Science.gov

Sample records for addressing software security

  1. Addressing Software Security

    NASA Technical Reports Server (NTRS)

    Bailey, Brandon

    2015-01-01

    Historically security within organizations was thought of as an IT function (web sites/servers, email, workstation patching, etc.) Threat landscape has evolved (Script Kiddies, Hackers, Advanced Persistent Threat (APT), Nation States, etc.) Attack surface has expanded -Networks interconnected!! Some security posture factors Network Layer (Routers, Firewalls, etc.) Computer Network Defense (IPS/IDS, Sensors, Continuous Monitoring, etc.) Industrial Control Systems (ICS) Software Security (COTS, FOSS, Custom, etc.)

  2. Addressing software security risk mitigations in the life cycle

    NASA Technical Reports Server (NTRS)

    Gilliam, David; Powell, John; Haugh, Eric; Bishop, Matt

    2003-01-01

    The NASA Office of Safety and Mission Assurance (OSMA) has funded the Jet Propulsion Laboratory (JPL) with a Center Initiative, 'Reducing Software Security Risk through an Integrated Approach' (RSSR), to address this need. The Initiative is a formal approach to addressing software security in the life cycle through the instantiation of a Software Security Assessment Instrument (SSAI) for the development and maintenance life cycles.

  3. Addressing software security and mitigations in the life cycle

    NASA Technical Reports Server (NTRS)

    Gilliam, David; Powell, John; Haugh, Eric; Bishop, Matt

    2003-01-01

    Traditionally, security is viewed as an organizational and Information Technology (IIJ systems function comprising of Firewalls, intrusion detection systems (IDS), system security settings and patches to the operating system (OS) and applications running on it. Until recently, little thought has been given to the importance of security as a formal approach in the software life cycle. The Jet Propulsion Laboratory has approached the problem through the development of an integrated formal Software Security Assessment Instrument (SSAI) with six foci for the software life cycle.

  4. Addressing software security and mitigations in the life cycle

    NASA Technical Reports Server (NTRS)

    Gilliam, David; Powell, John; Haugh, Eric; Bishop, Matt

    2004-01-01

    Traditionally, security is viewed as an organizational and Information Technology (IT) systems function comprising of firewalls, intrusion detection systems (IDS), system security settings and patches to the operating system (OS) and applications running on it. Until recently, little thought has been given to the importance of security as a formal approach in the software life cycle. The Jet Propulsion Laboratory has approached the problem through the development of an integrated formal Software Security Assessment Instrument (SSAI) with six foci for the software life cycle.

  5. Addressing Information Security Risk

    ERIC Educational Resources Information Center

    Qayoumi, Mohammad H.; Woody, Carol

    2005-01-01

    Good information security does not just happen--and often does not happen at all. Resources are always in short supply, and there are always other needs that seem more pressing. Why? Because information security is hard to define, the required tasks are unclear, and the work never seems to be finished. However, the loss to the organization can be…

  6. Software security checklist for the software life cycle

    NASA Technical Reports Server (NTRS)

    Gilliam, D. P.; Wolfe, T. L.; Sherif, J. S.

    2002-01-01

    A formal approach to security in the software life cycle is essential to protect corporate resources. However, little thought has been given to this aspect of software development. Due to its criticality, security should be integrated as a formal approach in the software life cycle.

  7. Security Risks: Management and Mitigation in the Software Life Cycle

    NASA Technical Reports Server (NTRS)

    Gilliam, David P.

    2004-01-01

    A formal approach to managing and mitigating security risks in the software life cycle is requisite to developing software that has a higher degree of assurance that it is free of security defects which pose risk to the computing environment and the organization. Due to its criticality, security should be integrated as a formal approach in the software life cycle. Both a software security checklist and assessment tools should be incorporated into this life cycle process and integrated with a security risk assessment and mitigation tool. The current research at JPL addresses these areas through the development of a Sotfware Security Assessment Instrument (SSAI) and integrating it with a Defect Detection and Prevention (DDP) risk management tool.

