as a formal approach in the software life cycle. The Jet Propulsion Laboratory has approached the problem through the development of an integrated formal Software Security Assessment Instrument (SSAI) with six foci for the software life cycle.

  4. Addressing software security and mitigations in the life cycle

    NASA Technical Reports Server (NTRS)

    Gilliam, David; Powell, John; Haugh, Eric; Bishop, Matt

    2004-01-01

    Traditionally, security is viewed as an organizational and Information Technology (IT) systems function comprising of firewalls, intrusion detection systems (IDS), system security settings and patches to the operating system (OS) and applications running on it. Until recently, little thought has been given to the importance of security as a formal approach in the software life cycle. The Jet Propulsion Laboratory has approached the problem through the development of an integrated formal Software Security Assessment Instrument (SSAI) with six foci for the software life cycle.

  5. Addressing Information Security Risk

    ERIC Educational Resources Information Center

    Qayoumi, Mohammad H.; Woody, Carol

    2005-01-01

    Good information security does not just happen--and often does not happen at all. Resources are always in short supply, and there are always other needs that seem more pressing. Why? Because information security is hard to define, the required tasks are unclear, and the work never seems to be finished. However, the loss to the organization can be…

  6. Security System Software

    NASA Technical Reports Server (NTRS)

    1993-01-01

    C Language Integration Production System (CLIPS), a NASA-developed expert systems program, has enabled a security systems manufacturer to design a new generation of hardware. C.CURESystem 1 Plus, manufactured by Software House, is a software based system that is used with a variety of access control hardware at installations around the world. Users can manage large amounts of information, solve unique security problems and control entry and time scheduling. CLIPS acts as an information management tool when accessed by C.CURESystem 1 Plus. It asks questions about the hardware and when given the answer, recommends possible quick solutions by non-expert persons.

  7. Software security checklist for the software life cycle

    NASA Technical Reports Server (NTRS)

    Gilliam, D. P.; Wolfe, T. L.; Sherif, J. S.

    2002-01-01

    A formal approach to security in the software life cycle is essential to protect corporate resources. However, little thought has been given to this aspect of software development. Due to its criticality, security should be integrated as a formal approach in the software life cycle.

  8. Security Risks: Management and Mitigation in the Software Life Cycle

    NASA Technical Reports Server (NTRS)

    Gilliam, David P.

    2004-01-01

    A formal approach to managing and mitigating security risks in the software life cycle is requisite to developing software that has a higher degree of assurance that it is free of security defects which pose risk to the computing environment and the organization. Due to its criticality, security should be integrated as a formal approach in the software life cycle. Both a software security checklist and assessment tools should be incorporated into this life cycle process and integrated with a security risk assessment and mitigation tool. The current research at JPL addresses these areas through the development of a Sotfware Security Assessment Instrument (SSAI) and integrating it with a Defect Detection and Prevention (DDP) risk management tool.

  9. Addressing social resistance in emerging security technologies.

    PubMed

    Mitchener-Nissen, Timothy

    2013-01-01

    In their efforts to enhance the safety and security of citizens, governments and law enforcement agencies look to scientists and engineers to produce modern methods for preventing, detecting, and prosecuting criminal activities. Whole body scanners, lie detection technologies, biometrics, etc., are all being developed for incorporation into the criminal justice apparatus. Yet despite their purported security benefits these technologies often evoke social resistance. Concerns over privacy, ethics, and function-creep appear repeatedly in analyses of these technologies. It is argued here that scientists and engineers continue to pay insufficient attention to this resistance; acknowledging the presence of these social concerns yet failing to meaningfully address them. In so doing they place at risk the very technologies and techniques they are seeking to develop, for socially controversial security technologies face restrictions and in some cases outright banning. By identifying sources of potential social resistance early in the research and design process, scientists can both engage with the public in meaningful debate and modify their security technologies before deployment so as to minimize social resistance and enhance uptake. PMID:23970863

  10. Addressing social resistance in emerging security technologies

    PubMed Central

    Mitchener-Nissen, Timothy

    2013-01-01

    In their efforts to enhance the safety and security of citizens, governments and law enforcement agencies look to scientists and engineers to produce modern methods for preventing, detecting, and prosecuting criminal activities. Whole body scanners, lie detection technologies, biometrics, etc., are all being developed for incorporation into the criminal justice apparatus.1 Yet despite their purported security benefits these technologies often evoke social resistance. Concerns over privacy, ethics, and function-creep appear repeatedly in analyses of these technologies. It is argued here that scientists and engineers continue to pay insufficient attention to this resistance; acknowledging the presence of these social concerns yet failing to meaningfully address them. In so doing they place at risk the very technologies and techniques they are seeking to develop, for socially controversial security technologies face restrictions and in some cases outright banning. By identifying sources of potential social resistance early in the research and design process, scientists can both engage with the public in meaningful debate and modify their security technologies before deployment so as to minimize social resistance and enhance uptake. PMID:23970863

  11. Secure software practices among Malaysian software practitioners: An exploratory study

    NASA Astrophysics Data System (ADS)

    Mohamed, Shafinah Farvin Packeer; Baharom, Fauziah; Deraman, Aziz; Yahya, Jamaiah; Mohd, Haslina

    2016-08-01

    Secure software practices is increasingly gaining much importance among software practitioners and researchers due to the rise of computer crimes in the software industry. It has become as one of the determinant factors for producing high quality software. Even though its importance has been revealed, its current practice in the software industry is still scarce, particularly in Malaysia. Thus, an exploratory study is conducted among software practitioners in Malaysia to study their experiences and practices in the real-world projects. This paper discusses the findings from the study, which involved 93 software practitioners. Structured questionnaire is utilized for data collection purpose whilst statistical methods such as frequency, mean, and cross tabulation are used for data analysis. Outcomes from this study reveal that software practitioners are becoming increasingly aware on the importance of secure software practices, however, they lack of appropriate implementation, which could affect the quality of produced software.

  12. Software Development Life Cycle Security Issues

    NASA Astrophysics Data System (ADS)

    Kaur, Daljit; Kaur, Parminder

    2011-12-01

    Security is now-a-days one of the major problems because of many reasons. Security is now-a-days one of the major problems because of many reasons. The main cause is that software can't withstand security attacks because of vulnerabilities in it which are caused by defective specifications design and implementation. We have conducted a survey asking software developers, project managers and other people in software development about their security awareness and implementation in Software Development Life Cycle (SDLC). The survey was open to participation for three weeks and this paper explains the survey results.

  13. Development of a software security assessment instrument to reduce software security risk

    NASA Technical Reports Server (NTRS)

    Gilliam, D. P.; Kelly, J. C.; Powell, J. D.; Bishop, M.

    2001-01-01

    This paper discusses development of a security assessment instrument for the software development and maintenance life cycle. The assessment instrument is a collection of tools and procedures to support development of secure software.

  14. Interactive Programming Support for Secure Software Development

    ERIC Educational Resources Information Center

    Xie, Jing

    2012-01-01

    Software vulnerabilities originating from insecure code are one of the leading causes of security problems people face today. Unfortunately, many software developers have not been adequately trained in writing secure programs that are resistant from attacks violating program confidentiality, integrity, and availability, a style of programming…

  15. Software Security - The Dangers of Abstraction

    NASA Astrophysics Data System (ADS)

    Gollmann, Dieter

    Software insecurity can be explained as a potpourri of hacking methods, ranging from the familiar, e.g. buffer overruns, to the exotic, e.g. code insertion with Chinese characters. From such an angle software security would just be a collection of specific countermeasures. We will observe a common principle that can guide a structured presentation of software security and give guidance for future research directions: There exists a discrepancy between the abstract programming concepts used by software developers and their concrete implementation on the given execution platform. In support of this thesis, five case studies will be discussed, viz characters, integers, variables, atomic transactions, and double linked lists.

  16. Formal assessment instrument for ensuring the security of NASA's networks, systems and software

    NASA Technical Reports Server (NTRS)

    Gilliam, D. P.; Powell, J. D.; Sherif, J.

    2002-01-01

    To address the problem of security for NASA's networks, systems and software, NASA has funded the Jet Propulsion Lab in conjunction with UC Davis to begin work on developing a software security assessment instrument for use in the software development and maintenance life cycle.

  17. Using software security analysis to verify the secure socket layer (SSL) protocol

    NASA Technical Reports Server (NTRS)

    Powell, John D.

    2004-01-01

    nal Aeronautics and Space Administration (NASA) have tens of thousands of networked computer systems and applications. Software Security vulnerabilities present risks such as lost or corrupted data, information the3, and unavailability of critical systems. These risks represent potentially enormous costs to NASA. The NASA Code Q research initiative 'Reducing Software Security Risk (RSSR) Trough an Integrated Approach '' offers, among its capabilities, formal verification of software security properties, through the use of model based verification (MBV) to address software security risks. [1,2,3,4,5,6] MBV is a formal approach to software assurance that combines analysis of software, via abstract models, with technology, such as model checkers, that provide automation of the mechanical portions of the analysis process. This paper will discuss: The need for formal analysis to assure software systems with respect to software and why testing alone cannot provide it. The means by which MBV with a Flexible Modeling Framework (FMF) accomplishes the necessary analysis task. An example of FMF style MBV in the verification of properties over the Secure Socket Layer (SSL) communication protocol as a demonstration.

  18. Adopting Open Source Software to Address Software Risks during the Scientific Data Life Cycle

    NASA Astrophysics Data System (ADS)

    Vinay, S.; Downs, R. R.

    2012-12-01

    Software enables the creation, management, storage, distribution, discovery, and use of scientific data throughout the data lifecycle. However, the capabilities offered by software also present risks for the stewardship of scientific data, since future access to digital data is dependent on the use of software. From operating systems to applications for analyzing data, the dependence of data on software presents challenges for the stewardship of scientific data. Adopting open source software provides opportunities to address some of the proprietary risks of data dependence on software. For example, in some cases, open source software can be deployed to avoid licensing restrictions for using, modifying, and transferring proprietary software. The availability of the source code of open source software also enables the inclusion of modifications, which may be contributed by various community members who are addressing similar issues. Likewise, an active community that is maintaining open source software can be a valuable source of help, providing an opportunity to collaborate to address common issues facing adopters. As part of the effort to meet the challenges of software dependence for scientific data stewardship, risks from software dependence have been identified that exist during various times of the data lifecycle. The identification of these risks should enable the development of plans for mitigating software dependencies, where applicable, using open source software, and to improve understanding of software dependency risks for scientific data and how they can be reduced during the data life cycle.

  19. Software Security in the University Computer Laboratories.

    ERIC Educational Resources Information Center

    Kung, Mable T.

    1989-01-01

    Discussion of software security in university computer laboratories focuses on the causes of computer viruses. Possible ways to detect an infected disk are described; strategies for professors, students, and computer personnel to eradicate the spread of a computer virus are proposed; and two resources for further information are given. (LRW)

  20. Software For Computer-Security Audits

    NASA Technical Reports Server (NTRS)

    Arndt, Kate; Lonsford, Emily

    1994-01-01

    Information relevant to potential breaches of security gathered efficiently. Automated Auditing Tools for VAX/VMS program includes following automated software tools performing noted tasks: Privileged ID Identification, program identifies users and their privileges to circumvent existing computer security measures; Critical File Protection, critical files not properly protected identified; Inactive ID Identification, identifications of users no longer in use found; Password Lifetime Review, maximum lifetimes of passwords of all identifications determined; and Password Length Review, minimum allowed length of passwords of all identifications determined. Written in DEC VAX DCL language.

  1. Reducing software security risk through an integrated approach

    NASA Technical Reports Server (NTRS)

    Gilliam, D. P.; Powell, J. D.; Bishop, M.; Kelly, J.

    2001-01-01

    This paper presents research on the generation of a software security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

  2. Demographic-Based Perceptions of Adequacy of Software Security's Presence within Individual Phases of the Software Development Life Cycle

    ERIC Educational Resources Information Center

    Kramer, Aleksey

    2013-01-01

    The topic of software security has become paramount in information technology (IT) related scholarly research. Researchers have addressed numerous software security topics touching on all phases of the Software Development Life Cycle (SDLC): requirements gathering phase, design phase, development phase, testing phase, and maintenance phase.…

  3. Secure it now or secure it later: the benefits of addressing cyber-security from the outset

    NASA Astrophysics Data System (ADS)

    Olama, Mohammed M.; Nutaro, James

    2013-05-01

    The majority of funding for research and development (R&D) in cyber-security is focused on the end of the software lifecycle where systems have been deployed or are nearing deployment. Recruiting of cyber-security personnel is similarly focused on end-of-life expertise. By emphasizing cyber-security at these late stages, security problems are found and corrected when it is most expensive to do so, thus increasing the cost of owning and operating complex software systems. Worse, expenditures on expensive security measures often mean less money for innovative developments. These unwanted increases in cost and potential slowing of innovation are unavoidable consequences of an approach to security that finds and remediate faults after software has been implemented. We argue that software security can be improved and the total cost of a software system can be substantially reduced by an appropriate allocation of resources to the early stages of a software project. By adopting a similar allocation of R&D funds to the early stages of the software lifecycle, we propose that the costs of cyber-security can be better controlled and, consequently, the positive effects of this R&D on industry will be much more pronounced.

  4. Hydrocomplexity: Addressing water security and emergent environmental risks

    NASA Astrophysics Data System (ADS)

    Kumar, Praveen

    2015-07-01

    Water security and emergent environmental risks are among the most significant societal concerns. They are highly interlinked to other global risks such as those related to climate, human health, food, human migration, biodiversity loss, urban sustainability, etc. Emergent risks result from the confluence of unanticipated interactions from evolving interdependencies between complex systems, such as those embedded in the water cycle. They are associated with the novelty of dynamical possibilities that have significant potential consequences to human and ecological systems, and not with probabilities based on historical precedence. To ensure water security we need to be able to anticipate the likelihood of risk possibilities as they present the prospect of the most impact through cascade of vulnerabilities. They arise due to a confluence of nonstationary drivers that include growing population, climate change, demographic shifts, urban growth, and economic expansion, among others, which create novel interdependencies leading to a potential of cascading network effects. Hydrocomplexity aims to address water security and emergent risks through the development of science, methods, and practices with the potential to foster a "Blue Revolution" akin to the Green revolution for food security. It blends both hard infrastructure based solution with soft knowledge driven solutions to increase the range of planning and design, management, mitigation and adaptation strategies. It provides a conceptual and synthetic framework to enable us to integrate discovery science and engineering, observational and information science, computational and communication systems, and social and institutional approaches to address consequential water and environmental challenges.

  5. An Analysis of Open Source Security Software Products Downloads

    ERIC Educational Resources Information Center

    Barta, Brian J.

    2014-01-01

    Despite the continued demand for open source security software, a gap in the identification of success factors related to the success of open source security software persists. There are no studies that accurately assess the extent of this persistent gap, particularly with respect to the strength of the relationships of open source software…

  6. Software programs that address site-specific inventory characteristics issues.

    SciTech Connect

    Dare, J. H.; Cournoyer, M. E.

    2001-01-01

    The proper characterization of Hazardous, Mixed Low-Level, and Mixed Transuranic waste enhances productivity and safety. Hazardous material criteria that need to be considered include physical and health hazards inherent to the waste stream. Other factors that may influence characterization include: particulate diameter, complexing or chelating agent properties, lead, and mercury content, pressurized containers, and P-listed wastes. To meet these requirements are only a simple matter of generating a database with the proper fields. Manufactures and institutional databases bank huge sources of information, such as, work control documents, substance identification, container types, components of mixtures, physical property data, and regulatory data. In this report, utilization of commercially available software programs to take advantage of these resources in addressing waste characterization issues are presented. The application of user-friendly programs eliminates part of the tediousness associated with the complex requirements of certifying to general waste acceptance criteria with minimal impact on programmatic work. In other words, tapping into manufacturer and institutional database provides a way to take advantage of the combined expertise of these resources in managing a cost effective waste certification program as well as adding a quality assurance element to the program.

  7. Secure Video Surveillance System Acquisition Software

    SciTech Connect

    2009-12-04

    The SVSS Acquisition Software collects and displays video images from two cameras through a VPN, and store the images onto a collection controller. The software is configured to allow a user to enter a time window to display up to 2 1/2, hours of video review. The software collects images from the cameras at a rate of 1 image per second and automatically deletes images older than 3 hours. The software code operates in a linux environment and can be run in a virtual machine on Windows XP. The Sandia software integrates the different COTS software together to build the video review system.

  8. Secure Video Surveillance System Acquisition Software

    2009-12-04

    The SVSS Acquisition Software collects and displays video images from two cameras through a VPN, and store the images onto a collection controller. The software is configured to allow a user to enter a time window to display up to 2 1/2, hours of video review. The software collects images from the cameras at a rate of 1 image per second and automatically deletes images older than 3 hours. The software code operates in amore » linux environment and can be run in a virtual machine on Windows XP. The Sandia software integrates the different COTS software together to build the video review system.« less

  9. Computing Legacy Software Behavior to Understand Functionality and Security Properties: An IBM/370 Demonstration

    SciTech Connect

    Linger, Richard C; Pleszkoch, Mark G; Prowell, Stacy J; Sayre, Kirk D; Ankrum, Scott

    2013-01-01

    Organizations maintaining mainframe legacy software can benefit from code modernization and incorporation of security capabilities to address the current threat environment. Oak Ridge National Laboratory is developing the Hyperion system to compute the behavior of software as a means to gain understanding of software functionality and security properties. Computation of functionality is critical to revealing security attributes, which are in fact specialized functional behaviors of software. Oak Ridge is collaborating with MITRE Corporation to conduct a demonstration project to compute behavior of legacy IBM Assembly Language code for a federal agency. The ultimate goal is to understand functionality and security vulnerabilities as a basis for code modernization. This paper reports on the first phase, to define functional semantics for IBM Assembly instructions and conduct behavior computation experiments.

  10. Securing PCs and Data in Libraries and Schools: A Handbook with Menuing, Anti-Virus, and Other Protective Software.

    ERIC Educational Resources Information Center

    Benson, Allen C.

    This handbook is designed to help readers identify and eliminate security risks, with sound recommendations and library-tested security software. Chapter 1 "Managing Your Facilities and Assessing Your Risks" addresses fundamental management responsibilities including planning for a secure system, organizing computer-related information, assessing…

  11. Addressing security issues related to virtual institute distributed activities

    NASA Astrophysics Data System (ADS)

    Stytz, Martin R.; Banks, Sheila B.

    2008-03-01

    One issue confounding the development and experimentation of distributed modeling and simulation environments is the inability of the project team to identify and collaborate with resources, both human and technical, from outside the United States. This limitation is especially significant within the human behavior representation area where areas such as cultural effects research and joint command team behavior modeling require the participation of various cultural and national representatives. To address this limitation, as well as other human behavior representation research issues, NATO Research and Technology Organization initiated a project to develop a NATO virtual institute that enables more effective and more collaborative research into human behavior representation. However, in building and operating a virtual institute one of the chief concerns must be the cyber security of the institute. Because the institute "exists" in cyberspace, all of its activities are susceptible to cyberattacks, subterfuge, denial of service and all of the vulnerabilities that networked computers must face. In our opinion, for the concept of virtual institutes to be successful and useful, their operations and services must be protected from the threats in the cyber environment. A key to developing the required protection is the development and promulgation of standards for cyber security. In this paper, we discuss the types of cyber standards that are required, how new internet technologies can be exploited and can benefit the promulgation, development, maintenance, and robustness of the standards. This paper is organized as follows. Section One introduces the concept of the virtual institutes, the expected benefits, and the motivation for our research and for research in this area. Section Two presents background material and a discussion of topics related to VIs, uman behavior and cultural modeling, and network-centric warfare. Section Three contains a discussion of the

  12. Security Verification Techniques Applied to PatchLink COTS Software

    NASA Technical Reports Server (NTRS)

    Gilliam, David P.; Powell, John D.; Bishop, Matt; Andrew, Chris; Jog, Sameer

    2006-01-01

    Verification of the security of software artifacts is a challenging task. An integrated approach that combines verification techniques can increase the confidence in the security of software artifacts. Such an approach has been developed by the Jet Propulsion Laboratory (JPL) and the University of California at Davis (UC Davis). Two security verification instruments were developed and then piloted on PatchLink's UNIX Agent, a Commercial-Off-The-Shelf (COTS) software product, to assess the value of the instruments and the approach. The two instruments are the Flexible Modeling Framework (FMF) -- a model-based verification instrument (JPL), and a Property-Based Tester (UC Davis). Security properties were formally specified for the COTS artifact and then verified using these instruments. The results were then reviewed to determine the effectiveness of the approach and the security of the COTS product.

  13. Addressing the need for adaptable decision processes within healthcare software.

    PubMed

    Miseldine, P; Taleb-Bendiab, A; England, D; Randles, M

    2007-03-01

    In the healthcare sector, where the decisions made by software aid in the direct treatment of patients, software requires high levels of assurance to ensure the correct interpretation of the tasks it is automating. This paper argues that introducing adaptable decision processes within eHealthcare initiatives can reduce software-maintenance complexity and, due to the instantaneous, distributed deployment of decision models, allow for quicker updates of current best practice, thereby improving patient care. The paper provides a description of a collection of technologies and tools that can be used to provide the required adaptation in a decision process. These tools are evaluated against two case studies that individually highlight different requirements in eHealthcare: a breast-cancer decision-support system, in partnership with several of the UK's leading cancer hospitals, and a dental triage in partnership with the Royal Liverpool Hospital which both show how the complete process flow of software can be abstracted and adapted, and the benefits that arise as a result. PMID:17365643

  14. NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 1

    SciTech Connect

    Thomas D'Agostino

    2009-07-14

    Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

  15. NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 2

    SciTech Connect

    Thomas D'Agostino

    2009-07-14

    Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

  16. NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 2

    ScienceCinema

    Thomas D'Agostino

    2010-09-01

    Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

  17. NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 1

    ScienceCinema

    Thomas D'Agostino

    2010-09-01

    Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

  18. The study on network security based on software engineering

    NASA Astrophysics Data System (ADS)

    Jia, Shande; Ao, Qian

    2012-04-01

    Developing a SP is a sensitive task because the SP itself can lead to security weaknesses if it is not conform to the security properties. Hence, appropriate techniques are necessary to overcome such problems. These techniques must accompany the policy throughout its deployment phases. The main contribution of this paper is then, the proposition of three of these activities: validation, test and multi-SP conflict management. Our techniques are inspired by the well established techniques of the software engineering for which we have found some similarities with the security domain.

  19. Are safety, security, and dependability achievable in software?

    SciTech Connect

    Fletcher, S.K.

    1996-07-01

    Critical software must be safe, secure, and dependable. Traditionally, these have been pursued as separate disciplines. This presentation looks at the traditional approaches and highlights commonalities and differences among them. Each can learn from the history of the others. More importantly, it is imperative to seek a systems approach which blends all three.

  20. Reducing Software Security Risk Through an Integrated Approach

    NASA Technical Reports Server (NTRS)

    Gilliam, D.; Kelly, J.; Bishop, M.

    2000-01-01

    This paper discusses new joint work by the California Institute of Technology's Jet Propulsion Laboratory and the University of California at Davis sponsored by the National Aeronautics and Space Administration to develop a security assessment instrument for the software development and maintenance life cycle.

  1. Security in the Schools.

    ERIC Educational Resources Information Center

    Nelson, Jesse

    1997-01-01

    Discusses the benefits of school library security, software security, and computer security systems. Describes specific products for each type of security system. A sidebar lists names and addresses of security manufacturers and distributors. (AEF)

  2. Application of Lightweight Formal Methods to Software Security

    NASA Technical Reports Server (NTRS)

    Gilliam, David P.; Powell, John D.; Bishop, Matt

    2005-01-01

    Formal specification and verification of security has proven a challenging task. There is no single method that has proven feasible. Instead, an integrated approach which combines several formal techniques can increase the confidence in the verification of software security properties. Such an approach which species security properties in a library that can be reused by 2 instruments and their methodologies developed for the National Aeronautics and Space Administration (NASA) at the Jet Propulsion Laboratory (JPL) are described herein The Flexible Modeling Framework (FMF) is a model based verijkation instrument that uses Promela and the SPIN model checker. The Property Based Tester (PBT) uses TASPEC and a Text Execution Monitor (TEM). They are used to reduce vulnerabilities and unwanted exposures in software during the development and maintenance life cycles.

  3. Addressing the Pilot security problem with gLExec

    SciTech Connect

    Sfiligoi, I.; Koeroo, O.; Venekamp, G.; Yocum, D.; Groep, D.; Petravick, D.; /Fermilab

    2007-09-01

    The Grid security mechanisms were designed under the assumption that users would submit their jobs directly to the Grid gatekeepers. Many groups are however starting to use pilot-based infrastructures, where users submit jobs to a centralized queue and are successively transferred to the Grid resources by the pilot infrastructure. While this approach greatly improves the user experience, it does introduce several security and policy issues, the more serious being the lack of system level protection between the users and the inability for Grid sites to apply fine grained authorization policies. One possible solution to the problem is provided by gLExec, a X.509 aware suexec derivative. By using gLExec, the pilot workflow becomes as secure as any traditional one.

  4. Use of Social Software to Address Literacy and Identity Issues in Second Language Learning

    ERIC Educational Resources Information Center

    Hutchinson, Jill

    2009-01-01

    The emerging trend of social software technology can address many different second language (L2) learner needs through authentic social interaction and a variety of scaffolding processes. Social software connects education with real-life learning and interests, and engages and motivates students. It can facilitate learning environments that are…

  5. Execution of a self-directed risk assessment methodology to address HIPAA data security requirements

    NASA Astrophysics Data System (ADS)

    Coleman, Johnathan

    2003-05-01

    This paper analyzes the method and training of a self directed risk assessment methodology entitled OCTAVE (Operationally Critical Threat Asset and Vulnerability Evaluation) at over 170 DOD medical treatment facilities. It focuses specifically on how OCTAVE built interdisciplinary, inter-hierarchical consensus and enhanced local capabilities to perform Health Information Assurance. The Risk Assessment Methodology was developed by the Software Engineering Institute at Carnegie Mellon University as part of the Defense Health Information Assurance Program (DHIAP). The basis for its success is the combination of analysis of organizational practices and technological vulnerabilities. Together, these areas address the core implications behind the HIPAA Security Rule and can be used to develop Organizational Protection Strategies and Technological Mitigation Plans. A key component of OCTAVE is the inter-disciplinary composition of the analysis team (Patient Administration, IT staff and Clinician). It is this unique composition of analysis team members, along with organizational and technical analysis of business practices, assets and threats, which enables facilities to create sound and effective security policies. The Risk Assessment is conducted in-house, and therefore the process, results and knowledge remain within the organization, helping to build consensus in an environment of differing organizational and disciplinary perspectives on Health Information Assurance.

  6. A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks

    PubMed Central

    Luo, Shibo; Dong, Mianxiong; Ota, Kaoru; Wu, Jun; Li, Jianhua

    2015-01-01

    Software-Defined Networking-based Mobile Networks (SDN-MNs) are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directly to SDN-MNs, and a novel security assessment methodology is needed. In this paper, an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process (AHP) is proposed for SDN-MNs. Firstly, this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP. Secondly, to address the diversity and complexity of SDN-MNs, a novel attack graph definition and attack graph generation algorithm are proposed. In order to quantify security levels, the Node Minimal Effort (NME) is defined to quantify attack cost and derive system security levels based on NME. Thirdly, to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration, we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS) as the methodology. Finally, we offer a case study to validate the proposed methodology. The case study and evaluation show the advantages of the proposed security assessment mechanism. PMID:26694409

  7. A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks.

    PubMed

    Luo, Shibo; Dong, Mianxiong; Ota, Kaoru; Wu, Jun; Li, Jianhua

    2015-01-01

    Software-Defined Networking-based Mobile Networks (SDN-MNs) are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directly to SDN-MNs, and a novel security assessment methodology is needed. In this paper, an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process (AHP) is proposed for SDN-MNs. Firstly, this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP. Secondly, to address the diversity and complexity of SDN-MNs, a novel attack graph definition and attack graph generation algorithm are proposed. In order to quantify security levels, the Node Minimal Effort (NME) is defined to quantify attack cost and derive system security levels based on NME. Thirdly, to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration, we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS) as the methodology. Finally, we offer a case study to validate the proposed methodology. The case study and evaluation show the advantages of the proposed security assessment mechanism. PMID:26694409

  8. Progress in Addressing DNFSB Recommendation 2002-1 Issues: Improving Accident Analysis Software Applications

    SciTech Connect

    VINCENT, ANDREW

    2005-04-25

    Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 2002-1 (''Quality Assurance for Safety-Related Software'') identified a number of quality assurance issues on the use of software in Department of Energy (DOE) facilities for analyzing hazards, and designing and operating controls to prevent or mitigate potential accidents. Over the last year, DOE has begun several processes and programs as part of the Implementation Plan commitments, and in particular, has made significant progress in addressing several sets of issues particularly important in the application of software for performing hazard and accident analysis. The work discussed here demonstrates that through these actions, Software Quality Assurance (SQA) guidance and software tools are available that can be used to improve resulting safety analysis. Specifically, five of the primary actions corresponding to the commitments made in the Implementation Plan to Recommendation 2002-1 are identified and discussed in this paper. Included are the web-based DOE SQA Knowledge Portal and the Central Registry, guidance and gap analysis reports, electronic bulletin board and discussion forum, and a DOE safety software guide. These SQA products can benefit DOE safety contractors in the development of hazard and accident analysis by precluding inappropriate software applications and utilizing best practices when incorporating software results to safety basis documentation. The improvement actions discussed here mark a beginning to establishing stronger, standard-compliant programs, practices, and processes in SQA among safety software users, managers, and reviewers throughout the DOE Complex. Additional effort is needed, however, particularly in: (1) processes to add new software applications to the DOE Safety Software Toolbox; (2) improving the effectiveness of software issue communication; and (3) promoting a safety software quality assurance culture.

  9. Integrating a flexible modeling framework (FMF) with the network security assessment instrument to reduce software security risk

    NASA Technical Reports Server (NTRS)

    Gilliam, D. P.; Powell, J. D.

    2002-01-01

    This paper presents a portion of an overall research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

  10. Personal computer security: part 1. Firewalls, antivirus software, and Internet security suites.

    PubMed

    Caruso, Ronald D

    2003-01-01

    Personal computer (PC) security in the era of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) involves two interrelated elements: safeguarding the basic computer system itself and protecting the information it contains and transmits, including personal files. HIPAA regulations have toughened the requirements for securing patient information, requiring every radiologist with such data to take further precautions. Security starts with physically securing the computer. Account passwords and a password-protected screen saver should also be set up. A modern antivirus program can easily be installed and configured. File scanning and updating of virus definitions are simple processes that can largely be automated and should be performed at least weekly. A software firewall is also essential for protection from outside intrusion, and an inexpensive hardware firewall can provide yet another layer of protection. An Internet security suite yields additional safety. Regular updating of the security features of installed programs is important. Obtaining a moderate degree of PC safety and security is somewhat inconvenient but is necessary and well worth the effort. PMID:12975519

  11. Discovery Channel Telescope software progress report: addressing early commissioning and operations challenges

    NASA Astrophysics Data System (ADS)

    Lacasse, Michael; Lotz, Paul J.

    2014-07-01

    The Discovery Channel Telescope is a 4.3m astronomical research telescope in northern Arizona constructed through a partnership between Discovery Communications and Lowell Observatory. In transition from construction phase to commissioning and operations, we faced a variety of software challenges, both foreseen and unforeseen, and addressed those with a variety of solutions including, isolation of the control systems network, development of an Operations Log application, extension of the interface to instrumentation software, improvements to engineering data analysis, provisions to avoid failure modes, and enhanced user experience. We describe these solutions and present an overview of the current project status.

  12. SOEMPI: A Secure Open Enterprise Master Patient Index Software Toolkit for Private Record Linkage

    PubMed Central

    Toth, Csaba; Durham, Elizabeth; Kantarcioglu, Murat; Xue, Yuan; Malin, Bradley

    2014-01-01

    To mitigate bias in multi-institutional research studies, healthcare organizations need to integrate patient records. However, this process must be accomplished without disclosing the identities of the corresponding patients. Various private record linkage (PRL) techniques have been proposed, but there is a lack of translation into practice because no software suite supports the entire PRL lifecycle. This paper addresses this issue with the introduction of the Secure Open Enterprise Master Patient Index (SOEMPI). We show how SOEMPI covers the PRL lifecycle, illustrate the implementation of several PRL protocols, and provide a runtime analysis for the integration of two datasets consisting of 10,000 records. While the PRL process is slower than a non-secure setting, our analysis shows the majority of processes in a PRL protocol require several seconds or less and that SOEMPI completes the process in approximately two minutes, which is a practical amount of time for integration. PMID:25954421

  13. Secure Naming and Addressing Operations for Store, Carry and Forward Networks

    NASA Technical Reports Server (NTRS)

    Eddy, Wesley M.; Ivancic, William D.; Iannicca, Dennis C.; Ishac, Joseph; Hylton, Alan G.

    2014-01-01

    This paper describes concepts for secure naming and addressing directed at Store, Carry and Forward (SCF) distributed applications, where disconnection and intermittent connectivity between forwarding systems is the norm. The paper provides a brief overview of store, carry and forward distributed applications followed by an in depth discussion of how to securely: create a namespace; allocate names within the namespace; query for names known within a local processing system or connected subnetwork; validate ownership of a given name; authenticate data from a given name; and, encrypt data to a given name. Critical issues such as revocation of names, mobility and the ability to use various namespaces to secure operations or for Quality-of-Service are also presented. Although the concepts presented for naming and addressing have been developed for SCF, they are directly applicable to fully connected systems.

  14. Governmental Control of the Internet in addressing Law Enforcement and National Security

    NASA Astrophysics Data System (ADS)

    Watney, Murdoch

    Some people contended that governmental regulation of the Internet would not be possible due to its inherent characteristics. This paper relates how governments, in addressing law enforcement and national security, have taken control of the Internet by means of legislation. Consideration is given to the influence and impact of powerful governments on the legal regulation of the Internet. It is pointed out that when addressing law enforcement and national security the borderless nature of the Internet is in reality bordered. It is concluded that in striving towards law enforcement and national security, enforcement of governmental control of the Internet is not easily achieved without the assistance of the Internet Service Provider (ISP) as well as international assistance and co-operation.

  15. For telehealth to succeed, privacy and security risks must be identified and addressed.

    PubMed

    Hall, Joseph L; McGraw, Deven

    2014-02-01

    The success of telehealth could be undermined if serious privacy and security risks are not addressed. For example, sensors that are located in a patient's home or that interface with the patient's body to detect safety issues or medical emergencies may inadvertently transmit sensitive information about household activities. Similarly, routine data transmissions from an app or medical device, such as an insulin pump, may be shared with third-party advertisers. Without adequate security and privacy protections for underlying telehealth data and systems, providers and patients will lack trust in the use of telehealth solutions. Although some federal and state guidelines for telehealth security and privacy have been established, many gaps remain. No federal agency currently has authority to enact privacy and security requirements to cover the telehealth ecosystem. This article examines privacy risks and security threats to telehealth applications and summarizes the extent to which technical controls and federal law adequately address these risks. We argue for a comprehensive federal regulatory framework for telehealth, developed and enforced by a single federal entity, the Federal Trade Commission, to bolster trust and fully realize the benefits of telehealth. PMID:24493763

  16. SOFTWARE TOOLS THAT ADDRESS HAZARDOUS MATERIAL ISSUES DURING NUCLEAR FACILITY D and D

    SciTech Connect

    M. COURNOYER; R. GRUNDEMANN

    2001-03-01

    The 49-year-old Chemistry and Metallurgy Research (CMR) Facility is where analytical chemistry and metallurgical studies on samples of plutonium and nuclear materials are conduct in support of the Department of Energy's nuclear weapons program. The CMR Facility is expected to be decontaminated and decommissioned (D and D) over the next ten to twenty years. Over the decades, several hazardous material issues have developed that need to be address. Unstable chemicals must be properly reassigned or disposed of from the workspace during D and D operation. Materials that have critical effects that are primarily chronic in nature, carcinogens, reproductive toxin, and materials that exhibit high chronic toxicity, have unique decontamination requirements, including the decontrolling of areas where these chemicals were used. Certain types of equipment and materials that contain mercury, asbestos, lead, and polychlorinated biphenyls have special provisions that must be addressed. Utilization of commercially available software programs for addressing hazardous material issues during D and D operations such as legacy chemicals and documentation are presented. These user-friendly programs eliminate part of the tediousness associated with the complex requirements of legacy hazardous materials. A key element of this approach is having a program that inventories and tracks all hazardous materials. Without an inventory of chemicals stored in a particular location, many important questions pertinent to D and D operations can be difficult to answer. On the other hand, a well-managed inventory system can address unstable and highly toxic chemicals and hazardous material records concerns before they become an issue. Tapping into the institutional database provides a way to take advantage of the combined expertise of the institution in managing a cost effective D and D program as well as adding a quality assurance element to the program. Using laboratory requirements as a logic flow

  17. Strategies to Address Identified Education Gaps in the Preparation of a National Security Workforce

    SciTech Connect

    2008-06-30

    This report will discuss strategies available to address identified gaps and weaknesses in education efforts aimed at the preparation of a skilled and properly trained national security workforce.The need to adequately train and educate a national security workforce is at a critical juncture. Even though there are an increasing number of college graduates in the appropriate fields, many of these graduates choose to work in the private sector because of more desirable salary and benefit packages. This is contributing to an inability to fill vacant positions at NNSA resulting from high personnel turnover from the large number of retirements. Further, many of the retirees are practically irreplaceable because they are Cold War scientists that have experience and expertise with nuclear weapons.

  18. Addressing security, collaboration, and usability with tactical edge mobile devices and strategic cloud-based systems

    NASA Astrophysics Data System (ADS)

    Graham, Christopher J.

    2012-05-01

    Success in the future battle space is increasingly dependent on rapid access to the right information. Faced with a shrinking budget, the Government has a mandate to improve intelligence productivity, quality, and reliability. To achieve increased ISR effectiveness, leverage of tactical edge mobile devices via integration with strategic cloud-based infrastructure is the single, most likely candidate area for dramatic near-term impact. This paper discusses security, collaboration, and usability components of this evolving space. These three paramount tenets outlined below, embody how mission information is exchanged securely, efficiently, with social media cooperativeness. Tenet 1: Complete security, privacy, and data integrity, must be ensured within the net-centric battle space. This paper discusses data security on a mobile device, data at rest on a cloud-based system, authorization and access control, and securing data transport between entities. Tenet 2: Lack of collaborative information sharing and content reliability jeopardizes mission objectives and limits the end user capability. This paper discusses cooperative pairing of mobile devices and cloud systems, enabling social media style interaction via tagging, meta-data refinement, and sharing of pertinent data. Tenet 3: Fielded mobile solutions must address usability and complexity. Simplicity is a powerful paradigm on mobile platforms, where complex applications are not utilized, and simple, yet powerful, applications flourish. This paper discusses strategies for ensuring mobile applications are streamlined and usable at the tactical edge through focused features sets, leveraging the power of the back-end cloud, minimization of differing HMI concepts, and directed end-user feedback.teInput=

  19. Reducing software security risk through an integrated approach

    NASA Technical Reports Server (NTRS)

    Gilliam, D.; Powell, J.; Kelly, J.; Bishop, M.

    2001-01-01

    The fourth quarter delivery, FY'01 for this RTOP is a Property-Based Testing (PBT), 'Tester's Assistant' (TA). The TA tool is to be used to check compiled and pre-compiled code for potential security weaknesses that could be exploited by hackers. The TA Instrumenter, implemented mostly in C++ (with a small part in Java), parsels two types of files: Java and TASPEC. Security properties to be checked are written in TASPEC. The Instrumenter is used in conjunction with the Tester's Assistant Specification (TASpec)execution monitor to verify the security properties of a given program.

  20. A Security-façade Library for Virtual-observatory Software

    NASA Astrophysics Data System (ADS)

    Rixon, G.

    2009-09-01

    The security-façade library implements, for Java, IVOA's security standards. It supports the authentication mechanisms for SOAP and REST web-services, the sign-on mechanisms (with MyProxy, AstroGrid Accounts protocol or local credential-caches), the delegation protocol, and RFC3820-enabled HTTPS for Apache Tomcat. Using the façade, a developer who is not a security specialist can easily add access control to a virtual-observatory service and call secured services from an application. The library has been an internal part of AstroGrid software for some time and it is now offered for use by other developers.