  8. Secure software practices among Malaysian software practitioners: An exploratory study

    NASA Astrophysics Data System (ADS)

    Mohamed, Shafinah Farvin Packeer; Baharom, Fauziah; Deraman, Aziz; Yahya, Jamaiah; Mohd, Haslina

    2016-08-01

    Secure software practices is increasingly gaining much importance among software practitioners and researchers due to the rise of computer crimes in the software industry. It has become as one of the determinant factors for producing high quality software. Even though its importance has been revealed, its current practice in the software industry is still scarce, particularly in Malaysia. Thus, an exploratory study is conducted among software practitioners in Malaysia to study their experiences and practices in the real-world projects. This paper discusses the findings from the study, which involved 93 software practitioners. Structured questionnaire is utilized for data collection purpose whilst statistical methods such as frequency, mean, and cross tabulation are used for data analysis. Outcomes from this study reveal that software practitioners are becoming increasingly aware on the importance of secure software practices, however, they lack of appropriate implementation, which could affect the quality of produced software.

  9. Development of a software security assessment instrument to reduce software security risk

    NASA Technical Reports Server (NTRS)

    Gilliam, D. P.; Kelly, J. C.; Powell, J. D.; Bishop, M.

    2001-01-01

    This paper discusses development of a security assessment instrument for the software development and maintenance life cycle. The assessment instrument is a collection of tools and procedures to support development of secure software.

  10. Addressing social resistance in emerging security technologies.

    PubMed

    Mitchener-Nissen, Timothy

    2013-01-01

    In their efforts to enhance the safety and security of citizens, governments and law enforcement agencies look to scientists and engineers to produce modern methods for preventing, detecting, and prosecuting criminal activities. Whole body scanners, lie detection technologies, biometrics, etc., are all being developed for incorporation into the criminal justice apparatus. Yet despite their purported security benefits these technologies often evoke social resistance. Concerns over privacy, ethics, and function-creep appear repeatedly in analyses of these technologies. It is argued here that scientists and engineers continue to pay insufficient attention to this resistance; acknowledging the presence of these social concerns yet failing to meaningfully address them. In so doing they place at risk the very technologies and techniques they are seeking to develop, for socially controversial security technologies face restrictions and in some cases outright banning. By identifying sources of potential social resistance early in the research and design process, scientists can both engage with the public in meaningful debate and modify their security technologies before deployment so as to minimize social resistance and enhance uptake. PMID:23970863

  11. Addressing social resistance in emerging security technologies

    PubMed Central

    Mitchener-Nissen, Timothy

    2013-01-01

    In their efforts to enhance the safety and security of citizens, governments and law enforcement agencies look to scientists and engineers to produce modern methods for preventing, detecting, and prosecuting criminal activities. Whole body scanners, lie detection technologies, biometrics, etc., are all being developed for incorporation into the criminal justice apparatus.1 Yet despite their purported security benefits these technologies often evoke social resistance. Concerns over privacy, ethics, and function-creep appear repeatedly in analyses of these technologies. It is argued here that scientists and engineers continue to pay insufficient attention to this resistance; acknowledging the presence of these social concerns yet failing to meaningfully address them. In so doing they place at risk the very technologies and techniques they are seeking to develop, for socially controversial security technologies face restrictions and in some cases outright banning. By identifying sources of potential social resistance early in the research and design process, scientists can both engage with the public in meaningful debate and modify their security technologies before deployment so as to minimize social resistance and enhance uptake. PMID:23970863

  12. Interactive Programming Support for Secure Software Development

    ERIC Educational Resources Information Center

    Xie, Jing

    2012-01-01

    Software vulnerabilities originating from insecure code are one of the leading causes of security problems people face today. Unfortunately, many software developers have not been adequately trained in writing secure programs that are resistant from attacks violating program confidentiality, integrity, and availability, a style of programming…

  13. Capturing security requirements for software systems

    PubMed Central

    El-Hadary, Hassan; El-Kassas, Sherif

    2014-01-01

    Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way. PMID:25685514

  14. Capturing security requirements for software systems.

    PubMed

    El-Hadary, Hassan; El-Kassas, Sherif

    2014-07-01

    Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.

  15. Software Security - The Dangers of Abstraction

    NASA Astrophysics Data System (ADS)

    Gollmann, Dieter

    Software insecurity can be explained as a potpourri of hacking methods, ranging from the familiar, e.g. buffer overruns, to the exotic, e.g. code insertion with Chinese characters. From such an angle software security would just be a collection of specific countermeasures. We will observe a common principle that can guide a structured presentation of software security and give guidance for future research directions: There exists a discrepancy between the abstract programming concepts used by software developers and their concrete implementation on the given execution platform. In support of this thesis, five case studies will be discussed, viz characters, integers, variables, atomic transactions, and double linked lists.

  16. Using software security analysis to verify the secure socket layer (SSL) protocol

    NASA Technical Reports Server (NTRS)

    Powell, John D.