  1. Addressing food security through public policy action in a community-based participatory research partnership.

    PubMed

    Vásquez, Victoria Breckwich; Lanza, Dana; Hennessey-Lavery, Susana; Facente, Shelley; Halpin, Helen Ann; Minkler, Meredith

    2007-10-01

    Community-based participatory research (CBPR) is an increasingly utilized research approach that involves the affected community identifying a health-related problem, developing a research agenda, and planning an appropriate intervention to address the problem. This report on a CBPR partnership in San Francisco's Bayview Hunters Point neighborhood documents the rise of a community food security policy in response to youth-involved research that found poor access to quality food in an economically disadvantaged area of the city. To analyze the impact of the research on public policy, a framework of specific steps in the policy-making process is used to organize and better understand the partnership's objectives, activities, strategies, and successes. This community-health department partnership has been able to achieve an innovative and sustainable public policy solution, the Good Neighbor Program, by working closely with policy makers and local businesses to expand community accessibility to healthy food. PMID:17728199

  2. Addressing China's grand challenge of achieving food security while ensuring environmental sustainability.

    PubMed

    Lu, Yonglong; Jenkins, Alan; Ferrier, Robert C; Bailey, Mark; Gordon, Iain J; Song, Shuai; Huang, Jikun; Jia, Shaofeng; Zhang, Fusuo; Liu, Xuejun; Feng, Zhaozhong; Zhang, Zhibin

    2015-02-01

    China's increasingly urbanized and wealthy population is driving a growing and changing demand for food, which might not be met without significant increase in agricultural productivity and sustainable use of natural resources. Given the past relationship between lack of access to affordable food and political instability, food security has to be given a high priority on national political agendas in the context of globalization. The drive for increased food production has had a significant impact on the environment, and the deterioration in ecosystem quality due to historic and current levels of pollution will potentially compromise the food production system in China. We discuss the grand challenges of not only producing more food but also producing it sustainably and without environmental degradation. In addressing these challenges, food production should be considered as part of an environmental system (soil, air, water, and biodiversity) and not independent from it. It is imperative that new ways of meeting the demand for food are developed while safeguarding the natural resources upon which food production is based. We present a holistic approach to both science and policy to ensure future food security while embracing the ambition of achieving environmental sustainability in China. It is a unique opportunity for China to be a role model as a new global player, especially for other emerging economies. PMID:26601127

  3. Addressing China’s grand challenge of achieving food security while ensuring environmental sustainability

    PubMed Central

    Lu, Yonglong; Jenkins, Alan; Ferrier, Robert C.; Bailey, Mark; Gordon, Iain J.; Song, Shuai; Huang, Jikun; Jia, Shaofeng; Zhang, Fusuo; Liu, Xuejun; Feng, Zhaozhong; Zhang, Zhibin

    2015-01-01

    China’s increasingly urbanized and wealthy population is driving a growing and changing demand for food, which might not be met without significant increase in agricultural productivity and sustainable use of natural resources. Given the past relationship between lack of access to affordable food and political instability, food security has to be given a high priority on national political agendas in the context of globalization. The drive for increased food production has had a significant impact on the environment, and the deterioration in ecosystem quality due to historic and current levels of pollution will potentially compromise the food production system in China. We discuss the grand challenges of not only producing more food but also producing it sustainably and without environmental degradation. In addressing these challenges, food production should be considered as part of an environmental system (soil, air, water, and biodiversity) and not independent from it. It is imperative that new ways of meeting the demand for food are developed while safeguarding the natural resources upon which food production is based. We present a holistic approach to both science and policy to ensure future food security while embracing the ambition of achieving environmental sustainability in China. It is a unique opportunity for China to be a role model as a new global player, especially for other emerging economies. PMID:26601127

  4. Recent advances to address European Union Health Security from cross border chemical health threats.

    PubMed

    Duarte-Davidson, R; Orford, R; Wyke, S; Griffiths, M; Amlôt, R; Chilcott, R

    2014-11-01

    The European Union (EU) Decision (1082/2013/EU) on serious cross border threats to health was adopted by the European Parliament in November 2013, in recognition of the need to strengthen the capacity of Member States to coordinate the public health response to cross border threats, whether from biological, chemical, environmental events or events which have an unknown origin. Although mechanisms have been in place for years for reporting cross border health threats from communicable diseases, this has not been the case for incidents involving chemicals and/or environmental events. A variety of collaborative EU projects have been funded over the past 10 years through the Health Programme to address gaps in knowledge on health security and to improve resilience and response to major incidents involving chemicals. This paper looks at the EU Health Programme that underpins recent research activities to address gaps in resilience, planning, responding to and recovering from a cross border chemical incident. It also looks at how the outputs from the research programme will contribute to improving public health management of transnational incidents that have the potential to overwhelm national capabilities, putting this into context with the new requirements as the Decision on serious cross border threats to health as well as highlighting areas for future development. PMID:24679379

  5. Reducing software security risk through an integrated approach research initiative model based verification of the Secure Socket Layer (SSL) Protocol

    NASA Technical Reports Server (NTRS)

    Powell, John D.

    2003-01-01

    This document discusses the verification of the Secure Socket Layer (SSL) communication protocol as a demonstration of the Model Based Verification (MBV) portion of the verification instrument set being developed under the Reducing Software Security Risk (RSSR) Trough an Integrated Approach research initiative. Code Q of the National Aeronautics and Space Administration (NASA) funds this project. The NASA Goddard Independent Verification and Validation (IV&V) facility manages this research program at the NASA agency level and the Assurance Technology Program Office (ATPO) manages the research locally at the Jet Propulsion Laboratory (California institute of Technology) where the research is being carried out.

  6. How can we exploit above–belowground interactions to assist in addressing the challenges of food security?

    PubMed Central

    Orrell, Peter; Bennett, Alison E.

    2013-01-01

    Can above–belowground interactions help address issues of food security? We address this question in this manuscript, and review the intersection of above–belowground interactions and food security. We propose that above–belowground interactions could address two strategies identified by Godfray etal. (2010): reducing the Yield Gap, and Increasing Production Limits. In particular, to minimize the difference between potential and realized production (The Yield Gap) above–belowground interactions could be manipulated to reduce losses to pests and increase crop growth (and therefore yields). To Increase Production Limits we propose two mechanisms: utilizing intercropping (which uses multiple aspects of above–belowground interactions) and breeding for traits that promote beneficial above–belowground interactions, as well as breeding mutualistic organisms to improve their provided benefit. As a result, if they are managed correctly, there is great potential for above–belowground interactions to contribute to food security. PMID:24198821

  7. A Proven Methodology for Developing Secure Software and Applying It to Ground Systems

    NASA Technical Reports Server (NTRS)

    Bailey, Brandon

    2016-01-01

    Part Two expands upon Part One in an attempt to translate the methodology for ground system personnel. The goal is to build upon the methodology presented in Part One by showing examples and details on how to implement the methodology. Section 1: Ground Systems Overview; Section 2: Secure Software Development; Section 3: Defense in Depth for Ground Systems; Section 4: What Now?

  8. Informatics in Radiology (infoRAD): personal computer security: part 2. Software Configuration and file protection.

    PubMed

    Caruso, Ronald D

    2004-01-01

    Proper configuration of software security settings and proper file management are necessary and important elements of safe computer use. Unfortunately, the configuration of software security options is often not user friendly. Safe file management requires the use of several utilities, most of which are already installed on the computer or available as freeware. Among these file operations are setting passwords, defragmentation, deletion, wiping, removal of personal information, and encryption. For example, Digital Imaging and Communications in Medicine medical images need to be anonymized, or "scrubbed," to remove patient identifying information in the header section prior to their use in a public educational or research environment. The choices made with respect to computer security may affect the convenience of the computing process. Ultimately, the degree of inconvenience accepted will depend on the sensitivity of the files and communications to be protected and the tolerance of the user. PMID:15371625

  9. Understanding How the "Open" of Open Source Software (OSS) Will Improve Global Health Security.

    PubMed

    Hahn, Erin; Blazes, David; Lewis, Sheri

    2016-01-01

    Improving global health security will require bold action in all corners of the world, particularly in developing settings, where poverty often contributes to an increase in emerging infectious diseases. In order to mitigate the impact of emerging pandemic threats, enhanced disease surveillance is needed to improve early detection and rapid response to outbreaks. However, the technology to facilitate this surveillance is often unattainable because of high costs, software and hardware maintenance needs, limited technical competence among public health officials, and internet connectivity challenges experienced in the field. One potential solution is to leverage open source software, a concept that is unfortunately often misunderstood. This article describes the principles and characteristics of open source software and how it may be applied to solve global health security challenges. PMID:26889576

  10. The Need to Address Mobile Device Security in the Higher Education IT Curriculum

    ERIC Educational Resources Information Center

    Patten, Karen P.; Harris, Mark A.

    2013-01-01

    Mobile devices, including smartphones and tablets, enable users to access corporate data from anywhere. In 2013, people will purchase 1.2 billion mobile devices, surpassing personal computers as the most common method for accessing the Internet. However, security of these mobile devices is a major concern for organizations. The two leading…

  11. Building a gateway with open source software for secure-DICOM communication over insecure networks

    NASA Astrophysics Data System (ADS)

    Emmel, Dirk; Ricke, Jens; Stohlmann, Lutz; Haderer, Alexander; Felix, Roland

    2002-05-01

    For Teleradiology the exchange of DICOM-images is needed for several purposes. Existing solutions often don't consider about the needs for data security and data privacy. Communication is done without any encryption over insecure networks or with encryption using proprietary solutions, which reduces the data communication possibilities to partners with the same equipment. Our goal was to build a gateway, which offers a transparent solution for secure DICOM-communication in a heterogeneous environment We developed a PC-based gateway system with DICOM-communication to the in-house network and secure DICOM communication for the communication over the insecure network. One gateway installed at each location is responsible for encryption/decryption. The sender just transfers the image data over the DICOM protocol to the local gateway. The gateway forwards the data to the gateway on the destination site using the secure DICOM protocol, which is part of the DICOM standard. The receiving gateway forwards the image data to the final destination again using the DICOM-Protocol. The gateway is based on Open Source software and runs under several operating systems. Our experience shows a reliable solution, which solves security issues for DICOM communication of image data and integrates seamless into a heterogeneous DICOM environment.

  12. An Embedded System for Safe, Secure and Reliable Execution of High Consequence Software

    SciTech Connect

    MCCOY,JAMES A.

    2000-08-29

    As more complex and functionally diverse requirements are placed on high consequence embedded applications, ensuring safe and secure operation requires an execution environment that is ultra reliable from a system viewpoint. In many cases the safety and security of the system depends upon the reliable cooperation between the hardware and the software to meet real-time system throughput requirements. The selection of a microprocessor and its associated development environment for an embedded application has the most far-reaching effects on the development and production of the system than any other element in the design. The effects of this choice ripple through the remainder of the hardware design and profoundly affect the entire software development process. While state-of-the-art software engineering principles indicate that an object oriented (OO) methodology provides a superior development environment, traditional programming languages available for microprocessors targeted for deeply embedded applications do not directly support OO techniques. Furthermore, the microprocessors themselves do not typically support nor do they enforce an OO environment. This paper describes a system level approach for the design of a microprocessor intended for use in deeply embedded high consequence applications that both supports and enforces an OO execution environment.

  13. Status of Global Threat Reduction Initiative's Activities Underway to Address Major Domestic Radiological Security Challenges - 12105

    SciTech Connect

    Cuthbertson, Abigail; Jennison, Meaghan

    2012-07-01

    During their service lives, radioactive sealed sources are used for a wide variety of essential purposes. However, each year, thousands of radioactive sealed sources that pose a potential risk to national security, health, and safety become disused and unwanted in the United States. Due to their concentrated activity and portability, these sources could be used in radiological dispersal devices ('dirty bombs'). For more than a decade, the National Nuclear Security Administration and the U.S. Department of Energy, through the Global Threat Reduction Initiative Offsite Source Recovery Project (GTRI/OSRP), have facilitated the removal and disposition of thousands of disused/unwanted sources worldwide. However, the ability of GTRI/OSRP to continue its work is critically dependent on the ability to transport and appropriately dispose of these sources. On that front, GTRI/OSRP progress includes development of two prototype Type B transport containers and significant efforts toward certification, increased commercial disposal access for risk-significant sealed sources at commercial sites, and cooperation through the International Atomic Energy Agency to increase source repatriation. Disused sealed sources continue to pose a national security concern. The impact of a dirty bomb detonation could be costly both financially and to those exposed to the resulting radiation. However, significant progress has been made since 2008 on each of the challenges identified in the DHS Sealed Source Security Workshop. Not only will there be increased opportunity for commercial disposal of many sizes and types of sealed sources, but also stakeholders are studying front-end solutions to the problem of disused sealed sources, such as financial assurance and recycle. The lack of sealed source transport containers is also likely to be mitigated with the development and certification by NNSA of two new Type B models. Internationally, increased efforts at source repatriation will mitigate the

  14. REVIEW OF THE POTENTIAL OF NUCLEAR HYDROGEN FOR ADDRESSING ENERGY SECURITY AND CLIMATE CHANGE

    SciTech Connect

    James E. O'Brien

    2010-06-01

    Nuclear energy has the potential to exert a major positive impact on energy security and climate change by coupling it to the transportation sector, primarily through hydrogen production. In the short term, this coupling will provide carbon-free hydrogen for upgrading increasingly lower quality petroleum resources such as oil sands, offsetting carbon emissions associated with steam methane reforming. In the intermediate term, nuclear hydrogen will be needed for large-scale production of infrastructure-compatible synthetic liquid fuels. In the long term, there is great potential for the use of hydrogen as a direct vehicle fuel, most likely in the form of light-duty pluggable hybrid hydrogen fuel cell vehicles. This paper presents a review of the potential benefits of large-scale nuclear hydrogen production for energy security (i.e. displacing imported petroleum) and reduction of greenhouse gas emissions. Lifecycle benefits of nuclear energy in this context are presented, with reference to recent major publications on this topic. The status of US and international nuclear hydrogen research programs are discussed. Industry progress toward consumer-grade hydrogen fuel cell vehicles are also be examined.

  15. Field gleaning as a tool for addressing food security at the local level: case study.

    PubMed

    Hoisington, A; Butkus, S N; Garrett, S; Beerman, K

    2001-01-01

    Field gleaning, or harvesting crops after the commercial harvest, has been promoted as a way to increase food security; however, the effectiveness of gleaning programs is not well documented. The purpose of this research was to explore the impact of gleaning on individual gleaners and the community by documenting total amounts gleaned, individual uses of produce, and self-reported benefits and barriers to gleaning. During the 1997 season, approximately 50 gleaners participated in the Pierce County Expanded Food and Nutrition Education Program Gleaning Project; 29 participated in an intensive 4-week study to track use of produce by gleaners. Onsite weighing of gleaned produce revealed that of the 110,000 pounds gleaned by these 50 gleaners from Pierce County farms and orchards during 1997, 85,000 pounds (77%) were donated to local emergency food programs; 25,000 pounds (23%) were taken home by gleaners. Of the produce taken home by the 29 study participants, an estimated 9% was used fresh, 48% was preserved for later user, and 43% was shared with others. During a combination of telephone and in-person interviews, gleaners reported using more fresh produce and sharing knowledge about gardening and food preservation. The most important benefits of gleaning were "stretching my food budget" and "helping provide food for the community." Detailed exploration of the impact of gleaned produce on dietary patterns and use of validated food security measures is warranted considering the volume of produce used fresh, preserved for later use, and given away by gleaning participants. PMID:12031205

  16. Security

    ERIC Educational Resources Information Center

    Technology & Learning, 2008

    2008-01-01

    Anytime, anywhere, learning provides opportunities to create digital learning environments for new teaching styles and personalized learning. As part of making sure the program is effective, the safety and security of students and assets are essential--and mandated by law. The Children's Internet Protection Act (CIPA) addresses Internet content…

  17. A resilient and secure software platform and architecture for distributed spacecraft

    NASA Astrophysics Data System (ADS)

    Otte, William R.; Dubey, Abhishek; Karsai, Gabor

    2014-06-01

    A distributed spacecraft is a cluster of independent satellite modules flying in formation that communicate via ad-hoc wireless networks. This system in space is a cloud platform that facilitates sharing sensors and other computing and communication resources across multiple applications, potentially developed and maintained by different organizations. Effectively, such architecture can realize the functions of monolithic satellites at a reduced cost and with improved adaptivity and robustness. Openness of these architectures pose special challenges because the distributed software platform has to support applications from different security domains and organizations, and where information flows have to be carefully managed and compartmentalized. If the platform is used as a robust shared resource its management, configuration, and resilience becomes a challenge in itself. We have designed and prototyped a distributed software platform for such architectures. The core element of the platform is a new operating system whose services were designed to restrict access to the network and the file system, and to enforce resource management constraints for all non-privileged processes Mixed-criticality applications operating at different security labels are deployed and controlled by a privileged management process that is also pre-configuring all information flows. This paper describes the design and objective of this layer.

  18. An evaluation of security measures implemented to address physical threats to water infrastructure in the state of Mississippi.

    PubMed

    Barrett, Jason R; French, P Edward

    2013-01-01

    The events of September 11, 2001, increased and intensified domestic preparedness efforts in the United States against terrorism and other threats. The heightened focus on protecting this nation's critical infrastructure included legislation requiring implementation of extensive new security measures to better defend water supply systems against physical, chemical/biological, and cyber attacks. In response, municipal officials have implemented numerous safeguards to reduce the vulnerability of these systems to purposeful intrusions including ongoing vulnerability assessments, extensive personnel training, and highly detailed emergency response and communication plans. This study evaluates fiscal year 2010 annual compliance assessments of public water systems with security measures that were implemented by Mississippi's Department of Health as a response to federal requirements to address these potential terrorist threats to water distribution systems. The results show that 20 percent of the water systems in this state had at least one security violation on their 2010 Capacity Development Assessment, and continued perseverance from local governments is needed to enhance the resiliency and robustness of these systems against physical threats. PMID:24187744

  19. ASSESS (Analytic System and Software for Evaluating Safeguards and Security) update: Current status and future developments

    SciTech Connect

    Al-Ayat, R.A. ); Cousins, T.D. ); Hoover, E.R. )

    1990-07-15

    The Analytic System and Software for Evaluating Safeguards and Security (ASSESS) has been released for use by DOE field offices and their contractors. In October, 1989, we offered a prototype workshop to selected representatives of the DOE community. Based on the prototype results, we held the first training workshop at the Central Training Academy in January, 1990. Four additional workshops are scheduled for FY 1990. ASSESS is a state-of-the-art analytical tool for management to conduct integrated evaluation of safeguards systems at facilities handling facilities. Currently, ASSESS focuses on the threat of theft/diversion of special nuclear material by insiders, outsiders, and a special form of insider/outsider collusion. ASSESS also includes a neutralization module. Development of the tool is continuing. Plans are underway to expand the capabilities of ASSESS to evaluate against violent insiders, to validate the databases, to expand the neutralization module, and to assist in demonstrating compliance with DOE Material Control and Accountability (MC A) Order 5633.3. These new capabilities include the ability to: compute a weighted average for performance capability against a spectrum of insider adversaries; conduct defense-in-depth analyses; and analyze against protracted theft scenarios. As they become available, these capabilities will be incorporated in our training program. ASSESS is being developed jointly by Lawrence Livermore and Sandia National Laboratories under the sponsorship of the Department of Energy (DOE) Office of Safeguards and Security.

  20. Creating a Clinical Video-Conferencing Facility in a Security-Constrained Environment Using Open-Source AccessGrid Software and Consumer Hardware

    PubMed Central

    Terrazas, Enrique; Hamill, Timothy R.; Wang, Ye; Channing Rodgers, R. P.

    2007-01-01

    The Department of Laboratory Medicine at the University of California, San Francisco (UCSF) has been split into widely separated facilities, leading to much time being spent traveling between facilities for meetings. We installed an open-source AccessGrid multi-media-conferencing system using (largely) consumer-grade equipment, connecting 6 sites at 5 separate facilities. The system was accepted rapidly and enthusiastically, and was inexpensive compared to alternative approaches. Security was addressed by aspects of the AG software and by local network administrative practices. The chief obstacles to deployment arose from security restrictions imposed by multiple independent network administration regimes, requiring a drastically reduced list of network ports employed by AG components. PMID:18693930

  1. Policy Framework for Addressing Personal Security Issues Concerning Women and Girls. National Strategy on Community Safety and Crime Prevention.

    ERIC Educational Resources Information Center

    National Crime Prevention Centre, Ottawa (Ontario).

    This document presents a policy framework for improving the personal security of women and girls. The document includes: (1) "Introduction"; (2) "Policy Background" (the concept of personal security, the societal context of women's personal security, consequences of violence for women and girls, long-term policy concern, and building an integrated…

  2. Security. Review Software for Advanced CHOICE. CHOICE (Challenging Options in Career Education).

    ERIC Educational Resources Information Center

    Pitts, Ilse M.; And Others

    CHOICE Security is an Apple computer game activity designed to help secondary migrant students memorize their social security numbers and reinforce job and role information presented in "Career Notes, First Applications." The learner may choose from four time options and whether to have the social security number visible on the screen or not. The…

  3. Addressing the Complexity of Mobile App Design in Hospital Setting with a Tailored Software Development Life Cycle Model.

    PubMed

    Ehrler, Frederic; Lovis, Christian; Blondon, Katherine

    2016-01-01

    Recent studies on workflow processes in hospital settings have shown that, since the introduction of EHRs, care-providers spend an increasing amount of their time on documentation rather than on bedside patient care. In order to improve the bedside work process and facilitate bedside documentation, we are developing an evidence-based mobile app for healthcare providers. In this paper, we present a tailored software development life cycle model that we created and validated during the design and development of this smartphone application. PMID:27577371

  4. Towards improving software security by using simulation to inform requirements and conceptual design

    DOE PAGESBeta

    Nutaro, James J.; Allgood, Glenn O.; Kuruganti, Teja

    2015-06-17

    We illustrate the use of modeling and simulation early in the system life-cycle to improve security and reduce costs. The models that we develop for this illustration are inspired by problems in reliability analysis and supervisory control, for which similar models are used to quantify failure probabilities and rates. In the context of security, we propose that models of this general type can be used to understand trades between risk and cost while writing system requirements and during conceptual design, and thereby significantly reduce the need for expensive security corrections after a system enters operation

  5. National Institute of Justice (NIJ): improving the effectiveness of law enforcement via homeland security technology improvements (Keynote Address)

    NASA Astrophysics Data System (ADS)

    Morgan, John S.

    2005-05-01

    Law enforcement agencies play a key role in protecting the nation from and responding to terrorist attacks. Preventing terrorism and promoting the nation"s security is the Department of Justice"s number one strategic priority. This is reflected in its technology development efforts, as well as its operational focus. The National Institute of Justice (NIJ) is the national focal point for the research, development, test and evaluation of technology for law enforcement. In addition to its responsibilities in supporting day-to-day criminal justice needs in areas such as less lethal weapons and forensic science, NIJ also provides critical support for counter-terrorism capacity improvements in state and local law enforcement in several areas. The most important of these areas are bomb response, concealed weapons detection, communications and information technology, which together offer the greatest potential benefit with respect to improving the ability to law enforcement agencies to respond to all types of crime including terrorist acts. NIJ coordinates its activities with several other key federal partners, including the Department of Homeland Security"s Science and Technology Directorate, the Technical Support Working Group, and the Department of Defense.

  6. School Security Solutions: Bringing Corporate Safety to Schools and Colleges with EasyLobbyTM Software.

    ERIC Educational Resources Information Center

    Pendzick, Richard E.; Downs, Robert L.

    2002-01-01

    Describes software for electronic visitor management (EVM) called EasyLobbyTM, currently in use in thousands of federal and corporate installations throughout the world and its application for school and campus environments. Explains EasyLobbyTM's use to replace visitor logs, capture and store visitor data electronically, and provide badges that…

  7. Sixth Warren K. Sinclair keynote address: The role of a strong regulator in safe and secure nuclear energy.

    PubMed

    Lyons, Peter B

    2011-01-01

    The history of nuclear regulation is briefly reviewed to underscore the early recognition that independence of the regulator was essential in achieving and maintaining public credibility. The current licensing process is reviewed along with the status of applications. Challenges faced by both the NRC and the industry are reviewed, such as new construction techniques involving modular construction, digital controls replacing analog circuitry, globalization of the entire supply chain, and increased security requirements. The vital area of safety culture is discussed in some detail, and its importance is emphasized. PMID:21399404

  8. Space Station Software Issues

    NASA Technical Reports Server (NTRS)

    Voigt, S. (Editor); Beskenis, S. (Editor)

    1985-01-01

    Issues in the development of software for the Space Station are discussed. Software acquisition and management, software development environment, standards, information system support for software developers, and a future software advisory board are addressed.

  9. An overview of ASSESS-analytic system and software for evaluating safeguards and security

    SciTech Connect

    Al-Ayat, R.A.; Cousins, T.C.; Matter, J.C.

    1989-06-26

    This paper provides an overview of ASSESS, a comprehensive approach for evaluating the effectiveness of facility safeguards against a spectrum of threats: insiders, outsiders, and hand-off collusion between insider and outsider adversaries. ASSESS version 1.0, completed in March 1989, contains significant new capabilities not present in the models currently used at DOE sites: ET and SAVI. The Insider module uses a reference database of defeat methods, strategies, and detection probabilities to determine the optimal theft scenario and Probability of Detection for each insider adversary type. The Outsider module calculates Probabilities of Interruption and identifies most vulnerable paths for a threat spectrum of: terrorists, criminals, psychotics, and extremists. A Neutralization module calculates the Probability of Neutralization of violent adversaries in a small force engagement for up to 30 combatants per side and 10 events. A Hand-off Collusion module calculates probabilities of System Win against hand-off of theft material by various insiders in collusion with outsiders. This paper describes the scope of, and the relationship between, each of the six modules--Manager, Facility, Insider, Outsider, Neutralization, and Hand-off Collusion-in the integrated ASSESS package developed jointly by Lawrence Livermore National Laboratory and Sandia National Laboratories for the US department of Energy's Office of Safeguards and Security. 11 refs., 9 figs.

  10. Toward improved software security training using a cyber warfare opposing force (CW OPFOR): the knowledge base design

    NASA Astrophysics Data System (ADS)

    Stytz, Martin R.; Banks, Sheila B.

    2005-03-01

    "Train the way you will fight" has been a guiding principle for military training and has served the warfighter well as evidenced by numerous successful operations over the last decade. This need for realistic training for all combatants has been recognized and proven by the warfighter and continues to guide military training. However, to date, this key training principle has not been applied fully in the arena of cyberwarfare due to the lack of realistic, cost effective, reasonable, and formidable cyberwarfare opponents. Recent technological advances, improvements in the capability of computer-generated forces (CGFs) to emulate human behavior, and current results in research in information assurance and software protection, coupled with increasing dependence upon information superiority, indicate that the cyberbattlespace will be a key aspect of future conflict and that it is time to address the cyberwarfare training shortfall. To address the need for a cyberwarfare training and defensive testing capability, we propose research and development to yield a prototype computerized, semi-autonomous (SAF) red team capability. We term this capability the Cyber Warfare Opposing Force (CW OPFOR). There are several technologies that are now mature enough to enable, for the first time, the development of this powerful, effective, high fidelity CW OPFOR. These include improved knowledge about cyberwarfare attack and defense, improved techniques for assembling CGFs, improved techniques for capturing and expressing knowledge, software technologies that permit effective rapid prototyping to be effectively used on large projects, and the capability for effective hybrid reasoning systems. Our development approach for the CW OPFOR lays out several phases in order to address these requirements in an orderly manner and to enable us to test the capabilities of the CW OPFOR and exploit them as they are developed. We have completed the first phase of the research project, which

  11. Key Considerations of Community, Scalability, Supportability, Security, and Functionality in Selecting Open-Source Software in California Universities as Perceived by Technology Leaders

    ERIC Educational Resources Information Center

    Britton, Todd Alan

    2014-01-01

    Purpose: The purpose of this study was to examine the key considerations of community, scalability, supportability, security, and functionality for selecting open-source software in California universities as perceived by technology leaders. Methods: After a review of the cogent literature, the key conceptual framework categories were identified…

  12. Final Report "CoDeveloper: A Secure Web-Invocable Collaborative Software Development Tool"

    SciTech Connect

    Svetlana Shasharina

    2005-11-27

    Modern scientific simulations generate large datasets at remote sites with appropriate resources (supercomputers and clusters). Bringing these large datasets to the computers of all members of a distributed team of collaborators is often impractical or even impossible: there might not be enough bandwidth, storage capacity or appropriate data analysis and visualization tools locally available. To address the need to access remote data, avoid heavy Internet traffic and unnecessary data replication, Tech-X Corporation developed a tool, which allows running remote data visualization collaboratively and sharing the visualization objects as they get generated. The size of these objects is typically much smaller than the size of the original data. For marketing reasons, we renamed the product CoReViz. The detailed information on this product can be found at http://www.txcorp.com/products/CoReViz/. We installed and tested this tool at multiple machines at Tech-X and on seaborg at NERSC. In what follows, we give a detailed description of this tool.

  13. Beyond engagement in working with children in eight Nairobi slums to address safety, security, and housing: Digital tools for policy and community dialogue.

    PubMed

    Mitchell, Claudia; Chege, Fatuma; Maina, Lucy; Rothman, Margot

    2016-01-01

    This article studies the ways in which researchers working in the area of health and social research and using participatory visual methods might extend the reach of participant-generated creations such as photos and drawings to engage community leaders and policy-makers. Framed as going 'beyond engagement', the article explores the idea of the production of researcher-led digital dialogue tools, focusing on one example, based on a series of visual arts-based workshops with children from eight slums in Nairobi addressing issues of safety, security, and well-being in relation to housing. The authors conclude that there is a need for researchers to embark upon the use of visual tools to expand the life and use of visual productions, and in particular to ensure meaningful participation of communities in social change. PMID:27132645

  14. Quality and security - They work together

    NASA Technical Reports Server (NTRS)

    Carr, Richard; Tynan, Marie; Davis, Russell

    1991-01-01

    This paper describes the importance of considering computer security as part of software quality assurance practice. The intended audience is primarily those professionals involved in the design, development, and quality assurance of software. Many issues are raised which point to the need ultimately for integration of quality assurance and computer security disciplines. To address some of the issues raised, the NASA Automated Information Security program is presented as a model which may be used for improving interactions between the quality assurance and computer security community of professionals.

  15. Addressing the impact of environmental uncertainty in plankton model calibration with a dedicated software system: the Marine Model Optimization Testbed (MarMOT)

    NASA Astrophysics Data System (ADS)

    Hemmings, J. C. P.; Challenor, P. G.

    2011-08-01

    A wide variety of different marine plankton system models have been coupled with ocean circulation models, with the aim of understanding and predicting aspects of environmental change. However, an ability to make reliable inferences about real-world processes from the model behaviour demands a quantitative understanding of model error that remains elusive. Assessment of coupled model output is inhibited by relatively limited observing system coverage of biogeochemical components. Any direct assessment of the plankton model is further inhibited by uncertainty in the physical state. Furthermore, comparative evaluation of plankton models on the basis of their design is inhibited by the sensitivity of their dynamics to many adjustable parameters. The Marine Model Optimization Testbed is a new software tool designed for rigorous analysis of plankton models in a multi-site 1-D framework, in particular to address uncertainty issues in model assessment. A flexible user interface ensures its suitability to more general inter-comparison, sensitivity and uncertainty analyses, including model comparison at the level of individual processes, and to state estimation for specific locations. The principal features of MarMOT are described and its application to model calibration is demonstrated by way of a set of twin experiments, in which synthetic observations are assimilated in an attempt to recover the true parameter values of a known system. The experimental aim is to investigate the effect of different misfit weighting schemes on parameter recovery in the presence of error in the plankton model's environmental input data. Simulated errors are derived from statistical characterizations of the mixed layer depth, the horizontal flux divergences of the biogeochemical tracers and the initial state. Plausible patterns of uncertainty in these data are shown to produce strong temporal and spatial variability in the expected simulation error over an annual cycle, indicating

  16. Addressing the impact of environmental uncertainty in plankton model calibration with a dedicated software system: the Marine Model Optimization Testbed (MarMOT 1.1 alpha)

    NASA Astrophysics Data System (ADS)

    Hemmings, J. C. P.; Challenor, P. G.

    2012-04-01

    A wide variety of different plankton system models have been coupled with ocean circulation models, with the aim of understanding and predicting aspects of environmental change. However, an ability to make reliable inferences about real-world processes from the model behaviour demands a quantitative understanding of model error that remains elusive. Assessment of coupled model output is inhibited by relatively limited observing system coverage of biogeochemical components. Any direct assessment of the plankton model is further inhibited by uncertainty in the physical state. Furthermore, comparative evaluation of plankton models on the basis of their design is inhibited by the sensitivity of their dynamics to many adjustable parameters. Parameter uncertainty has been widely addressed by calibrating models at data-rich ocean sites. However, relatively little attention has been given to quantifying uncertainty in the physical fields required by the plankton models at these sites, and tendencies in the biogeochemical properties due to the effects of horizontal processes are often neglected. Here we use model twin experiments, in which synthetic data are assimilated to estimate a system's known "true" parameters, to investigate the impact of error in a plankton model's environmental input data. The experiments are supported by a new software tool, the Marine Model Optimization Testbed, designed for rigorous analysis of plankton models in a multi-site 1-D framework. Simulated errors are derived from statistical characterizations of the mixed layer depth, the horizontal flux divergence tendencies of the biogeochemical tracers and the initial state. Plausible patterns of uncertainty in these data are shown to produce strong temporal and spatial variability in the expected simulation error variance over an annual cycle, indicating variation in the significance attributable to individual model-data differences. An inverse scheme using ensemble-based estimates of the

  17. How agro-ecological research helps to address food security issues under new IPM and pesticide reduction policies for global crop production systems.

    PubMed

    E Birch, A Nicholas; Begg, Graham S; Squire, Geoffrey R

    2011-06-01

    Drivers behind food security and crop protection issues are discussed in relation to food losses caused by pests. Pests globally consume food estimated to feed an additional one billion people. Key drivers include rapid human population increase, climate change, loss of beneficial on-farm biodiversity, reduction in per capita cropped land, water shortages, and EU pesticide withdrawals under policies relating to 91/414 EEC. IPM (Integrated Pest Management) will be compulsory for all EU agriculture by 2014 and is also being widely adopted globally. IPM offers a 'toolbox' of complementary crop- and region-specific crop protection solutions to address these rising pressures. IPM aims for more sustainable solutions by using complementary technologies. The applied research challenge now is to reduce selection pressure on single solution strategies, by creating additive/synergistic interactions between IPM components. IPM is compatible with organic, conventional, and GM cropping systems and is flexible, allowing regional fine-tuning. It reduces pests below economic thresholds utilizing key 'ecological services', particularly biocontrol. A recent global review demonstrates that IPM can reduce pesticide use and increase yields of most of the major crops studied. Landscape scale 'ecological engineering', together with genetic improvement of new crop varieties, will enhance the durability of pest-resistant cultivars (conventional and GM). IPM will also promote compatibility with semiochemicals, biopesticides, precision pest monitoring tools, and rapid diagnostics. These combined strategies are urgently needed and are best achieved via multi-disciplinary research, including complex spatio-temporal modelling at farm and landscape scales. Integrative and synergistic use of existing and new IPM technologies will help meet future food production needs more sustainably in developed and developing countries, in an era of reduced pesticide availability. Current IPM research gaps are

  18. A Single Case Design Evaluation of a Software and Tutor Intervention Addressing Emotion Recognition and Social Interaction in Four Boys with ASD

    ERIC Educational Resources Information Center

    Lacava, Paul G.; Rankin, Ana; Mahlios, Emily; Cook, Katie; Simpson, Richard L.

    2010-01-01

    Many students with Autism Spectrum Disorders (ASD) have delays learning to recognize emotions. Social behavior is also challenging, including initiating interactions, responding to others, developing peer relationships, and so forth. In this single case design study we investigated the relationship between use of computer software ("Mind Reading:…

  19. Idaho National Laboratory/Nuclear Power Industry Strategic Plan for Light Water Reactor Research and Development An Industry-Government Partnership to Address Climate Change and Energy Security

    SciTech Connect

    Electric Power Research

    2007-11-01

    The dual issues of energy security and climate change mitigation are driving a renewed debate over how to best provide safe, secure, reliable and environmentally responsible electricity to our nation. The combination of growing energy demand and aging electricity generation infrastructure suggests major new capacity additions will be required in the years ahead.

  20. Strengthening Software Authentication with the ROSE Software Suite

    SciTech Connect

    White, G

    2006-06-15

    Many recent nonproliferation and arms control software projects include a software authentication regime. These include U.S. Government-sponsored projects both in the United States and in the Russian Federation (RF). This trend toward requiring software authentication is only accelerating. Demonstrating assurance that software performs as expected without hidden ''backdoors'' is crucial to a project's success. In this context, ''authentication'' is defined as determining that a software package performs only its intended purpose and performs said purpose correctly and reliably over the planned duration of an agreement. In addition to visual inspections by knowledgeable computer scientists, automated tools are needed to highlight suspicious code constructs, both to aid visual inspection and to guide program development. While many commercial tools are available for portions of the authentication task, they are proprietary and not extensible. An open-source, extensible tool can be customized to the unique needs of each project (projects can have both common and custom rules to detect flaws and security holes). Any such extensible tool has to be based on a complete language compiler. ROSE is precisely such a compiler infrastructure developed within the Department of Energy (DOE) and targeted at the optimization of scientific applications and user-defined libraries within large-scale applications (typically applications of a million lines of code). ROSE is a robust, source-to-source analysis and optimization infrastructure currently addressing large, million-line DOE applications in C and C++ (handling the full C, C99, C++ languages and with current collaborations to support Fortran90). We propose to extend ROSE to address a number of security-specific requirements, and apply it to software authentication for nonproliferation and arms control projects.

  1. Design and development of a prototypical software for semi-automatic generation of test methodologies and security checklists for IT vulnerability assessment in small- and medium-sized enterprises (SME)

    NASA Astrophysics Data System (ADS)

    Möller, Thomas; Bellin, Knut; Creutzburg, Reiner

    2015-03-01

    The aim of this paper is to show the recent progress in the design and prototypical development of a software suite Copra Breeder* for semi-automatic generation of test methodologies and security checklists for IT vulnerability assessment in small and medium-sized enterprises.

  2. Computer Security Systems Enable Access.

    ERIC Educational Resources Information Center

    Riggen, Gary

    1989-01-01

    A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

  3. Software Patents.

    ERIC Educational Resources Information Center

    Burke, Edmund B.

    1994-01-01

    Outlines basic patent law information that pertains to computer software programs. Topics addressed include protection in other countries; how to obtain patents; kinds of patents; duration; classes of patentable subject matter, including machines and processes; patentability searches; experimental use prior to obtaining a patent; and patent…

  4. Hybrid architecture for building secure sensor networks

    NASA Astrophysics Data System (ADS)

    Owens, Ken R., Jr.; Watkins, Steve E.

    2012-04-01

    Sensor networks have various communication and security architectural concerns. Three approaches are defined to address these concerns for sensor networks. The first area is the utilization of new computing architectures that leverage embedded virtualization software on the sensor. Deploying a small, embedded virtualization operating system on the sensor nodes that is designed to communicate to low-cost cloud computing infrastructure in the network is the foundation to delivering low-cost, secure sensor networks. The second area focuses on securing the sensor. Sensor security components include developing an identification scheme, and leveraging authentication algorithms and protocols that address security assurance within the physical, communication network, and application layers. This function will primarily be accomplished through encrypting the communication channel and integrating sensor network firewall and intrusion detection/prevention components to the sensor network architecture. Hence, sensor networks will be able to maintain high levels of security. The third area addresses the real-time and high priority nature of the data that sensor networks collect. This function requires that a quality-of-service (QoS) definition and algorithm be developed for delivering the right data at the right time. A hybrid architecture is proposed that combines software and hardware features to handle network traffic with diverse QoS requirements.

  5. Addressing healthcare.

    PubMed

    Daly, Rich

    2013-02-11

    Though President Barack Obama has rarely made healthcare references in his State of the Union addresses, health policy experts are hoping he changes that strategy this year. "The question is: Will he say anything? You would hope that he would, given that that was the major issue he started his presidency with," says Dr. James Weinstein, left, of the Dartmouth-Hitchcock health system. PMID:23487896

  6. Lemnos Interoperable Security Program

    SciTech Connect

    Stewart, John; Halbgewachs, Ron; Chavez, Adrian; Smith, Rhett; Teumim, David

    2012-01-31

    The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relating to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or tunnels , to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock

  7. Antiterrorist Software

    NASA Technical Reports Server (NTRS)

    Clark, David A.

    1998-01-01

    In light of the escalation of terrorism, the Department of Defense spearheaded the development of new antiterrorist software for all Government agencies by issuing a Broad Agency Announcement to solicit proposals. This Government-wide competition resulted in a team that includes NASA Lewis Research Center's Computer Services Division, who will develop the graphical user interface (GUI) and test it in their usability lab. The team launched a program entitled Joint Sphere of Security (JSOS), crafted a design architecture (see the following figure), and is testing the interface. This software system has a state-ofthe- art, object-oriented architecture, with a main kernel composed of the Dynamic Information Architecture System (DIAS) developed by Argonne National Laboratory. DIAS will be used as the software "breadboard" for assembling the components of explosions, such as blast and collapse simulations.

  8. Opening Address

    NASA Astrophysics Data System (ADS)

    Abalakin, V. K.

    1997-03-01

    Dear Colleagues, It is a great pleasure and honor for me to invite you on the occasion of the IAU Colloquium International Cooperation in Dissemination of the Astronomical Data to the Central (Pulkovo) Astronomical Observatory of the Russian Academy of Sciences. This distinguished gathering of experts in the vast field of modern methods for archiving and managing almost infinite astronomical data files of everlasting value will doubtlessly make a considerable and important contribution to success in the present and future research in astronomy. All of us are witnesses of a great technological, even psychological upturn that occurs in the everyday astronomical practice. The small but the most powerful handy devices known as desktop, laptop, or even palm-top PCs, have rendered a tedious calculating work and stressing search in the card-file or book-form catalogs to a pure pleasure and raised an admiration for those brilliant minds that have invented such a kind of hard- and software. The networks of all kinds and sorts -- Internet, Bitnet, World Wide Web, etc. -- have realized ancient dreams of a Man to fly with thought all over the world communicating with other human beings. But ... don't forget that the most real and valuable communication is the live one, when one can see the face and the eyes of his (or her) partner, listen to his voice as large as life, and the only opportunity for this is to stay together. And this just occurs at the colloquium like ours! So, let me heartily welcome you to the Pulkovo Observatory.

  9. Inaugural address

    NASA Astrophysics Data System (ADS)

    Joshi, P. S.

    2014-03-01

    From jets to cosmos to cosmic censorship P S Joshi Tata Institute of Fundamental Research, Homi Bhabha Road, Colaba, Mumbai 400005, India E-mail: psj@tifr.res.in 1. Introduction At the outset, I should like to acknowledge that part of the title above, which tries to capture the main flavour of this meeting, and has been borrowed from one of the plenary talks at the conference. When we set out to make the programme for the conference, we thought of beginning with observations on the Universe, but then we certainly wanted to go further and address deeper questions, which were at the very foundations of our inquiry, and understanding on the nature and structure of the Universe. I believe, we succeeded to a good extent, and it is all here for you in the form of these Conference Proceedings, which have been aptly titled as 'Vishwa Mimansa', which could be possibly translated as 'Analysis of the Universe'! It is my great pleasure and privilege to welcome you all to the ICGC-2011 meeting at Goa. The International Conference on Gravitation and Cosmology (ICGC) series of meetings are being organized by the Indian Association for General Relativity and Gravitation (IAGRG), and the first such meeting was planned and conducted in Goa in 1987, with subsequent meetings taking place at a duration of about four years at various locations in India. So, it was thought appropriate to return to Goa to celebrate the 25 years of the ICGC meetings. The recollections from that first meeting have been recorded elsewhere here in these Proceedings. The research and teaching on gravitation and cosmology was initiated quite early in India, by V V Narlikar at the Banares Hindu University, and by N R Sen in Kolkata in the 1930s. In course of time, this activity grew and gained momentum, and in early 1969, at the felicitation held for the 60 years of V V Narlikar at a conference in Ahmedabad, P C Vaidya proposed the formation of the IAGRG society, with V V Narlikar being the first President. This

  10. Opening addresses.

    PubMed

    Chukudebelu, W O; Lucas, A O; Ransome-kuti, O; Akinla, O; Obayi, G U

    1988-01-01

    The theme of the 3rd International Conference of the Society of Gynecology and Obstetrics of Nigeria (SOGON) held October 26, 1986 in Enugu was maternal morbidity and mortality in Africa. The opening addresses emphasize the high maternal mortality rate in Africa and SOGON's dedication to promoting women's health and welfare. In order to reduce maternal mortality, the scope of this problem must be made evident by gathering accurate mortality rates through maternity care monitoring and auditing. Governments, health professionals, educators, behavioral scientists, and communication specialists have a responsibility to improve maternal health services in this country. By making the population aware of this problem through education, measures can be taken to reduce the presently high maternal mortality rates. Nigerian women are physically unprepared for childbirth; therefore, balanced diets and disease prevention should be promoted. Since about 40% of deliveries are unmanaged, training for traditional birth attendants should be provided. Furthermore, family planning programs should discourage teenage pregnancies, encourage birth spacing and small families, and promote the use of family planning techniques among men. The problem of child bearing and rearing accompanied by hard work should also be investigated. For practices to change so that maternal mortality rates can be reduced, attitudes must be changed such that the current rates are viewed as unacceptable. PMID:12179275

  11. Software Configuration Management Guidebook

    NASA Technical Reports Server (NTRS)

    1995-01-01

    The growth in cost and importance of software to NASA has caused NASA to address the improvement of software development across the agency. One of the products of this program is a series of guidebooks that define a NASA concept of the assurance processes which are used in software development. The Software Assurance Guidebook, SMAP-GB-A201, issued in September, 1989, provides an overall picture of the concepts and practices of NASA in software assurance. Lower level guidebooks focus on specific activities that fall within the software assurance discipline, and provide more detailed information for the manager and/or practitioner. This is the Software Configuration Management Guidebook which describes software configuration management in a way that is compatible with practices in industry and at NASA Centers. Software configuration management is a key software development process, and is essential for doing software assurance.

  12. Opening Address

    NASA Astrophysics Data System (ADS)

    Yamada, T.

    2014-12-01

    Ladies and Gentlemen, it is my great honor and pleasure to present an opening address of the 3rd International Workshop on "State of the Art in Nuclear Cluster Physics"(SOTANCP3). On the behalf of the organizing committee, I certainly welcome all your visits to KGU Kannai Media Center belonging to Kanto Gakuin University, and stay in Yokohama. In particular, to whom come from abroad more than 17 countries, I would appreciate your participations after long long trips from your homeland to Yokohama. The first international workshop on "State of the Art in Nuclear Cluster Physics", called SOTANCP, was held in Strasbourg, France, in 2008, and the second one was held in Brussels, Belgium, in 2010. Then the third workshop is now held in Yokohama. In this period, we had the traditional 10th cluster conference in Debrecen, Hungary, in 2012. Thus we have the traditional cluster conference and SOTANCP, one after another, every two years. This obviously shows our field of nuclear cluster physics is very active and flourishing. It is for the first time in about 10 years to hold the international workshop on nuclear cluster physics in Japan, because the last cluster conference held in Japan was in Nara in 2003, about 10 years ago. The president in Nara conference was Prof. K. Ikeda, and the chairpersons were Prof. H. Horiuchi and Prof. I. Tanihata. I think, quite a lot of persons in this room had participated at the Nara conference. Since then, about ten years passed. So, this workshop has profound significance for our Japanese colleagues. The subjects of this workshop are to discuss "the state of the art in nuclear cluster physics" and also discuss the prospect of this field. In a couple of years, we saw significant progresses of this field both in theory and in experiment, which have brought better and new understandings on the clustering aspects in stable and unstable nuclei. I think, the concept of clustering has been more important than ever. This is true also in the

  13. Presidential address.

    PubMed

    Vohra, U

    1993-07-01

    The Secretary of India's Ministry of Health and Family Welfare serves as Chair of the Executive Council of the International Institute for Population Sciences in Bombay. She addressed its 35th convocation in 1993. Global population stands at 5.43 billion and increases by about 90 million people each year. 84 million of these new people are born in developing countries. India contributes 17 million new people annually. The annual population growth rate in India is about 2%. Its population size will probably surpass 1 billion by the 2000. High population growth rates are a leading obstacle to socioeconomic development in developing countries. Governments of many developing countries recognize this problem and have expanded their family planning programs to stabilize population growth. Asian countries that have done so and have completed the fertility transition include China, Japan, Singapore, South Korea, and Thailand. Burma, Malaysia, North Korea, Sri Lanka, and Vietnam have not yet completed the transition. Afghanistan, Bangladesh, Iran, Nepal, and Pakistan are half-way through the transition. High population growth rates put pressure on land by fragmenting finite land resources, increasing the number of landless laborers and unemployment, and by causing considerable rural-urban migration. All these factors bring about social stress and burden civic services. India has reduced its total fertility rate from 5.2 to 3.9 between 1971 and 1991. Some Indian states have already achieved replacement fertility. Considerable disparity in socioeconomic development exists among states and districts. For example, the states of Bihar, Madhya Pradesh, Rajasthan, and Uttar Pradesh have female literacy rates lower than 27%, while that for Kerala is 87%. Overall, infant mortality has fallen from 110 to 80 between 1981 and 1990. In Uttar Pradesh, it has fallen from 150 to 98, while it is at 17 in Kerala. India needs innovative approaches to increase contraceptive prevalence rates

  14. Computer security engineering management

    SciTech Connect

    McDonald, G.W.

    1988-01-01

    For best results, computer security should be engineered into a system during its development rather than being appended later on. This paper addresses the implementation of computer security in eight stages through the life cycle of the system; starting with the definition of security policies and ending with continuing support for the security aspects of the system throughout its operational life cycle. Security policy is addressed relative to successive decomposition of security objectives (through policy, standard, and control stages) into system security requirements. This is followed by a discussion of computer security organization and responsibilities. Next the paper directs itself to analysis and management of security-related risks, followed by discussion of design and development of the system itself. Discussion of security test and evaluation preparations, and approval to operate (certification and accreditation), is followed by discussion of computer security training for users is followed by coverage of life cycle support for the security of the system.

  15. Welcome Address

    NASA Astrophysics Data System (ADS)

    Kiku, H.

    2014-12-01

    Ladies and Gentlemen, It is an honor for me to present my welcome address in the 3rd International Workshop on "State of the Art in Nuclear Cluster Physics"(SOTANCP3), as the president of Kanto Gakuin University. Particularly to those from abroad more than 17 countries, I am very grateful for your participation after long long trips from your home to Yokohama. On the behalf of the Kanto Gakuin University, we certainly welcome your visit to our university and stay in Yokohama. First I would like to introduce Kanto Gakuin University briefly. Kanto Gakuin University, which is called KGU, traces its roots back to the Yokohama Baptist Seminary founded in 1884 in Yamate, Yokohama. The seminary's founder was Albert Arnold Bennett, alumnus of Brown University, who came to Japan from the United States to establish a theological seminary for cultivating and training Japanese missionaries. Now KGU is a major member of the Kanto Gakuin School Corporation, which is composed of two kindergartens, two primary schools, two junior high schools, two senior high schools as well as KGU. In this university, we have eight faculties with graduate school including Humanities, Economics, Law, Sciences and Engineering, Architecture and Environmental Design, Human and Environmental Studies, Nursing, and Law School. Over eleven thousands students are currently learning in our university. By the way, my major is the geotechnical engineering, and I belong to the faculty of Sciences and Engineering in my university. Prof. T. Yamada, here, is my colleague in the same faculty. I know that the nuclear physics is one of the most active academic fields in the world. In fact, about half of the participants, namely, more than 50 scientists, come from abroad in this conference. Moreover, I know that the nuclear physics is related to not only the other fundamental physics such as the elementary particle physics and astrophysics but also chemistry, medical sciences, medical cares, and radiation metrology

  16. Formal Validation of Aerospace Software

    NASA Astrophysics Data System (ADS)

    Lesens, David; Moy, Yannick; Kanig, Johannes

    2013-08-01

    Any single error in critical software can have catastrophic consequences. Even though failures are usually not advertised, some software bugs have become famous, such as the error in the MIM-104 Patriot. For space systems, experience shows that software errors are a serious concern: more than half of all satellite failures from 2000 to 2003 involved software. To address this concern, this paper addresses the use of formal verification of software developed in Ada.

  17. Incidents of Security Concern

    SciTech Connect

    Atencio, Julian J.

    2014-05-01

    This presentation addresses incidents of security concern and an incident program for addressing them. It addresses the phases of an inquiry, and it divides incidents into categories based on severity and interest types based on whether security, management, or procedural interests are involved. A few scenarios are then analyzed according to these breakdowns.

  18. Software assurance standard

    NASA Technical Reports Server (NTRS)

    1992-01-01

    This standard specifies the software assurance program for the provider of software. It also delineates the assurance activities for the provider and the assurance data that are to be furnished by the provider to the acquirer. In any software development effort, the provider is the entity or individual that actually designs, develops, and implements the software product, while the acquirer is the entity or individual who specifies the requirements and accepts the resulting products. This standard specifies at a high level an overall software assurance program for software developed for and by NASA. Assurance includes the disciplines of quality assurance, quality engineering, verification and validation, nonconformance reporting and corrective action, safety assurance, and security assurance. The application of these disciplines during a software development life cycle is called software assurance. Subsequent lower-level standards will specify the specific processes within these disciplines.

  19. Space Station Software Recommendations

    NASA Technical Reports Server (NTRS)

    Voigt, S. (Editor)

    1985-01-01

    Four panels of invited experts and NASA representatives focused on the following topics: software management, software development environment, languages, and software standards. Each panel deliberated in private, held two open sessions with audience participation, and developed recommendations for the NASA Space Station Program. The major thrusts of the recommendations were as follows: (1) The software management plan should establish policies, responsibilities, and decision points for software acquisition; (2) NASA should furnish a uniform modular software support environment and require its use for all space station software acquired (or developed); (3) The language Ada should be selected for space station software, and NASA should begin to address issues related to the effective use of Ada; and (4) The space station software standards should be selected (based upon existing standards where possible), and an organization should be identified to promulgate and enforce them. These and related recommendations are described in detail in the conference proceedings.

  20. Software reengineering

    NASA Technical Reports Server (NTRS)

    Fridge, Ernest M., III

    1991-01-01

    Programs in use today generally have all of the function and information processing capabilities required to do their specified job. However, older programs usually use obsolete technology, are not integrated properly with other programs, and are difficult to maintain. Reengineering is becoming a prominent discipline as organizations try to move their systems to more modern and maintainable technologies. The Johnson Space Center (JSC) Software Technology Branch (STB) is researching and developing a system to support reengineering older FORTRAN programs into more maintainable forms that can also be more readily translated to a modern languages such as FORTRAN 8x, Ada, or C. This activity has led to the development of maintenance strategies for design recovery and reengineering. These strategies include a set of standards, methodologies, and the concepts for a software environment to support design recovery and reengineering. A brief description of the problem being addressed and the approach that is being taken by the STB toward providing an economic solution to the problem is provided. A statement of the maintenance problems, the benefits and drawbacks of three alternative solutions, and a brief history of the STB experience in software reengineering are followed by the STB new FORTRAN standards, methodology, and the concepts for a software environment.

  1. Global Software Development with Cloud Platforms

    NASA Astrophysics Data System (ADS)

    Yara, Pavan; Ramachandran, Ramaseshan; Balasubramanian, Gayathri; Muthuswamy, Karthik; Chandrasekar, Divya

    Offshore and outsourced distributed software development models and processes are facing challenges, previously unknown, with respect to computing capacity, bandwidth, storage, security, complexity, reliability, and business uncertainty. Clouds promise to address these challenges by adopting recent advances in virtualization, parallel and distributed systems, utility computing, and software services. In this paper, we envision a cloud-based platform that addresses some of these core problems. We outline a generic cloud architecture, its design and our first implementation results for three cloud forms - a compute cloud, a storage cloud and a cloud-based software service- in the context of global distributed software development (GSD). Our ”compute cloud” provides computational services such as continuous code integration and a compile server farm, ”storage cloud” offers storage (block or file-based) services with an on-line virtual storage service, whereas the on-line virtual labs represent a useful cloud service. We note some of the use cases for clouds in GSD, the lessons learned with our prototypes and identify challenges that must be conquered before realizing the full business benefits. We believe that in the future, software practitioners will focus more on these cloud computing platforms and see clouds as a means to supporting a ecosystem of clients, developers and other key stakeholders.

  2. Software Surrogate

    NASA Technical Reports Server (NTRS)

    1999-01-01

    In 1994, Blackboard Technology received a NASA Phase I SBIR award entitled "A Blackboard-Based Framework for Mixed-Initiative, Crewed- Space-System Applications." This research continued in Phase II at JSC, where a generic architecture was developed in which a software surrogate serves as the operator's representative in the fast-paced realm of nearly autonomous, intelligent systems. This SBIR research effort addressed the need to support human-operator monitoring and intervention with intelligent systems such as those being developed for NASA's crewed space program.

  3. Computer Software.

    ERIC Educational Resources Information Center

    Kay, Alan

    1984-01-01

    Discusses the nature and development of computer software. Programing, programing languages, types of software (including dynamic spreadsheets), and software of the future are among the topics considered. (JN)

  4. Predicting software reliability

    NASA Technical Reports Server (NTRS)

    Littlewood, B.

    1989-01-01

    A detailed look is given to software reliability techniques. A conceptual model of the failure process is examined, and some software reliability growth models are discussed. Problems for which no current solutions exist are addressed, emphasizing the very difficult problem of safety-critical systems for which the reliability requirements can be enormously demanding.

  5. Visual analysis of code security

    SciTech Connect

    Goodall, John R; Radwan, Hassan; Halseth, Lenny

    2010-01-01

    To help increase the confidence that software is secure, researchers and vendors have developed different kinds of automated software security analysis tools. These tools analyze software for weaknesses and vulnerabilities, but the individual tools catch different vulnerabilities and produce voluminous data with many false positives. This paper describes a system that brings together the results of disparate software analysis tools into a visual environment to support the triage and exploration of code vulnerabilities. Our system allows software developers to explore vulnerability results to uncover hidden trends, triage the most important code weaknesses, and show who is responsible for introducing software vulnerabilities. By correlating and normalizing multiple software analysis tools' data, the overall vulnerability detection coverage of software is increased. A visual overview and powerful interaction allows the user to focus attention on the most pressing vulnerabilities within huge volumes of data, and streamlines the secure software development workflow through integration with development tools.

  6. Collected software engineering papers, volume 2

    NASA Technical Reports Server (NTRS)

    1983-01-01

    Topics addressed include: summaries of the software engineering laboratory (SEL) organization, operation, and research activities; results of specific research projects in the areas of resource models and software measures; and strategies for data collection for software engineering research.

  7. Addressing the workforce pipeline challenge

    SciTech Connect

    Leonard Bond; Kevin Kostelnik; Richard Holman

    2006-11-01

    A secure and affordable energy supply is essential for achieving U.S. national security, in continuing U.S. prosperity and in laying the foundations to enable future economic growth. To meet this goal the next generation energy workforce in the U.S., in particular those needed to support instrumentation, controls and advanced operations and maintenance, is a critical element. The workforce is aging and a new workforce pipeline, to support both current generation and new build has yet to be established. The paper reviews the challenges and some actions being taken to address this need.

  8. Proactive Security Testing and Fuzzing

    NASA Astrophysics Data System (ADS)

    Takanen, Ari

    Software is bound to have security critical flaws, and no testing or code auditing can ensure that software is flaw-less. But software security testing requirements have improved radically during the past years, largely due to criticism from security conscious consumers and Enterprise customers. Whereas in the past, security flaws were taken for granted (and patches were quietly and humbly installed), they now are probably one of the most common reasons why people switch vendors or software providers. The maintenance costs from security updates often add to become one of the biggest cost items to large Enterprise users. Fortunately test automation techniques have also improved. Techniques like model-based testing (MBT) enable efficient generation of security tests that reach good confidence levels in discovering zero-day mistakes in software. This technique is called fuzzing.

  9. Applications for cyber security - System and application monitoring

    SciTech Connect

    Marron, J. E.

    2006-07-01

    Standard network security measures are adequate for defense against external attacks. However, many experts agree that the greater threat is from internal sources. Insiders with malicious intentions can change controller instructions, change alarm thresholds, and issue commands to equipment which can damage equipment and compromise control system integrity. In addition to strict physical security the state of the system must be continually monitored. System and application monitoring goes beyond the capabilities of network security appliances. It will include active processes, operating system services, files, network adapters and IP addresses. The generation of alarms is a crucial feature of system and application monitoring. The alarms should be integrated to avoid the burden on operators of checking multiple locations for security violations. Tools for system and application monitoring include commercial software, free software, and ad-hoc tools that can be easily created. System and application monitoring is part of a 'defense-in-depth' approach to a control network security plan. Layered security measures prevent an individual security measure failure from being exploited into a successful security breach. Alarming of individual failures is essential for rapid isolation and correction of single failures. System and application monitoring is the innermost layer of this defense strategy. (authors)

  10. Social Security and Undergraduates with Disabilities: An Analysis of the National Postsecondary Student Aid Survey. Addressing Trends in Development in Secondary Education and Transition. Information Brief. Vol. 3, Issue 4.

    ERIC Educational Resources Information Center

    Berry, Hugh; Conway, Megan A.; Change, Kelly B.T.

    2004-01-01

    The purpose of this brief is to describe the characteristics of undergraduate students receiving Social Security Disability Insurance (SSDI) and Social Security Administration (SSI) benefits as they relate to issues of participation in postsecondary education and employment. This brief describes results from the National Postsecondary Student Aid…

  11. Healthcare Software Assurance

    PubMed Central

    Cooper, Jason G.; Pauley, Keith A.

    2006-01-01

    Software assurance is a rigorous, lifecycle phase-independent set of activities which ensure completeness, safety, and reliability of software processes and products. This is accomplished by guaranteeing conformance to all requirements, standards, procedures, and regulations. These assurance processes are even more important when coupled with healthcare software systems, embedded software in medical instrumentation, and other healthcare-oriented life-critical systems. The current Food and Drug Administration (FDA) regulatory requirements and guidance documentation do not address certain aspects of complete software assurance activities. In addition, the FDA’s software oversight processes require enhancement to include increasingly complex healthcare systems such as Hospital Information Systems (HIS). The importance of complete software assurance is introduced, current regulatory requirements and guidance discussed, and the necessity for enhancements to the current processes shall be highlighted. PMID:17238324

  12. Healthcare software assurance.

    PubMed

    Cooper, Jason G; Pauley, Keith A

    2006-01-01

    Software assurance is a rigorous, lifecycle phase-independent set of activities which ensure completeness, safety, and reliability of software processes and products. This is accomplished by guaranteeing conformance to all requirements, standards, procedures, and regulations. These assurance processes are even more important when coupled with healthcare software systems, embedded software in medical instrumentation, and other healthcare-oriented life-critical systems. The current Food and Drug Administration (FDA) regulatory requirements and guidance documentation do not address certain aspects of complete software assurance activities. In addition, the FDA's software oversight processes require enhancement to include increasingly complex healthcare systems such as Hospital Information Systems (HIS). The importance of complete software assurance is introduced, current regulatory requirements and guidance discussed, and the necessity for enhancements to the current processes shall be highlighted. PMID:17238324

  13. Security model for picture archiving and communication systems.

    PubMed

    Harding, D B; Gac, R J; Reynolds, C T; Romlein, J; Chacko, A K

    2000-05-01

    The modern information revolution has facilitated a metamorphosis of health care delivery wrought with the challenges of securing patient sensitive data. To accommodate this reality, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). While final guidance has not fully been resolved at this time, it is up to the health care community to develop and implement comprehensive security strategies founded on procedural, hardware and software solutions in preparation for future controls. The Virtual Radiology Environment (VRE) Project, a landmark US Army picture archiving and communications system (PACS) implemented across 10 geographically dispersed medical facilities, has addressed that challenge by planning for the secure transmission of medical images and reports over their local (LAN) and wide area network (WAN) infrastructure. Their model, which is transferable to general PACS implementations, encompasses a strategy of application risk and dataflow identification, data auditing, security policy definition, and procedural controls. When combined with hardware and software solutions that are both non-performance limiting and scalable, the comprehensive approach will not only sufficiently address the current security requirements, but also accommodate the natural evolution of the enterprise security model. PMID:10847401

  14. Privacy and security of patient data in the pathology laboratory

    PubMed Central

    Cucoranu, Ioan C.; Parwani, Anil V.; West, Andrew J.; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B.; Balis, Ulysses J.; Tuthill, Mark J.; Pantanowitz, Liron

    2013-01-01

    Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States. PMID:23599904

  15. Privacy and security of patient data in the pathology laboratory.

    PubMed

    Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

    2013-01-01

    Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States. PMID:23599904

  16. Addressing failures in exascale computing

    SciTech Connect

    Snir, Marc; Wisniewski, Robert W.; Abraham, Jacob A.; Adve, Sarita; Bagchi, Saurabh; Balaji, Pavan; Belak, Jim; Bose, Pradip; Cappello, Franck; Carlson, William; Chien, Andrew A.; Coteus, Paul; Debardeleben, Nathan A.; Diniz, Pedro; Engelmann, Christian; Erez, Mattan; Saverio, Fazzari; Geist, Al; Gupta, Rinku; Johnson, Fred; Krishnamoorthy, Sriram; Leyffer, Sven; Liberty, Dean; Mitra, Subhasish; Munson, Todd; Schreiber, Robert; Stearly, Jon; Van Hensbergen, Eric

    2014-05-01

    We present here a report produced by a workshop on “Addressing Failures in Exascale Computing” held in Park City, Utah, August 4–11, 2012. The charter of this workshop was to establish a common taxonomy about resilience across all the levels in a computing system; discuss existing knowledge on resilience across the various hardware and software layers of an exascale system; and build on those results, examining potential solutions from both a hardware and software perspective and focusing on a combined approach. The workshop brought together participants with expertise in applications, system software, and hardware; they came from industry, government, and academia; and their interests ranged from theory to implementation. The combination allowed broad and comprehensive discussions and led to this document, which summarizes and builds on those discussions.

  17. Addressing Failures in Exascale Computing

    SciTech Connect

    Snir, Marc; Wisniewski, Robert; Abraham, Jacob; Adve, Sarita; Bagchi, Saurabh; Balaji, Pavan; Belak, J.; Bose, Pradip; Cappello, Franck; Carlson, Bill; Chien, Andrew; Coteus, Paul; DeBardeleben, Nathan; Diniz, Pedro; Engelmann, Christian; Erez, Mattan; Fazzari, Saverio; Geist, Al; Gupta, Rinku; Johnson, Fred; Krishnamoorthy, Sriram; Leyffer, Sven; Liberty, Dean; Mitra, Subhasish; Munson, Todd; Schreiber, Rob; Stearley, Jon; Van Hensbergen, Eric

    2014-01-01

    We present here a report produced by a workshop on Addressing failures in exascale computing' held in Park City, Utah, 4-11 August 2012. The charter of this workshop was to establish a common taxonomy about resilience across all the levels in a computing system, discuss existing knowledge on resilience across the various hardware and software layers of an exascale system, and build on those results, examining potential solutions from both a hardware and software perspective and focusing on a combined approach. The workshop brought together participants with expertise in applications, system software, and hardware; they came from industry, government, and academia, and their interests ranged from theory to implementation. The combination allowed broad and comprehensive discussions and led to this document, which summarizes and builds on those discussions.

  18. Secure portal.

    SciTech Connect

    Nelson, Cynthia Lee

    2007-09-01

    There is a need in security systems to rapidly and accurately grant access of authorized personnel to a secure facility while denying access to unauthorized personnel. In many cases this role is filled by security personnel, which can be very costly. Systems that can perform this role autonomously without sacrificing accuracy or speed of throughput are very appealing. To address the issue of autonomous facility access through the use of technology, the idea of a ''secure portal'' is introduced. A secure portal is a defined zone where state-of-the-art technology can be implemented to grant secure area access or to allow special privileges for an individual. Biometric technologies are of interest because they are generally more difficult to defeat than technologies such as badge swipe and keypad entry. The biometric technologies selected for this concept were facial and gait recognition. They were chosen since they require less user cooperation than other biometrics such as fingerprint, iris, and hand geometry and because they have the most potential for flexibility in deployment. The secure portal concept could be implemented within the boundaries of an entry area to a facility. As a person is approaching a badge and/or PIN portal, face and gait information can be gathered and processed. The biometric information could be fused for verification against the information that is gathered from the badge. This paper discusses a facial recognition technology that was developed for the purposes of providing high verification probabilities with low false alarm rates, which would be required of an autonomous entry control system. In particular, a 3-D facial recognition approach using Fisher Linear Discriminant Analysis is described. Gait recognition technology, based on Hidden Markov Models has been explored, but those results are not included in this paper. Fusion approaches for combining the results of the biometrics would be the next step in realizing the secure portal

  19. Water Security Toolkit

    2012-09-11

    The Water Security Toolkit (WST) provides software for modeling and analyzing water distribution systems to minimize the potential impact of contamination incidents. WST wraps capabilities for contaminant transport, impact assessment, and sensor network design with response action plans, including source identification, rerouting, and decontamination, to provide a range of water security planning and real-time applications.

  20. The architecture of a reliable software monitoring system for embedded software systems

    SciTech Connect

    Munson, J.; Krings, A.; Hiromoto, R.

    2006-07-01

    away from the currently applied paradigm of addressing reliability, security and survivability in an add-on fashion at the end of the software development process. Rather, the integrity monitoring ability will be integrated into the overall architecture of the software system. The measurement and control methodology developed under this research program will readily migrate into hardware, leading to the development of new hardware architecture with built-in survivability, security and reliability attributes. (authors)

  1. Advanced fingerprint verification software

    NASA Astrophysics Data System (ADS)

    Baradarani, A.; Taylor, J. R. B.; Severin, F.; Maev, R. Gr.

    2016-05-01

    We have developed a fingerprint software package that can be used in a wide range of applications from law enforcement to public and private security systems, and to personal devices such as laptops, vehicles, and door- locks. The software and processing units are a unique implementation of new and sophisticated algorithms that compete with the current best systems in the world. Development of the software package has been in line with the third generation of our ultrasonic fingerprinting machine1. Solid and robust performance is achieved in the presence of misplaced and low quality fingerprints.

  2. Designing Educational Software for Tomorrow.

    ERIC Educational Resources Information Center

    Harvey, Wayne

    Designed to address the management and use of computer software in education and training, this paper explores both good and poor software design, calling for improvements in the quality of educational software by attending to design considerations that are based on general principles of learning rather than specific educational objectives. This…

  3. Information Systems, Security, and Privacy.

    ERIC Educational Resources Information Center

    Ware, Willis H.

    1984-01-01

    Computer security and computer privacy issues are discussed. Among the areas addressed are technical and human security threats, security and privacy issues for information in electronic mail systems, the need for a national commission to examine these issues, and security/privacy issues relevant to colleges and universities. (JN)

  4. Software Use Control

    SciTech Connect

    Trussell, F.G.

    1994-03-01

    The topic of this technical presentation is Use Control Software. The nuclear weapon software design community is being subjected to many surety forces that are stretching the envelope of their designs. Given that software is a critical part of the use control system design, we must work to limit the errors of the software development process. The objective of this paper is to discuss a methodology that the author, as a member of the Security and Use Control Assessment Department, is working on. This is the first introduction of the proposed methodology. Software that is a part of any use control system, subsystem, device, or component is critical to the operation of that apparatus. The software is expected to meet the criteria of modern software quality. In a use control application, meeting the normal quality standards is short of the expectations in meeting the use control obligations. The NWC community expects the use control features of a nuclear weapon to provide assurance that the weapon is protected from unauthorized nuclear detonation. The methodology that the author is proposing will provide a focused scrutiny to software that is used in the hardware of use control systems, subsystems, devices, and components. The methodology proposes further scrutiny of the structure of the software, memory, variables, storage, and control features.

  5. Selecting Software.

    ERIC Educational Resources Information Center

    Pereus, Steven C.

    2002-01-01

    Describes a comprehensive computer software selection and evaluation process, including documenting district needs, evaluating software packages, weighing the alternatives, and making the purchase. (PKP)

  6. Foreign Languages: Workforce Planning Could Help Address Staffing and Proficiency Shortfalls. Testimony before the Subcommittee on International Security, Proliferation, and Federal Services, Committee on Governmental Affairs, U.S. Senate.

    ERIC Educational Resources Information Center

    Westin, Susan S.

    This statement examines the nature and impact of foreign language proficiency and personnel shortages in the Army, State Department, Central Intelligence Agency, and Federal Bureau of Investigation (FBI), discussing strategies used to address these shortages and efforts made to address current and projected shortages. All four agencies reported…

  7. Scientific Software Component Technology

    SciTech Connect

    Kohn, S.; Dykman, N.; Kumfert, G.; Smolinski, B.

    2000-02-16

    We are developing new software component technology for high-performance parallel scientific computing to address issues of complexity, re-use, and interoperability for laboratory software. Component technology enables cross-project code re-use, reduces software development costs, and provides additional simulation capabilities for massively parallel laboratory application codes. The success of our approach will be measured by its impact on DOE mathematical and scientific software efforts. Thus, we are collaborating closely with library developers and application scientists in the Common Component Architecture forum, the Equation Solver Interface forum, and other DOE mathematical software groups to gather requirements, write and adopt a variety of design specifications, and develop demonstration projects to validate our approach. Numerical simulation is essential to the science mission at the laboratory. However, it is becoming increasingly difficult to manage the complexity of modern simulation software. Computational scientists develop complex, three-dimensional, massively parallel, full-physics simulations that require the integration of diverse software packages written by outside development teams. Currently, the integration of a new software package, such as a new linear solver library, can require several months of effort. Current industry component technologies such as CORBA, JavaBeans, and COM have all been used successfully in the business domain to reduce software development costs and increase software quality. However, these existing industry component infrastructures will not scale to support massively parallel applications in science and engineering. In particular, they do not address issues related to high-performance parallel computing on ASCI-class machines, such as fast in-process connections between components, language interoperability for scientific languages such as Fortran, parallel data redistribution between components, and massively

  8. NASA Software Documentation Standard

    NASA Technical Reports Server (NTRS)

    1991-01-01

    The NASA Software Documentation Standard (hereinafter referred to as "Standard") is designed to support the documentation of all software developed for NASA; its goal is to provide a framework and model for recording the essential information needed throughout the development life cycle and maintenance of a software system. The NASA Software Documentation Standard can be applied to the documentation of all NASA software. The Standard is limited to documentation format and content requirements. It does not mandate specific management, engineering, or assurance standards or techniques. This Standard defines the format and content of documentation for software acquisition, development, and sustaining engineering. Format requirements address where information shall be recorded and content requirements address what information shall be recorded. This Standard provides a framework to allow consistency of documentation across NASA and visibility into the completeness of project documentation. The basic framework consists of four major sections (or volumes). The Management Plan contains all planning and business aspects of a software project, including engineering and assurance planning. The Product Specification contains all technical engineering information, including software requirements and design. The Assurance and Test Procedures contains all technical assurance information, including Test, Quality Assurance (QA), and Verification and Validation (V&V). The Management, Engineering, and Assurance Reports is the library and/or listing of all project reports.

  9. Securing collaborative environments

    SciTech Connect

    Agarwal, Deborah; Jackson, Keith; Thompson, Mary

    2002-05-16

    The diverse set of organizations and software components involved in a typical collaboratory make providing a seamless security solution difficult. In addition, the users need support for a broad range of frequency and locations for access to the collaboratory. A collaboratory security solution needs to be robust enough to ensure that valid participants are not denied access because of its failure. There are many tools that can be applied to the task of securing collaborative environments and these include public key infrastructure, secure sockets layer, Kerberos, virtual and real private networks, grid security infrastructure, and username/password. A combination of these mechanisms can provide effective secure collaboration capabilities. In this paper, we discuss the requirements of typical collaboratories and some proposals for applying various security mechanisms to collaborative environments.

  10. Awards and Addresses Summary

    PubMed Central

    2008-01-01

    Each year at the annual ASHG meeting, addresses are given in honor of the society and a number of award winners. A summary of each of these addresses is given below. On the next pages, we have printed the Presidential Address and the addresses for the William Allan Award. The other addresses, accompanied by pictures of the speakers, can be found at www.ashg.org.

  11. Protecting software agents from malicious hosts using quantum computing

    NASA Astrophysics Data System (ADS)

    Reisner, John; Donkor, Eric

    2000-07-01

    We evaluate how quantum computing can be applied to security problems for software agents. Agent-based computing, which merges technological advances in artificial intelligence and mobile computing, is a rapidly growing domain, especially in applications such as electronic commerce, network management, information retrieval, and mission planning. System security is one of the more eminent research areas in agent-based computing, and the specific problem of protecting a mobile agent from a potentially hostile host is one of the most difficult of these challenges. In this work, we describe our agent model, and discuss the capabilities and limitations of classical solutions to the malicious host problem. Quantum computing may be extremely helpful in addressing the limitations of classical solutions to this problem. This paper highlights some of the areas where quantum computing could be applied to agent security.

  12. NASA software documentation standard software engineering program

    NASA Technical Reports Server (NTRS)

    1991-01-01

    The NASA Software Documentation Standard (hereinafter referred to as Standard) can be applied to the documentation of all NASA software. This Standard is limited to documentation format and content requirements. It does not mandate specific management, engineering, or assurance standards or techniques. This Standard defines the format and content of documentation for software acquisition, development, and sustaining engineering. Format requirements address where information shall be recorded and content requirements address what information shall be recorded. This Standard provides a framework to allow consistency of documentation across NASA and visibility into the completeness of project documentation. This basic framework consists of four major sections (or volumes). The Management Plan contains all planning and business aspects of a software project, including engineering and assurance planning. The Product Specification contains all technical engineering information, including software requirements and design. The Assurance and Test Procedures contains all technical assurance information, including Test, Quality Assurance (QA), and Verification and Validation (V&V). The Management, Engineering, and Assurance Reports is the library and/or listing of all project reports.

  13. Software engineering methodologies and tools

    NASA Technical Reports Server (NTRS)

    Wilcox, Lawrence M.

    1993-01-01

    Over the years many engineering disciplines have developed, including chemical, electronic, etc. Common to all engineering disciplines is the use of rigor, models, metrics, and predefined methodologies. Recently, a new engineering discipline has appeared on the scene, called software engineering. For over thirty years computer software has been developed and the track record has not been good. Software development projects often miss schedules, are over budget, do not give the user what is wanted, and produce defects. One estimate is there are one to three defects per 1000 lines of deployed code. More and more systems are requiring larger and more complex software for support. As this requirement grows, the software development problems grow exponentially. It is believed that software quality can be improved by applying engineering principles. Another compelling reason to bring the engineering disciplines to software development is productivity. It has been estimated that productivity of producing software has only increased one to two percent a year in the last thirty years. Ironically, the computer and its software have contributed significantly to the industry-wide productivity, but computer professionals have done a poor job of using the computer to do their job. Engineering disciplines and methodologies are now emerging supported by software tools that address the problems of software development. This paper addresses some of the current software engineering methodologies as a backdrop for the general evaluation of computer assisted software engineering (CASE) tools from actual installation of and experimentation with some specific tools.

  14. Powerplant software

    SciTech Connect

    Elliott, T.C.

    1995-07-01

    Powerplants need software to thrive and compete. Covered here are many programs and applications -- an overview of the functions, tasks, and problem-solving software is used for today. Software or, more accurately, software-driven systems are pervasive. Their presence is felt in every nook and cranny of the powerplant -- from design and construction through operation and maintenance, even dismantling and decommissioning -- embracing whole systems but also focusing on individual pieces of equipment. No one software supplier or two or three dominates -- powerplant software is the purview of scores if not hundreds of suppliers ranging from the largest corporations to individual consultants and application developers.

  15. School Security Technologies

    ERIC Educational Resources Information Center

    Schneider, Tod

    2010-01-01

    Over the past decade electronic security technology has evolved from an exotic possibility into an essential safety consideration. Before resorting to high-tech security solutions, school officials should think carefully about the potential for unintended consequences. Technological fixes may be mismatched to the problems being addressed. They can…

  16. 17 CFR 10.4 - Business address; hours.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 1 2014-04-01 2014-04-01 false Business address; hours. 10.4 Section 10.4 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES OF PRACTICE General Provisions § 10.4 Business address; hours. The Office of Proceedings is located at Three...

  17. 17 CFR 12.3 - Business address; hours.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 1 2014-04-01 2014-04-01 false Business address; hours. 12.3 Section 12.3 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES RELATING TO REPARATIONS General Information and Preliminary Consideration of Pleadings § 12.3 Business address; hours....

  18. 17 CFR 10.4 - Business address; hours.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 17 Commodity and Securities Exchanges 1 2012-04-01 2012-04-01 false Business address; hours. 10.4 Section 10.4 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES OF PRACTICE General Provisions § 10.4 Business address; hours. The Office of Proceedings is located at Three...

  19. 17 CFR 10.4 - Business address; hours.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Business address; hours. 10.4 Section 10.4 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES OF PRACTICE General Provisions § 10.4 Business address; hours. The Office of Proceedings is located at Three...

  20. 17 CFR 171.3 - Business address; hours.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Business address; hours. 171.3 Section 171.3 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES RELATING TO... MEMBER RESPONSIBILITY ACTIONS General Provisions § 171.3 Business address; hours. The principal office...

  1. 17 CFR 12.3 - Business address; hours.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Business address; hours. 12.3 Section 12.3 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES RELATING TO REPARATIONS General Information and Preliminary Consideration of Pleadings § 12.3 Business address; hours....

  2. 17 CFR 171.3 - Business address; hours.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 17 Commodity and Securities Exchanges 1 2012-04-01 2012-04-01 false Business address; hours. 171.3 Section 171.3 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES RELATING TO... MEMBER RESPONSIBILITY ACTIONS General Provisions § 171.3 Business address; hours. The principal office...

  3. 17 CFR 12.3 - Business address; hours.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 17 Commodity and Securities Exchanges 1 2012-04-01 2012-04-01 false Business address; hours. 12.3 Section 12.3 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES RELATING TO REPARATIONS General Information and Preliminary Consideration of Pleadings § 12.3 Business address; hours....

  4. 17 CFR 171.3 - Business address; hours.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Business address; hours. 171.3 Section 171.3 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES RELATING TO... MEMBER RESPONSIBILITY ACTIONS General Provisions § 171.3 Business address; hours. The principal office...

  5. 17 CFR 12.3 - Business address; hours.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Business address; hours. 12.3 Section 12.3 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES RELATING TO REPARATIONS General Information and Preliminary Consideration of Pleadings § 12.3 Business address; hours....

  6. Alternative security

    SciTech Connect

    Weston, B.H. )

    1990-01-01

    This book contains the following chapters: The Military and Alternative Security: New Missions for Stable Conventional Security; Technology and Alternative Security: A Cherished Myth Expires; Law and Alternative Security: Toward a Just World Peace; Politics and Alternative Security: Toward a More Democratic, Therefore More Peaceful, World; Economics and Alternative Security: Toward a Peacekeeping International Economy; Psychology and Alternative Security: Needs, Perceptions, and Misperceptions; Religion and Alternative Security: A Prophetic Vision; and Toward Post-Nuclear Global Security: An Overview.