    2004-01-01

    nal Aeronautics and Space Administration (NASA) have tens of thousands of networked computer systems and applications. Software Security vulnerabilities present risks such as lost or corrupted data, information the3, and unavailability of critical systems. These risks represent potentially enormous costs to NASA. The NASA Code Q research initiative 'Reducing Software Security Risk (RSSR) Trough an Integrated Approach '' offers, among its capabilities, formal verification of software security properties, through the use of model based verification (MBV) to address software security risks. [1,2,3,4,5,6] MBV is a formal approach to software assurance that combines analysis of software, via abstract models, with technology, such as model checkers, that provide automation of the mechanical portions of the analysis process. This paper will discuss: The need for formal analysis to assure software systems with respect to software and why testing alone cannot provide it. The means by which MBV with a Flexible Modeling Framework (FMF) accomplishes the necessary analysis task. An example of FMF style MBV in the verification of properties over the Secure Socket Layer (SSL) communication protocol as a demonstration.

  17. Adopting Open Source Software to Address Software Risks during the Scientific Data Life Cycle

    NASA Astrophysics Data System (ADS)

    Vinay, S.; Downs, R. R.

    2012-12-01

    Software enables the creation, management, storage, distribution, discovery, and use of scientific data throughout the data lifecycle. However, the capabilities offered by software also present risks for the stewardship of scientific data, since future access to digital data is dependent on the use of software. From operating systems to applications for analyzing data, the dependence of data on software presents challenges for the stewardship of scientific data. Adopting open source software provides opportunities to address some of the proprietary risks of data dependence on software. For example, in some cases, open source software can be deployed to avoid licensing restrictions for using, modifying, and transferring proprietary software. The availability of the source code of open source software also enables the inclusion of modifications, which may be contributed by various community members who are addressing similar issues. Likewise, an active community that is maintaining open source software can be a valuable source of help, providing an opportunity to collaborate to address common issues facing adopters. As part of the effort to meet the challenges of software dependence for scientific data stewardship, risks from software dependence have been identified that exist during various times of the data lifecycle. The identification of these risks should enable the development of plans for mitigating software dependencies, where applicable, using open source software, and to improve understanding of software dependency risks for scientific data and how they can be reduced during the data life cycle.

  18. Software Security in the University Computer Laboratories.

    ERIC Educational Resources Information Center

    Kung, Mable T.

    1989-01-01

    Discussion of software security in university computer laboratories focuses on the causes of computer viruses. Possible ways to detect an infected disk are described; strategies for professors, students, and computer personnel to eradicate the spread of a computer virus are proposed; and two resources for further information are given. (LRW)

  19. Africa: addressing growing threats to food security.

    PubMed

    Rukuni, Mandivamba

    2002-11-01

    Africa remains the only region in the world where the number of hungry people will still be on the increase in 2020, and the number of malnourished children will have increased correspondingly. In this report I have acknowledged the general public policy trends across Africa in terms of macroeconomic policy reforms and political transitions. These welcome trends have to still produce stable nations and economies. Although economic development is the long-term solution to Africa's challenge on hunger and poverty, this will take time. And it follows therefore that African nations have to pursue policies and strategies that promote long-term growth while at the same time offering short-term safety nets for the poorest of the poor. The growth and development strategy will have at its core the need to increase significantly the levels of public-sector investment in agriculture and rural development and to give top priority to the commercialization of smallholder agriculture so as to increase productivity and competitiveness. But food security at the household level is ultimately a balance between availability and access, and in this regard governments need complementary food security policies that increase the probability of food access by the vulnerable groups. PMID:12421867

  20. Software For Computer-Security Audits

    NASA Technical Reports Server (NTRS)

    Arndt, Kate; Lonsford, Emily

    1994-01-01

    Information relevant to potential breaches of security gathered efficiently. Automated Auditing Tools for VAX/VMS program includes following automated software tools performing noted tasks: Privileged ID Identification, program identifies users and their privileges to circumvent existing computer security measures; Critical File Protection, critical files not properly protected identified; Inactive ID Identification, identifications of users no longer in use found; Password Lifetime Review, maximum lifetimes of passwords of all identifications determined; and Password Length Review, minimum allowed length of passwords of all identifications determined. Written in DEC VAX DCL language.

  1. Reducing software security risk through an integrated approach

    NASA Technical Reports Server (NTRS)

    Gilliam, D. P.; Powell, J. D.; Bishop, M.; Kelly, J.