  7. Ten recommendations for software engineering in research.

    PubMed

    Hastings, Janna; Haug, Kenneth; Steinbeck, Christoph

    2014-01-01

    Research in the context of data-driven science requires a backbone of well-written software, but scientific researchers are typically not trained at length in software engineering, the principles for creating better software products. To address this gap, in particular for young researchers new to programming, we give ten recommendations to ensure the usability, sustainability and practicality of research software. PMID:25685331

  8. The cost of software fault tolerance

    NASA Technical Reports Server (NTRS)

    Migneault, G. E.

    1982-01-01

    The proposed use of software fault tolerance techniques as a means of reducing software costs in avionics and as a means of addressing the issue of system unreliability due to faults in software is examined. A model is developed to provide a view of the relationships among cost, redundancy, and reliability which suggests strategies for software development and maintenance which are not conventional.

  9. ECLIPSE, an Emerging Standardized Modular, Secure and Affordable Software Toolset in Support of Product Assurance, Quality Assurance and Project Management for the Entire European Space Industry (from Innovative SMEs to Primes and Institutions)

    NASA Astrophysics Data System (ADS)

    Bennetti, Andrea; Ansari, Salim; Dewhirst, Tori; Catanese, Giuseppe

    2010-08-01

    The development of satellites and ground systems (and the technologies that support them) is complex and demands a great deal of rigor in the management of both the information it relies upon and the information it generates via the performance of well established processes. To this extent for the past fifteen years Sapienza Consulting has been supporting the European Space Agency (ESA) in the management of this information and provided ESA with ECSS (European Cooperation for Space Standardization) Standards based Project Management (PM), Product Assurance (PA) and Quality Assurance (QA) software applications. In 2009 Sapienza recognised the need to modernize, standardizing and integrate its core ECSS-based software tools into a single yet modularised suite of applications named ECLIPSE aimed at: • Fulfilling a wider range of historical and emerging requirements, • Providing a better experience for users, • Increasing the value of the information it collects and manages • Lowering the cost of ownership and operation • Increasing collaboration within and between space sector organizations • Aiding in the performance of several PM, PA, QA, and configuration management tasks in adherence to ECSS standards. In this paper, Sapienza will first present the toolset, and a rationale for its development, describing and justifying its architecture, and basic modules composition. Having defined the toolset architecture, this paper will address the current status of the individual applications. A compliance assessment will be presented for each module in the toolset with respect to the ECSS standard it addresses. Lastly experience from early industry and Institutional users will be presented.

  10. Software Program: Software Management Guidebook

    NASA Technical Reports Server (NTRS)

    1996-01-01

    The purpose of this NASA Software Management Guidebook is twofold. First, this document defines the core products and activities required of NASA software projects. It defines life-cycle models and activity-related methods but acknowledges that no single life-cycle model is appropriate for all NASA software projects. It also acknowledges that the appropriate method for accomplishing a required activity depends on characteristics of the software project. Second, this guidebook provides specific guidance to software project managers and team leaders in selecting appropriate life cycles and methods to develop a tailored plan for a software engineering project.

  11. Wildlife software: procedures for publication of computer software

    USGS Publications Warehouse

    Samuel, M.D.

    1990-01-01

    Computers and computer software have become an integral part of the practice of wildlife science. Computers now play an important role in teaching, research, and management applications. Because of the specialized nature of wildlife problems, specific computer software is usually required to address a given problem (e.g., home range analysis). This type of software is not usually available from commercial vendors and therefore must be developed by those wildlife professionals with particular skill in computer programming. Current journal publication practices generally prevent a detailed description of computer software associated with new techniques. In addition, peer review of journal articles does not usually include a review of associated computer software. Thus, many wildlife professionals are usually unaware of computer software that would meet their needs or of major improvements in software they commonly use. Indeed most users of wildlife software learn of new programs or important changes only by word of mouth.

  12. Proprietary software

    NASA Technical Reports Server (NTRS)

    Marnock, M. J.

    1971-01-01

    The protection of intellectual property by a patent, a copyright, or trade secrets is reviewed. The present and future use of computers and software are discussed, along with the governmental uses of software. The popularity of contractual agreements for sale or lease of computer programs and software services is also summarized.

  13. Software Quality Assurance Audits Guidebooks

    NASA Technical Reports Server (NTRS)

    1990-01-01

    The growth in cost and importance of software to NASA has caused NASA to address the improvement of software development across the agency. One of the products of this program is a series of guidebooks that define a NASA concept of the assurance processes that are used in software development. The Software Assurance Guidebook, NASA-GB-A201, issued in September, 1989, provides an overall picture of the NASA concepts and practices in software assurance. Second level guidebooks focus on specific activities that fall within the software assurance discipline, and provide more detailed information for the manager and/or practitioner. This is the second level Software Quality Assurance Audits Guidebook that describes software quality assurance audits in a way that is compatible with practices at NASA Centers.

  14. Statistical security for Social Security.

    PubMed

    Soneji, Samir; King, Gary

    2012-08-01

    The financial viability of Social Security, the single largest U.S. government program, depends on accurate forecasts of the solvency of its intergenerational trust fund. We begin by detailing information necessary for replicating the Social Security Administration's (SSA's) forecasting procedures, which until now has been unavailable in the public domain. We then offer a way to improve the quality of these procedures via age- and sex-specific mortality forecasts. The most recent SSA mortality forecasts were based on the best available technology at the time, which was a combination of linear extrapolation and qualitative judgments. Unfortunately, linear extrapolation excludes known risk factors and is inconsistent with long-standing demographic patterns, such as the smoothness of age profiles. Modern statistical methods typically outperform even the best qualitative judgments in these contexts. We show how to use such methods, enabling researchers to forecast using far more information, such as the known risk factors of smoking and obesity and known demographic patterns. Including this extra information makes a substantial difference. For example, by improving only mortality forecasting methods, we predict three fewer years of net surplus, $730 billion less in Social Security Trust Funds, and program costs that are 0.66% greater for projected taxable payroll by 2031 compared with SSA projections. More important than specific numerical estimates are the advantages of transparency, replicability, reduction of uncertainty, and what may be the resulting lower vulnerability to the politicization of program forecasts. In addition, by offering with this article software and detailed replication information, we hope to marshal the efforts of the research community to include ever more informative inputs and to continue to reduce uncertainties in Social Security forecasts. PMID:22592944

  15. Secure Sensor Platform

    2010-08-25

    The Secure Sensor Platform (SSP) software provides a framework of functionality to support the development of low-power autonomous sensors for nuclear safeguards. This framework provides four primary functional blocks of capabilities required to implement autonomous sensors. The capabilities are: communications, security, power management, and cryptography. Utilizing this framework establishes a common set of functional capabilities for seamless interoperability of any sensor based upon the SSP concept.

  16. Computer software.

    PubMed

    Rosenthal, L E

    1986-10-01

    Software is the component in a computer system that permits the hardware to perform the various functions that a computer system is capable of doing. The history of software and its development can be traced to the early nineteenth century. All computer systems are designed to utilize the "stored program concept" as first developed by Charles Babbage in the 1850s. The concept was lost until the mid-1940s, when modern computers made their appearance. Today, because of the complex and myriad tasks that a computer system can perform, there has been a differentiation of types of software. There is software designed to perform specific business applications. There is software that controls the overall operation of a computer system. And there is software that is designed to carry out specialized tasks. Regardless of types, software is the most critical component of any computer system. Without it, all one has is a collection of circuits, transistors, and silicone chips. PMID:3536223

  17. NASA PC software evaluation project

    NASA Technical Reports Server (NTRS)

    Dominick, Wayne D. (Editor); Kuan, Julie C.

    1986-01-01

    The USL NASA PC software evaluation project is intended to provide a structured framework for facilitating the development of quality NASA PC software products. The project will assist NASA PC development staff to understand the characteristics and functions of NASA PC software products. Based on the results of the project teams' evaluations and recommendations, users can judge the reliability, usability, acceptability, maintainability and customizability of all the PC software products. The objective here is to provide initial, high-level specifications and guidelines for NASA PC software evaluation. The primary tasks to be addressed in this project are as follows: to gain a strong understanding of what software evaluation entails and how to organize a structured software evaluation process; to define a structured methodology for conducting the software evaluation process; to develop a set of PC software evaluation criteria and evaluation rating scales; and to conduct PC software evaluations in accordance with the identified methodology. Communication Packages, Network System Software, Graphics Support Software, Environment Management Software, General Utilities. This report represents one of the 72 attachment reports to the University of Southwestern Louisiana's Final Report on NASA Grant NGT-19-010-900. Accordingly, appropriate care should be taken in using this report out of context of the full Final Report.

  18. Software Development at Belle II

    NASA Astrophysics Data System (ADS)

    Kuhr, Thomas; Hauth, Thomas

    2015-12-01

    Belle II is a next generation B-factory experiment that will collect 50 times more data than its predecessor Belle. This requires not only a major upgrade of the detector hardware, but also of the simulation, reconstruction, and analysis software. The challenges of the software development at Belle II and the tools and procedures to address them are reviewed in this article.

  19. Technical Reference Suite Addressing Challenges of Providing Assurance for Fault Management Architectural Design

    NASA Technical Reports Server (NTRS)

    Fitz, Rhonda; Whitman, Gerek

    2016-01-01

    Research into complexities of software systems Fault Management (FM) and how architectural design decisions affect safety, preservation of assets, and maintenance of desired system functionality has coalesced into a technical reference (TR) suite that advances the provision of safety and mission assurance. The NASA Independent Verification and Validation (IV&V) Program, with Software Assurance Research Program support, extracted FM architectures across the IV&V portfolio to evaluate robustness, assess visibility for validation and test, and define software assurance methods applied to the architectures and designs. This investigation spanned IV&V projects with seven different primary developers, a wide range of sizes and complexities, and encompassed Deep Space Robotic, Human Spaceflight, and Earth Orbiter mission FM architectures. The initiative continues with an expansion of the TR suite to include Launch Vehicles, adding the benefit of investigating differences intrinsic to model-based FM architectures and insight into complexities of FM within an Agile software development environment, in order to improve awareness of how nontraditional processes affect FM architectural design and system health management. The identification of particular FM architectures, visibility, and associated IV&V techniques provides a TR suite that enables greater assurance that critical software systems will adequately protect against faults and respond to adverse conditions. Additionally, the role FM has with regard to strengthened security requirements, with potential to advance overall asset protection of flight software systems, is being addressed with the development of an adverse conditions database encompassing flight software vulnerabilities. Capitalizing on the established framework, this TR suite provides assurance capability for a variety of FM architectures and varied development approaches. Research results are being disseminated across NASA, other agencies, and the

  20. NASA's Software Safety Standard

    NASA Technical Reports Server (NTRS)

    Ramsay, Christopher M.

    2007-01-01

    requirements. This allows the projects leeway to meet these requirements in many forms that best suit a particular project's needs and safety risk. In other words, it tells the project what to do, not how to do it. This update also incorporated advances in the state of the practice of software safety from academia and private industry. It addresses some of the more common issues now facing software developers in the NASA environment such as the use of Commercial-Off-the-Shelf Software (COTS), Modified OTS (MOTS), Government OTS (GOTS), and reused software. A team from across NASA developed the update and it has had both NASA-wide internal reviews by software engineering, quality, safety, and project management. It has also had expert external review. This presentation and paper will discuss the new NASA Software Safety Standard, its organization, and key features. It will start with a brief discussion of some NASA mission failures and incidents that had software as one of their root causes. It will then give a brief overview of the NASA Software Safety Process. This will include an overview of the key personnel responsibilities and functions that must be performed for safety-critical software.

  1. Securing mobile code.

    SciTech Connect

    Link, Hamilton E.; Schroeppel, Richard Crabtree; Neumann, William Douglas; Campbell, Philip LaRoche; Beaver, Cheryl Lynn; Pierson, Lyndon George; Anderson, William Erik

    2004-10-01

    If software is designed so that the software can issue functions that will move that software from one computing platform to another, then the software is said to be 'mobile'. There are two general areas of security problems associated with mobile code. The 'secure host' problem involves protecting the host from malicious mobile code. The 'secure mobile code' problem, on the other hand, involves protecting the code from malicious hosts. This report focuses on the latter problem. We have found three distinct camps of opinions regarding how to secure mobile code. There are those who believe special distributed hardware is necessary, those who believe special distributed software is necessary, and those who believe neither is necessary. We examine all three camps, with a focus on the third. In the distributed software camp we examine some commonly proposed techniques including Java, D'Agents and Flask. For the specialized hardware camp, we propose a cryptographic technique for 'tamper-proofing' code over a large portion of the software/hardware life cycle by careful modification of current architectures. This method culminates by decrypting/authenticating each instruction within a physically protected CPU, thereby protecting against subversion by malicious code. Our main focus is on the camp that believes that neither specialized software nor hardware is necessary. We concentrate on methods of code obfuscation to render an entire program or a data segment on which a program depends incomprehensible. The hope is to prevent or at least slow down reverse engineering efforts and to prevent goal-oriented attacks on the software and execution. The field of obfuscation is still in a state of development with the central problem being the lack of a basis for evaluating the protection schemes. We give a brief introduction to some of the main ideas in the field, followed by an in depth analysis of a technique called 'white-boxing'. We put forth some new attacks and improvements

  2. Automating Risk Analysis of Software Design Models

    PubMed Central

    Ruiz, Guifré; Heymann, Elisa; César, Eduardo; Miller, Barton P.

    2014-01-01

    The growth of the internet and networked systems has exposed software to an increased amount of security threats. One of the responses from software developers to these threats is the introduction of security activities in the software development lifecycle. This paper describes an approach to reduce the need for costly human expertise to perform risk analysis in software, which is common in secure development methodologies, by automating threat modeling. Reducing the dependency on security experts aims at reducing the cost of secure development by allowing non-security-aware developers to apply secure development with little to no additional cost, making secure development more accessible. To automate threat modeling two data structures are introduced, identification trees and mitigation trees, to identify threats in software designs and advise mitigation techniques, while taking into account specification requirements and cost concerns. These are the components of our model for automated threat modeling, AutSEC. We validated AutSEC by implementing it in a tool based on data flow diagrams, from the Microsoft security development methodology, and applying it to VOMS, a grid middleware component, to evaluate our model's performance. PMID:25136688

  3. Automating risk analysis of software design models.

    PubMed

    Frydman, Maxime; Ruiz, Guifré; Heymann, Elisa; César, Eduardo; Miller, Barton P

    2014-01-01

    The growth of the internet and networked systems has exposed software to an increased amount of security threats. One of the responses from software developers to these threats is the introduction of security activities in the software development lifecycle. This paper describes an approach to reduce the need for costly human expertise to perform risk analysis in software, which is common in secure development methodologies, by automating threat modeling. Reducing the dependency on security experts aims at reducing the cost of secure development by allowing non-security-aware developers to apply secure development with little to no additional cost, making secure development more accessible. To automate threat modeling two data structures are introduced, identification trees and mitigation trees, to identify threats in software designs and advise mitigation techniques, while taking into account specification requirements and cost concerns. These are the components of our model for automated threat modeling, AutSEC. We validated AutSEC by implementing it in a tool based on data flow diagrams, from the Microsoft security development methodology, and applying it to VOMS, a grid middleware component, to evaluate our model's performance. PMID:25136688

  4. Software safety

    NASA Technical Reports Server (NTRS)

    Leveson, Nancy

    1987-01-01

    Software safety and its relationship to other qualities are discussed. It is shown that standard reliability and fault tolerance techniques will not solve the safety problem for the present. A new attitude requires: looking at what you do NOT want software to do along with what you want it to do; and assuming things will go wrong. New procedures and changes to entire software development process are necessary: special software safety analysis techniques are needed; and design techniques, especially eliminating complexity, can be very helpful.

  5. Network systems security analysis

    NASA Astrophysics Data System (ADS)

    Yilmaz, Ä.°smail

    2015-05-01

    Network Systems Security Analysis has utmost importance in today's world. Many companies, like banks which give priority to data management, test their own data security systems with "Penetration Tests" by time to time. In this context, companies must also test their own network/server systems and take precautions, as the data security draws attention. Based on this idea, the study cyber-attacks are researched throughoutly and Penetration Test technics are examined. With these information on, classification is made for the cyber-attacks and later network systems' security is tested systematically. After the testing period, all data is reported and filed for future reference. Consequently, it is found out that human beings are the weakest circle of the chain and simple mistakes may unintentionally cause huge problems. Thus, it is clear that some precautions must be taken to avoid such threats like updating the security software.

  6. Public eye security system

    NASA Astrophysics Data System (ADS)

    Aviv, David G.

    1999-01-01

    The recently patented system is a software engine that is connected to a television camera that is used for security applications. It will detect in near real time any physical criminal acts occurring within the field of view of the camera. It then instantaneously transmits an alarm to law enforcement and turns on a VCR and other crime deterrent systems, without human involvement.

  7. Application Security Automation

    ERIC Educational Resources Information Center

    Malaika, Majid A.

    2011-01-01

    With today's high demand for online applications and services running on the Internet, software has become a vital component in our lives. With every revolutionary technology comes challenges unique to its characteristics; for online applications, security is one huge concern and challenge. Currently, there are several schemes that address…

  8. Managing risk in software systems

    SciTech Connect

    Fletcher, S.K.; Jansma, R.M.; Murphy, M.D.

    1995-07-01

    A methodology for risk management in the design of software systems is presented. It spans security, safety, and correct operation of software within the context of its environment, and produces a risk analysis and documented risk management strategy. It is designed to be iteratively applied, to attain appropriate levels of detail throughout the analysis. The methodology and supporting tools are discussed. The methodology is critiqued relative to other research in the field. Some sample applications of the methodology are presented.

  9. Software Reviews.

    ERIC Educational Resources Information Center

    Bitter, Gary G., Ed.

    1990-01-01

    Reviews three computer software: (1) "Elastic Lines: The Electronic Geoboard" on elementary geometry; (2) "Wildlife Adventures: Whales" on environmental science; and (3) "What Do You Do with a Broken Calculator?" on computation and problem solving. Summarizes the descriptions, strengths and weaknesses, and applications of each software. (YP)

  10. Software Repository

    NASA Technical Reports Server (NTRS)

    Merwarth, P., D.

    1983-01-01

    The Common Software Module Repository (CSMR) is computerized library system with high product and service visibility to potential users. Online capabilities of system allow both librarian and user to interact with library. Librarian is responsible for maintaining information in CSMR library. User searches library to locate software modules that meet his or her current needs.

  11. Software Reviews.

    ERIC Educational Resources Information Center

    Miller, Anne, Ed.; Radziemski, Cathy, Ed.

    1988-01-01

    Reviews two software packages for the Macintosh series. "Course Builder 2.0," a courseware authoring system, allows the user to create programs which stand alone and may be used independently in the classroom. "World Builder," an artificial intelligence software package, allows creative thinking, problem-solving, and decision-making. (YP)

  12. Software Bridge

    NASA Technical Reports Server (NTRS)

    1995-01-01

    I-Bridge is a commercial version of software developed by I-Kinetics under a NASA Small Business Innovation Research (SBIR) contract. The software allows users of Windows applications to gain quick, easy access to databases, programs and files on UNIX services. Information goes directly onto spreadsheets and other applications; users need not manually locate, transfer and convert data.

  13. Software Reviews.

    ERIC Educational Resources Information Center

    Wulfson, Stephen

    1988-01-01

    Presents reviews of six computer software programs for teaching science. Provides the publisher, grade level, cost, and descriptions of software, including: (1) "Recycling Logic"; (2) "Introduction to Biochemistry"; (3) "Food for Thought"; (4) "Watts in a Home"; (5) "Geology in Action"; and (6) "Biomes." All are for Apple series microcomputers.…

  14. Addressing Employer Services.

    ERIC Educational Resources Information Center

    Perspective: Essays and Reviews of Issues in Employment Security and Employment and Training Programs, 1986

    1986-01-01

    This volume of an annual journal contains 21 articles focusing on the many services that state Employment Security (ES) agencies are providing to improve outreach to employers who pay for the programs through the dedicated revenues of the Federal Unemployment Tax Act and state benefit taxes and to improve their own staff ability to deliver…

  15. Cyber security best practices for the nuclear industry

    SciTech Connect

    Badr, I.

    2012-07-01

    When deploying software based systems, such as, digital instrumentation and controls for the nuclear industry, it is vital to include cyber security assessment as part of architecture and development process. When integrating and delivering software-intensive systems for the nuclear industry, engineering teams should make use of a secure, requirements driven, software development life cycle, ensuring security compliance and optimum return on investment. Reliability protections, data loss prevention, and privacy enforcement provide a strong case for installing strict cyber security policies. (authors)

  16. New Aspects of Test Security.

    ERIC Educational Resources Information Center

    Lambert, Joyce C.; Lousteau, Carolyn L.; Mochetta, Page T.

    2001-01-01

    Discusses the security of computerized test files based on a survey of collegiate educators and offers recommendations to make tests more secure. Highlights include passwords; firewalls; keeping test files offline rather than on a hard drive; encryption; and using software to write over files rather than just deleting them. (LRW)

  17. Web Application Software for Ground Operations Planning Database (GOPDb) Management

    NASA Technical Reports Server (NTRS)

    Lanham, Clifton; Kallner, Shawn; Gernand, Jeffrey

    2013-01-01

    A Web application facilitates collaborative development of the ground operations planning document. This will reduce costs and development time for new programs by incorporating the data governance, access control, and revision tracking of the ground operations planning data. Ground Operations Planning requires the creation and maintenance of detailed timelines and documentation. The GOPDb Web application was created using state-of-the-art Web 2.0 technologies, and was deployed as SaaS (Software as a Service), with an emphasis on data governance and security needs. Application access is managed using two-factor authentication, with data write permissions tied to user roles and responsibilities. Multiple instances of the application can be deployed on a Web server to meet the robust needs for multiple, future programs with minimal additional cost. This innovation features high availability and scalability, with no additional software that needs to be bought or installed. For data governance and security (data quality, management, business process management, and risk management for data handling), the software uses NAMS. No local copy/cloning of data is permitted. Data change log/tracking is addressed, as well as collaboration, work flow, and process standardization. The software provides on-line documentation and detailed Web-based help. There are multiple ways that this software can be deployed on a Web server to meet ground operations planning needs for future programs. The software could be used to support commercial crew ground operations planning, as well as commercial payload/satellite ground operations planning. The application source code and database schema are owned by NASA.

  18. Secure Control Systems for the Energy Sector

    SciTech Connect

    Smith, Rhett; Campbell, Jack; Hadley, Mark

    2012-03-31

    Schweitzer Engineering Laboratories (SEL) will conduct the Hallmark Project to address the need to reduce the risk of energy disruptions because of cyber incidents on control systems. The goals is to develop solutions that can be both applied to existing control systems and designed into new control systems to add the security measures needed to mitigate energy network vulnerabilities. The scope of the Hallmark Project contains four primary elements: 1. Technology transfer of the Secure Supervisory Control and Data Acquisition (SCADA) Communications Protocol (SSCP) from Pacific Northwest National Laboratories (PNNL) to Schweitzer Engineering Laboratories (SEL). The project shall use this technology to develop a Federal Information Processing Standard (FIPS) 140-2 compliant original equipment manufacturer (OEM) module to be called a Cryptographic Daughter Card (CDC) with the ability to directly connect to any PC enabling that computer to securely communicate across serial to field devices. Validate the OEM capabilities with another vendor. 2. Development of a Link Authenticator Module (LAM) using the FIPS 140-2 validated Secure SCADA Communications Protocol (SSCP) CDC module with a central management software kit. 3. Validation of the CDC and Link Authenticator modules via laboratory and field tests. 4. Creation of documents that record the impact of the Link Authenticator to the operators of control systems and on the control system itself. The information in the documents can assist others with technology deployment and maintenance.

  19. Security Evolution.

    ERIC Educational Resources Information Center

    De Patta, Joe

    2003-01-01

    Examines how to evaluate school security, begin making schools safe, secure schools without turning them into fortresses, and secure schools easily and affordably; the evolution of security systems into information technology systems; using schools' high-speed network lines; how one specific security system was developed; pros and cons of the…

  20. Collection Security.

    ERIC Educational Resources Information Center

    Boss, Richard W.

    1984-01-01

    Presents a systematic approach to the problem of security of library collections and facilities from theft and vandalism. Highlights include responses to losses, defining security needs, typical weaknesses of facilities, policies and procedures that weaken a library's security, conducting a security audit, cost of security, cost-effectiveness, and…

  1. 45 CFR 164.306 - Security standards: General rules.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ..., hardware, and software security capabilities. (iii) The costs of security measures. (iv) The probability... 45 Public Welfare 1 2014-10-01 2014-10-01 false Security standards: General rules. 164.306 Section... RELATED REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic...

  2. 45 CFR 164.306 - Security standards: General rules.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ..., hardware, and software security capabilities. (iii) The costs of security measures. (iv) The probability... 45 Public Welfare 1 2013-10-01 2013-10-01 false Security standards: General rules. 164.306 Section... RELATED REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic...

  3. Addressivity in cogenerative dialogues

    NASA Astrophysics Data System (ADS)

    Hsu, Pei-Ling

    2014-03-01

    Ashraf Shady's paper provides a first-hand reflection on how a foreign teacher used cogens as culturally adaptive pedagogy to address cultural misalignments with students. In this paper, Shady drew on several cogen sessions to showcase his journey of using different forms of cogens with his students. To improve the quality of cogens, one strategy he used was to adjust the number of participants in cogens. As a result, some cogens worked and others did not. During the course of reading his paper, I was impressed by his creative and flexible use of cogens and at the same time was intrigued by the question of why some cogens work and not others. In searching for an answer, I found that Mikhail Bakhtin's dialogism, especially the concept of addressivity, provides a comprehensive framework to address this question. In this commentary, I reanalyze the cogen episodes described in Shady's paper in the light of dialogism. My analysis suggests that addressivity plays an important role in mediating the success of cogens. Cogens with high addressivity function as internally persuasive discourse that allows diverse consciousnesses to coexist and so likely affords productive dialogues. The implications of addressivity in teaching and learning are further discussed.

  4. Development methodology for scientific software

    SciTech Connect

    Cort, G.; Goldstone, J.A.; Nelson, R.O.; Poore, R.V.; Miller, L.; Barrus, D.M.

    1985-01-01

    We present the details of a software development methodology that addresses all phases of the software life cycle, yet is well suited for application by small projects with limited resources. The methodology has been developed at the Los Alamos Weapons Neutron Research (WNR) Facility and was utilized during the recent development of the WNR Data Acquisition Command Language. The methodology emphasizes the development and maintenance of comprehensive documentation for all software components. The impact of the methodology upon software quality and programmer productivity is assessed.

  5. 15 CFR 734.7 - Published information and software.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS SCOPE OF THE EXPORT ADMINISTRATION REGULATIONS § 734.7 Published information and software. (a)...

  6. Software Smarts

    NASA Technical Reports Server (NTRS)

    1998-01-01

    Under an SBIR (Small Business Innovative Research) contract with Johnson Space Center, Knowledge Based Systems Inc. (KBSI) developed an intelligent software environment for modeling and analyzing mission planning activities, simulating behavior, and, using a unique constraint propagation mechanism, updating plans with each change in mission planning activities. KBSI developed this technology into a commercial product, PROJECTLINK, a two-way bridge between PROSIm, KBSI's process modeling and simulation software and leading project management software like Microsoft Project and Primavera's SureTrak Project Manager.

  7. Software testing

    NASA Astrophysics Data System (ADS)

    Price-Whelan, Adrian M.

    2016-01-01

    Now more than ever, scientific results are dependent on sophisticated software and analysis. Why should we trust code written by others? How do you ensure your own code produces sensible results? How do you make sure it continues to do so as you update, modify, and add functionality? Software testing is an integral part of code validation and writing tests should be a requirement for any software project. I will talk about Python-based tools that make managing and running tests much easier and explore some statistics for projects hosted on GitHub that contain tests.

  8. 6 CFR 37.41 - Security plan.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... Information (SSI) and must be handled and protected in accordance with 49 CFR part 1520. ... 6 Domestic Security 1 2013-01-01 2013-01-01 false Security plan. 37.41 Section 37.41 Domestic... Security plan. (a) In General. States must have a security plan that addresses the provisions in...

  9. 6 CFR 37.41 - Security plan.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... Information (SSI) and must be handled and protected in accordance with 49 CFR part 1520. ... 6 Domestic Security 1 2014-01-01 2014-01-01 false Security plan. 37.41 Section 37.41 Domestic... Security plan. (a) In General. States must have a security plan that addresses the provisions in...

  10. Documenting the Development of Software

    NASA Technical Reports Server (NTRS)

    1987-01-01

    Some routine supervisory functions performed automatically. Program Management Facility (PMF) computer program integrated software-development and control system. Applicable to large software systems involving as many as several hundred programmers and one million lines of codes, it ensures timely and orderly planning, development, implementation, and documentation of software. Designed as support tool. Has many features providing efficient processing and utilization of space for development programmer. Incorporates security system to prevent improper maintenance. Provides full set of cross-referenced reports and supervisory functions for detailed management information. Written in assembler. IBM program TSO required.

  11. Secured medical imaging over the Internet.

    PubMed

    Aslan, P; Lee, B; Kuo, R; Babayan, R K; Kavoussi, L R; Pavlin, K A; Preminger, G M

    1998-01-01

    The Internet has established itself as an affordable, extremely viable and ubiquitous communications network that can be easily accessed from virtually any point in the world. This makes it ideally suited for medical image communications. Issues regarding security and confidentiality of information on the Internet, however, need to be addressed for both occasional, individual users and consistent enterprise-wide users. In addition, the limited bandwidth of most Internet connections must be factored into the development of a realistic usermodel and resulting protocol. Open architecture issues must also be considered so that images can be communicated to recipients who do not have similar programs. Further, application-specific software is required to integrate image acquisition, encryption and transmission into a single, streamlined process. Using Photomailer software provided by PhysiTel Inc., the authors investigated the use of sending secured still images over the Internet. The scope of their investigation covered the use of the Internet for communicating images for consultation, referral, mentoring and education. Photomailer software was used at several local and remote sites. The program was used for both sending and receiving images. It was also used for sending images to recipients who did not have Photomailer, but instead relied on conventional email programs. The results of the investigation demonstrated that using products such as Photomailer, images could be quickly and easily communicated from one location to another via the Internet. In addition, the investigators were able to retrieve images off of their existing email accounts, thereby providing greater flexibility and convenience than other systems which require scheduled transmission of information on dedicated systems. We conclude that Photomailer and similar products may provide a significant benefit and improve communications among colleagues, providing an inexpensive means of sending secured

  12. Novel Duplicate Address Detection with Hash Function.

    PubMed

    Song, GuangJia; Ji, ZhenZhou

    2016-01-01

    Duplicate address detection (DAD) is an important component of the address resolution protocol (ARP) and the neighbor discovery protocol (NDP). DAD determines whether an IP address is in conflict with other nodes. In traditional DAD, the target address to be detected is broadcast through the network, which provides convenience for malicious nodes to attack. A malicious node can send a spoofing reply to prevent the address configuration of a normal node, and thus, a denial-of-service attack is launched. This study proposes a hash method to hide the target address in DAD, which prevents an attack node from launching destination attacks. If the address of a normal node is identical to the detection address, then its hash value should be the same as the "Hash_64" field in the neighboring solicitation message. Consequently, DAD can be successfully completed. This process is called DAD-h. Simulation results indicate that address configuration using DAD-h has a considerably higher success rate when under attack compared with traditional DAD. Comparative analysis shows that DAD-h does not require third-party devices and considerable computing resources; it also provides a lightweight security resolution. PMID:26991901

  13. Novel Duplicate Address Detection with Hash Function

    PubMed Central

    Song, GuangJia; Ji, ZhenZhou

    2016-01-01

    Duplicate address detection (DAD) is an important component of the address resolution protocol (ARP) and the neighbor discovery protocol (NDP). DAD determines whether an IP address is in conflict with other nodes. In traditional DAD, the target address to be detected is broadcast through the network, which provides convenience for malicious nodes to attack. A malicious node can send a spoofing reply to prevent the address configuration of a normal node, and thus, a denial-of-service attack is launched. This study proposes a hash method to hide the target address in DAD, which prevents an attack node from launching destination attacks. If the address of a normal node is identical to the detection address, then its hash value should be the same as the “Hash_64” field in the neighboring solicitation message. Consequently, DAD can be successfully completed. This process is called DAD-h. Simulation results indicate that address configuration using DAD-h has a considerably higher success rate when under attack compared with traditional DAD. Comparative analysis shows that DAD-h does not require third-party devices and considerable computing resources; it also provides a lightweight security resolution. PMID:26991901

  14. The development process for the space shuttle primary avionics software system

    NASA Technical Reports Server (NTRS)

    Keller, T. W.

    1987-01-01

    Primary avionics software system; software development approach; user support and problem diagnosis; software releases and configuration; quality/productivity programs; and software development/production facilities are addressed. Also examined are the external evaluations of the IBM process.

  15. Software Reviews.

    ERIC Educational Resources Information Center

    Wulfson, Stephen, Ed.

    1990-01-01

    Reviewed are six computer software packages including "Lunar Greenhouse,""Dyno-Quest,""How Weather Works,""Animal Trackers,""Personal Science Laboratory," and "The Skeletal and Muscular Systems." Availability, functional, and hardware requirements are discussed. (CW)

  16. Software Reviews.

    ERIC Educational Resources Information Center

    McGrath, Diane

    1990-01-01

    Reviews two programs: (1) "The Weather Machine" on understanding weather and weather forecasting and (2) "The Mystery of the Hotel Victoria" on problem solving in mathematics. Presents the descriptions, advantages, and weaknesses of the software. (YP)

  17. Software Reviews.

    ERIC Educational Resources Information Center

    Davis, Shelly J., Ed.; Knaupp, Jon, Ed.

    1984-01-01

    Reviewed is computer software on: (1) classification of living things, a tutorial program for grades 5-10; and (2) polynomial practice using tiles, a drill-and-practice program for algebra students. (MNS)

  18. Software Reviews.

    ERIC Educational Resources Information Center

    Wulfson, Stephen, Ed.

    1987-01-01

    Provides a review of four science software programs. Includes topics such as plate tectonics, laboratory experiment simulations, the human body, and light and temperature. Contains information on ordering and reviewers' comments. (ML)

  19. Software Reviews.

    ERIC Educational Resources Information Center

    Dwyer, Donna; And Others

    1989-01-01

    Reviewed are seven software packages for Apple and IBM computers. Included are: "Toxicology"; "Science Corner: Space Probe"; "Alcohol and Pregnancy"; "Science Tool Kit Plus"; Computer Investigations: Plant Growth"; "Climatrolls"; and "Animal Watch: Whales." (CW)

  20. Software Reviews.

    ERIC Educational Resources Information Center

    Kimball, Jeffrey P.; And Others

    1987-01-01

    Describes a variety of computer software. The packages reviewed include a variety of simulations, a spread sheet, a printer driver and an alternative operating system for DBM.PCs and compatible programs. (BSR)

  1. Software Reviews.

    ERIC Educational Resources Information Center

    Wulfson, Eugene T., Ed.

    1988-01-01

    Presents reviews by classroom teachers of software for teaching science. Includes material on the work of geologists, genetics, earth science, classification of living things, astronomy, endangered species, skeleton, drugs, and heartbeat. Provides information on availability and equipment needed. (RT)

  2. Software Reviews.

    ERIC Educational Resources Information Center

    Classroom Computer Learning, 1990

    1990-01-01

    Reviewed are three computer software packages including "Martin Luther King, Jr.: Instant Replay of History,""Weeds to Trees," and "The New Print Shop, School Edition." Discussed are hardware requirements, costs, grade levels, availability, emphasis, strengths, and weaknesses. (CW)

  3. Software Reviews.

    ERIC Educational Resources Information Center

    Mathematics and Computer Education, 1988

    1988-01-01

    Presents reviews of six software packages. Includes (1) "Plain Vanilla Statistics"; (2) "MathCAD 2.0"; (3) "GrFx"; (4) "Trigonometry"; (5) "Algebra II"; (6) "Algebra Drill and Practice I, II, and III." (PK)

  4. Astronomy Software

    NASA Technical Reports Server (NTRS)

    1995-01-01

    Software Bisque's TheSky, SkyPro and Remote Astronomy Software incorporate technology developed for the Hubble Space Telescope. TheSky and SkyPro work together to orchestrate locating, identifying and acquiring images of deep sky objects. With all three systems, the user can directly control computer-driven telescopes and charge coupled device (CCD) cameras through serial ports. Through the systems, astronomers and students can remotely operate a telescope at the Mount Wilson Observatory Institute.

  5. Defense and security of a wireless tactical network

    NASA Astrophysics Data System (ADS)

    Younger, Michael; Young, Stuart H.

    2001-08-01

    Recall the adage `a chain is as strong as its weakest link'- -a phrase that could serve as the official mantra of computer security. Operating Systems are difficult system to administer because it is not only complex and cantankerous but also hard to secure. They are enormous configurability, the fact that vendors don't ship secure systems, and that it requires significant amounts of time, resources, and expertise to safeguard a host are only some of the reasons that so many systems are insecure any type of network commercial or tactical. To compound the problem, like all modern operating systems it not only becomes less secure as time goes on (simply due to usage), but with the rapidly changing security field, it also requires considerably effort to stay abreast of the latest information. Army Research Labs is trying to address the security of the operating system in a tactical wireless environment. Through the use of public domain and/or commercial mans. ARL is evaluating monitoring, deployment, and auditing techniques to the wire commercial domain. By evaluating the wire domain ARL will determine what works and how they work in the tactical area. There are numerous ways to protect the wire/wireless network via public domain or commercial software.

  6. A Holistic Approach to School Security.

    ERIC Educational Resources Information Center

    Timm, Paul

    2002-01-01

    Asserts that school security requires a variety of methods combined into a single, cohesive solution that addresses five areas: management, building security, violence prevention and intervention, staff training, and crisis management. (EV)

  7. Framework for Flexible Security in Group Communications

    NASA Technical Reports Server (NTRS)

    McDaniel, Patrick; Prakash, Atul

    2006-01-01

    The Antigone software system defines a framework for the flexible definition and implementation of security policies in group communication systems. Antigone does not dictate the available security policies, but provides high-level mechanisms for implementing them. A central element of the Antigone architecture is a suite of such mechanisms comprising micro-protocols that provide the basic services needed by secure groups.

  8. Intelligent Sensors Security

    PubMed Central

    Bialas, Andrzej

    2010-01-01

    The paper is focused on the security issues of sensors provided with processors and software and used for high-risk applications. Common IT related threats may cause serious consequences for sensor system users. To improve their robustness, sensor systems should be developed in a restricted way that would provide them with assurance. One assurance creation methodology is Common Criteria (ISO/IEC 15408) used for IT products and systems. The paper begins with a primer on the Common Criteria, and then a general security model of the intelligent sensor as an IT product is discussed. The paper presents how the security problem of the intelligent sensor is defined and solved. The contribution of the paper is to provide Common Criteria (CC) related security design patterns and to improve the effectiveness of the sensor development process. PMID:22315571

  9. Addressing Social Issues.

    ERIC Educational Resources Information Center

    Schoebel, Susan

    1991-01-01

    Maintains that advertising can help people become more aware of social responsibilities. Describes a successful nationwide newspaper advertising competition for college students in which ads address social issues such as literacy, drugs, teen suicide, and teen pregnancy. Notes how the ads have helped grassroots programs throughout the United…

  10. States Address Achievement Gaps.

    ERIC Educational Resources Information Center

    Christie, Kathy

    2002-01-01

    Summarizes 2 state initiatives to address the achievement gap: North Carolina's report by the Advisory Commission on Raising Achievement and Closing Gaps, containing an 11-point strategy, and Kentucky's legislation putting in place 10 specific processes. The North Carolina report is available at www.dpi.state.nc.us.closingthegap; Kentucky's…

  11. Address of the President

    ERIC Educational Resources Information Center

    Ness, Frederic W.

    1976-01-01

    The president of the Association of American Colleges addresses at the 62nd annual meeting the theme of the conference: "Looking to the Future--Liberal Education in a Radically Changing Society." Contributions to be made by AAC are examined. (LBH)

  12. Addressing Sexual Harassment

    ERIC Educational Resources Information Center

    Young, Ellie L.; Ashbaker, Betty Y.

    2008-01-01

    This article discusses ways on how to address the problem of sexual harassment in schools. Sexual harassment--simply defined as any unwanted and unwelcome sexual behavior--is a sensitive topic. Merely providing students, parents, and staff members with information about the school's sexual harassment policy is insufficient; schools must take…

  13. Space sciences - Keynote address

    NASA Technical Reports Server (NTRS)

    Alexander, Joseph K.

    1990-01-01

    The present status and projected future developments of the NASA Space Science and Applications Program are addressed. Emphasis is given to biochemistry experiments that are planned for the Space Station. Projects for the late 1990s which will study the sun, the earth's magnetosphere, and the geosphere are briefly discussed.

  14. Performance evaluation of secured DICOM image communication with next generation internet protocol IPv6

    NASA Astrophysics Data System (ADS)

    Yu, Fenghai; Zhang, Jianguo; Chen, Xiaomeng; Huang, H. K.