    2001-01-01

    This paper presents research on the generation of a software security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

  2. Demographic-Based Perceptions of Adequacy of Software Security's Presence within Individual Phases of the Software Development Life Cycle

    ERIC Educational Resources Information Center

    Kramer, Aleksey

    2013-01-01

    The topic of software security has become paramount in information technology (IT) related scholarly research. Researchers have addressed numerous software security topics touching on all phases of the Software Development Life Cycle (SDLC): requirements gathering phase, design phase, development phase, testing phase, and maintenance phase.…

  3. Secure it now or secure it later: the benefits of addressing cyber-security from the outset

    NASA Astrophysics Data System (ADS)

    Olama, Mohammed M.; Nutaro, James

    2013-05-01

    The majority of funding for research and development (R&D) in cyber-security is focused on the end of the software lifecycle where systems have been deployed or are nearing deployment. Recruiting of cyber-security personnel is similarly focused on end-of-life expertise. By emphasizing cyber-security at these late stages, security problems are found and corrected when it is most expensive to do so, thus increasing the cost of owning and operating complex software systems. Worse, expenditures on expensive security measures often mean less money for innovative developments. These unwanted increases in cost and potential slowing of innovation are unavoidable consequences of an approach to security that finds and remediate faults after software has been implemented. We argue that software security can be improved and the total cost of a software system can be substantially reduced by an appropriate allocation of resources to the early stages of a software project. By adopting a similar allocation of R&D funds to the early stages of the software lifecycle, we propose that the costs of cyber-security can be better controlled and, consequently, the positive effects of this R&D on industry will be much more pronounced.

  4. An Analysis of Open Source Security Software Products Downloads

    ERIC Educational Resources Information Center

    Barta, Brian J.

    2014-01-01

    Despite the continued demand for open source security software, a gap in the identification of success factors related to the success of open source security software persists. There are no studies that accurately assess the extent of this persistent gap, particularly with respect to the strength of the relationships of open source software…

  5. Hydrocomplexity: Addressing water security and emergent environmental risks

    NASA Astrophysics Data System (ADS)

    Kumar, Praveen

    2015-07-01

    Water security and emergent environmental risks are among the most significant societal concerns. They are highly interlinked to other global risks such as those related to climate, human health, food, human migration, biodiversity loss, urban sustainability, etc. Emergent risks result from the confluence of unanticipated interactions from evolving interdependencies between complex systems, such as those embedded in the water cycle. They are associated with the novelty of dynamical possibilities that have significant potential consequences to human and ecological systems, and not with probabilities based on historical precedence. To ensure water security we need to be able to anticipate the likelihood of risk possibilities as they present the prospect of the most impact through cascade of vulnerabilities. They arise due to a confluence of nonstationary drivers that include growing population, climate change, demographic shifts, urban growth, and economic expansion, among others, which create novel interdependencies leading to a potential of cascading network effects. Hydrocomplexity aims to address water security and emergent risks through the development of science, methods, and practices with the potential to foster a "Blue Revolution" akin to the Green revolution for food security. It blends both hard infrastructure based solution with soft knowledge driven solutions to increase the range of planning and design, management, mitigation and adaptation strategies. It provides a conceptual and synthetic framework to enable us to integrate discovery science and engineering, observational and information science, computational and communication systems, and social and institutional approaches to address consequential water and environmental challenges.

  6. Secure Video Surveillance System Acquisition Software

    SciTech Connect

    2009-12-04

    The SVSS Acquisition Software collects and displays video images from two cameras through a VPN, and store the images onto a collection controller. The software is configured to allow a user to enter a time window to display up to 2 1/2, hours of video review. The software collects images from the cameras at a rate of 1 image per second and automatically deletes images older than 3 hours. The software code operates in a linux environment and can be run in a virtual machine on Windows XP. The Sandia software integrates the different COTS software together to build the video review system.