    2005-04-01

    Next Generation Internet (NGI) technology with new communication protocol IPv6 emerges as a potential solution for low-cost and high-speed networks for image data transmission. IPv6 is designed to solve many of the problems of the current version of IP (known as IPv4) with regard to address depletion, security, autoconfiguration, extensibility, and more. We choose CTN (Central Test Node) DICOM software developed by The Mallinckrodt Institute of Radiology to implement IPv6/IPv4 enabled DICOM communication software on different operating systems (Windows/Linux), and used this DICOM software to evaluate the performance of the IPv6/IPv4 enabled DICOM image communication with different security setting and environments. We compared the security communications of IPsec with SSL/TLS on different TCP/IP protocols (IPv6/IPv4), and find that there are some trade-offs to choose security solution between IPsec and SSL/TLS in the security implementation of IPv6/IPv4 communication networks.

  15. Remotely Monitored Sealing Array Software

    2012-09-12

    The Remotely Monitored Sealing Array (RMSA) utilizes the Secure Sensor Platform (SSP) framework to establish the fundamental operating capabilities for communication, security, power management, and cryptography. In addition to the SSP framework the RMSA software has unique capabilities to support monitoring a fiber optic seal. Fiber monitoring includes open and closed as well as parametric monitoring to detect tampering attacks. The fiber monitoring techniques, using the SSP power management processes, allow the seals to lastmore » for years while maintaining the security requirements of the monitoring application. The seal is enclosed in a tamper resistant housing with software to support active tamper monitoring. New features include LED notification of fiber closure, the ability to retrieve the entire fiber optic history via translator command, separate memory storage for fiber optic events, and a more robust method for tracking and resending failed messages.« less

  16. Remotely Monitored Sealing Array Software

    SciTech Connect

    2012-09-12

    The Remotely Monitored Sealing Array (RMSA) utilizes the Secure Sensor Platform (SSP) framework to establish the fundamental operating capabilities for communication, security, power management, and cryptography. In addition to the SSP framework the RMSA software has unique capabilities to support monitoring a fiber optic seal. Fiber monitoring includes open and closed as well as parametric monitoring to detect tampering attacks. The fiber monitoring techniques, using the SSP power management processes, allow the seals to last for years while maintaining the security requirements of the monitoring application. The seal is enclosed in a tamper resistant housing with software to support active tamper monitoring. New features include LED notification of fiber closure, the ability to retrieve the entire fiber optic history via translator command, separate memory storage for fiber optic events, and a more robust method for tracking and resending failed messages.

  17. Mapping virtual addresses to different physical addresses for value disambiguation for thread memory access requests

    DOEpatents

    Gala, Alan; Ohmacht, Martin

    2014-09-02

    A multiprocessor system includes nodes. Each node includes a data path that includes a core, a TLB, and a first level cache implementing disambiguation. The system also includes at least one second level cache and a main memory. For thread memory access requests, the core uses an address associated with an instruction format of the core. The first level cache uses an address format related to the size of the main memory plus an offset corresponding to hardware thread meta data. The second level cache uses a physical main memory address plus software thread meta data to store the memory access request. The second level cache accesses the main memory using the physical address with neither the offset nor the thread meta data after resolving speculation. In short, this system includes mapping of a virtual address to a different physical addresses for value disambiguation for different threads.

  18. 75 FR 11610 - Notice Announcing Addresses for Service of Process

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-03-11

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Notice Announcing Addresses for Service of Process AGENCY: Social Security Administration. ACTION... responsible for the jurisdiction in which the complaint has been filed. This notice replaces 70 FR...

  19. Software engineering

    NASA Technical Reports Server (NTRS)

    Fridge, Ernest M., III; Hiott, Jim; Golej, Jim; Plumb, Allan

    1993-01-01

    Today's software systems generally use obsolete technology, are not integrated properly with other software systems, and are difficult and costly to maintain. The discipline of reverse engineering is becoming prominent as organizations try to move their systems up to more modern and maintainable technology in a cost effective manner. The Johnson Space Center (JSC) created a significant set of tools to develop and maintain FORTRAN and C code during development of the space shuttle. This tool set forms the basis for an integrated environment to reengineer existing code into modern software engineering structures which are then easier and less costly to maintain and which allow a fairly straightforward translation into other target languages. The environment will support these structures and practices even in areas where the language definition and compilers do not enforce good software engineering. The knowledge and data captured using the reverse engineering tools is passed to standard forward engineering tools to redesign or perform major upgrades to software systems in a much more cost effective manner than using older technologies. The latest release of the environment was in Feb. 1992.

  20. Software reengineering

    NASA Technical Reports Server (NTRS)

    Fridge, Ernest M., III

    1991-01-01

    Today's software systems generally use obsolete technology, are not integrated properly with other software systems, and are difficult and costly to maintain. The discipline of reverse engineering is becoming prominent as organizations try to move their systems up to more modern and maintainable technology in a cost effective manner. JSC created a significant set of tools to develop and maintain FORTRAN and C code during development of the Space Shuttle. This tool set forms the basis for an integrated environment to re-engineer existing code into modern software engineering structures which are then easier and less costly to maintain and which allow a fairly straightforward translation into other target languages. The environment will support these structures and practices even in areas where the language definition and compilers do not enforce good software engineering. The knowledge and data captured using the reverse engineering tools is passed to standard forward engineering tools to redesign or perform major upgrades to software systems in a much more cost effective manner than using older technologies. A beta vision of the environment was released in Mar. 1991. The commercial potential for such re-engineering tools is very great. CASE TRENDS magazine reported it to be the primary concern of over four hundred of the top MIS executives.

  1. Final report for the Integrated and Robust Security Infrastructure (IRSI) laboratory directed research and development project

    SciTech Connect

    Hutchinson, R.L.; Hamilton, V.A.; Istrail, G.G.; Espinoza, J.; Murphy, M.D.

    1997-11-01

    This report describes the results of a Sandia-funded laboratory-directed research and development project titled {open_quotes}Integrated and Robust Security Infrastructure{close_quotes} (IRSI). IRSI was to provide a broad range of commercial-grade security services to any software application. IRSI has two primary goals: application transparency and manageable public key infrastructure. IRSI must provide its security services to any application without the need to modify the application to invoke the security services. Public key mechanisms are well suited for a network with many end users and systems. There are many issues that make it difficult to deploy and manage a public key infrastructure. IRSI addressed some of these issues to create a more manageable public key infrastructure.

  2. SPAN security policies and guidelines

    NASA Technical Reports Server (NTRS)

    Sisson, Patricia L.; Green, James L.

    1989-01-01

    A guide is provided to system security with emphasis on requirements and guidelines that are necessary to maintain an acceptable level of security on the network. To have security for the network, each node on the network must be secure. Therefore, each system manager, must strictly adhere to the requirements and must consider implementing the guidelines discussed. There are areas of vulnerability within the operating system that may not be addressed. However, when a requirement or guideline is discussed, implementation techniques are included. Information related to computer and data security is discussed to provide information on implementation options. The information is presented as it relates to a VAX computer environment.

  3. Initiative Addresses Subsurface Energy and Environment Problems

    NASA Astrophysics Data System (ADS)

    Bodvarsson, Gudmundur S.; Majer, Ernest L.; Wang, Joseph S. Y.; Colwell, Frederick; Redden, George

    2006-01-01

    Members of the geoscience community are cooperating in conceptualizing fundamental, crosscutting research to address major obstacles to solving energy and environmental problems related to the subsurface, through the SECUREarth initiative, which began in 2004. Addressing problems, such as reliable nuclear waste storage and safe carbon dioxide (CO2) sequestration, are critical to maintaining an economical and safe energy supply and clean environment. A recent workshop in Golden, Colo., helped to further the development of the SECUREarth (Scientific Energy/Environmental Crosscutting Underground Research for Urgent Solutions to Secure the Earth's Future) initiative by identifying the key scientific challenges in the geosciences, as well as to target possible approaches for overcoming roadblocks.

  4. Telemedicine Security: A Systematic Review

    PubMed Central

    Garg, Vaibhav; Brewer, Jeffrey

    2011-01-01

    Telemedicine is a technology-based alternative to traditional health care delivery. However, poor security measures in telemedicine services can have an adverse impact on the quality of care provided, regardless of the chronic condition being studied. We undertook a systematic review of 58 journal articles pertaining to telemedicine security. These articles were selected based on a keyword search on 14 relevant journals. The articles were coded to evaluate the methodology and to identify the key areas of research in security that are being reviewed. Seventy-six percent of the articles defined the security problem they were addressing, and only 47% formulated a research question pertaining to security. Sixty-one percent proposed a solution, and 20% of these tested the security solutions that they proposed. Prior research indicates inadequate reporting of methodology in telemedicine research. We found that to be true for security research as well. We also identified other issues such as using outdated security standards. PMID:21722592

  5. Control Software

    NASA Technical Reports Server (NTRS)

    1997-01-01

    Real-Time Innovations, Inc. (RTI) collaborated with Ames Research Center, the Jet Propulsion Laboratory and Stanford University to leverage NASA research to produce ControlShell software. RTI is the first "graduate" of Ames Research Center's Technology Commercialization Center. The ControlShell system was used extensively on a cooperative project to enhance the capabilities of a Russian-built Marsokhod rover being evaluated for eventual flight to Mars. RTI's ControlShell is complex, real-time command and control software, capable of processing information and controlling mechanical devices. One ControlShell tool is StethoScope. As a real-time data collection and display tool, StethoScope allows a user to see how a program is running without changing its execution. RTI has successfully applied its software savvy in other arenas, such as telecommunications, networking, video editing, semiconductor manufacturing, automobile systems, and medical imaging.

  6. Software quality assurance plans for safety-critical software

    SciTech Connect

    Liddle, P.

    2006-07-01

    describes software-related practices after delivery to a customer. Some of these plans are supported by IEEE standards endorsed by the Nuclear Regulatory Commission (NRC) in its regulatory guides. For example, the Verification and Validation Plan follows the format and content guidance of IEEE Std. 1012-1998, as endorsed by RG 1.168. Where format and content guidance is not provided by industry standards, the requirements are outlined in the SPM. This paper addresses the SQAP. The other aspects of the SPM are not included (i.e., Software V and V, SCMP, etc.). The SQAP follows the applicable format and content guidance in IEEE Std. 730-2002, and incorporates the applicable QA requirements from IEEE Std. 336-1977, with respect to inspection and testing, up to and including factory acceptance testing. (authors)

  7. Predicting Vulnerability Risks Using Software Characteristics

    ERIC Educational Resources Information Center

    Roumani, Yaman

    2012-01-01

    Software vulnerabilities have been regarded as one of the key reasons for computer security breaches that have resulted in billions of dollars in losses per year (Telang and Wattal 2005). With the growth of the software industry and the Internet, the number of vulnerability attacks and the ease with which an attack can be made have increased. From…

  8. Computer Security Risk Assessment

    1992-02-11

    LAVA/CS (LAVA for Computer Security) is an application of the Los Alamos Vulnerability Assessment (LAVA) methodology specific to computer and information security. The software serves as a generic tool for identifying vulnerabilities in computer and information security safeguards systems. Although it does not perform a full risk assessment, the results from its analysis may provide valuable insights into security problems. LAVA/CS assumes that the system is exposed to both natural and environmental hazards and tomore » deliberate malevolent actions by either insiders or outsiders. The user in the process of answering the LAVA/CS questionnaire identifies missing safeguards in 34 areas ranging from password management to personnel security and internal audit practices. Specific safeguards protecting a generic set of assets (or targets) from a generic set of threats (or adversaries) are considered. There are four generic assets: the facility, the organization''s environment; the hardware, all computer-related hardware; the software, the information in machine-readable form stored both on-line or on transportable media; and the documents and displays, the information in human-readable form stored as hard-copy materials (manuals, reports, listings in full-size or microform), film, and screen displays. Two generic threats are considered: natural and environmental hazards, storms, fires, power abnormalities, water and accidental maintenance damage; and on-site human threats, both intentional and accidental acts attributable to a perpetrator on the facility''s premises.« less

  9. Excerpts from keynote address

    SciTech Connect

    Creel, G.C.

    1995-06-01

    Excerpts from the keynote principally address emissions issues in the fossil power industry as related to heat rate improvements. Stack emissions of both sulfur and nitrogen oxides are discussed, and a number of examples are given: (1) PEPCO`s Potomac River Station, and (2) Morgantown station`s NOX reduction efforts. Circulating water emissions are also briefly discussed, as are O & M costs of emission controls.

  10. Holographic content addressable storage

    NASA Astrophysics Data System (ADS)

    Chao, Tien-Hsin; Lu, Thomas; Reyes, George

    2015-03-01

    We have developed a Holographic Content Addressable Storage (HCAS) architecture. The HCAS systems consists of a DMD (Digital Micromirror Array) as the input Spatial Light Modulator (SLM), a CMOS (Complementary Metal-oxide Semiconductor) sensor as the output photodetector and a photorefractive crystal as the recording media. The HCAS system is capable of performing optical correlation of an input image/feature against massive reference data set stored in the holographic memory. Detailed system analysis will be reported in this paper.

  11. A Systematic Comprehensive Computational Model for Stake Estimation in Mission Assurance: Applying Cyber Security Econometrics System (CSES) to Mission Assurance Analysis Protocol (MAAP)

    SciTech Connect

    Abercrombie, Robert K; Sheldon, Frederick T; Grimaila, Michael R

    2010-01-01

    In earlier works, we presented a computational infrastructure that allows an analyst to estimate the security of a system in terms of the loss that each stakeholder stands to sustain as a result of security breakdowns. In this paper, we discuss how this infrastructure can be used in the subject domain of mission assurance as defined as the full life-cycle engineering process to identify and mitigate design, production, test, and field support deficiencies of mission success. We address the opportunity to apply the Cyberspace Security Econometrics System (CSES) to Carnegie Mellon University and Software Engineering Institute s Mission Assurance Analysis Protocol (MAAP) in this context.

  12. Infusing Reliability Techniques into Software Safety Analysis

    NASA Technical Reports Server (NTRS)

    Shi, Ying

    2015-01-01

    Software safety analysis for a large software intensive system is always a challenge. Software safety practitioners need to ensure that software related hazards are completely identified, controlled, and tracked. This paper discusses in detail how to incorporate the traditional reliability techniques into the entire software safety analysis process. In addition, this paper addresses how information can be effectively shared between the various practitioners involved in the software safety analyses. The author has successfully applied the approach to several aerospace applications. Examples are provided to illustrate the key steps of the proposed approach.

  13. Flexible manufacturing systems software issues and guidelines

    SciTech Connect

    Johnson, I.S.C.; Sharp, K.J.

    1986-08-01

    A study of FMS software has been conducted, drawing on a wide variety of FMS experts in both the supplier and user communities. The study assesses the issues and elements of FMS software and makes recommendations for potential users for FMS on how to write specifications for obtaining this software from commercial sources. The functional aspects of FMS software have been addressed, covering the software required for successful design, evaluation, and operation of FMS systems. The current state of the art in FMS software is outlined, identifying deficient areas where development work is needed.

  14. Cyber Security Evaluation Tool

    SciTech Connect

    2009-08-03

    CSET is a desktop software tool that guides users through a step-by-step process to assess their control system network security practices against recognized industry standards. The output from CSET is a prioritized list of recommendations for improving the cyber security posture of your organization’s ICS or enterprise network. CSET derives the recommendations from a database of cybersecurity standards, guidelines, and practices. Each recommendation is linked to a set of actions that can be applied to enhance cybersecurity controls.

  15. Cyber Security Evaluation Tool

    2009-08-03

    CSET is a desktop software tool that guides users through a step-by-step process to assess their control system network security practices against recognized industry standards. The output from CSET is a prioritized list of recommendations for improving the cyber security posture of your organization’s ICS or enterprise network. CSET derives the recommendations from a database of cybersecurity standards, guidelines, and practices. Each recommendation is linked to a set of actions that can be applied tomore » enhance cybersecurity controls.« less

  16. Software Reviews.

    ERIC Educational Resources Information Center

    Classroom Computer Learning, 1990

    1990-01-01

    Reviewed are two computer software packages: "Super Solvers Midnight Rescue!" a problem-solving program for IBM PCs; and "Interactive Physics," a simulation program for the Macintosh computer. The functions of the package are discussed including strengths and weaknesses and teaching suggestions. (CW)

  17. Reviews, Software.

    ERIC Educational Resources Information Center

    Science Teacher, 1988

    1988-01-01

    Reviews two software programs for Apple series computers. Includes "Orbital Mech," a basic planetary orbital simulation for the Macintosh, and "START: Stimulus and Response Tools for Experiments in Memory, Learning, Cognition, and Perception," a program that demonstrates basic psychological principles and experiments. (CW)

  18. Software Reviews.

    ERIC Educational Resources Information Center

    Wulfson, Stephen, Ed.

    1989-01-01

    Six software packages are described in this review. Included are "Molecules and Atoms: Exploring the Essence of Matter"; "Heart Probe"; "GM Sunraycer"; "Six Puzzles"; "Information Laboratory--Life Science"; and "Science Test Builder." Hardware requirements, prices, and a summary of the abilities of each program are presented. (CW)

  19. Educational Software.

    ERIC Educational Resources Information Center

    Northwest Regional Educational Lab., Portland, OR.

    The third session of IT@EDU98 consisted of five papers on educational software and was chaired by Tran Van Hao (University of Education, Ho Chi Minh City, Vietnam). "Courseware Engineering" (Nguyen Thanh Son, Ngo Ngoc Bao Tran, Quan Thanh Tho, Nguyen Hong Lam) briefly describes the use of courseware. "Machine Discovery Theorems in Geometry: A…

  20. Software Reviews.

    ERIC Educational Resources Information Center

    Computing Teacher, 1985

    1985-01-01

    Reprinted from "The Computing Teacher," this document contains software reviews for 23 computer programs that educators could use in the classroom or for administrative purposes. Each review describes the program by listing the program title, subject, producer, grade level (if applicable), hardware required, cost, and reviewer's name and…

  1. Software Reviews.

    ERIC Educational Resources Information Center

    Bitter, Gary G., Ed.

    1989-01-01

    Reviews three software packages: (1) "The Weather Machine Courseware Kit" for grades 7-12; (2) "Exploring Measurement, Time, and Money--Level I," for primary level mathematics; and (3) "Professor DOS with SmartGuide for DOS" providing an extensive tutorial covering DOS 2.1 to 4.0. Discusses the strengths and weaknesses of each package. (YP)

  2. Software Reviews.

    ERIC Educational Resources Information Center

    Smith, Richard L., Ed.

    1987-01-01

    Reviewed are three computer software programs: the Astronomer (astronomy program for middle school students and older); Hands-on-Statistics: Explorations with a Microcomputer (statistics program for secondary school students and older); and CATGEN (a genetics program for secondary school students and older). Each review provides information on:…

  3. Software Reviews.

    ERIC Educational Resources Information Center

    Science and Children, 1990

    1990-01-01

    Reviewed are seven computer software packages for IBM and/or Apple Computers. Included are "Windows on Science: Volume 1--Physical Science"; "Science Probe--Physical Science"; "Wildlife Adventures--Grizzly Bears"; "Science Skills--Development Programs"; "The Clean Machine"; "Rock Doctor"; and "Geology Search." Cost, quality, hardware, and…

  4. Software Review.

    ERIC Educational Resources Information Center

    McGrath, Diane, Ed.

    1989-01-01

    Reviewed is a computer software package entitled "Audubon Wildlife Adventures: Grizzly Bears" for Apple II and IBM microcomputers. Included are availability, hardware requirements, cost, and a description of the program. The murder-mystery flavor of the program is stressed in this program that focuses on illegal hunting and game management. (CW)

  5. Software Reviews.

    ERIC Educational Resources Information Center

    Wulfson, Stephen, Ed.

    1989-01-01

    Presents comments by classroom teachers on software for science teaching including topics on: the size of a molecule, matter, leaves, vitamins and minerals, dinosaurs, and collecting and measuring data. Each is an Apple computer series. Availability and costs are included. (RT)

  6. Software Comparison

    NASA Technical Reports Server (NTRS)

    Blanchard, D. C.

    1986-01-01

    Software Comparison Package (SCP) compares similar files. Normally, these are 90-character files produced by CDC UPDATE utility from program libraries that contain FORTRAN source code plus identifier. SCP also used to compare load maps, cross-reference outputs, and UPDATE corrections sets. Helps wherever line-by-line comparison of similarly structured files required.

  7. Software Reviews.

    ERIC Educational Resources Information Center

    Smith, Richard L., Ed.

    1988-01-01

    Reviews two software packages, "Solutions Unlimited" and "BASIC Data Base System." Provides a description, summary, strengths and weaknesses, availability and costs. Includes reviews of three structured BASIC packages: "True BASIC (2.0)"; "Turbo BASIC (1.0)"; and "QuickBASIC (3.0)." Explains significant features such as graphics, costs,…

  8. Design Software

    NASA Technical Reports Server (NTRS)

    1991-01-01

    A NASA contractor and Small Business Innovation Research (SBIR) participant has converted its research into commercial software products for auto design, structural analysis and other applications. ViGYAN, Inc., utilizing the aeronautical research principle of computational fluid dynamics, has created - with VGRID3D and VPLOT3D - an easier alternative to conventional structured grids for fluid dynamic calculations.

  9. Software Reviews.

    ERIC Educational Resources Information Center

    Science and Children, 1988

    1988-01-01

    Reviews six software packages for use with school age children ranging from grade 3 to grade 12. Includes "The Microcomputer Based Lab Project: Motion, Sound"; "Genetics"; "Geologic History"; "The Microscope Simulator"; and "Wiz Works" all for Apple II and "Reading for Information: Level II" for IBM. (CW)

  10. Software Reviews.

    ERIC Educational Resources Information Center

    Science and Children, 1989

    1989-01-01

    Reviews of seven software packages are presented including "The Environment I: Habitats and EcoSystems; II Cycles and Interactions"; "Super Sign Maker"; "The Great Knowledge Race: Substance Abuse"; "Exploring Science: Temperature"; "Fast Food Calculator and RD Aide"; "The Human Body: Circulation and Respiration" and "Forces in Liquids and Gases."…

  11. Software Reviews.

    ERIC Educational Resources Information Center

    Wulfson, Stephen, Ed.

    1990-01-01

    Reviewed are seven computer software packages including "Frog Dissection Lab Report,""Backyard Birds,""LEGO TC Logo,""Alcohol--Four Interactive Programs,""Windows on Science--Life Science,""Climate and Weather/Our Town Database," and "Weeds to Trees." Discussed are availability, features, strengths, and weaknesses. (CW)

  12. Star Software.

    ERIC Educational Resources Information Center

    Kloza, Brad

    2000-01-01

    Presents a collection of computer software programs designed to spark learning enthusiasm at every grade level and across the curriculum. They include Reader Rabbit's Learn to Read, Spelling Power, Mind Twister Math, Community Construction Kit, Breaking the Code, Encarta Africana 2000, Virtual Serengeti, Operation: Frog (Deluxe), and My First…

  13. Software Reviews.

    ERIC Educational Resources Information Center

    McGrath, Diane, Ed.

    1989-01-01

    Reviewed are two computer software programs for Apple II computers on weather for upper elementary and middle school grades. "Weather" introduces the major factors (temperature, humidity, wind, and air pressure) affecting weather. "How Weather Works" uses simulation and auto-tutorial formats on sun, wind, fronts, clouds, and storms. (YP)

  14. Statistical Software.

    ERIC Educational Resources Information Center

    Callamaras, Peter

    1983-01-01

    This buyer's guide to seven major types of statistics software packages for microcomputers reviews Edu-Ware Statistics 3.0; Financial Planning; Speed Stat; Statistics with DAISY; Human Systems Dynamics package of Stats Plus, ANOVA II, and REGRESS II; Maxistat; and Moore-Barnes' MBC Test Construction and MBC Correlation. (MBR)

  15. Software Reviews.

    ERIC Educational Resources Information Center

    Teles, Elizabeth, Ed.; And Others

    1990-01-01

    Reviewed are two computer software packages for Macintosh microcomputers including "Phase Portraits," an exploratory graphics tool for studying first-order planar systems; and "MacMath," a set of programs for exploring differential equations, linear algebra, and other mathematical topics. Features, ease of use, cost, availability, and hardware…

  16. Reviews: Software.

    ERIC Educational Resources Information Center

    Mackenzie, Norma N.; And Others

    1988-01-01

    Reviews four computer software packages including: "The Physical Science Series: Sound" which demonstrates making waves, speed of sound, doppler effect, and human hearing; "Andromeda" depicting celestial motions in any direction; "Biology Quiz: Humans" covering chemistry, cells, viruses, and human biology; and "MacStronomy" covering information on…

  17. Software Reviews.

    ERIC Educational Resources Information Center

    Mackenzie, Norma N.; And Others

    1988-01-01

    Describes computer software for use with various age groups. Topics include activities involving temperature, simulations, earth science, the circulatory system, human body, reading in science, and ecology. Provides information on equipment needed, availability, package contents, and price. Comments of reviews are presented by classroom teachers.…

  18. Security and Policy for Group Collaboration

    SciTech Connect

    Ian Foster; Carl Kesselman

    2006-07-31

    Security and Policy for Group Collaboration” was a Collaboratory Middleware research project aimed at providing the fundamental security and policy infrastructure required to support the creation and operation of distributed, computationally enabled collaborations. The project developed infrastructure that exploits innovative new techniques to address challenging issues of scale, dynamics, distribution, and role. To reduce greatly the cost of adding new members to a collaboration, we developed and evaluated new techniques for creating and managing credentials based on public key certificates, including support for online certificate generation, online certificate repositories, and support for multiple certificate authorities. To facilitate the integration of new resources into a collaboration, we improved significantly the integration of local security environments. To make it easy to create and change the role and associated privileges of both resources and participants of collaboration, we developed community wide authorization services that provide distributed, scalable means for specifying policy. These services make it possible for the delegation of capability from the community to a specific user, class of user or resource. Finally, we instantiated our research results into a framework that makes it useable to a wide range of collaborative tools. The resulting mechanisms and software have been widely adopted within DOE projects and in many other scientific projects. The widespread adoption of our Globus Toolkit technology has provided, and continues to provide, a natural dissemination and technology transfer vehicle for our results.

  19. Content addressable memory project

    NASA Technical Reports Server (NTRS)

    Hall, J. Storrs; Levy, Saul; Smith, Donald E.; Miyake, Keith M.

    1992-01-01

    A parameterized version of the tree processor was designed and tested (by simulation). The leaf processor design is 90 percent complete. We expect to complete and test a combination of tree and leaf cell designs in the next period. Work is proceeding on algorithms for the computer aided manufacturing (CAM), and once the design is complete we will begin simulating algorithms for large problems. The following topics are covered: (1) the practical implementation of content addressable memory; (2) design of a LEAF cell for the Rutgers CAM architecture; (3) a circuit design tool user's manual; and (4) design and analysis of efficient hierarchical interconnection networks.

  20. Bioreactors Addressing Diabetes Mellitus

    PubMed Central

    Minteer, Danielle M.; Gerlach, Jorg C.

    2014-01-01

    The concept of bioreactors in biochemical engineering is a well-established process; however, the idea of applying bioreactor technology to biomedical and tissue engineering issues is relatively novel and has been rapidly accepted as a culture model. Tissue engineers have developed and adapted various types of bioreactors in which to culture many different cell types and therapies addressing several diseases, including diabetes mellitus types 1 and 2. With a rising world of bioreactor development and an ever increasing diagnosis rate of diabetes, this review aims to highlight bioreactor history and emerging bioreactor technologies used for diabetes-related cell culture and therapies. PMID:25160666

  1. Lawrence Livermore National Laboratory safeguards and security quarterly progress report to the U.S. Department of Energy. Quarter ending September 30, 1996

    SciTech Connect

    Davis, G.; Johnson, D.; Mansur, D.L.; Ruhter, W.D.; Strait, R.S.

    1996-10-01

    The paper describes tasks undertaken in each of the following areas: Safeguards technology program (STP); Safeguards and material accountability (SMA); Computer security, distributed systems; Complex-wide access control system (CWAC); and Standardization of security systems (SSS). The STP develops advanced, nondestructive analysis technology for measurement of special nuclear materials. Work focuses on R and D relating to X- and gamma-ray spectrometry and to development of computer codes for interpreting the spectral data obtained by these techniques. The SMA is concerned with four areas: insider protection; material accountability; planning and evaluation; and information security. The Computer Security Technology Center provides expertise and solutions to the many information security problems present in today`s computer systems and networks. Incidents of intrusions, computer viruses, the purposeful replacement of legitimate software for illegal purposes, and similar acts are being addressed by the creation of security software, the delivery of incident response expertise, and research and development into secure systems. The purpose of the CWAC is to develop an approach that will allow visitors to use their DOE standard badge in access control systems throughout the DOE complex. The purpose of the SSS project is to support the standardization of security systems to meet DOE orders and requirements, and to support the DOE in offering relevant security technology and capabilities to Federal standardization efforts.

  2. Managing information technology security risk

    NASA Technical Reports Server (NTRS)

    Gilliam, David

    2003-01-01

    Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

  3. Addressing Environmental Health Inequalities.

    PubMed

    Gouveia, Nelson

    2016-01-01

    Environmental health inequalities refer to health hazards disproportionately or unfairly distributed among the most vulnerable social groups, which are generally the most discriminated, poor populations and minorities affected by environmental risks. Although it has been known for a long time that health and disease are socially determined, only recently has this idea been incorporated into the conceptual and practical framework for the formulation of policies and strategies regarding health. In this Special Issue of the International Journal of Environmental Research and Public Health (IJERPH), "Addressing Environmental Health Inequalities-Proceedings from the ISEE Conference 2015", we incorporate nine papers that were presented at the 27th Conference of the International Society for Environmental Epidemiology (ISEE), held in Sao Paulo, Brazil, in 2015. This small collection of articles provides a brief overview of the different aspects of this topic. Addressing environmental health inequalities is important for the transformation of our reality and for changing the actual development model towards more just, democratic, and sustainable societies driven by another form of relationship between nature, economy, science, and politics. PMID:27618906

  4. 46 CFR 14.103 - Addresses of Coast Guard.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 46 Shipping 1 2014-10-01 2014-10-01 false Addresses of Coast Guard. 14.103 Section 14.103 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN SHIPMENT AND DISCHARGE OF MERCHANT MARINERS General § 14.103 Addresses of Coast Guard. (a) U.S. postal mail: U.S....

  5. 46 CFR 14.103 - Addresses of Coast Guard.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 46 Shipping 1 2012-10-01 2012-10-01 false Addresses of Coast Guard. 14.103 Section 14.103 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN SHIPMENT AND DISCHARGE OF MERCHANT MARINERS General § 14.103 Addresses of Coast Guard. (a) U.S. postal mail: U.S....

  6. 46 CFR 107.117 - Coast Guard addresses.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 46 Shipping 4 2014-10-01 2014-10-01 false Coast Guard addresses. 107.117 Section 107.117 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS INSPECTION AND CERTIFICATION General § 107.117 Coast Guard addresses. When approval of the Commandant is required under...

  7. 46 CFR 107.117 - Coast Guard addresses.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 46 Shipping 4 2010-10-01 2010-10-01 false Coast Guard addresses. 107.117 Section 107.117 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS INSPECTION AND CERTIFICATION General § 107.117 Coast Guard addresses. When approval of the Commandant is required under...

  8. 46 CFR 107.117 - Coast Guard addresses.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 46 Shipping 4 2013-10-01 2013-10-01 false Coast Guard addresses. 107.117 Section 107.117 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS INSPECTION AND CERTIFICATION General § 107.117 Coast Guard addresses. When approval of the Commandant is required under...

  9. 46 CFR 107.117 - Coast Guard addresses.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 46 Shipping 4 2012-10-01 2012-10-01 false Coast Guard addresses. 107.117 Section 107.117 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS INSPECTION AND CERTIFICATION General § 107.117 Coast Guard addresses. When approval of the Commandant is required under...

  10. 46 CFR 107.117 - Coast Guard addresses.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 46 Shipping 4 2011-10-01 2011-10-01 false Coast Guard addresses. 107.117 Section 107.117 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS INSPECTION AND CERTIFICATION General § 107.117 Coast Guard addresses. When approval of the Commandant is required under...

  11. 46 CFR 14.103 - Addresses of Coast Guard.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 46 Shipping 1 2011-10-01 2011-10-01 false Addresses of Coast Guard. 14.103 Section 14.103 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN SHIPMENT AND DISCHARGE OF MERCHANT MARINERS General § 14.103 Addresses of Coast Guard. (a) U.S. postal mail: U.S....

  12. 21 CFR 1321.01 - DEA mailing addresses.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 21 Food and Drugs 9 2013-04-01 2013-04-01 false DEA mailing addresses. 1321.01 Section 1321.01 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE DEA MAILING ADDRESSES § 1321.01... substances certification request. DEA Regulatory Section 1301.71(d)—Security system compliance review...

  13. 46 CFR 184.610 - Public address systems.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 46 Shipping 7 2010-10-01 2010-10-01 false Public address systems. 184.610 Section 184.610 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) SMALL PASSENGER VESSELS (UNDER 100 GROSS TONS....610 Public address systems. (a) Except as noted in paragraphs (d) and (e) below, each vessel must...

  14. Secured Advanced Federated Environment (SAFE): A NASA Solution for Secure Cross-Organization Collaboration

    NASA Technical Reports Server (NTRS)

    Chow, Edward; Spence, Matthew Chew; Pell, Barney; Stewart, Helen; Korsmeyer, David; Liu, Joseph; Chang, Hsin-Ping; Viernes, Conan; Gogorth, Andre

    2003-01-01

    This paper discusses the challenges and security issues inherent in building complex cross-organizational collaborative projects and software systems within NASA. By applying the design principles of compartmentalization, organizational hierarchy and inter-organizational federation, the Secured Advanced Federated Environment (SAFE) is laying the foundation for a collaborative virtual infrastructure for the NASA community. A key element of SAFE is the Micro Security Domain (MSD) concept, which balances the need to collaborate and the need to enforce enterprise and local security rules. With the SAFE approach, security is an integral component of enterprise software and network design, not an afterthought.

  15. Software engineering and the role of Ada: Executive seminar

    NASA Technical Reports Server (NTRS)

    Freedman, Glenn B.

    1987-01-01

    The objective was to introduce the basic terminology and concepts of software engineering and Ada. The life cycle model is reviewed. The application of the goals and principles of software engineering is applied. An introductory understanding of the features of the Ada language is gained. Topics addressed include: the software crises; the mandate of the Space Station Program; software life cycle model; software engineering; and Ada under the software engineering umbrella.

  16. The Effect of Software Features on Software Adoption and Training in the Audit Profession

    ERIC Educational Resources Information Center

    Kim, Hyo-Jeong

    2012-01-01

    Although software has been studied with technology adoption and training research, the study of specific software features for professional groups has been limited. To address this gap, I researched the impact of software features of varying complexity on internal audit (IA) professionals. Two studies along with the development of training…

  17. 45 CFR 164.306 - Security standards: General rules.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... entity. (ii) The covered entity's technical infrastructure, hardware, and software security capabilities... 45 Public Welfare 1 2012-10-01 2012-10-01 false Security standards: General rules. 164.306 Section... RELATED REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic...

  18. 45 CFR 164.306 - Security standards: General rules.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... entity. (ii) The covered entity's technical infrastructure, hardware, and software security capabilities... 45 Public Welfare 1 2011-10-01 2011-10-01 false Security standards: General rules. 164.306 Section... RELATED REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic...

  19. Software reliability studies

    NASA Technical Reports Server (NTRS)

    Wilson, Larry W.

    1989-01-01

    The longterm goal of this research is to identify or create a model for use in analyzing the reliability of flight control software. The immediate tasks addressed are the creation of data useful to the study of software reliability and production of results pertinent to software reliability through the analysis of existing reliability models and data. The completed data creation portion of this research consists of a Generic Checkout System (GCS) design document created in cooperation with NASA and Research Triangle Institute (RTI) experimenters. This will lead to design and code reviews with the resulting product being one of the versions used in the Terminal Descent Experiment being conducted by the Systems Validations Methods Branch (SVMB) of NASA/Langley. An appended paper details an investigation of the Jelinski-Moranda and Geometric models for software reliability. The models were given data from a process that they have correctly simulated and asked to make predictions about the reliability of that process. It was found that either model will usually fail to make good predictions. These problems were attributed to randomness in the data and replication of data was recommended.

  20. Content addressable memory project

    NASA Technical Reports Server (NTRS)

    Hall, Josh; Levy, Saul; Smith, D.; Wei, S.; Miyake, K.; Murdocca, M.

    1991-01-01

    The progress on the Rutgers CAM (Content Addressable Memory) Project is described. The overall design of the system is completed at the architectural level and described. The machine is composed of two kinds of cells: (1) the CAM cells which include both memory and processor, and support local processing within each cell; and (2) the tree cells, which have smaller instruction set, and provide global processing over the CAM cells. A parameterized design of the basic CAM cell is completed. Progress was made on the final specification of the CPS. The machine architecture was driven by the design of algorithms whose requirements are reflected in the resulted instruction set(s). A few of these algorithms are described.

  1. Bax: Addressed to kill.

    PubMed

    Renault, Thibaud T; Manon, Stéphen

    2011-09-01

    The pro-apoptototic protein Bax (Bcl-2 Associated protein X) plays a central role in the mitochondria-dependent apoptotic pathway. In healthy mammalian cells, Bax is essentially cytosolic and inactive. Following a death signal, the protein is translocated to the outer mitochondrial membrane, where it promotes a permeabilization that favors the release of different apoptogenic factors, such as cytochrome c. The regulation of Bax translocation is associated to conformational changes that are under the control of different factors. The evidences showing the involvement of different Bax domains in its mitochondrial localization are presented. The interactions between Bax and its different partners are described in relation to their ability to promote (or prevent) Bax conformational changes leading to mitochondrial addressing and to the acquisition of the capacity to permeabilize the outer mitochondrial membrane. PMID:21641962

  2. Security extensions to DICOM

    NASA Astrophysics Data System (ADS)

    Thiel, Andreas; Bernarding, Johannes; Schaaf, Thorsten; Bellaire, Gunter; Tolxdorff, Thomas

    1999-07-01

    To ensure the acceptance of telemedical applications several obstacles must be overcome: the transfer of huge amounts of data over heterogeneous hard- and software platforms must be optimized; extended data post-processing is often required; and data security must be taken into consideration; post- processing based on secured data exchange must retain the relationship between original and post-processed images. To analyze and solve these problems, applications of distributed medical services were integrated. Data transfer and management was based on the Digital Imaging and Communications (DICOM) standard. To account for platform- independence of remote users, a novel DICOM server and viewer as implemented in JAVA. Different DICOM-conform data security concepts were analyzed. Encryption of the complete data stream using secure socket layers as well as a partial encryption concepts were tested. The best result was attained by a DICOM-conform encryption of patient-relevant data. The implementation medical services, which used newly develop techniques of magnetic resonance imaging, allowed a much earlier diagnosis of the human brain infarct. The integrated data security enabled remote segmentation within the unsecured internet, followed by storing the data back into the secured network.

  3. Security Locks

    ERIC Educational Resources Information Center

    Hart, Kevin

    2010-01-01

    According to a 2008 "Year in Review" report by Educational Security Incidents, an online repository that collects data on higher education security issues, the total number of security incidents reported at universities and colleges worldwide rose to 173 in 2008, a 24.5 percent increase over 2007. The number of institutions affected--perhaps the…

  4. Security and SCADA protocols

    SciTech Connect

    Igure, V. M.; Williams, R. D.

    2006-07-01

    Supervisory control and data acquisition (SCADA) networks have replaced discrete wiring for many industrial processes, and the efficiency of the network alternative suggests a trend toward more SCADA networks in the future. This paper broadly considers SCADA to include distributed control systems (DCS) and digital control systems. These networks offer many advantages, but they also introduce potential vulnerabilities that can be exploited by adversaries. Inter-connectivity exposes SCADA networks to many of the same threats that face the public internet and many of the established defenses therefore show promise if adapted to the SCADA differences. This paper provides an overview of security issues in SCADA networks and ongoing efforts to improve the security of these networks. Initially, a few samples from the range of threats to SCADA network security are offered. Next, attention is focused on security assessment of SCADA communication protocols. Three challenges must be addressed to strengthen SCADA networks. Access control mechanisms need to be introduced or strengthened, improvements are needed inside of the network to enhance security and network monitoring, and SCADA security management improvements and policies are needed. This paper discusses each of these challenges. This paper uses the Profibus protocol as an example to illustrate some of the vulnerabilities that arise within SCADA networks. The example Profibus security assessment establishes a network model and an attacker model before proceeding to a list of example attacks. (authors)

  5. Enhancing Seismic Calibration Research Through Software Automation

    SciTech Connect

    Ruppert, S; Dodge, D; Elliott, A; Ganzberger, M; Hauk, T; Matzel, E; Ryall, F

    2004-07-09

    The National Nuclear Security Administration (NNSA) Ground-Based Nuclear Explosion Monitoring Research and Engineering (GNEM R&E) Program has made significant progress enhancing the process of deriving seismic calibrations and performing scientific integration with automation tools. We present an overview of our software automation efforts and framework to address the problematic issues of very large datasets and varied formats utilized during seismic calibration research. The software and scientific automation initiatives directly support the rapid collection of raw and contextual seismic data used in research, provide efficient interfaces for researchers to measure/analyze data, and provide a framework for research dataset integration. The automation also improves the researcher's ability to assemble quality controlled research products for delivery into the NNSA Knowledge Base (KB). The software and scientific automation tasks provide the robust foundation upon which synergistic and efficient development of, GNEM R&E Program, seismic calibration research may be built. The task of constructing many seismic calibration products is labor intensive and complex, hence expensive. However, aspects of calibration product construction are susceptible to automation and future economies. We are applying software and scientific automation to problems within two distinct phases or 'tiers' of the seismic calibration process. The first tier involves initial collection of waveform and parameter (bulletin) data that comprise the 'raw materials' from which signal travel-time and amplitude correction surfaces are derived and is highly suited for software automation. The second tier in seismic research content development activities include development of correction surfaces and other calibrations. This second tier is less susceptible to complete automation, as these activities require the judgment of scientists skilled in the interpretation of often highly unpredictable event

  6. Software to Manage the Unmanageable

    NASA Technical Reports Server (NTRS)

    2005-01-01

    In 1995, NASA s Jet Propulsion Laboratory (JPL) contracted Redmond, Washington-based Lucidoc Corporation, to design a technology infrastructure to automate the intersection between policy management and operations management with advanced software that automates document workflow, document status, and uniformity of document layout. JPL had very specific parameters for the software. It expected to store and catalog over 8,000 technical and procedural documents integrated with hundreds of processes. The project ended in 2000, but NASA still uses the resulting highly secure document management system, and Lucidoc has managed to help other organizations, large and small, with integrating document flow and operations management to ensure a compliance-ready culture.

  7. Magnetic content addressable memories

    NASA Astrophysics Data System (ADS)

    Jiang, Zhenye

    Content Addressable Memories are designed with comparison circuits built into every bit cell. This parallel structure can increase the speed of searching from O(n) (as with Random Access Memories) to O(1), where n is the number of entries being searched. The high cost in hardware limits the application of CAM within situations where higher searching speed is extremely desired. Spintronics technology can build non-volatile Magnetic RAM with only one device for one bit cell. There are various technologies involved, like Magnetic Tunnel Junctions, off-easy-axis programming method, Synthetic Anti-Ferromagnetic tri-layers, Domain Wall displacement, Spin Transfer Torque tri-layers and etc. With them, particularly the Tunnel Magneto-Resistance variation in MTJ due to difference in magnetization polarity of the two magnets, Magnetic CAM can be developed with reduced hardware cost. And this is demonstrated by the discussion in this dissertation. Six MCAM designs are discussed. In the first design, comparand (C), local information (S) and their complements are stored into 4 MTJs connected in XOR gate pattern. The other five designs have one or two stacks for both information storage and comparison, and full TMR ratio can be taken advantage of. Two challenges for the five are specifically programming C without changing S and selectively programming a cell out of an array. The solutions to specific programming are: by confining the programming field for C in a ring structure design; by using field programming and spin polarized current programming respectively for C and S in the SAF+DW and SAF+STT tri-layer design; by making use of the difference in thresholds between direct mode and toggle mode switching in the SAF+SAF design. The problem of selective programming is addressed by off-easy-axis method and by including SAF tri-layers. Cell with STT tri-layers for both C and S can completely avoid the problems of specific and selective programming, but subject to the limit of

  8. ICCE Policy Statement on Network and Multiple Machine Software.

    ERIC Educational Resources Information Center

    Computing Teacher, 1983

    1983-01-01

    Issued to provide guidance for the resolution of problems inherent in providing and securing good educational software, this statement outlines responsibilities of educators, hardware vendors, and software developers/vendors. Sample policy statements for school districts and community colleges, suggested format for software licenses, and technical…

  9. Nine Easy Steps to Avoiding Software Copyright Infringement.

    ERIC Educational Resources Information Center

    Gamble, Lanny R.; Anderson, Larry S.

    1989-01-01

    To avoid microcomputer software copyright infringement, administrators must be aware of the law, read the software agreements, maintain good records, submit all software registration cards, provide secure storage, post warnings, be consistent when establishing and enforcing policies, consider a site license, and ensure the legality of currently…

  10. A secure open system?

    NASA Astrophysics Data System (ADS)

    Crowe, James A.

    1993-08-01

    The notion of a large distributed computing system in support of a program like EOSDIS, carries with it the requirement that the system provide the user with guarantees about the integrity of the data and certain assurances about the security of the network of computing systems. This paper examines the challenges of providing a `secure' open system and how these challenges may be addressed from both an architectural as well as functional viewpoint. The role of discretionary access control, mandatory access control, and detection and control of computer viruses is discussed. It has often been observed that the role of the security engineer is one of restricting access to data, whereas the role of the system architect, of an open system that is encouraging research, should make data easy to obtain and utilize. This paradox is manifest in a system such a EOSDIS where to be useful, the systems data must be easy to obtain, but to ensure the integrity of the data it must exercise some level of security. This paper address the use and role of the Security Services of the OSF Distributed Computing Environment in support of networked applications, such as those that may be used in the implementation of the EOS Science Network. It further examines the role of mandatory access control mechanisms to provide data integrity guarantees. The paper further discusses how a system like EOSDIS may prevent computer viruses using a system of automated detection mechanisms and configuration control.

  11. Analysis Software

    NASA Technical Reports Server (NTRS)

    1994-01-01

    General Purpose Boundary Element Solution Technology (GPBEST) software employs the boundary element method of mechanical engineering analysis, as opposed to finite element. It is, according to one of its developers, 10 times faster in data preparation and more accurate than other methods. Its use results in less expensive products because the time between design and manufacturing is shortened. A commercial derivative of a NASA-developed computer code, it is marketed by Best Corporation to solve problems in stress analysis, heat transfer, fluid analysis and yielding and cracking of solids. Other applications include designing tractor and auto parts, household appliances and acoustic analysis.

  12. Seminar Software

    NASA Technical Reports Server (NTRS)

    1993-01-01

    The Society for Computer Simulation International is a professional technical society that distributes information on methodology techniques and uses of computer simulation. The society uses NETS, a NASA-developed program, to assist seminar participants in learning to use neural networks for computer simulation. NETS is a software system modeled after the human brain; it is designed to help scientists exploring artificial intelligence to solve pattern matching problems. Examples from NETS are presented to seminar participants, who can then manipulate, alter or enhance them for their own applications.

  13. Simulation Software

    NASA Technical Reports Server (NTRS)

    1996-01-01

    Various NASA Small Business Innovation Research grants from Marshall Space Flight Center, Langley Research Center and Ames Research Center were used to develop the 'kernel' of COMCO's modeling and simulation software, the PHLEX finite element code. NASA needed it to model designs of flight vehicles; one of many customized commercial applications is UNISIM, a PHLEX-based code for analyzing underground flows in oil reservoirs for Texaco, Inc. COMCO's products simulate a computational mechanics problem, estimate the solution's error and produce the optimal hp-adapted mesh for the accuracy the user chooses. The system is also used as a research or training tool in universities and in mechanical design in industrial corporations.

  14. 31 CFR 202.6 - Collateral security.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... collateral security are addressed in 31 CFR part 380. For a current list of acceptable classes of securities and instruments described in 31 CFR part 380 and their valuations, see the Bureau of the Public Debt's... 31 Money and Finance:Treasury 2 2011-07-01 2011-07-01 false Collateral security. 202.6 Section...

  15. 31 CFR 202.6 - Collateral security.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... collateral security are addressed in 31 CFR part 380. For a current list of acceptable classes of securities and instruments described in 31 CFR part 380 and their valuations, see the Bureau of the Public Debt's... 31 Money and Finance: Treasury 2 2010-07-01 2010-07-01 false Collateral security. 202.6...

  16. 31 CFR 202.6 - Collateral security.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... collateral security are addressed in 31 CFR part 380. For a current list of acceptable classes of securities and instruments described in 31 CFR part 380 and their valuations, see the Bureau of the Public Debt's... 31 Money and Finance:Treasury 2 2012-07-01 2012-07-01 false Collateral security. 202.6 Section...

  17. 31 CFR 202.6 - Collateral security.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... collateral security are addressed in 31 CFR part 380. For a current list of acceptable classes of securities and instruments described in 31 CFR part 380 and their valuations, see the Bureau of the Public Debt's... 31 Money and Finance:Treasury 2 2013-07-01 2013-07-01 false Collateral security. 202.6 Section...

  18. Understanding and managing risk in software systems

    SciTech Connect

    Fletcher, S.K.; Jansma, R.; Lim, J.; Murphy, M.; Wyss, G.

    1995-07-01

    When software is used in safety-critical, security-critical, or mission-critical situations, it is imperative to understand and manage the risks involved. A risk assessment methodology and toolset have been developed which are specific to software systems. This paper describes the concepts of the methodology, with emphasis on the experience of designing a toolset to support the methodology. Also presented are results of applying the methodology to two real software-based products: the software toolset itself, and a network firewall.

  19. Space station: The role of software

    NASA Technical Reports Server (NTRS)

    Hall, D.

    1985-01-01

    Software will play a critical role throughout the Space Station Program. This presentation sets the stage and prompts participant interaction at the Software Issues Forum. The presentation is structured into three major topics: (1) an overview of the concept and status of the Space Station Program; (2) several charts designed to lay out the scope and role of software; and (3) information addressing the four specific areas selected for focus at the forum, specifically: software management, the software development environment, languages, and standards. NASA's current thinking is highlighted and some of the relevant critical issues are raised.

  20. Software system safety

    NASA Technical Reports Server (NTRS)

    Uber, James G.

    1988-01-01

    Software itself is not hazardous, but since software and hardware share common interfaces there is an opportunity for software to create hazards. Further, these software systems are complex, and proven methods for the design, analysis, and measurement of software safety are not yet available. Some past software failures, future NASA software trends, software engineering methods, and tools and techniques for various software safety analyses are reviewed. Recommendations to NASA are made based on this review.

  1. A Survey of CAD Software.

    ERIC Educational Resources Information Center

    Sisk, Alan

    1987-01-01

    Computer-aided design (CAD) has been around for a number of years. An overview is provided of a number of major computer-aided design programs. A short analysis of each program includes the addresses of the software producers. (MLF)

  2. A Multidimensional Software Engineering Course

    ERIC Educational Resources Information Center

    Barzilay, O.; Hazzan, O.; Yehudai, A.

    2009-01-01

    Software engineering (SE) is a multidimensional field that involves activities in various areas and disciplines, such as computer science, project management, and system engineering. Though modern SE curricula include designated courses that address these various subjects, an advanced summary course that synthesizes them is still missing. Such a…

  3. Safety, Security and Multicore

    NASA Astrophysics Data System (ADS)

    Parkinson, Paul

    Historically many safety-related and security-critical systems have been developed and qualified using single-core processors. These platforms could easily meet their increases in system performance requirements through higher processor clock speeds. However, the industry is now approaching the limit of relatively simple upgrade path, and there is an increasing trend towards the adoption of multicore processor architectures in critical systems to address higher performance demands. In this paper, we will review the challenges involved in migration to multicore processor architectures and the specific challenges related to their use in safety-critical and security-sensitive systems.

  4. Information risk and security modeling

    NASA Astrophysics Data System (ADS)

    Zivic, Predrag

    2005-03-01

    This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

  5. Security systems engineering overview

    NASA Astrophysics Data System (ADS)

    Steele, Basil J.

    1997-01-01

    Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at 70 billion dollars in direct costs and up to 300 billion dollars in indirect costs. Health insurance fraud alone is estimated to cost American businesses 100 billion dollars. Theft, warranty fraud, and counterfeiting of computer hardware totaled 3 billion dollars in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies; industrial espionage detection and prevention; security barrier technology.

  6. Security systems engineering overview

    SciTech Connect

    Steele, B.J.

    1996-12-31

    Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at $70 billion in direct costs and up to $300 billion in indirect costs. Health insurance fraud alone is estimated to cost American businesses $100 billion. Theft, warranty fraud, and counterfeiting of computer hardware totaled $3 billion in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies (counterfeit currency, cellular phone billing, credit card fraud, health care fraud, passport, green cards, and questionable documents); industrial espionage detection and prevention (intellectual property, computer chips, etc.); and security barrier technology (creation of delay such as gates, vaults, etc.).

  7. Evidence of Absence software

    USGS Publications Warehouse

    Dalthorp, Daniel; Huso, Manuela M. P.; Dail, David; Kenyon, Jessica

    2014-01-01

    Evidence of Absence software (EoA) is a user-friendly application used for estimating bird and bat fatalities at wind farms and designing search protocols. The software is particularly useful in addressing whether the number of fatalities has exceeded a given threshold and what search parameters are needed to give assurance that thresholds were not exceeded. The software is applicable even when zero carcasses have been found in searches. Depending on the effectiveness of the searches, such an absence of evidence of mortality may or may not be strong evidence that few fatalities occurred. Under a search protocol in which carcasses are detected with nearly 100 percent certainty, finding zero carcasses would be convincing evidence that overall mortality rate was near zero. By contrast, with a less effective search protocol with low probability of detecting a carcass, finding zero carcasses does not rule out the possibility that large numbers of animals were killed but not detected in the searches. EoA uses information about the search process and scavenging rates to estimate detection probabilities to determine a maximum credible number of fatalities, even when zero or few carcasses are observed.

  8. Open source IPSEC software in manned and unmanned space missions

    NASA Astrophysics Data System (ADS)

    Edwards, Jacob

    Network security is a major topic of research because cyber attackers pose a threat to national security. Securing ground-space communications for NASA missions is important because attackers could endanger mission success and human lives. This thesis describes how an open source IPsec software package was used to create a secure and reliable channel for ground-space communications. A cost efficient, reproducible hardware testbed was also created to simulate ground-space communications. The testbed enables simulation of low-bandwidth and high latency communications links to experiment how the open source IPsec software reacts to these network constraints. Test cases were built that allowed for validation of the testbed and the open source IPsec software. The test cases also simulate using an IPsec connection from mission control ground routers to points of interest in outer space. Tested open source IPsec software did not meet all the requirements. Software changes were suggested to meet requirements.

  9. Automated software engineering planning with SASEA

    SciTech Connect

    Lawlis, P.K.; Hoffman, C.L.

    1998-07-01

    Planning for effective software engineering is not easy, and software project managers would usually welcome assistance in this area. Very effective assistance could be provided by automated tools that are decision aids. However, a comprehensive suite of such tools does not yet exist. One area that has been addressed is the selection of a programming language. This paper discusses in detail a decision tool that has been developed for language selection. It also addresses the areas in which other such tools are required.

  10. 76 FR 34650 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-06-14

    ... expected to include the following items: --Cloud Security and Privacy Panel discussion on addressing security and privacy for different types of cloud computing, --Presentation from National Strategy...

  11. Critical Considerations for WORM Software Development.

    ERIC Educational Resources Information Center

    Berg, Brian A.

    1987-01-01

    Addresses advantages and disadvantages of write-once read-many (WORM) optical disks and other software considerations resulting from the write-once nature of WORM media to provide guidelines for determining whether this technology is appropriate for an application. Three brief case studies describe WORM software development efforts. (MES)

  12. Loran-C flight test software

    NASA Technical Reports Server (NTRS)

    Nickum, J. D.

    1978-01-01

    The software package developed for the KIM-1 Micro-System and the Mini-L PLL receiver to simplify taking flight test data is described along with the address and data bus buffers used in the KIM-1 Micro-system. The interface hardware and timing are also presented to describe completely the software programs.

  13. Database Handling Software and Scientific Applications.

    ERIC Educational Resources Information Center

    Gabaldon, Diana J.

    1984-01-01

    Discusses the general characteristics of database management systems and file systems. Also gives a basic framework for evaluating such software and suggests characteristics that should be considered when buying software for specific scientific applications. A list of vendor addresses for popular database management systems is included. (JN)

  14. Software engineering as an engineering discipline

    NASA Technical Reports Server (NTRS)

    Freedman, Glenn B.

    1988-01-01

    The purpose of this panel is to explore the emerging field of software engineering from a variety of perspectives: university programs; industry training and definition; government development; and technology transfer. In doing this, the panel will address the issues of distinctions among software engineering, computer science, and computer hardware engineering as they relate to the challenges of large, complex systems.

  15. Sandia software guidelines: Software quality planning

    SciTech Connect

    Not Available

    1987-08-01

    This volume is one in a series of Sandia Software Guidelines intended for use in producing quality software within Sandia National Laboratories. In consonance with the IEEE Standard for Software Quality Assurance Plans, this volume identifies procedures to follow in producing a Software Quality Assurance Plan for an organization or a project, and provides an example project SQA plan. 2 figs., 4 tabs.

  16. Lock It Up! Computer Security.

    ERIC Educational Resources Information Center

    Wodarz, Nan

    1997-01-01

    The data contained on desktop computer systems and networks pose security issues for virtually every district. Sensitive information can be protected by educating users, altering the physical layout, using password protection, designating access levels, backing up data, reformatting floppy disks, using antivirus software, and installing encryption…

  17. Staying Secure for School Safety

    ERIC Educational Resources Information Center

    Youngkin, Minu

    2012-01-01

    Proper planning and preventive maintenance can increase school security and return on investment. Preventive maintenance begins with planning. Through careful planning, education institutions can determine what is working and if any equipment, hardware or software needs to be replaced or upgraded. When reviewing a school's safety and security…

  18. Bundle Security Protocol for ION

    NASA Technical Reports Server (NTRS)

    Burleigh, Scott C.; Birrane, Edward J.; Krupiarz, Christopher

    2011-01-01

    This software implements bundle authentication, conforming to the Delay-Tolerant Networking (DTN) Internet Draft on Bundle Security Protocol (BSP), for the Interplanetary Overlay Network (ION) implementation of DTN. This is the only implementation of BSP that is integrated with ION.

  19. ASIS healthcare security benchmarking study.

    PubMed

    2001-01-01

    Effective security has aligned itself into the everyday operations of a healthcare organization. This is evident in every regional market segment, regardless of size, location, and provider clinical expertise or organizational growth. This research addresses key security issues from an acute care provider to freestanding facilities, from rural hospitals and community hospitals to large urban teaching hospitals. Security issues and concerns are identified and addressed daily by senior and middle management. As provider campuses become larger and more diverse, the hospitals surveyed have identified critical changes and improvements that are proposed or pending. Mitigating liabilities and improving patient, visitor, and/or employee safety are consequential to the performance and viability of all healthcare providers. Healthcare organizations have identified the requirement to compete for patient volume and revenue. The facility that can deliver high-quality healthcare in a comfortable, safe, secure, and efficient atmosphere will have a significant competitive advantage over a facility where patient or visitor security and safety is deficient. Continuing changes in healthcare organizations' operating structure and healthcare geographic layout mean changes in leadership and direction. These changes have led to higher levels of corporate responsibility. As a result, each organization participating in this benchmark study has added value and will derive value for the overall benefit of the healthcare providers throughout the nation. This study provides a better understanding of how the fundamental security needs of security in healthcare organizations are being addressed and its solutions identified and implemented. PMID:11602980

  20. Double layer secure sketch

    NASA Astrophysics Data System (ADS)

    Li, Cai

    2012-09-01

    Secure sketch has been applied successfully in a wide variety of applications like cryptography, biometric authentication systems and so on. All of these secure sketches have properties in common namely error-tolerance and small entropy loss. The former ensures an input set w' can unlock the system if w' is substantially overlapped with a template set w while the latter means it is hard for an adversary to get the information of w even with the knowledge of s, which is produced by w and stored in the system publicly. In their constructions, they all consider w as a set of atomic elements. However, in the real word, it is very likely the elements in the template set are sets as well. In this paper, we propose a double layer secure sketch to address this issue.

  1. 76 FR 22625 - Reporting of Security Issues

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-04-22

    ...://www.gpoaccess.gov/fr/index.html ; or (3) Visiting TSA's Security Regulations Web page at http://www... persons who provide valuable information related to transportation security. \\12\\ See 74 FR 43090 (August...\\ See 75 FR 43091. The hardware and software needed to implement the ``auto-response'' function for...

  2. High Assurance Models for Secure Systems

    ERIC Educational Resources Information Center

    Almohri, Hussain M. J.

    2013-01-01

    Despite the recent advances in systems and network security, attacks on large enterprise networks consistently impose serious challenges to maintaining data privacy and software service integrity. We identify two main problems that contribute to increasing the security risk in a networked environment: (i) vulnerable servers, workstations, and…

  3. 17 CFR 230.154 - Delivery of prospectuses to investors at the same address.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... prospectus under the federal securities laws, for purposes of sections 5(b) and 2(a)(10) of the Act (15 U.S.C...; (iii) State the duration of the consent; (iv) Explain how an investor can revoke consent; (v) State... investors at the same address. 230.154 Section 230.154 Commodity and Securities Exchanges SECURITIES...

  4. 17 CFR 248.202 - Duties of card issuers regarding changes of address.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Duties of card issuers regarding changes of address. 248.202 Section 248.202 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) REGULATIONS S-P, S-AM, AND S-ID Regulation S-ID: Identity Theft Red...

  5. Office Computer Software: A Comprehensive Review of Software Programs.

    ERIC Educational Resources Information Center

    Secretary, 1992

    1992-01-01

    Describes types of software including system software, application software, spreadsheets, accounting software, graphics packages, desktop publishing software, database, desktop and personal information management software, project and records management software, groupware, and shareware. (JOW)

  6. Physical Security

    SciTech Connect

    2008-01-01

    The future of physical security at government facilities and national laboratories is rapidly progressing beyond the cliché of gates, guns and guards, and is quickly being replaced by radars, sensors and cameras. Learn more about INL's security research at http://www.facebook.com/idahonationallaboratory.

  7. School Security.

    ERIC Educational Resources Information Center

    Bete, Tim, Ed.

    1998-01-01

    Presents the opinions of four security experts on the issue of guns in schools. The experts respond to the following questions: will schools ever be free of weapons; will card access systems become common in public schools; will metal detectors solve school security problems; and will students ever be issued bullet-proof vests along with…

  8. Evaluation Report on "The Department's Unclassified Cyber Security Program"

    SciTech Connect

    2009-10-01

    Industry experts report that security challenges and threats are continually evolving as malicious activity has become more web-based and attackers are able to rapidly adapt their attack methods. In addition, the number of data breaches continues to rise. In an effort to mitigate and address threats and protect valuable information, the Department of Energy anticipated spending about $275 million in Fiscal Year (FY) 2009 to implement cyber security measures necessary to protect its information technology resources. These systems and data are designed to support the Department's mission and business lines of energy security, nuclear security, scientific discovery and innovation, and environmental responsibility. The Federal Information Security Management Act of 2002 (FISMA) provides direction to agencies on the management and oversight of information security risks, including design and implementation of controls to protect Federal information and systems. As required by FISMA, the Office of Inspector General conducts an annual independent evaluation to determine whether the Department's unclassified cyber security program adequately protects its information systems and data. This memorandum and the attached report present the results of our evaluation for FY 2009. The Department continued to make incremental improvements in its unclassified cyber security program. Our evaluation disclosed that most sites had taken action to address weaknesses previously identified in our FY 2008 evaluation report. They improved certification and accreditation of systems; strengthened configuration management of networks and systems; performed independent assessments; and, developed and/or refined certain policies and procedures. In addition, the Department instituted a centralized incident response organization designed to eliminate duplicative efforts throughout the Department. As we have noted in previous reports, the Department continued to maintain strong network perimeter

  9. Software Quality Assurance for Nuclear Safety Systems

    SciTech Connect

    Sparkman, D R; Lagdon, R

    2004-05-16

    The US Department of Energy has undertaken an initiative to improve the quality of software used to design and operate their nuclear facilities across the United States. One aspect of this initiative is to revise or create new directives and guides associated with quality practices for the safety software in its nuclear facilities. Safety software includes the safety structures, systems, and components software and firmware, support software and design and analysis software used to ensure the safety of the facility. DOE nuclear facilities are unique when compared to commercial nuclear or other industrial activities in terms of the types and quantities of hazards that must be controlled to protect workers, public and the environment. Because of these differences, DOE must develop an approach to software quality assurance that ensures appropriate risk mitigation by developing a framework of requirements that accomplishes the following goals: {sm_bullet} Ensures the software processes developed to address nuclear safety in design, operation, construction and maintenance of its facilities are safe {sm_bullet} Considers the larger system that uses the software and its impacts {sm_bullet} Ensures that the software failures do not create unsafe conditions Software designers for nuclear systems and processes must reduce risks in software applications by incorporating processes that recognize, detect, and mitigate software failure in safety related systems. It must also ensure that fail safe modes and component testing are incorporated into software design. For nuclear facilities, the consideration of risk is not necessarily sufficient to ensure safety. Systematic evaluation, independent verification and system safety analysis must be considered for software design, implementation, and operation. The software industry primarily uses risk analysis to determine the appropriate level of rigor applied to software practices. This risk-based approach distinguishes safety

  10. CB-EMIS WEB SERVICE SOFTWARE

    2007-01-01

    This software provides CB-EMIS data to remote devices using a secure internet connection. The CB-EMIS Web Service filters and repackages data in a form suitable for resource limited devices such as a cell phone. Data transmission is filtered based on a user's authentical level. The web services acts as intermediary so that no direct connection is possible between the internet and the CB-EMIS server software.

  11. TacNet Tracker Software

    2008-08-04

    The TacNet Tracker will be used for the monitoring and real-time tracking of personnel and assets in an unlimited number of specific applications. The TacNet Tracker software is a VxWorks Operating System based programming package that controls the functionality for the wearable Tracker. One main use of the TacNet Tracker is in Blue Force Tracking, the ability to track the good guys in an adversarial situation or in a force-on-force or real battle conditions. Themore » purpose of blue force tracking is to provide situational awareness to the battlefield commanders and personnel. There are practical military applications with the TacNet Tracker.The mesh network is a wireless IP communications network that moves data packets from source IP addresses to specific destination IP addresses. Addresses on the TacNet infrastructure utilize an 8-bit network mask (255.0.0.0). In other words, valid TacNet addresses range from 10.0.0.1 to 10.254.254.254. The TacNet software design uses uni-cast transmission techniques because earlier mesh network software releases did not provide for the ability to utilize multi-cast data movement. The TacNet design employs a list of addresses to move information within the TacNet infrastructure. For example, a convoy text file containing the IP addresses of all valid receivers of TacNet information could be used for transmitting the information and for limiting transmission to addresses on the list.« less

  12. TacNet Tracker Software

    SciTech Connect

    WISEMAN, JAMES; & STEVENS, JAMES

    2008-08-04

    The TacNet Tracker will be used for the monitoring and real-time tracking of personnel and assets in an unlimited number of specific applications. The TacNet Tracker software is a VxWorks Operating System based programming package that controls the functionality for the wearable Tracker. One main use of the TacNet Tracker is in Blue Force Tracking, the ability to track the good guys in an adversarial situation or in a force-on-force or real battle conditions. The purpose of blue force tracking is to provide situational awareness to the battlefield commanders and personnel. There are practical military applications with the TacNet Tracker.The mesh network is a wireless IP communications network that moves data packets from source IP addresses to specific destination IP addresses. Addresses on the TacNet infrastructure utilize an 8-bit network mask (255.0.0.0). In other words, valid TacNet addresses range from 10.0.0.1 to 10.254.254.254. The TacNet software design uses uni-cast transmission techniques because earlier mesh network software releases did not provide for the ability to utilize multi-cast data movement. The TacNet design employs a list of addresses to move information within the TacNet infrastructure. For example, a convoy text file containing the IP addresses of all valid receivers of TacNet information could be used for transmitting the information and for limiting transmission to addresses on the list.

  13. 2014 ASHG Awards and Addresses

    PubMed Central

    2015-01-01

    Each year at the annual meeting of The American Society of Human Genetics (ASHG), addresses are given in honor of The Society and a number of award winners. A summary of each of these addresses is given below. On the following pages, we have printed the presidential address and the addresses for the William Allan Award, the Curt Stern Award, and the Victor A. McKusick Leadership Award. Webcasts of these addresses, as well as those of many other presentations, can be found at http://www.ashg.org.

  14. 2013 ASHG Awards and Addresses

    PubMed Central

    2014-01-01

    Each year at the annual meeting of The American Society of Human Genetics (ASHG), addresses are given in honor of The Society and a number of award winners. A summary of each of these addresses is given below. On the following pages, we have printed the Presidential Address and the addresses for the William Allan Award, the Curt Stern Award, and the Victor A. McKusick Leadership Award. Webcasts of these addresses, as well as those of many other presentations, can be found at http://www.ashg.org.

  15. Secure Objectives for School Security

    ERIC Educational Resources Information Center

    Dalton-Noblitt, April

    2012-01-01

    In a study conducted among more than 980 American four-year and two-year colleges and universities, including institutions such as the University of Michigan, MIT, UCLA and Columbia, security staff and other administrators identified the five leading goals for their security systems: (1) Preventing unauthorized people from entering their…

  16. Framework for Address Cooperative Extended Transactions

    1997-12-01

    The Framework for Addressing Cooperative Extended Transactions (FACET) is an object-oriented software framework for building models of complex, cooperative behaviors of agents. it can be used to implement simulation models of societal processes such as the complex interplay of participating individuals and organizations engaged in multiple concurrent transactions in pursuit of their various goals. These transactions can be patterned on, for example, clinical guidelines and procedures, business practices, government and corporate policies, etc. FACET canmore » also address other complex behaviors such as biological life cycles or manufacturing processes. FACET includes generic software objects representing the fundamental classes of agent -- Person and Organization - with mechanisms for resource management, including resolution of conflicting requests for participation and/or use of the agent's resources. The FACET infrastructure supports stochastic behavioral elements and coping mechanisms by which specified special conditions and events can cause an active cooperative process to be preempted, diverting the participants onto appropriate alternative behavioral pathways.« less

  17. Software Model Of Software-Development Process

    NASA Technical Reports Server (NTRS)

    Lin, Chi Y.; Synott, Debra J.; Levary, Reuven R.

    1990-01-01

    Collection of computer programs constitutes software tool for simulation of medium- to large-scale software-development projects. Necessary to include easily identifiable and more-readily quantifiable characteristics like costs, times, and numbers of errors. Mathematical model incorporating these and other factors of dynamics of software-development process implemented in the Software Life Cycle Simulator (SLICS) computer program. Simulates dynamics of software-development process. In combination with input and output expert software systems and knowledge-based management software system, develops information for use in managing large software-development project. Intended to aid managers in planning, managing, and controlling software-development processes by reducing uncertainties in budgets, required personnel, and schedules.

  18. Computer Network Security: Best Practices for Alberta School Jurisdictions.

    ERIC Educational Resources Information Center

    Alberta Dept. of Education, Edmonton.

    This paper provides a snapshot of the computer network security industry and addresses specific issues related to network security in public education. The following topics are covered: (1) security policy, including reasons for establishing a policy, risk assessment, areas to consider, audit tools; (2) workstations, including physical security,…

  19. School Security: For Whom and with What Results?

    ERIC Educational Resources Information Center

    Servoss, Timothy J.; Finn, Jeremy D.

    2014-01-01

    This study utilized school-level data from several combined national databases to address two questions regarding school security policy: (1) What are the school characteristics related to levels of security? (2) How does security relate to school suspension, dropout, and college attendance rates? Among the predictors of school security, having a…

  20. The U.S./IAEA Workshop on Software Sustainability for Safeguards Instrumentation: Report to the NNSA DOE Office of International Nuclear Safeguards (NA-241)

    SciTech Connect

    Pepper, Susan E.; Pickett, Chris A.; Queirolo, Al; Bachner, Katherine M.; Worrall, Louise G.

    2015-04-07

    The U.S Department of Energy (DOE) National Nuclear Security Administration (NNSA) Next Generation Safeguards Initiative (NGSI) and the International Atomic Energy Agency (IAEA) convened a workshop on Software Sustainability for Safeguards Instrumentation in Vienna, Austria, May 6-8, 2014. Safeguards instrumentation software must be sustained in a changing environment to ensure existing instruments can continue to perform as designed, with improved security. The approaches to the development and maintenance of instrument software used in the past may not be the best model for the future and, therefore, the organizers’ goal was to investigate these past approaches and to determine an optimal path forward. The purpose of this report is to provide input for the DOE NNSA Office of International Nuclear Safeguards (NA-241) and other stakeholders that can be utilized when making decisions related to the development and maintenance of software used in the implementation of international nuclear safeguards. For example, this guidance can be used when determining whether to fund the development, upgrade, or replacement of a particular software product. The report identifies the challenges related to sustaining software, and makes recommendations for addressing these challenges, supported by summaries and detailed notes from the workshop discussions. In addition the authors provide a set of recommendations for institutionalizing software sustainability practices in the safeguards community. The term “software sustainability” was defined for this workshop as ensuring that safeguards instrument software and algorithm functionality can be maintained efficiently throughout the instrument lifecycle, without interruption and providing the ability to continue to improve that software as needs arise.

  1. Using OpenSSH to secure mobile LAN network traffic

    NASA Astrophysics Data System (ADS)

    Luu, Brian B.; Gopaul, Richard D.

    2002-08-01

    Mobile Internet Protocol (IP) Local Area Network (LAN) is a technique, developed by the U.S. Army Research Laboratory, which allows a LAN to be IP mobile when attaching to a foreign IP-based network and using this network as a means to retain connectivity to its home network. In this paper, we describe a technique that uses Open Secure Shell (OpenSSH) software to ensure secure, encrypted transmission of a mobile LAN's network traffic. Whenever a mobile LAN, implemented with Mobile IP LAN, moves to a foreign network, its gateway (router) obtains an IP address from the new network. IP tunnels, using IP encapsulation, are then established from the gateway through the foreign network to a home agent on its home network. These tunnels provide a virtual two-way connection to the home network for the mobile LAN as if the LAN were connected directly to its home network. Hence, when IP mobile, a mobile LAN's tunneled network traffic must traverse one or more foreign networks that may not be trusted. This traffic could be subject to eavesdropping, interception, modification, or redirection by malicious nodes in these foreign networks. To protect network traffic passing through the tunnels, OpenSSH is used as a means of encryption because it prevents surveillance, modification, and redirection of mobile LAN traffic passing across foreign networks. Since the software is found in the public domain, is available for most current operating systems, and is commonly used to provide secure network communications, OpenSSH is the software of choice.

  2. Secure PVM

    SciTech Connect

    Dunigan, T.H.; Venugopal, N.

    1996-09-01

    This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user`s PVM application, or, optionally, security can be provided on a message-by message basis. Diffe-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.

  3. Information Security and Integrity Systems

    NASA Technical Reports Server (NTRS)

    1990-01-01

    Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

  4. Decision support software technology demonstration plan

    SciTech Connect

    SULLIVAN,T.; ARMSTRONG,A.

    1998-09-01

    The performance evaluation of innovative and alternative environmental technologies is an integral part of the US Environmental Protection Agency's (EPA) mission. Early efforts focused on evaluating technologies that supported the implementation of the Clean Air and Clean Water Acts. In 1986 the Agency began to demonstrate and evaluate the cost and performance of remediation and monitoring technologies under the Superfund Innovative Technology Evaluation (SITE) program (in response to the mandate in the Superfund Amendments and Reauthorization Act of 1986 (SARA)). In 1990, the US Technology Policy was announced. This policy placed a renewed emphasis on making the best use of technology in achieving the national goals of improved quality of life for all Americans, continued economic growth, and national security. In the spirit of the technology policy, the Agency began to direct a portion of its resources toward the promotion, recognition, acceptance, and use of US-developed innovative environmental technologies both domestically and abroad. Decision Support Software (DSS) packages integrate environmental data and simulation models into a framework for making site characterization, monitoring, and cleanup decisions. To limit the scope which will be addressed in this demonstration, three endpoints have been selected for evaluation: Visualization; Sample Optimization; and Cost/Benefit Analysis. Five topics are covered in this report: the objectives of the demonstration; the elements of the demonstration plan; an overview of the Site Characterization and Monitoring Technology Pilot; an overview of the technology verification process; and the purpose of this demonstration plan.

  5. DOE Integrated Security System (DISS) preliminary communication security analysis

    SciTech Connect

    Sweeney, D.J.

    1993-10-01

    The purpose of this analysis is to document a technical approach to improve DOE Integrated Security System (DISS) dial-up communications security and the requirements to address them. This document is not intended as a comprehensive analysis of the security aspects of the DISS computer system but rather as an analysis of the dial-up communications security as it pertains to the use of the DISS database in the new DOE Automated Visitors Access Control System (DAVACS) procedures. Current access controls into the DISS will be discussed with emphasis on the DAVACS procedures. Recommendations will be provided for increasing the dial-up communications security into DISS as it relates to the automated visit procedures. Finally a design for an encrypted dial-up communication link to DISS will be given.

  6. 46 CFR 14.103 - Addresses of Coast Guard.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 46 Shipping 1 2010-10-01 2010-10-01 false Addresses of Coast Guard. 14.103 Section 14.103 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN SHIPMENT AND DISCHARGE OF MERCHANT MARINERS General § 14.103 Addresses of Coast Guard. (a) U.S. postal mail: U.S. Coast Guard National Maritime Center (NMC-42),...

  7. 46 CFR 14.103 - Addresses of Coast Guard.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 46 Shipping 1 2013-10-01 2013-10-01 false Addresses of Coast Guard. 14.103 Section 14.103 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN SHIPMENT AND DISCHARGE OF MERCHANT MARINERS General § 14.103 Addresses of Coast Guard. (a) U.S. postal mail: U.S. Coast Guard National Maritime Center (NMC-42),...

  8. Additional Security Considerations for Grid Management

    NASA Technical Reports Server (NTRS)

    Eidson, Thomas M.

    2003-01-01

    The use of Grid computing environments is growing in popularity. A Grid computing environment is primarily a wide area network that encompasses multiple local area networks, where some of the local area networks are managed by different organizations. A Grid computing environment also includes common interfaces for distributed computing software so that the heterogeneous set of machines that make up the Grid can be used more easily. The other key feature of a Grid is that the distributed computing software includes appropriate security technology. The focus of most Grid software is on the security involved with application execution, file transfers, and other remote computing procedures. However, there are other important security issues related to the management of a Grid and the users who use that Grid. This note discusses these additional security issues and makes several suggestions as how they can be managed.

  9. The NASA Software Management and Assurance Program

    NASA Technical Reports Server (NTRS)

    Hall, D. L.; Wilson, W. M.

    1983-01-01

    A committee of experienced managers representing each major NASA organization guides a major development effort which seeks to ensure the acquisition of economical and reliable software for more complex future programs. The primary, near-term development objectives of the NASA Software Management and Assurance Program are: (1) to provide the best management and technical guidance available; (2) to facilitate the use of proven tools, techniques, and information; and (3) to maintain a pool of highly qualified software personnel. The software development tasks addressed involve such problems as satellite end-to-end architecture and advanced aircraft guidance and control systems.

  10. NASA Software Engineering Benchmarking Study

    NASA Technical Reports Server (NTRS)

    Rarick, Heather L.; Godfrey, Sara H.; Kelly, John C.; Crumbley, Robert T.; Wifl, Joel M.

    2013-01-01

    was its software assurance practices, which seemed to rate well in comparison to the other organizational groups and also seemed to include a larger scope of activities. An unexpected benefit of the software benchmarking study was the identification of many opportunities for collaboration in areas including metrics, training, sharing of CMMI experiences and resources such as instructors and CMMI Lead Appraisers, and even sharing of assets such as documented processes. A further unexpected benefit of the study was the feedback on NASA practices that was received from some of the organizations interviewed. From that feedback, other potential areas where NASA could improve were highlighted, such as accuracy of software cost estimation and budgetary practices. The detailed report contains discussion of the practices noted in each of the topic areas, as well as a summary of observations and recommendations from each of the topic areas. The resulting 24 recommendations from the topic areas were then consolidated to eliminate duplication and culled into a set of 14 suggested actionable recommendations. This final set of actionable recommendations, listed below, are items that can be implemented to improve NASA's software engineering practices and to help address many of the items that were listed in the NASA top software engineering issues. 1. Develop and implement standard contract language for software procurements. 2. Advance accurate and trusted software cost estimates for both procured and in-house software and improve the capture of actual cost data to facilitate further improvements. 3. Establish a consistent set of objectives and expectations, specifically types of metrics at the Agency level, so key trends and models can be identified and used to continuously improve software processes and each software development effort. 4. Maintain the CMMI Maturity Level requirement for critical NASA projects and use CMMI to measure organizations developing software for NASA. 5

  11. Security Detail.

    ERIC Educational Resources Information Center

    Epstein, Marc A.

    2003-01-01

    Describes problems of maintaining discipline and security at Jamaica High School in Queens, New York. Argues that court decisions and school regulations have allowed minority of aggressive and disruptive students to destabilize the learning environment. (PKP)

  12. Application of the AHP method in modeling the trust and reputation of software agents

    NASA Astrophysics Data System (ADS)

    Zytniewski, Mariusz; Klementa, Marek; Skorupka, Dariusz; Stanek, Stanislaw; Duchaczek, Artur

    2016-06-01

    Given the unique characteristics of cyberspace and, in particular, the number of inherent security threats, communication between software agents becomes a highly complex issue and a major challenge that, on the one hand, needs to be continuously monitored and, on the other, awaits new solutions addressing its vulnerabilities. An approach that has recently come into view mimics mechanisms typical of social systems and is based on trust and reputation that assist agents in deciding which other agents to interact with. The paper offers an enhancement to existing trust and reputation models, involving the application of the AHP method that is widely used for decision support in social systems, notably for risks analysis. To this end, it is proposed to expand the underlying conceptual basis by including such notions as self-trust and social trust, and to apply these to software agents. The discussion is concluded with an account of an experiment aimed at testing the effectiveness of the proposed solution.