  7. Secure Video Surveillance System Acquisition Software

    2009-12-04

    The SVSS Acquisition Software collects and displays video images from two cameras through a VPN, and store the images onto a collection controller. The software is configured to allow a user to enter a time window to display up to 2 1/2, hours of video review. The software collects images from the cameras at a rate of 1 image per second and automatically deletes images older than 3 hours. The software code operates in amore » linux environment and can be run in a virtual machine on Windows XP. The Sandia software integrates the different COTS software together to build the video review system.« less

  8. Computing Legacy Software Behavior to Understand Functionality and Security Properties: An IBM/370 Demonstration

    SciTech Connect

    Linger, Richard C; Pleszkoch, Mark G; Prowell, Stacy J; Sayre, Kirk D; Ankrum, Scott

    2013-01-01

    Organizations maintaining mainframe legacy software can benefit from code modernization and incorporation of security capabilities to address the current threat environment. Oak Ridge National Laboratory is developing the Hyperion system to compute the behavior of software as a means to gain understanding of software functionality and security properties. Computation of functionality is critical to revealing security attributes, which are in fact specialized functional behaviors of software. Oak Ridge is collaborating with MITRE Corporation to conduct a demonstration project to compute behavior of legacy IBM Assembly Language code for a federal agency. The ultimate goal is to understand functionality and security vulnerabilities as a basis for code modernization. This paper reports on the first phase, to define functional semantics for IBM Assembly instructions and conduct behavior computation experiments.

  9. Software To Secure Distributed Propulsion Simulations

    NASA Technical Reports Server (NTRS)

    Blaser, Tammy M.

    2003-01-01

    Distributed-object computing systems are presented with many security threats, including network eavesdropping, message tampering, and communications middleware masquerading. NASA Glenn Research Center, and its industry partners, has taken an active role in mitigating the security threats associated with developing and operating their proprietary aerospace propulsion simulations. In particular, they are developing a collaborative Common Object Request Broker Architecture (CORBA) Security (CORBASec) test bed to secure their distributed aerospace propulsion simulations. Glenn has been working with its aerospace propulsion industry partners to deploy the Numerical Propulsion System Simulation (NPSS) object-based technology. NPSS is a program focused on reducing the cost and time in developing aerospace propulsion engines

  10. Securing PCs and Data in Libraries and Schools: A Handbook with Menuing, Anti-Virus, and Other Protective Software.

    ERIC Educational Resources Information Center

    Benson, Allen C.

    This handbook is designed to help readers identify and eliminate security risks, with sound recommendations and library-tested security software. Chapter 1 "Managing Your Facilities and Assessing Your Risks" addresses fundamental management responsibilities including planning for a secure system, organizing computer-related information, assessing…

  11. Security Verification Techniques Applied to PatchLink COTS Software

    NASA Technical Reports Server (NTRS)

    Gilliam, David P.; Powell, John D.; Bishop, Matt; Andrew, Chris; Jog, Sameer

    2006-01-01

    Verification of the security of software artifacts is a challenging task. An integrated approach that combines verification techniques can increase the confidence in the security of software artifacts. Such an approach has been developed by the Jet Propulsion Laboratory (JPL) and the University of California at Davis (UC Davis). Two security verification instruments were developed and then piloted on PatchLink's UNIX Agent, a Commercial-Off-The-Shelf (COTS) software product, to assess the value of the instruments and the approach. The two instruments are the Flexible Modeling Framework (FMF) -- a model-based verification instrument (JPL), and a Property-Based Tester (UC Davis). Security properties were formally specified for the COTS artifact and then verified using these instruments. The results were then reviewed to determine the effectiveness of the approach and the security of the COTS product.

  12. Ensuring system security through formal software evaluation

    SciTech Connect

    Howell, J A; Fuyat, C; Elvy, M

    1992-01-01

    With the increasing use of computer systems and networks to process safeguards information in nuclear facilities, the issue of system and data integrity is receiving worldwide attention. Among the many considerations are validation that the software performs as intended and that the information is adequately protected. Such validations are often requested of the Safeguards Systems Group of the Los Alamos National Laboratory. This paper describes our methodology for performing these software evaluations.

  13. Addressing security issues related to virtual institute distributed activities

    NASA Astrophysics Data System (ADS)

    Stytz, Martin R.; Banks, Sheila B.

    2008-03-01

    One issue confounding the development and experimentation of distributed modeling and simulation environments is the inability of the project team to identify and collaborate with resources, both human and technical, from outside the United States. This limitation is especially significant within the human behavior representation area where areas such as cultural effects research and joint command team behavior modeling require the participation of various cultural and national representatives. To address this limitation, as well as other human behavior representation research issues, NATO Research and Technology Organization initiated a project to develop a NATO virtual institute that enables more effective and more collaborative research into human behavior representation. However, in building and operating a virtual institute one of the chief concerns must be the cyber security of the institute. Because the institute "exists" in cyberspace, all of its activities are susceptible to cyberattacks, subterfuge, denial of service and all of the vulnerabilities that networked computers must face. In our opinion, for the concept of virtual institutes to be successful and useful, their operations and services must be protected from the threats in the cyber environment. A key to developing the required protection is the development and promulgation of standards for cyber security. In this paper, we discuss the types of cyber standards that are required, how new internet technologies can be exploited and can benefit the promulgation, development, maintenance, and robustness of the standards. This paper is organized as follows. Section One introduces the concept of the virtual institutes, the expected benefits, and the motivation for our research and for research in this area. Section Two presents background material and a discussion of topics related to VIs, uman behavior and cultural modeling, and network-centric warfare. Section Three contains a discussion of the