  13. Security in Full-Force

    NASA Technical Reports Server (NTRS)

    2002-01-01

    When fully developed for NASA, Vanguard Enforcer(TM) software-which emulates the activities of highly technical security system programmers, auditors, and administrators-was among the first intrusion detection programs to restrict human errors from affecting security, and to ensure the integrity of a computer's operating systems, as well as the protection of mission critical resources. Vanguard Enforcer was delivered in 1991 to Johnson Space Center and has been protecting systems and critical data there ever since. In August of 1999, NASA granted Vanguard exclusive rights to commercialize the Enforcer system for the private sector. In return, Vanguard continues to supply NASA with ongoing research, development, and support of Enforcer. The Vanguard Enforcer 4.2 is one of several surveillance technologies that make up the Vanguard Security Solutions line of products. Using a mainframe environment, Enforcer 4.2 achieves previously unattainable levels of automated security management.

  14. Software attribute visualization for high integrity software

    SciTech Connect

    Pollock, G.M.

    1998-03-01

    This report documents a prototype tool developed to investigate the use of visualization and virtual reality technologies for improving software surety confidence. The tool is utilized within the execution phase of the software life cycle. It provides a capability to monitor an executing program against prespecified requirements constraints provided in a program written in the requirements specification language SAGE. The resulting Software Attribute Visual Analysis Tool (SAVAnT) also provides a technique to assess the completeness of a software specification.

  15. High-performance, distributed computing software libraries and services

    2002-01-24

    The Globus toolkit provides basic Grid software infrastructure (i.e. middleware), to facilitate the development of applications which securely integrate geographically separated resources, including computers, storage systems, instruments, immersive environments, etc.

  16. Security patterns and a weighting scheme for mobile agents

    NASA Astrophysics Data System (ADS)

    Walker, Jessie J.

    The notion of mobility has always been a prime factor in human endeavor and achievement. This need to migrate by humans has been distilled into software entities, which are their representatives on distant environments. Software agents are developed to act on behalf of a user. Mobile agents were born from the understanding that many times it was much more useful to move the code (program) to where the resources are located, instead of connecting remotely. Within the mobile agent research community, security has traditionally been the most defining issue facing the community and preventing the paradigm from gaining wide acceptance. There are still numerous difficult problems being addressed with very few practical solutions, such as the malicious host and agent problems. These problems are some of the most active areas of research within the mobile agent community. The major principles, facets, fundamental concepts, techniques and architectures of the field are well understood within the community. This is evident by the many mobile agent systems developed in the last decade that share common core components such as agent management, communication facilities, and mobility services. In other words new mobile agent systems and frameworks do not provide any new insights into agent system architecture or mobility services, agent coordination, communication that could be useful to the agent research community, although these new mobile agent systems do in many instances validate, refine, demonstrate the reuse of many previously proposed and discussed mobile agent research elements. Since mobile agent research for the last decade has been defined by security and related issues, our research into security patterns are within this narrow arena of mobile agent research. The research presented in this thesis examines the issue of mobile agent security from the standpoint of security pattern documented from the universe of mobile agent systems. In addition, we explore how

  17. A Matrix Approach to Software Process Definition

    NASA Technical Reports Server (NTRS)

    Schultz, David; Bachman, Judith; Landis, Linda; Stark, Mike; Godfrey, Sally; Morisio, Maurizio; Powers, Edward I. (Technical Monitor)

    2000-01-01

    The Software Engineering Laboratory (SEL) is currently engaged in a Methodology and Metrics program for the Information Systems Center (ISC) at Goddard Space Flight Center (GSFC). This paper addresses the Methodology portion of the program. The purpose of the Methodology effort is to assist a software team lead in selecting and tailoring a software development or maintenance process for a specific GSFC project. It is intended that this process will also be compliant with both ISO 9001 and the Software Engineering Institute's Capability Maturity Model (CMM). Under the Methodology program, we have defined four standard ISO-compliant software processes for the ISC, and three tailoring criteria that team leads can use to categorize their projects. The team lead would select a process and appropriate tailoring factors, from which a software process tailored to the specific project could be generated. Our objective in the Methodology program is to present software process information in a structured fashion, to make it easy for a team lead to characterize the type of software engineering to be performed, and to apply tailoring parameters to search for an appropriate software process description. This will enable the team lead to follow a proven, effective software process and also satisfy NASA's requirement for compliance with ISO 9001 and the anticipated requirement for CMM assessment. This work is also intended to support the deployment of sound software processes across the ISC.

  18. 77 FR 66351 - Establishing the White House Homeland Security Partnership Council

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-02

    ... ] Executive Order 13629 of October 26, 2012 Establishing the White House Homeland Security Partnership Council... homeland security priorities. Partnerships are collaborative working relationships in which the goals... improve performance. Partnerships enhance our ability to address homeland security priorities,...

  19. Computer Security and the Data Encryption Standard. Proceedings of the Conference on Computer Security and the Data Encryption Standard.

    ERIC Educational Resources Information Center

    Branstad, Dennis K., Ed.

    The 15 papers and summaries of presentations in this collection provide technical information and guidance offered by representatives from federal agencies and private industry. Topics discussed include physical security, risk assessment, software security, computer network security, and applications and implementation of the Data Encryption…

  20. Software Vulnerability Taxonomy Consolidation

    SciTech Connect

    Polepeddi, S

    2004-12-08

    In today's environment, computers and networks are increasing exposed to a number of software vulnerabilities. Information about these vulnerabilities is collected and disseminated via various large publicly available databases such as BugTraq, OSVDB and ICAT. Each of these databases, individually, do not cover all aspects of a vulnerability and lack a standard format among them, making it difficult for end-users to easily compare various vulnerabilities. A central database of vulnerabilities has not been available until today for a number of reasons, such as the non-uniform methods by which current vulnerability database providers receive information, disagreement over which features of a particular vulnerability are important and how best to present them, and the non-utility of the information presented in many databases. The goal of this software vulnerability taxonomy consolidation project is to address the need for a universally accepted vulnerability taxonomy that classifies vulnerabilities in an unambiguous manner. A consolidated vulnerability database (CVDB) was implemented that coalesces and organizes vulnerability data from disparate data sources. Based on the work done in this paper, there is strong evidence that a consolidated taxonomy encompassing and organizing all relevant data can be achieved. However, three primary obstacles remain: lack of referencing a common ''primary key'', un-structured and free-form descriptions of necessary vulnerability data, and lack of data on all aspects of a vulnerability. This work has only considered data that can be unambiguously extracted from various data sources by straightforward parsers. It is felt that even with the use of more advanced, information mining tools, which can wade through the sea of unstructured vulnerability data, this current integration methodology would still provide repeatable, unambiguous, and exhaustive results. Though the goal of coalescing all available data, which would be of use to

  1. Space Flight Software Development Software for Intelligent System Health Management

    NASA Technical Reports Server (NTRS)

    Trevino, Luis C.; Crumbley, Tim

    2004-01-01

    The slide presentation examines the Marshall Space Flight Center Flight Software Branch, including software development projects, mission critical space flight software development, software technical insight, advanced software development technologies, and continuous improvement in the software development processes and methods.

  2. Birds of a Feather: Supporting Secure Systems

    SciTech Connect

    Braswell III, H V

    2006-04-24

    Over the past few years Lawrence Livermore National Laboratory has begun the process of moving to a diskless environment in the Secure Computer Support realm. This movement has included many moving targets and increasing support complexity. We would like to set up a forum for Security and Support professionals to get together from across the Complex and discuss current deployments, lessons learned, and next steps. This would include what hardware, software, and hard copy based solutions are being used to manage Secure Computing. The topics to be discussed include but are not limited to: Diskless computing, port locking and management, PC, Mac, and Linux/UNIX support and setup, system imaging, security setup documentation and templates, security documentation and management, customer tracking, ticket tracking, software download and management, log management, backup/disaster recovery, and mixed media environments.

  3. Proceedings, Conference on the Computing Environment for Mathematical Software

    NASA Technical Reports Server (NTRS)

    1981-01-01

    Recent advances in software and hardware technology which make it economical to create computing environments appropriate for specialized applications are addressed. Topics included software tools, FORTRAN standards activity, and features of languages, operating systems, and hardware that are important for the development, testing, and maintenance of mathematical software.

  4. The 1988 Directory of Educational Software Publishing Companies.

    ERIC Educational Resources Information Center

    Electronic Learning, 1988

    1988-01-01

    Based on questionnaires sent to educational software companies in January 1988, this directory lists 78 companies. Information given includes company address, curriculum subject areas for which the company publishes software, types of machines and operating systems on which the software operates, and grade level for which it is targeted. (LRW)

  5. Science and Mathematics Software Opportunities and Needs. Executive Summary.

    ERIC Educational Resources Information Center

    Technical Education Research Center, Cambridge, MA.

    This study examined the extent to which opportunities created by computer technology addresses the needs in school science and mathematics instruction. Information was gathered by obtaining descriptions of most available software; reviewing published software evaluations, grant-supported software development projects, and a broad selection of…

  6. ClassCompass: A Software Design Mentoring System

    ERIC Educational Resources Information Center

    Coelho, Wesley; Murphy, Gail

    2007-01-01

    Becoming a quality software developer requires practice under the guidance of an expert mentor. Unfortunately, in most academic environments, there are not enough experts to provide any significant design mentoring for software engineering students. To address this problem, we present a collaborative software design tool intended to maximize an…

  7. 33 CFR 174.125 - Coast Guard address.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... 33 Navigation and Navigable Waters 2 2011-07-01 2011-07-01 false Coast Guard address. 174.125 Section 174.125 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) BOATING SAFETY STATE NUMBERING AND CASUALTY REPORTING SYSTEMS State Reports § 174.125 Coast Guard...

  8. 33 CFR 174.125 - Coast Guard address.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Coast Guard address. 174.125 Section 174.125 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) BOATING SAFETY STATE NUMBERING AND CASUALTY REPORTING SYSTEMS State Reports § 174.125 Coast Guard...

  9. 33 CFR 174.125 - Coast Guard address.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... 33 Navigation and Navigable Waters 2 2012-07-01 2012-07-01 false Coast Guard address. 174.125 Section 174.125 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) BOATING SAFETY STATE NUMBERING AND CASUALTY REPORTING SYSTEMS State Reports § 174.125 Coast Guard...

  10. 33 CFR 174.125 - Coast Guard address.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... 33 Navigation and Navigable Waters 2 2014-07-01 2014-07-01 false Coast Guard address. 174.125 Section 174.125 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) BOATING SAFETY STATE NUMBERING AND CASUALTY REPORTING SYSTEMS State Reports § 174.125 Coast Guard...

  11. 33 CFR 174.125 - Coast Guard address.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... 33 Navigation and Navigable Waters 2 2013-07-01 2013-07-01 false Coast Guard address. 174.125 Section 174.125 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) BOATING SAFETY STATE NUMBERING AND CASUALTY REPORTING SYSTEMS State Reports § 174.125 Coast Guard...

  12. Argonne Director Eric Isaacs addresses the National Press Club

    ScienceCinema

    Eric Isaccs

    2010-01-08

    Argonne Director Eric Isaacs addresses the National Press Club on 9/15/2009. To build a national economy based on sustainable energy, the nation must first "reignite its innovation ecology," he said. Issacs makes the case for investing in science to secure America's future.

  13. 33 CFR 67.35-15 - To whom addressed.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false To whom addressed. 67.35-15 Section 67.35-15 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY AIDS TO NAVIGATION AIDS TO NAVIGATION ON ARTIFICIAL ISLANDS AND FIXED STRUCTURES Applications § 67.35-15 To...

  14. 33 CFR 67.35-15 - To whom addressed.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... 33 Navigation and Navigable Waters 1 2011-07-01 2011-07-01 false To whom addressed. 67.35-15 Section 67.35-15 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY AIDS TO NAVIGATION AIDS TO NAVIGATION ON ARTIFICIAL ISLANDS AND FIXED STRUCTURES Applications § 67.35-15 To...

  15. 33 CFR 67.35-15 - To whom addressed.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... 33 Navigation and Navigable Waters 1 2014-07-01 2014-07-01 false To whom addressed. 67.35-15 Section 67.35-15 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY AIDS TO NAVIGATION AIDS TO NAVIGATION ON ARTIFICIAL ISLANDS AND FIXED STRUCTURES Applications § 67.35-15 To...

  16. 33 CFR 67.35-15 - To whom addressed.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... 33 Navigation and Navigable Waters 1 2012-07-01 2012-07-01 false To whom addressed. 67.35-15 Section 67.35-15 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY AIDS TO NAVIGATION AIDS TO NAVIGATION ON ARTIFICIAL ISLANDS AND FIXED STRUCTURES Applications § 67.35-15 To...

  17. 33 CFR 67.35-15 - To whom addressed.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... 33 Navigation and Navigable Waters 1 2013-07-01 2013-07-01 false To whom addressed. 67.35-15 Section 67.35-15 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY AIDS TO NAVIGATION AIDS TO NAVIGATION ON ARTIFICIAL ISLANDS AND FIXED STRUCTURES Applications § 67.35-15 To...

  18. Argonne Director Eric Isaacs addresses the National Press Club

    SciTech Connect

    Eric Isaccs

    2009-09-17

    Argonne Director Eric Isaacs addresses the National Press Club on 9/15/2009. To build a national economy based on sustainable energy, the nation must first "reignite its innovation ecology," he said. Issacs makes the case for investing in science to secure America's future.

  19. Report: Scientific Software.

    ERIC Educational Resources Information Center

    Borman, Stuart A.

    1985-01-01

    Discusses various aspects of scientific software, including evaluation and selection of commercial software products; program exchanges, catalogs, and other information sources; major data analysis packages; statistics and chemometrics software; and artificial intelligence. (JN)

  20. Controlling Software Piracy.

    ERIC Educational Resources Information Center

    King, Albert S.

    1992-01-01

    Explains what software manufacturers are doing to combat software piracy, recommends how managers should deal with this problem, and provides a role-playing exercise to help students understand the issues in software piracy. (SR)

  1. Software Engineering Guidebook

    NASA Technical Reports Server (NTRS)

    Connell, John; Wenneson, Greg

    1993-01-01

    The Software Engineering Guidebook describes SEPG (Software Engineering Process Group) supported processes and techniques for engineering quality software in NASA environments. Three process models are supported: structured, object-oriented, and evolutionary rapid-prototyping. The guidebook covers software life-cycles, engineering, assurance, and configuration management. The guidebook is written for managers and engineers who manage, develop, enhance, and/or maintain software under the Computer Software Services Contract.

  2. Insights into software development in Japan

    NASA Technical Reports Server (NTRS)

    Duvall, Lorraine M.

    1992-01-01

    The interdependence of the U.S.-Japanese economies makes it imperative that we in the United States understand how business and technology developments take place in Japan. We can gain insight into these developments in software engineering by studying the context in which Japanese software is developed, the practices that are used, the problems encountered, the setting surrounding these problems, and the resolution of these problems. Context includes the technological and sociological characteristics of the software development environment, the software processes applied, personnel involved in the development process, and the corporate and social culture surrounding the development. Presented in this paper is a summary of results of a study that addresses these issues. Data for this study was collected during a three month visit to Japan where the author interviewed 20 software managers representing nine companies involved in developing software in Japan. These data are compared to similar data from the United States in which 12 managers from five companies were interviewed.

  3. Los Alamos Center for Computer Security formal computer security model

    SciTech Connect

    Dreicer, J.S.; Hunteman, W.J.; Markin, J.T.

    1989-01-01

    This paper provides a brief presentation of the formal computer security model currently being developed at the Los Alamos Department of Energy (DOE) Center for Computer Security (CCS). The need to test and verify DOE computer security policy implementation first motivated this effort. The actual analytical model was a result of the integration of current research in computer security and previous modeling and research experiences. The model is being developed to define a generic view of the computer and network security domains, to provide a theoretical basis for the design of a security model, and to address the limitations of present formal mathematical models for computer security. The fundamental objective of computer security is to prevent the unauthorized and unaccountable access to a system. The inherent vulnerabilities of computer systems result in various threats from unauthorized access. The foundation of the Los Alamos DOE CCS model is a series of functionally dependent probability equations, relations, and expressions. The model is undergoing continued discrimination and evolution. We expect to apply the model to the discipline of the Bell and LaPadula abstract sets of objects and subjects. 6 refs.

  4. Security Equipment and Systems Certification Program (SESCP)

    SciTech Connect

    Steele, B.J.; Papier, I.I.

    1996-06-20

    Sandia National Laboratories (SNL) and Underwriters Laboratories, Inc., (UL) have jointly established the Security Equipment and Systems Certification Program (SESCP). The goal of this program is to enhance industrial and national security by providing a nationally recognized method for making informed selection and use decisions when buying security equipment and systems. The SESCP will provide a coordinated structure for private and governmental security standardization review. Members will participate in meetings to identify security problems, develop ad-hoc subcommittees (as needed) to address these identified problems, and to maintain a communications network that encourages a meaningful exchange of ideas. This program will enhance national security by providing improved security equipment and security systems based on consistent, reliable standards and certification programs.

  5. Data security.

    PubMed

    2016-09-01

    A government-commissioned review of data security across health and care has led to the proposal of new standards for security and options for a consent/opt-out model. Standards include that all staff complete appropriate annual data security training and pass a mandatory test provided through the revised Information Governance Toolkit, that personal confidential data is only accessible to staff who need it for their current role, and that access is removed as soon as it is no longer required. The consent/opt-out model is outlined under 8 statements, and includes certain circumstances where it will not apply, for example, where there is an overriding public interest, or mandatory legal requirement. PMID:27581899

  6. Securing smart grid technology

    NASA Astrophysics Data System (ADS)

    Chaitanya Krishna, E.; Kosaleswara Reddy, T.; Reddy, M. YogaTeja; Reddy G. M., Sreerama; Madhusudhan, E.; AlMuhteb, Sulaiman

    2013-03-01

    In the developing countries electrical energy is very important for its all-round improvement by saving thousands of dollars and investing them in other sector for development. For Growing needs of power existing hierarchical, centrally controlled grid of the 20th Century is not sufficient. To produce and utilize effective power supply for industries or people we should have Smarter Electrical grids that address the challenges of the existing power grid. The Smart grid can be considered as a modern electric power grid infrastructure for enhanced efficiency and reliability through automated control, high-power converters, modern communications infrastructure along with modern IT services, sensing and metering technologies, and modern energy management techniques based on the optimization of demand, energy and network availability and so on. The main objective of this paper is to provide a contemporary look at the current state of the art in smart grid communications as well as critical issues on smart grid technologies primarily in terms of information and communication technology (ICT) issues like security, efficiency to communications layer field. In this paper we propose new model for security in Smart Grid Technology that contains Security Module(SM) along with DEM which will enhance security in Grid. It is expected that this paper will provide a better understanding of the technologies, potential advantages and research challenges of the smart grid and provoke interest among the research community to further explore this promising research area.

  7. Predicting Software Suitability Using a Bayesian Belief Network

    NASA Technical Reports Server (NTRS)

    Beaver, Justin M.; Schiavone, Guy A.; Berrios, Joseph S.

    2005-01-01

    The ability to reliably predict the end quality of software under development presents a significant advantage for a development team. It provides an opportunity to address high risk components earlier in the development life cycle, when their impact is minimized. This research proposes a model that captures the evolution of the quality of a software product, and provides reliable forecasts of the end quality of the software being developed in terms of product suitability. Development team skill, software process maturity, and software problem complexity are hypothesized as driving factors of software product quality. The cause-effect relationships between these factors and the elements of software suitability are modeled using Bayesian Belief Networks, a machine learning method. This research presents a Bayesian Network for software quality, and the techniques used to quantify the factors that influence and represent software quality. The developed model is found to be effective in predicting the end product quality of small-scale software development efforts.

  8. GridOPTICS Software System

    SciTech Connect

    Akyol, Bora A; Ciraci, PNNL Selim; Gibson, PNNL Tara; Rice, PNNL Mark; Sharma, PNNL Poorva; Yin, PNNL Jian; Allwardt, PNNL Craig; PNNL,

    2014-02-24

    GridOPTICS Software System (GOSS) is a middleware that facilitates creation of new, modular and flexible operational and planning platforms that can meet the challenges of the next generation power grid. GOSS enables Department of Energy, power system utilities, and vendors to build better tools faster. GOSS makes it possible to integrate Future Power Grid Initiative software products/prototypes into existing power grid software systems, including the PNNL PowerNet and EIOC environments. GOSS is designed to allow power grid applications developed for different underlying software platforms installed in different utilities to communicate with ease. This can be done in compliance with existing security and data sharing policies between the utilities. GOSS not only supports one-to-one data transfer between applications, but also publisher/subscriber scheme. To support interoperability requirements of future EMS, GOSS is designed for CIM compliance. In addition to this, it supports authentication and authorization capabilities to protect the system from cyber threats. In summary, the contributions of the GOSS middleware are as follows: • A platform to support future EMS development. • A middleware that promotes interoperability between power grid applications. • A distributed architecture that separates data sources from power grid applications. • Support for data exchange with either one-to-one or publisher/subscriber interfaces. • An authentication and authorization scheme for limiting the access to data between utilities.

  9. GridOPTICS Software System

    2014-02-24

    GridOPTICS Software System (GOSS) is a middleware that facilitates creation of new, modular and flexible operational and planning platforms that can meet the challenges of the next generation power grid. GOSS enables Department of Energy, power system utilities, and vendors to build better tools faster. GOSS makes it possible to integrate Future Power Grid Initiative software products/prototypes into existing power grid software systems, including the PNNL PowerNet and EIOC environments. GOSS is designed to allowmore » power grid applications developed for different underlying software platforms installed in different utilities to communicate with ease. This can be done in compliance with existing security and data sharing policies between the utilities. GOSS not only supports one-to-one data transfer between applications, but also publisher/subscriber scheme. To support interoperability requirements of future EMS, GOSS is designed for CIM compliance. In addition to this, it supports authentication and authorization capabilities to protect the system from cyber threats. In summary, the contributions of the GOSS middleware are as follows: • A platform to support future EMS development. • A middleware that promotes interoperability between power grid applications. • A distributed architecture that separates data sources from power grid applications. • Support for data exchange with either one-to-one or publisher/subscriber interfaces. • An authentication and authorization scheme for limiting the access to data between utilities.« less

  10. WPSS: watching people security services

    NASA Astrophysics Data System (ADS)

    Bouma, Henri; Baan, Jan; Borsboom, Sander; van Zon, Kasper; Luo, Xinghan; Loke, Ben; Stoeller, Bram; van Kuilenburg, Hans; Dijk, Judith

    2013-10-01

    To improve security, the number of surveillance cameras is rapidly increasing. However, the number of human operators remains limited and only a selection of the video streams are observed. Intelligent software services can help to find people quickly, evaluate their behavior and show the most relevant and deviant patterns. We present a software platform that contributes to the retrieval and observation of humans and to the analysis of their behavior. The platform consists of mono- and stereo-camera tracking, re-identification, behavioral feature computation, track analysis, behavior interpretation and visualization. This system is demonstrated in a busy shopping mall with multiple cameras and different lighting conditions.

  11. Applying evolutionary biology to address global challenges

    PubMed Central

    Carroll, Scott P.; Jørgensen, Peter Søgaard; Kinnison, Michael T.; Bergstrom, Carl T.; Denison, R. Ford; Gluckman, Peter; Smith, Thomas B.; Strauss, Sharon Y.; Tabashnik, Bruce E.

    2014-01-01

    Two categories of evolutionary challenges result from escalating human impacts on the planet. The first arises from cancers, pathogens and pests that evolve too quickly, and the second from the inability of many valued species to adapt quickly enough. Applied evolutionary biology provides a suite of strategies to address these global challenges that threaten human health, food security, and biodiversity. This review highlights both progress and gaps in genetic, developmental and environmental manipulations across the life sciences that either target the rate and direction of evolution, or reduce the mismatch between organisms and human-altered environments. Increased development and application of these underused tools will be vital in meeting current and future targets for sustainable development. PMID:25213376

  12. Applying evolutionary biology to address global challenges.

    PubMed

    Carroll, Scott P; Jørgensen, Peter Søgaard; Kinnison, Michael T; Bergstrom, Carl T; Denison, R Ford; Gluckman, Peter; Smith, Thomas B; Strauss, Sharon Y; Tabashnik, Bruce E

    2014-10-17

    Two categories of evolutionary challenges result from escalating human impacts on the planet. The first arises from cancers, pathogens, and pests that evolve too quickly and the second, from the inability of many valued species to adapt quickly enough. Applied evolutionary biology provides a suite of strategies to address these global challenges that threaten human health, food security, and biodiversity. This Review highlights both progress and gaps in genetic, developmental, and environmental manipulations across the life sciences that either target the rate and direction of evolution or reduce the mismatch between organisms and human-altered environments. Increased development and application of these underused tools will be vital in meeting current and future targets for sustainable development. PMID:25213376

  13. Strengthening the Security of ESA Ground Data Systems

    NASA Astrophysics Data System (ADS)

    Flentge, Felix; Eggleston, James; Garcia Mateos, Marc

    2013-08-01

    A common approach to address information security has been implemented in ESA's Mission Operations (MOI) Infrastructure during the last years. This paper reports on the specific challenges to the Data Systems domain within the MOI and how security can be properly managed with an Information Security Management System (ISMS) according to ISO 27001. Results of an initial security risk assessment are reported and the different types of security controls that are being implemented in order to reduce the risks are briefly described.

  14. How To Secure E-Rate Funding.

    ERIC Educational Resources Information Center

    Dietrich, Donald

    2003-01-01

    Describes how to secure E-Rate funding from the Universal Service Administrative Company's School and Libraries Division (SLD) to help school districts obtain telecommunications and Internet access. The SLD Web site address is www.sl.universalservice.org. (PKP)

  15. 77 FR 66794 - Proposed Information Collection; Comment Request; Generic Clearance for Master Address File (MAF...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-07

    ... cooperative effort among many divisions at the Census Bureau; it includes automated listing software, systems... address information. In general, contact will occur only when the FR is adding a unit to the address list, and/ or the individual's address is not posted or visible to the FR. There is no pre-determined...

  16. Methods and Software for Building Bibliographic Data Bases.

    ERIC Educational Resources Information Center

    Daehn, Ralph M.

    1985-01-01

    This in-depth look at database management systems (DBMS) for microcomputers covers data entry, information retrieval, security, DBMS software and design, and downloading of literature search results. The advantages of in-house systems versus online search vendors are discussed, and specifications of three software packages and 14 sources are…

  17. Secure electronic commerce communication system based on CA

    NASA Astrophysics Data System (ADS)

    Chen, Deyun; Zhang, Junfeng; Pei, Shujun

    2001-07-01

    In this paper, we introduce the situation of electronic commercial security, then we analyze the working process and security for SSL protocol. At last, we propose a secure electronic commerce communication system based on CA. The system provide secure services such as encryption, integer, peer authentication and non-repudiation for application layer communication software of browser clients' and web server. The system can implement automatic allocation and united management of key through setting up the CA in the network.

  18. Metrics. [measurement for effective software development and management

    NASA Technical Reports Server (NTRS)

    Mcgarry, Frank

    1991-01-01

    A development status evaluation is presented for practical software performance measurement, or 'metrics', in which major innovations have recently occurred. Metrics address such aspects of software performance as whether a software project is on schedule, how many errors can be expected from it, whether the methodology being used is effective and the relative quality of the software employed. Metrics may be characterized as explicit, analytical, and subjective. Attention is given to the bases for standards and the conduct of metrics research.

  19. What's Ahead for Campus Security?

    ERIC Educational Resources Information Center

    Queeno, Cam

    2000-01-01

    Identifies five trends in security technology and what they mean for colleges and universities in the near future. Trends addressed are: less emphasis on complete system integration; increased prevalence of open networking protocol systems; rising use of proximity and smart cards; increased use of digital technology and remote video surveillance;…

  20. Dynamic security assessment processing system

    NASA Astrophysics Data System (ADS)

    Tang, Lei

    The architecture of dynamic security assessment processing system (DSAPS) is proposed to address online dynamic security assessment (DSA) with focus of the dissertation on low-probability, high-consequence events. DSAPS upgrades current online DSA functions and adds new functions to fit into the modern power grid. Trajectory sensitivity analysis is introduced and its applications in power system are reviewed. An index is presented to assess transient voltage dips quantitatively using trajectory sensitivities. Then the framework of anticipatory computing system (ACS) for cascading defense is presented as an important function of DSAPS. ACS addresses various security problems and the uncertainties in cascading outages. Corrective control design is automated to mitigate the system stress in cascading progressions. The corrective controls introduced in the dissertation include corrective security constrained optimal power flow, a two-stage load control for severe under-frequency conditions, and transient stability constrained optimal power flow for cascading outages. With state-of-the-art computing facilities to perform high-speed extended-term time-domain simulation and optimization for large-scale systems, DSAPS/ACS efficiently addresses online DSA for low-probability, high-consequence events, which are not addressed by today's industrial practice. Human interference is reduced in the computationally burdensome analysis.

  1. Barriers to creating a secure MPI

    SciTech Connect

    Brightwell, R.; Greenberg, D.S.; Matt, B.J.; Davida, G.I.

    1997-08-01

    This paper explores some of the many issues in developing security enhanced MPI for embedded real-time systems supporting the Department of Defense`s Multi-level Security policy (DoD MLS) are presented along with the preliminary design for such an MPI variant. In addition some of the many issues that need to be addressed in creating security enhanced versions of MPI for other domains are discussed. 19 refs.

  2. Software distribution using xnetlib

    SciTech Connect

    Dongarra, J.J. |; Rowan, T.H.; Wade, R.C.

    1993-06-01

    Xnetlib is a new tool for software distribution. Whereas its predecessor netlib uses e-mail as the user interface to its large collection of public-domain mathematical software, xnetlib uses an X Window interface and socket-based communication. Xnetlib makes it easy to search through a large distributed collection of software and to retrieve requested software in seconds.

  3. Agile Software Development

    ERIC Educational Resources Information Center

    Biju, Soly Mathew

    2008-01-01

    Many software development firms are now adopting the agile software development method. This method involves the customer at every level of software development, thus reducing the impact of change in the requirement at a later stage. In this article, the principles of the agile method for software development are explored and there is a focus on…

  4. Security Services Discovery by ATM Endsystems

    SciTech Connect

    Sholander, Peter; Tarman, Thomas

    1999-07-15

    This contribution proposes strawman techniques for Security Service Discovery by ATM endsystems in ATM networks. Candidate techniques include ILMI extensions, ANS extensions and new ATM anycast addresses. Another option is a new protocol based on an IETF service discovery protocol, such as Service Location Protocol (SLP). Finally, this contribution provides strawman requirements for Security-Based Routing in ATM networks.

  5. Software productivity improvement through software engineering technology

    NASA Technical Reports Server (NTRS)

    Mcgarry, F. E.

    1985-01-01

    It has been estimated that NASA expends anywhere from 6 to 10 percent of its annual budget on the acquisition, implementation and maintenance of computer software. Although researchers have produced numerous software engineering approaches over the past 5-10 years; each claiming to be more effective than the other, there is very limited quantitative information verifying the measurable impact htat any of these technologies may have in a production environment. At NASA/GSFC, an extended research effort aimed at identifying and measuring software techniques that favorably impact productivity of software development, has been active over the past 8 years. Specific, measurable, software development technologies have been applied and measured in a production environment. Resulting software development approaches have been shown to be effective in both improving quality as well as productivity in this one environment.

  6. Software Formal Inspections Standard

    NASA Technical Reports Server (NTRS)

    1993-01-01

    This Software Formal Inspections Standard (hereinafter referred to as Standard) is applicable to NASA software. This Standard defines the requirements that shall be fulfilled by the software formal inspections process whenever this process is specified for NASA software. The objective of this Standard is to define the requirements for a process that inspects software products to detect and eliminate defects as early as possible in the software life cycle. The process also provides for the collection and analysis of inspection data to improve the inspection process as well as the quality of the software.

  7. Security Systems Consideration: A Total Security Approach

    NASA Astrophysics Data System (ADS)

    Margariti, S. V.; Meletiou, G.; Stergiou, E.; Vasiliadis, D. C.; Rizos, G. E.

    2007-12-01

    The "safety" problem for protection systems is to determine in a given situation whether a subject can acquire a particular right to an object. Security and audit operation face the process of securing the application on computing and network environment; however, storage security has been somewhat overlooked due to other security solutions. This paper identifies issues for data security, threats and attacks, summarizes security concepts and relationships, and also describes storage security strategies. It concludes with recommended storage security plan for a total security solution.

  8. VOUS Software Facilitates Development Of Other Software

    NASA Technical Reports Server (NTRS)

    Oliger, Joseph; Pichumani, Ramini; Ponceleon, Dulce

    1992-01-01

    Visual Object Oriented Unification System (VOUS) computer program provides facility for development of other, high-level software. Does not replace, but rather extends, preexisting software tools for development of other software. Provides comprehensive, graphical, interactive medium for all phases in development of computer code from early exploration of concepts, through detailed coding-and-error-checking process, to final reporting of finished code and compilation of instruction manual for its use. Simplifies and partly automates programmer's task.

  9. Safety Software Guide Perspectives for the Design of New Nuclear Facilities (U)

    SciTech Connect

    VINCENT, Andrew

    2005-07-14

    In June of this year, the Department of Energy (DOE) issued directives DOE O 414.1C and DOE G 414.1-4 to improve quality assurance programs, processes, and procedures among its safety contractors. Specifically, guidance entitled, ''Safety Software Guide for use with 10 CFR 830 Subpart A, Quality Assurance Requirements, and DOE O 414.1C, Quality Assurance, DOE G 414.1-4'', provides information and acceptable methods to comply with safety software quality assurance (SQA) requirements. The guidance provides a roadmap for meeting DOE O 414.1C, ''Quality Assurance'', and the quality assurance program (QAP) requirements of Title 10 Code of Federal Regulations (CFR) 830, Subpart A, Quality Assurance, for DOE nuclear facilities and software application activities. [1, 2] The order and guide are part of a comprehensive implementation plan that addresses issues and concerns documented in Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 2002-1. [3] Safety SQA requirements for DOE as well as National Nuclear Security Administration contractors are necessary to implement effective quality assurance (QA) processes and achieve safe nuclear facility operations. DOE G 414.1-4 was developed to provide guidance on establishing and implementing effective QA processes tied specifically to nuclear facility safety software applications. The Guide includes software application practices covered by appropriate national and international consensus standards and various processes currently in use at DOE facilities. While the safety software guidance is considered to be of sufficient rigor and depth to ensure acceptable reliability of safety software at all DOE nuclear facilities, new nuclear facilities are well suited to take advantage of the guide to ensure compliant programs and processes are implemented. Attributes such as the facility life-cycle stage and the hazardous nature of each facility operations are considered, along with the category and level of importance of the

  10. Software For Computing Reliability Of Other Software

    NASA Technical Reports Server (NTRS)

    Nikora, Allen; Antczak, Thomas M.; Lyu, Michael

    1995-01-01

    Computer Aided Software Reliability Estimation (CASRE) computer program developed for use in measuring reliability of other software. Easier for non-specialists in reliability to use than many other currently available programs developed for same purpose. CASRE incorporates mathematical modeling capabilities of public-domain Statistical Modeling and Estimation of Reliability Functions for Software (SMERFS) computer program and runs in Windows software environment. Provides menu-driven command interface; enabling and disabling of menu options guides user through (1) selection of set of failure data, (2) execution of mathematical model, and (3) analysis of results from model. Written in C language.

  11. Starlink Software Submission

    NASA Astrophysics Data System (ADS)

    Lawden, M. D.

    The definition, structure and management of the Starlink Software Collection is described in SGP/20 which should be read by everyone involved in the production of software for the Starlink project. The Collection is managed by the Starlink Software Librarian (username STAR) who decides where new software should be stored in the existing structure and who has editorial control of Starlink documentation. This paper describes the principles governing the preparation and submission of software for inclusion in the Collection.

  12. Responsbility for unreliable software

    SciTech Connect

    Wahl, N.J.

    1994-12-31

    Unreliable software exposes software developers and distributors to legal risks. Under certain circumstances, the developer and distributor of unreliable software can be sued. To avoid lawsuits, software developers should do the following: determine what the risks am, understand the extent of the risks, and identify ways of avoiding the risks and lessening the consequences of the risks. Liability issues associated with unreliable software are explored in this article.

  13. Software component quality evaluation

    NASA Technical Reports Server (NTRS)

    Clough, A. J.

    1991-01-01

    The paper describes a software inspection process that can be used to evaluate the quality of software components. Quality criteria, process application, independent testing of the process and proposed associated tool support are covered. Early results indicate that this technique is well suited for assessing software component quality in a standardized fashion. With automated machine assistance to facilitate both the evaluation and selection of software components, such a technique should promote effective reuse of software components.

  14. Library and Archival Security: Policies and Procedures To Protect Holdings from Theft and Damage.

    ERIC Educational Resources Information Center

    Trinkaus-Randall, Gregor

    1998-01-01

    Firm policies and procedures that address the environment, patron/staff behavior, general attitude, and care and handling of materials need to be at the core of the library/archival security program. Discussion includes evaluating a repository's security needs, collections security, security in non-public areas, security in the reading room,…

  15. Cyber-Security Considerations for the Smart Grid

    SciTech Connect

    Clements, Samuel L.; Kirkham, Harold

    2010-07-26

    The electrical power grid is evolving into the “smart grid”. The goal of the smart grid is to improve efficiency and availability of power by adding more monitoring and control capabilities. These new technologies and mechanisms are certain to introduce vulnerabilities into the power grid. In this paper we provide an overview of the cyber security state of the electrical power grid. We highlight some of the vulnerabilities that already exist in the power grid including limited capacity systems, implicit trust and the lack of authentication. We also address challenges of complexity, scale, added capabilities and the move to multipurpose hardware and software as the power grid is upgraded. These changes create vulnerabilities that did not exist before and bring increased risks. We conclude the paper by showing that there are a number mitigation strategies that can help keep the risk at an acceptable level.

  16. Network Security Validation Using Game Theory

    NASA Astrophysics Data System (ADS)

    Papadopoulou, Vicky; Gregoriades, Andreas

    Non-functional requirements (NFR) such as network security recently gained widespread attention in distributed information systems. Despite their importance however, there is no systematic approach to validate these requirements given the complexity and uncertainty characterizing modern networks. Traditionally, network security requirements specification has been the results of a reactive process. This however, limited the immunity property of the distributed systems that depended on these networks. Security requirements specification need a proactive approach. Networks' infrastructure is constantly under attack by hackers and malicious software that aim to break into computers. To combat these threats, network designers need sophisticated security validation techniques that will guarantee the minimum level of security for their future networks. This paper presents a game-theoretic approach to security requirements validation. An introduction to game theory is presented along with an example that demonstrates the application of the approach.

  17. Cyber Security Threats to Safety-Critical, Space-Based Infrastructures

    NASA Astrophysics Data System (ADS)

    Johnson, C. W.; Atencia Yepez, A.

    2012-01-01

    Space-based systems play an important role within national critical infrastructures. They are being integrated into advanced air-traffic management applications, rail signalling systems, energy distribution software etc. Unfortunately, the end users of communications, location sensing and timing applications often fail to understand that these infrastructures are vulnerable to a wide range of security threats. The following pages focus on concerns associated with potential cyber-attacks. These are important because future attacks may invalidate many of the safety assumptions that support the provision of critical space-based services. These safety assumptions are based on standard forms of hazard analysis that ignore cyber-security considerations This is a significant limitation when, for instance, security attacks can simultaneously exploit multiple vulnerabilities in a manner that would never occur without a deliberate enemy seeking to damage space based systems and ground infrastructures. We address this concern through the development of a combined safety and security risk assessment methodology. The aim is to identify attack scenarios that justify the allocation of additional design resources so that safety barriers can be strengthened to increase our resilience against security threats.

  18. Day, night, and all-weather security surveillance automation: synergy from combining two powerful technologies

    NASA Astrophysics Data System (ADS)

    Morellas, Vassilios; Johnston, Chris; Johnson, Andrew; Roberts, Sharon D.; Francisco, Glen L.

    2005-05-01

    Thermal imaging is rightfully a real-world technology proven to bring confidence to daytime, nighttime and all weather security surveillance. Automatic image processing intrusion detection algorithms are also a real world technology proven to bring confidence to system surveillance security solutions. Together, day, night and all weather video imagery sensors and automated intrusion detection software systems create the real power to protect early against crime, providing real-time global homeland protection, rather than simply being able to monitor and record activities for post event analysis. These solutions, whether providing automatic security system surveillance at airports (to automatically detect unauthorized aircraft takeoff and landing activities) or at high risk private, public or government facilities (to automatically detect unauthorized people or vehicle intrusion activities) are on the move to provide end users the power to protect people, capital equipment and intellectual property against acts of vandalism and terrorism. As with any technology, infrared sensors and automatic image intrusion detection systems for global homeland security protection have clear technological strengths and limitations compared to other more common day and night vision technologies or more traditional manual man-in-the-loop intrusion detection security systems. This paper addresses these strength and limitation capabilities. False Alarm (FAR) and False Positive Rate (FPR) is an example of some of the key customer system acceptability metrics and Noise Equivalent Temperature Difference (NETD) and Minimum Resolvable Temperature are examples of some of the sensor level performance acceptability metrics.

  19. Day, night and all-weather security surveillance automation synergy from combining two powerful technologies

    SciTech Connect

    Morellas, Vassilios; Johnson, Andrew; Johnston, Chris; Roberts, Sharon D.; Francisco, Glen L.

    2006-07-01

    Thermal imaging is rightfully a real-world technology proven to bring confidence to daytime, night-time and all weather security surveillance. Automatic image processing intrusion detection algorithms are also a real world technology proven to bring confidence to system surveillance security solutions. Together, day, night and all weather video imagery sensors and automated intrusion detection software systems create the real power to protect early against crime, providing real-time global homeland protection, rather than simply being able to monitor and record activities for post event analysis. These solutions, whether providing automatic security system surveillance at airports (to automatically detect unauthorized aircraft takeoff and landing activities) or at high risk private, public or government facilities (to automatically detect unauthorized people or vehicle intrusion activities) are on the move to provide end users the power to protect people, capital equipment and intellectual property against acts of vandalism and terrorism. As with any technology, infrared sensors and automatic image intrusion detection systems for global homeland security protection have clear technological strengths and limitations compared to other more common day and night vision technologies or more traditional manual man-in-the-loop intrusion detection security systems. This paper addresses these strength and limitation capabilities. False Alarm (FAR) and False Positive Rate (FPR) is an example of some of the key customer system acceptability metrics and Noise Equivalent Temperature Difference (NETD) and Minimum Resolvable Temperature are examples of some of the sensor level performance acceptability metrics. (authors)

  20. Non-developmental item computer systems and the malicious software threat

    NASA Technical Reports Server (NTRS)

    Bown, Rodney L.

    1991-01-01

    The following subject areas are covered: a DOD development system - the Army Secure Operating System; non-development commercial computer systems; security, integrity, and assurance of service (SI and A); post delivery SI and A and malicious software; computer system unique attributes; positive feedback to commercial computer systems vendors; and NDI (Non-Development Item) computers and software safety.

  1. Suggestions for better election security.

    SciTech Connect

    Johnston, R.G.; Warner, J.S.

    2011-01-01

    Summary of Common Security Mistakes: (1) Electronic voting machines that fundamentally lack security thought and features, including an ability to detect tampering or intrusion, or to be reliably locked or sealed; (2) Failure to disassemble, inspect, and thoroughly inspect (not just test) a sufficient number of voting machines before and after elections in order to detect hardware or software tampering; (3) Assuming that tamper - indicating seals will either be blatantly ripped/smashed open, or else there is no tampering. In reality, even amateurs can spoof most seals leaving (at most) subtle evidence; (4) Inadequate seal use protocols and training of seal installers and inspectors. Failure to show examples of blatantly and subtly attacked seals to seal inspectors; (5) Over confidence in use of a voter verified paper record (VVPR), a VVPR is an excellent security countermeasure, but it is not a silver bullet, especially for an election organization with poor overall security; (6) Little or no insider thr at mitigation; and (7) A poor security culture, including denial and no a priori procedures for dealing with security questions or concerns.

  2. Scientific Software - Publish, Cite, and get Credit for your Code

    NASA Astrophysics Data System (ADS)

    Hammitzsch, M.; Klump, J. F.; Fenner, M.; Pampel, H.; Bertelmann, R.; Brembs, B.; Deinzer, G.; Reusser, D. E.; Fritzsch, B.; Loewe, P.; Wächter, J.

    2014-12-01

    Scientific software takes on an increasingly prominent role in research. In particular in the sciences software has become an indispensable element in the research process. The way we handle software has a significant influence on the quality of research results, their traceability and reproducibility. In order to strengthen the recognition of scientific results achieved by software and to improve its visibility, the scientific community is actively working on concepts and solutions enabling researchers to publish software, cite it and be credited for it. For software to be a valuable and citeable contribution to science, the publication of scientific software must meet the quality criteria of the scientific discourse. As with data publication, defined processes and persistent identifiers should be used to make the results of research reproducible. Also, the specific needs of research have to be addressed and joined with experience gained in the field of development of free and open source software. A common understanding of handling scientific software with defined processes must be developed jointly. These processes have to address questions regarding quality assurance, versioning and documentation, traceability, reproducibility and reusability. Furthermore, the archiving of source code and executables, the use of persistent identifiers, and metrics measuring productivity, impact, and recognition have to be addressed. Especially when looking at software in the context of scientific publications only insufficient solutions exist to date. Even though it is possible to mint DOIs to identify archived source code copies, quality ensured by reviews is not addressed properly. But deserving credit for a software publication requires measures assessing the value of the published software. Subject-specific reviews paired with software-specific expertise would open up new possibilities leveraging interdisciplinarity and the interplay of complementary scientific fields such

  3. Software Quality Assurance Metrics

    NASA Technical Reports Server (NTRS)

    McRae, Kalindra A.

    2004-01-01

    Software Quality Assurance (SQA) is a planned and systematic set of activities that ensures conformance of software life cycle processes and products conform to requirements, standards and procedures. In software development, software quality means meeting requirements and a degree of excellence and refinement of a project or product. Software Quality is a set of attributes of a software product by which its quality is described and evaluated. The set of attributes includes functionality, reliability, usability, efficiency, maintainability, and portability. Software Metrics help us understand the technical process that is used to develop a product. The process is measured to improve it and the product is measured to increase quality throughout the life cycle of software. Software Metrics are measurements of the quality of software. Software is measured to indicate the quality of the product, to assess the productivity of the people who produce the product, to assess the benefits derived from new software engineering methods and tools, to form a baseline for estimation, and to help justify requests for new tools or additional training. Any part of the software development can be measured. If Software Metrics are implemented in software development, it can save time, money, and allow the organization to identify the caused of defects which have the greatest effect on software development. The summer of 2004, I worked with Cynthia Calhoun and Frank Robinson in the Software Assurance/Risk Management department. My task was to research and collect, compile, and analyze SQA Metrics that have been used in other projects that are not currently being used by the SA team and report them to the Software Assurance team to see if any metrics can be implemented in their software assurance life cycle process.

  4. Secure Video Surveillance System (SVSS) for unannounced safeguards inspections.

    SciTech Connect

    Galdoz, Erwin G. , Rio de Janeiro, Brazil); Pinkalla, Mark

    2010-09-01

    The Secure Video Surveillance System (SVSS) is a collaborative effort between the U.S. Department of Energy (DOE), Sandia National Laboratories (SNL), and the Brazilian-Argentine Agency for Accounting and Control of Nuclear Materials (ABACC). The joint project addresses specific requirements of redundant surveillance systems installed in two South American nuclear facilities as a tool to support unannounced inspections conducted by ABACC and the International Atomic Energy Agency (IAEA). The surveillance covers the critical time (as much as a few hours) between the notification of an inspection and the access of inspectors to the location in facility where surveillance equipment is installed. ABACC and the IAEA currently use the EURATOM Multiple Optical Surveillance System (EMOSS). This outdated system is no longer available or supported by the manufacturer. The current EMOSS system has met the project objective; however, the lack of available replacement parts and system support has made this system unsustainable and has increased the risk of an inoperable system. A new system that utilizes current technology and is maintainable is required to replace the aging EMOSS system. ABACC intends to replace one of the existing ABACC EMOSS systems by the Secure Video Surveillance System. SVSS utilizes commercial off-the shelf (COTS) technologies for all individual components. Sandia National Laboratories supported the system design for SVSS to meet Safeguards requirements, i.e. tamper indication, data authentication, etc. The SVSS consists of two video surveillance cameras linked securely to a data collection unit. The collection unit is capable of retaining historical surveillance data for at least three hours with picture intervals as short as 1sec. Images in .jpg format are available to inspectors using various software review tools. SNL has delivered two SVSS systems for test and evaluation at the ABACC Safeguards Laboratory. An additional 'proto-type' system remains

  5. Asian Energy Security

    SciTech Connect

    Peter Hayes, PhD

    2003-12-01

    OAK-B135 In the Asian Energy Security (AES) Project, Nautilus Institute works together with a network of collaborating groups from the countries of Northeast Asia to evaluate the energy security implications of different national and regional energy ''paths''. The goal of the Asia Energy Security project is to illuminate energy paths--and the energy policy choices that might help to bring them about--that result in a higher degree of energy security for the region and for the world as a whole, that is, to identify energy paths that are ''robust'' in meeting many different energy security and development objectives, while also offering flexibility in the face of uncertainty. In work to date, Nautilus has carefully assembled a network of colleagues from the countries of the region, trained them together as a group in the use of a common, flexible, and transparent energy and environmental analysis planning software tool (LEAP, the Long-range Energy Alternatives Planning system), and worked with them to prepare base-year energy sector models for each country. To date, complete data sets and models for ''Business as Usual'' (BAU) energy paths have been compiled for China, Japan, the Republic of Korea, and the Democratic Peoples' Republic of Korea. A partial data set and BAU path has been compiled for the Russian Far East, and a data set is being started in Mongolia, where a team of researchers has just joined the AES project. In several countries, ''Alternative'' energy paths have been developed as well, or partially elaborated. National energy sector developments, progress on national LEAP modeling, additional LEAP training, and planning for the next phase of the AES project were the topics of a recent (early November) workshop held in Vancouver, British Columbia. With funding from the Department of Energy, Nautilus is poised to build upon the successes of the project to date with a coordinated international effort to research the energy security ramifications of

  6. Nuclear security

    SciTech Connect

    Not Available

    1991-07-01

    This paper reports that despite an Executive Order limiting the authority to make original classification decisions to government officials, DOE has delegated this authority to a number of contractor employees. Although the number of original classification decisions made by these contractors is small, this neither negates nor diminishes the significance of the improper delegation of authority. If misclassification were to occur, particularly at the Top Secret level, U.S. national security interests could potentially be seriously affected and threatened. DOE's argument that the delegation of such authority is a long-standing policy and done on a selective basis does not legitimize the practice and does not relieve DOE of its responsibility to meet the requirements of the Executive Order. DOE needs to independently assess all original classification determinations made by contractors; otherwise, it cannot be sure that U.S. national security interests have been or are being adequately protected.

  7. The theory of diversity and redundancy in information system security : LDRD final report.

    SciTech Connect

    Mayo, Jackson R.; Torgerson, Mark Dolan; Walker, Andrea Mae; Armstrong, Robert C.; Allan, Benjamin A.; Pierson, Lyndon George

    2010-10-01

    The goal of this research was to explore first principles associated with mixing of diverse implementations in a redundant fashion to increase the security and/or reliability of information systems. Inspired by basic results in computer science on the undecidable behavior of programs and by previous work on fault tolerance in hardware and software, we have investigated the problem and solution space for addressing potentially unknown and unknowable vulnerabilities via ensembles of implementations. We have obtained theoretical results on the degree of security and reliability benefits from particular diverse system designs, and mapped promising approaches for generating and measuring diversity. We have also empirically studied some vulnerabilities in common implementations of the Linux operating system and demonstrated the potential for diversity to mitigate these vulnerabilities. Our results provide foundational insights for further research on diversity and redundancy approaches for information systems.

  8. Watermarking SDK implementation to facilitate integration in a secure healthcare environment.

    PubMed

    Tagaris, Anastassios; Giakoumaki, Aggeliki; Karle, Lars; Koutsouris, Dimitris

    2006-01-01

    The implementation of digital watermarking technology in healthcare applications is still in its infancy; however, the benefits of exploring this technology towards secure and efficient health data management are steadily propagated and realized by the research community. The paper presents the architecture of a watermarking software development kit (SDK), which provides multiple watermarking functionality and can be customized according to the targeted medical application, in order to address security of sensitive data, origin and data authentication, image archiving and retrieval. Two use cases of the proposed watermarking SDK are presented, the one involving access to the watermarking engine through a user interface, and the other referring to the case that the engine is embedded into the image acquisition device. The nature of the embeddable information that is applicable in each use case is also described. PMID:17946558

  9. Security system

    DOEpatents

    Baumann, Mark J.; Kuca, Michal; Aragon, Mona L.

    2016-02-02

    A security system includes a structure having a structural surface. The structure is sized to contain an asset therein and configured to provide a forceful breaching delay. The structure has an opening formed therein to permit predetermined access to the asset contained within the structure. The structure includes intrusion detection features within or associated with the structure that are activated in response to at least a partial breach of the structure.

  10. Security seal

    DOEpatents

    Gobeli, Garth W.

    1985-01-01

    Security for a package or verifying seal in plastic material is provided by a print seal with unique thermally produced imprints in the plastic. If tampering is attempted, the material is irreparably damaged and thus detectable. The pattern of the imprints, similar to "fingerprints" are recorded as a positive identification for the seal, and corresponding recordings made to allow comparison. The integrity of the seal is proved by the comparison of imprint identification records made by laser beam projection.

  11. Addressing problems of employee performance.

    PubMed

    McConnell, Charles R

    2011-01-01

    Employee performance problems are essentially of 2 kinds: those that are motivational in origin and those resulting from skill deficiencies. Both kinds of problems are the province of the department manager. Performance problems differ from problems of conduct in that traditional disciplinary processes ordinarily do not apply. Rather, performance problems are addressed through educational and remedial processes. The manager has a basic responsibility in ensuring that everything reasonable is done to help each employee succeed. There are a number of steps the manager can take to address employee performance problems. PMID:21537142

  12. A Probabilistic Software System Attribute Acceptance Paradigm for COTS Software Evaluation

    NASA Technical Reports Server (NTRS)

    Morris, A. Terry

    2005-01-01

    Standard software requirement formats are written from top-down perspectives only, that is, from an ideal notion of a client s needs. Despite the exactness of the standard format, software and system errors in designed systems have abounded. Bad and inadequate requirements have resulted in cost overruns, schedule slips and lost profitability. Commercial off-the-shelf (COTS) software components are even more troublesome than designed systems because they are often provided as is and subsequently delivered with unsubstantiated validation of described capabilities. For COTS software, there needs to be a way to express the client s software needs in a consistent and formal manner using software system attributes derived from software quality standards. Additionally, the format needs to be amenable to software evaluation processes that integrate observable evidence garnered from historical data. This paper presents a paradigm that effectively bridges the gap between what a client desires (top-down) and what has been demonstrated (bottom-up) for COTS software evaluation. The paradigm addresses the specification of needs before the software evaluation is performed and can be used to increase the shared understanding between clients and software evaluators about what is required and what is technically possible.

  13. Payload software technology: Software technology development plan

    NASA Technical Reports Server (NTRS)

    1977-01-01

    Programmatic requirements for the advancement of software technology are identified for meeting the space flight requirements in the 1980 to 1990 time period. The development items are described, and software technology item derivation worksheets are presented along with the cost/time/priority assessments.

  14. Software For Simulation Of Development Of Software

    NASA Technical Reports Server (NTRS)

    Tausworthe, Robert C.

    1991-01-01

    SOFTREL is prototype software package simulating creation, detection, and repair of defects and faults during software-development project. Personnel, resources, errors, and other realistic factors represented in simulation. Available in executable form only for IBM PC. SOFTREL is copyrighted work with all copyright vested in NASA.

  15. Software Engineering Program: Software Process Improvement Guidebook

    NASA Technical Reports Server (NTRS)

    1996-01-01

    The purpose of this document is to provide experience-based guidance in implementing a software process improvement program in any NASA software development or maintenance community. This guidebook details how to define, operate, and implement a working software process improvement program. It describes the concept of the software process improvement program and its basic organizational components. It then describes the structure, organization, and operation of the software process improvement program, illustrating all these concepts with specific NASA examples. The information presented in the document is derived from the experiences of several NASA software organizations, including the SEL, the SEAL, and the SORCE. Their experiences reflect many of the elements of software process improvement within NASA. This guidebook presents lessons learned in a form usable by anyone considering establishing a software process improvement program within his or her own environment. This guidebook attempts to balance general and detailed information. It provides material general enough to be usable by NASA organizations whose characteristics do not directly match those of the sources of the information and models presented herein. It also keeps the ideas sufficiently close to the sources of the practical experiences that have generated the models and information.

  16. Software Defined Radio with Parallelized Software Architecture

    NASA Technical Reports Server (NTRS)

    Heckler, Greg

    2013-01-01

    This software implements software-defined radio procession over multicore, multi-CPU systems in a way that maximizes the use of CPU resources in the system. The software treats each processing step in either a communications or navigation modulator or demodulator system as an independent, threaded block. Each threaded block is defined with a programmable number of input or output buffers; these buffers are implemented using POSIX pipes. In addition, each threaded block is assigned a unique thread upon block installation. A modulator or demodulator system is built by assembly of the threaded blocks into a flow graph, which assembles the processing blocks to accomplish the desired signal processing. This software architecture allows the software to scale effortlessly between single CPU/single-core computers or multi-CPU/multi-core computers without recompilation. NASA spaceflight and ground communications systems currently rely exclusively on ASICs or FPGAs. This software allows low- and medium-bandwidth (100 bps to approx.50 Mbps) software defined radios to be designed and implemented solely in C/C++ software, while lowering development costs and facilitating reuse and extensibility.

  17. Software Defined Radio with Parallelized Software Architecture

    NASA Technical Reports Server (NTRS)

    Heckler, Greg

    2013-01-01

    This software implements software-defined radio procession over multi-core, multi-CPU systems in a way that maximizes the use of CPU resources in the system. The software treats each processing step in either a communications or navigation modulator or demodulator system as an independent, threaded block. Each threaded block is defined with a programmable number of input or output buffers; these buffers are implemented using POSIX pipes. In addition, each threaded block is assigned a unique thread upon block installation. A modulator or demodulator system is built by assembly of the threaded blocks into a flow graph, which assembles the processing blocks to accomplish the desired signal processing. This software architecture allows the software to scale effortlessly between single CPU/single-core computers or multi-CPU/multi-core computers without recompilation. NASA spaceflight and ground communications systems currently rely exclusively on ASICs or FPGAs. This software allows low- and medium-bandwidth (100 bps to .50 Mbps) software defined radios to be designed and implemented solely in C/C++ software, while lowering development costs and facilitating reuse and extensibility.

  18. The safety implications of emerging software paradigms

    SciTech Connect

    Suski, G.J.; Persons, W.L.; Johnson, G.L.

    1994-10-01

    This paper addresses some of the emerging software paradigms that may be used in developing safety-critical software applications. Paradigms considered in this paper include knowledge-based systems, neural networks, genetic algorithms, and fuzzy systems. It presents one view of the software verification and validation activities that should be associated with each paradigm. The paper begins with a discussion of the historical evolution of software verification and validation. Next, a comparison is made between the verification and validation processes used for conventional and emerging software systems. Several verification and validation issues for the emerging paradigms are discussed and some specific research topics are identified. This work is relevant for monitoring and control at nuclear power plants.

  19. Space Shuttle Software Development and Certification

    NASA Technical Reports Server (NTRS)

    Orr, James K.; Henderson, Johnnie A

    2000-01-01

    Man-rated software, "software which is in control of systems and environments upon which human life is critically dependent," must be highly reliable. The Space Shuttle Primary Avionics Software System is an excellent example of such a software system. Lessons learn from more than 20 years of effort have identified basic elements that must be present to achieve this high degree of reliability. The elements include rigorous application of appropriate software development processes, use of trusted tools to support those processes, quantitative process management, and defect elimination and prevention. This presentation highlights methods used within the Space Shuttle project and raises questions that must be addressed to provide similar success in a cost effective manner on future long-term projects where key application development tools are COTS rather than internally developed custom application development tools

  20. Addressing the Need for Independence in the CSE Model

    SciTech Connect

    Abercrombie, Robert K; Ferragut, Erik M; Sheldon, Frederick T; Grimaila, Michael R

    2011-01-01

    Abstract Information system security risk, defined as the product of the monetary losses associated with security incidents and the probability that they occur, is a suitable decision criterion when considering different information system architectures. Risk assessment is the widely accepted process used to understand, quantify, and document the effects of undesirable events on organizational objectives so that risk management, continuity of operations planning, and contingency planning can be performed. One technique, the Cyberspace Security Econometrics System (CSES), is a methodology for estimating security costs to stakeholders as a function of possible risk postures. In earlier works, we presented a computational infrastructure that allows an analyst to estimate the security of a system in terms of the loss that each stakeholder stands to sustain, as a result of security breakdowns. Additional work has applied CSES to specific business cases. The current state-of-the-art of CSES addresses independent events. In typical usage, analysts create matrices that capture their expert opinion, and then use those matrices to quantify costs to stakeholders. This expansion generalizes CSES to the common real-world case where events may be dependent.

  1. The Management and Security Expert (MASE)

    NASA Technical Reports Server (NTRS)

    Miller, Mark D.; Barr, Stanley J.; Gryphon, Coranth D.; Keegan, Jeff; Kniker, Catherine A.; Krolak, Patrick D.

    1991-01-01

    The Management and Security Expert (MASE) is a distributed expert system that monitors the operating systems and applications of a network. It is capable of gleaning the information provided by the different operating systems in order to optimize hardware and software performance; recognize potential hardware and/or software failure, and either repair the problem before it becomes an emergency, or notify the systems manager of the problem; and monitor applications and known security holes for indications of an intruder or virus. MASE can eradicate much of the guess work of system management.

  2. CYBER/PHYSICAL SECURITY VULNERABILITY ASSESSMENT INTEGRATION

    SciTech Connect

    MacDonald, Douglas G.; Key, Brad; Clements, Samuel L.; Hutton, William J.; Craig, Philip A.; Patrick, Scott W.; Crawford, Cary E.

    2011-07-17

    This internally funded Laboratory-Directed R&D project by the Pacific Northwest National Laboratory, in conjunction with QinetiQ North America, is intended to identify and properly assess areas of overlap (and interaction) in the vulnerability assessment process between cyber security and physical protection. Existing vulnerability analysis (VA) processes and software tools exist, and these are heavily utilized in the determination of predicted vulnerability within the physical and cyber security domains. These determinations are normally performed independently of one another, and only interact on a superficial level. Both physical and cyber security subject matter experts have come to realize that though the various interactive elements exist, they are not currently quantified in most periodic security assessments. This endeavor aims to evaluate both physical and cyber VA techniques and provide a strategic approach to integrate the interdependent relationships of each into a single VA capability. This effort will also transform the existing suite of software currently utilized in the physical protection world to more accurately quantify the risk associated with a blended attack scenario. Performance databases will be created to support the characterization of the cyber security elements, and roll them into prototype software tools. This new methodology and software capability will enable analysts to better identify and assess the overall risk during a vulnerability analysis.

  3. Security for safety critical space borne systems

    NASA Technical Reports Server (NTRS)

    Legrand, Sue

    1987-01-01

    The Space Station contains safety critical computer software components in systems that can affect life and vital property. These components require a multilevel secure system that provides dynamic access control of the data and processes involved. A study is under way to define requirements for a security model providing access control through level B3 of the Orange Book. The model will be prototyped at NASA-Johnson Space Center.

  4. Addressing Phonological Questions with Ultrasound

    ERIC Educational Resources Information Center

    Davidson, Lisa

    2005-01-01

    Ultrasound can be used to address unresolved questions in phonological theory. To date, some studies have shown that results from ultrasound imaging can shed light on how differences in phonological elements are implemented. Phenomena that have been investigated include transitional schwa, vowel coalescence, and transparent vowels. A study of…

  5. Communities Address Barriers to Connectivity.

    ERIC Educational Resources Information Center

    Byers, Anne

    1996-01-01

    Rural areas lag behind urban areas in access to information technologies. Public institutions play a critical role in extending the benefits of information technologies to those who would not otherwise have access. The most successful rural telecommunications plans address barriers to use, such as unawareness of the benefits, technophobia, the…

  6. Keynote Address: Rev. Mark Massa

    ERIC Educational Resources Information Center

    Massa, Mark S.

    2011-01-01

    Rev. Mark S. Massa, S.J., is the dean and professor of Church history at the School of Theology and Ministry at Boston College. He was invited to give a keynote to begin the third Catholic Higher Education Collaborative Conference (CHEC), cosponsored by Boston College and Fordham University. Fr. Massa's address posed critical questions about…

  7. State of the Lab Address

    ScienceCinema

    King, Alex

    2013-03-01

    In his third-annual State of the Lab address, Ames Laboratory Director Alex King called the past year one of "quiet but strong progress" and called for Ames Laboratory to continue to build on its strengths while responding to changing expectations for energy research.

  8. State of the Lab Address

    SciTech Connect

    King, Alex

    2010-01-01

    In his third-annual State of the Lab address, Ames Laboratory Director Alex King called the past year one of "quiet but strong progress" and called for Ames Laboratory to continue to build on its strengths while responding to changing expectations for energy research.

  9. Enhanced Usage of Keys Obtained by Physical, Unconditionally Secure Distributions

    NASA Astrophysics Data System (ADS)

    Kish, Laszlo B.; Granqvist, Claes-Göran

    2015-04-01

    Unconditionally secure physical key distribution schemes are very slow, and it is practically impossible to use a one-time-pad based cipher to guarantee unconditional security for the encryption of data because using the key bits more than once gives out statistical information, for example via the known-plain-text-attack or by utilizing known components of the protocol and language statistics. Here, we outline a protocol that reduces this speed problem and allows almost-one-time-pad based communication with an unconditionally secure physical key of finite length. The physical, unconditionally secure key is not used for data encryption but is employed in order to generate and share a new software-based key without any known-plain-text component. The software-only-based key distribution is then changed from computationally secure to unconditionally secure, because the communicated key-exchange data (algorithm parameters, one-way functions of random numbers, etc.) are encrypted in an unconditionally secure way with a one-time-pad. For practical applications, this combined physical/software key distribution based communication looks favorable compared to the software-only and physical-only key distribution based communication whenever the speed of the physical key distribution is much lower than that of the software-based key distribution. A mathematical security proof of this new scheme remains an open problem.

  10. Transportation Security Administration

    MedlinePlus

    ... content Official website of the Department of Homeland Security Transportation Security Administration When I fly can I bring my... ... to know if you could bring through the security checkpoint. Main menu Administrator Travel Security Screening Special ...

  11. 17 CFR 3.30 - Current address for purpose of delivery of communications from the Commission or the National...

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 1 2014-04-01 2014-04-01 false Current address for purpose of delivery of communications from the Commission or the National Futures Association. 3.30 Section 3.30 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION REGISTRATION Registration § 3.30 Current address for purpose of delivery...

  12. A model for addressing navigation limitations and metacognitive constraints in hypermedia training systems

    NASA Technical Reports Server (NTRS)

    Freedman, Glenn B.

    1990-01-01

    A model for addressing navigation limitations and metacognitive constraints in hypermedia training systems is presented in the form of the viewgraphs. The following subject areas are covered: samples of software and people problems; system design; and hypermedia training system.

  13. 5 CFR 9701.408 - Developing performance and addressing poor performance.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Developing performance and addressing poor performance. 9701.408 Section 9701.408 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL...

  14. Proceedings of the Third International Workshop on Proof-Carrying Code and Software Certification

    NASA Technical Reports Server (NTRS)

    Ewen, Denney, W. (Editor); Jensen, Thomas (Editor)

    2009-01-01

    This NASA conference publication contains the proceedings of the Third International Workshop on Proof-Carrying Code and Software Certification, held as part of LICS in Los Angeles, CA, USA, on August 15, 2009. Software certification demonstrates the reliability, safety, or security of software systems in such a way that it can be checked by an independent authority with minimal trust in the techniques and tools used in the certification process itself. It can build on existing validation and verification (V&V) techniques but introduces the notion of explicit software certificates, Vvilich contain all the information necessary for an independent assessment of the demonstrated properties. One such example is proof-carrying code (PCC) which is an important and distinctive approach to enhancing trust in programs. It provides a practical framework for independent assurance of program behavior; especially where source code is not available, or the code author and user are unknown to each other. The workshop wiII address theoretical foundations of logic-based software certification as well as practical examples and work on alternative application domains. Here "certificate" is construed broadly, to include not just mathematical derivations and proofs but also safety and assurance cases, or any fonnal evidence that supports the semantic analysis of programs: that is, evidence about an intrinsic property of code and its behaviour that can be independently checked by any user, intermediary, or third party. These guarantees mean that software certificates raise trust in the code itself, distinct from and complementary to any existing trust in the creator of the code, the process used to produce it, or its distributor. In addition to the contributed talks, the workshop featured two invited talks, by Kelly Hayhurst and Andrew Appel. The PCC 2009 website can be found at http://ti.arc.nasa.gov /event/pcc 091.

  15. 39 CFR 267.4 - Information security standards.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 39 Postal Service 1 2010-07-01 2010-07-01 false Information security standards. 267.4 Section 267... INFORMATION § 267.4 Information security standards. (a) The Postal Service will operate under a uniform set of information security standards which address the following functional aspects of information flow...

  16. SEED: A Suite of Instructional Laboratories for Computer Security Education

    ERIC Educational Resources Information Center

    Du, Wenliang; Wang, Ronghua

    2008-01-01

    The security and assurance of our computing infrastructure has become a national priority. To address this priority, higher education has gradually incorporated the principles of computer and information security into the mainstream undergraduate and graduate computer science curricula. To achieve effective education, learning security principles…

  17. 77 FR 11385 - Security Considerations for Lavatory Oxygen Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-02-27

    ... (Amendment Nos. 21-94, 25-133, 121-354, 129-50; SFAR 111) on security considerations for lavatory oxygen systems (77 FR 12550). The interim final rule addresses a security vulnerability and is needed so the...-94, 25-133, 121-354, 129-50; SFAR 111] RIN 2120-AJ92 Security Considerations for Lavatory...

  18. 39 CFR 267.4 - Information security standards.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... 39 Postal Service 1 2011-07-01 2011-07-01 false Information security standards. 267.4 Section 267... INFORMATION § 267.4 Information security standards. (a) The Postal Service will operate under a uniform set of information security standards which address the following functional aspects of information flow...

  19. Specific interoperability problems of security infrastructure services.

    PubMed

    Pharow, Peter; Blobel, Bernd

    2006-01-01

    Communication and co-operation in healthcare and welfare require a well-defined set of security services based on a standards-based interoperable security infrastructure and provided by a Trusted Third Party. Generally, the services describe status and relation of communicating principals, corresponding keys and attributes, and the access rights to both applications and data. Legal, social, behavioral and ethical requirements demand securely stored patient information and well-established access tools and tokens. Electronic signatures as means for securing integrity of messages and files, certified time stamps and time signatures are important for accessing and storing data in Electronic Health Record Systems. The key for all these services is a secure and reliable procedure for authentication (identification and verification). While mentioning technical problems (e.g. lifetime of the storage devices, migration of retrieval and presentation software), this paper aims at identifying harmonization and interoperability requirements of securing data items, files, messages, sets of archived items or documents, and life-long Electronic Health Records based on a secure certificate-based identification. It's commonly known that just relying on existing and emerging security standards does not necessarily guarantee interoperability of different security infrastructure approaches. So certificate separation can be a key to modern interoperable security infrastructure services. PMID:17095833

  20. Computer Based Instruction in Saudi Education: A Survey of Commercially Produced Software.

    ERIC Educational Resources Information Center

    Al-Saleh, Bader A.; Al-Debassi, Saleh M.

    This study addressed the status quo of instructional software produced by national Saudi Arabian software companies as well as the utilization of commercially produced software at selected 1-12 private schools in Riyadh, Saudi Arabia. Descriptive data from a survey of general managers of four major software producers are reported, as well as from…

  1. Design software for reuse

    NASA Technical Reports Server (NTRS)

    Tracz, Will

    1990-01-01

    Viewgraphs are presented on the designing of software for reuse. Topics include terminology, software reuse maxims, the science of programming, an interface design example, a modularization example, and reuse and implementation guidelines.

  2. Guidelines for software inspections

    NASA Technical Reports Server (NTRS)

    1983-01-01

    Quality control inspections are software problem finding procedures which provide defect removal as well as improvements in software functionality, maintenance, quality, and development and testing methodology is discussed. The many side benefits include education, documentation, training, and scheduling.

  3. Commercial Data Mining Software

    NASA Astrophysics Data System (ADS)

    Zhang, Qingyu; Segall, Richard S.

    This chapter discusses selected commercial software for data mining, supercomputing data mining, text mining, and web mining. The selected software are compared with their features and also applied to available data sets. The software for data mining are SAS Enterprise Miner, Megaputer PolyAnalyst 5.0, PASW (formerly SPSS Clementine), IBM Intelligent Miner, and BioDiscovery GeneSight. The software for supercomputing are Avizo by Visualization Science Group and JMP Genomics from SAS Institute. The software for text mining are SAS Text Miner and Megaputer PolyAnalyst 5.0. The software for web mining are Megaputer PolyAnalyst and SPSS Clementine . Background on related literature and software are presented. Screen shots of each of the selected software are presented, as are conclusions and future directions.

  4. Software Engineering Improvement Plan

    NASA Technical Reports Server (NTRS)

    2006-01-01

    In performance of this task order, bd Systems personnel provided support to the Flight Software Branch and the Software Working Group through multiple tasks related to software engineering improvement and to activities of the independent Technical Authority (iTA) Discipline Technical Warrant Holder (DTWH) for software engineering. To ensure that the products, comments, and recommendations complied with customer requirements and the statement of work, bd Systems personnel maintained close coordination with the customer. These personnel performed work in areas such as update of agency requirements and directives database, software effort estimation, software problem reports, a web-based process asset library, miscellaneous documentation review, software system requirements, issue tracking software survey, systems engineering NPR, and project-related reviews. This report contains a summary of the work performed and the accomplishments in each of these areas.

  5. Analyses Of Two End-User Software Vulnerability Exposure Metrics

    SciTech Connect

    Jason L. Wright; Miles McQueen; Lawrence Wellman

    2012-08-01

    The risk due to software vulnerabilities will not be completely resolved in the near future. Instead, putting reliable vulnerability measures into the hands of end-users so that informed decisions can be made regarding the relative security exposure incurred by choosing one software package over another is of importance. To that end, we propose two new security metrics, average active vulnerabilities (AAV) and vulnerability free days (VFD). These metrics capture both the speed with which new vulnerabilities are reported to vendors and the rate at which software vendors fix them. We then examine how the metrics are computed using currently available datasets and demonstrate their estimation in a simulation experiment using four different browsers as a case study. Finally, we discuss how the metrics may be used by the various stakeholders of software and to software usage decisions.

  6. Formal Verification of Large Software Systems

    NASA Technical Reports Server (NTRS)

    Yin, Xiang; Knight, John

    2010-01-01

    We introduce a scalable proof structure to facilitate formal verification of large software systems. In our approach, we mechanically synthesize an abstract specification from the software implementation, match its static operational structure to that of the original specification, and organize the proof as the conjunction of a series of lemmas about the specification structure. By setting up a different lemma for each distinct element and proving each lemma independently, we obtain the important benefit that the proof scales easily for large systems. We present details of the approach and an illustration of its application on a challenge problem from the security domain

  7. Nuclear security

    SciTech Connect

    Dingell, J.D.

    1991-02-01

    The Department of Energy's (DOE) Lawrence Livermore National Laboratory, located in Livermore, California, generates and controls large numbers of classified documents associated with the research and testing of nuclear weapons. Concern has been raised about the potential for espionage at the laboratory and the national security implications of classified documents being stolen. This paper determines the extent of missing classified documents at the laboratory and assesses the adequacy of accountability over classified documents in the laboratory's custody. Audit coverage was limited to the approximately 600,000 secret documents in the laboratory's custody. The adequacy of DOE's oversight of the laboratory's secret document control program was also assessed.

  8. Software verification and testing

    NASA Technical Reports Server (NTRS)

    1985-01-01

    General procedures for software verification and validation are provided as a guide for managers, programmers, and analysts involved in software development. The verification and validation procedures described are based primarily on testing techniques. Testing refers to the execution of all or part of a software system for the purpose of detecting errors. Planning, execution, and analysis of tests are outlined in this document. Code reading and static analysis techniques for software verification are also described.

  9. Agent Building Software

    NASA Technical Reports Server (NTRS)

    2000-01-01

    AgentBuilder is a software component developed under an SBIR contract between Reticular Systems, Inc., and Goddard Space Flight Center. AgentBuilder allows software developers without experience in intelligent agent technologies to easily build software applications using intelligent agents. Agents are components of software that will perform tasks automatically, with no intervention or command from a user. AgentBuilder reduces the time and cost of developing agent systems and provides a simple mechanism for implementing high-performance agent systems.

  10. Experimentation in software engineering

    NASA Technical Reports Server (NTRS)

    Basili, V. R.; Selby, R. W.; Hutchens, D. H.

    1986-01-01

    Experimentation in software engineering supports the advancement of the field through an iterative learning process. In this paper, a framework for analyzing most of the experimental work performed in software engineering over the past several years is presented. A variety of experiments in the framework is described and their contribution to the software engineering discipline is discussed. Some useful recommendations for the application of the experimental process in software engineering are included.

  11. Standard Annuciator Software overview

    SciTech Connect

    Anspach, D.A. ); Fox, E.T.; Kissock, P.S. )

    1990-01-01

    The Standard Annunciator Software is responsible for maintaining a current display of system status conditions. The software interfaces with other systems -- IACS, CCTV, UPS, and portable PC -- to determine their status and then displays this information at the operator's console. This manual describes the software organization, operation, and generation mechanisms for development and target environments. 6 figs.

  12. Java for flight software

    NASA Technical Reports Server (NTRS)

    Benowitz, E.; Niessner, A.

    2003-01-01

    This work involves developing representative mission-critical spacecraft software using the Real-Time Specification for Java (RTSJ). This work currently leverages actual flight software used in the design of actual flight software in the NASA's Deep Space 1 (DSI), which flew in 1998.

  13. Software Architecture Evolution

    ERIC Educational Resources Information Center

    Barnes, Jeffrey M.

    2013-01-01

    Many software systems eventually undergo changes to their basic architectural structure. Such changes may be prompted by new feature requests, new quality attribute requirements, changing technology, or other reasons. Whatever the causes, architecture evolution is commonplace in real-world software projects. Today's software architects, however,…

  14. CALIPSO Data Read Software

    Atmospheric Science Data Center

    2015-11-02

      CALIPSO Data Read Software Callable routines in Interactive Data Language ... Solutions . CALIPSO_READERS_3.5v1 Software (IDL) tar (611.5 KB) zip (261 KB) ... CALIPSO_READERS_3.4v1 Software (IDL) tar  (612.9 KB) zip  (261.4 KB) ...

  15. Evaluation Software in Counseling.

    ERIC Educational Resources Information Center

    Sabella, Russell A.

    Counselors today are presented with a number of differing applications software. This article intends to advance the counselor's knowledge and considerations of the various aspects of application software. Included is a discussion of the software applications typically of help to counselors in (a) managing their work (computer managed counseling);…

  16. SPEAR 3 Commissioning Software

    SciTech Connect

    Corbett, W.J.; Portmann, G.J.; Safranek, J.A.; Terebilo, A.; /SLAC, SSRL

    2005-05-09

    The short SPEAR 3 startup time required precommissioned software for machine setup, beam measurements and data analysis. To accomplish this goal, we used Matlab with the Accelerator Toolbox (AT), the Channel Access Toolbox (MCA) and Middle Layer software to integrate code and streamline production. This paper outlines the software architecture, describes the Middle Layer component and provides examples from SPEAR 3 commissioning.

  17. Astronomical Software Directory Service

    NASA Technical Reports Server (NTRS)

    Hanisch, R. J.; Payne, H.; Hayes, J.

    1998-01-01

    This is the final report on the development of the Astronomical Software Directory Service (ASDS), a distributable, searchable, WWW-based database of software packages and their related documentation. ASDS provides integrated access to 56 astronomical software packages, with more than 16,000 URL's indexed for full-text searching.

  18. Software Shopper. Revised.

    ERIC Educational Resources Information Center

    Davis, Sandra Hart, Comp.

    This annotated index describes and illustrates a wide selection of public domain instructional software that may be useful in the education of deaf students and provides educators with a way to order the listed programs. The software programs are designed for use on Apple computers and their compatibles. The software descriptions are presented in…

  19. Secured Communication for Business Process Outsourcing Using Optimized Arithmetic Cryptography Protocol Based on Virtual Parties

    NASA Astrophysics Data System (ADS)

    Pathak, Rohit; Joshi, Satyadhar

    Within a span of over a decade, India has become one of the most favored destinations across the world for Business Process Outsourcing (BPO) operations. India has rapidly achieved the status of being the most preferred destination for BPO for companies located in the US and Europe. Security and privacy are the two major issues needed to be addressed by the Indian software industry to have an increased and long-term outsourcing contract from the US. Another important issue is about sharing employee’s information to ensure that data and vital information of an outsourcing company is secured and protected. To ensure that the confidentiality of a client’s information is maintained, BPOs need to implement some data security measures. In this paper, we propose a new protocol for specifically for BPO Secure Multi-Party Computation (SMC). As there are many computations and surveys which involve confidential data from many parties or organizations and the concerned data is property of the organization, preservation and security of this data is of prime importance for such type of computations. Although the computation requires data from all the parties, but none of the associated parties would want to reveal their data to the other parties. We have proposed a new efficient and scalable protocol to perform computation on encrypted information. The information is encrypted in a manner that it does not affect the result of the computation. It uses modifier tokens which are distributed among virtual parties, and finally used in the computation. The computation function uses the acquired data and modifier tokens to compute right result from the encrypted data. Thus without revealing the data, right result can be computed and privacy of the parties is maintained. We have given a probabilistic security analysis of hacking the protocol and shown how zero hacking security can be achieved. Also we have analyzed the specific case of Indian BPO.

  20. 78 FR 75362 - Notice of Issuance of Final Determination Concerning Docave Computer Software

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-12-11

    ... Computer Software AGENCY: U.S. Customs and Border Protection, Department of Homeland Security. ACTION... Protection (``CBP'') has issued a final determination concerning the country of origin of certain computer... of origin of certain computer software known as DocAve Software, which may be offered to the...