  14. Software Updates: How Can Computer Software Address the Strengths of Visual Spatial Learners?

    ERIC Educational Resources Information Center

    Pattridge, Gregory C.

    2000-01-01

    This brief article identifies software that supports visual spatial intelligence, a characteristic of many intellectually gifted children. Such software should be complex, flexible, and include visual components. The review of five software titles provides information on appropriate ages, computer compatibility, and source, as well as an…

  15. The study on network security based on software engineering

    NASA Astrophysics Data System (ADS)

    Jia, Shande; Ao, Qian

    2012-04-01

    Developing a SP is a sensitive task because the SP itself can lead to security weaknesses if it is not conform to the security properties. Hence, appropriate techniques are necessary to overcome such problems. These techniques must accompany the policy throughout its deployment phases. The main contribution of this paper is then, the proposition of three of these activities: validation, test and multi-SP conflict management. Our techniques are inspired by the well established techniques of the software engineering for which we have found some similarities with the security domain.

  16. Are safety, security, and dependability achievable in software?

    SciTech Connect

    Fletcher, S.K.

    1996-07-01

    Critical software must be safe, secure, and dependable. Traditionally, these have been pursued as separate disciplines. This presentation looks at the traditional approaches and highlights commonalities and differences among them. Each can learn from the history of the others. More importantly, it is imperative to seek a systems approach which blends all three.

  17. Reducing Software Security Risk Through an Integrated Approach

    NASA Technical Reports Server (NTRS)

    Gilliam, D.; Kelly, J.; Bishop, M.

    2000-01-01

    This paper discusses new joint work by the California Institute of Technology's Jet Propulsion Laboratory and the University of California at Davis sponsored by the National Aeronautics and Space Administration to develop a security assessment instrument for the software development and maintenance life cycle.

  18. NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 1

    ScienceCinema

    Thomas D'Agostino

    2016-07-12

    Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

  19. NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 2

    ScienceCinema

    Thomas D'Agostino

    2016-07-12

    Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

  20. NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 2

    SciTech Connect

    Thomas D'Agostino

    2009-07-14

    Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

  1. NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 1

    SciTech Connect

    Thomas D'Agostino

    2009-07-14

    Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

  2. Application of Lightweight Formal Methods to Software Security

    NASA Technical Reports Server (NTRS)

    Gilliam, David P.; Powell, John D.; Bishop, Matt

    2005-01-01

    Formal specification and verification of security has proven a challenging task. There is no single method that has proven feasible. Instead, an integrated approach which combines several formal techniques can increase the confidence in the verification of software security properties. Such an approach which species security properties in a library that can be reused by 2 instruments and their methodologies developed for the National Aeronautics and Space Administration (NASA) at the Jet Propulsion Laboratory (JPL) are described herein The Flexible Modeling Framework (FMF) is a model based verijkation instrument that uses Promela and the SPIN model checker. The Property Based Tester (PBT) uses TASPEC and a Text Execution Monitor (TEM). They are used to reduce vulnerabilities and unwanted exposures in software during the development and maintenance life cycles.

  3. Security in the Schools.

    ERIC Educational Resources Information Center

    Nelson, Jesse

    1997-01-01

    Discusses the benefits of school library security, software security, and computer security systems. Describes specific products for each type of security system. A sidebar lists names and addresses of security manufacturers and distributors. (AEF)

  4. Use of Social Software to Address Literacy and Identity Issues in Second Language Learning

    ERIC Educational Resources Information Center

    Hutchinson, Jill

    2009-01-01

    The emerging trend of social software technology can address many different second language (L2) learner needs through authentic social interaction and a variety of scaffolding processes. Social software connects education with real-life learning and interests, and engages and motivates students. It can facilitate learning environments that are…

  5. Addressing the Pilot security problem with gLExec

    SciTech Connect

    Sfiligoi, I.; Koeroo, O.; Venekamp, G.; Yocum, D.; Groep, D.; Petravick, D.; /Fermilab

    2007-09-01

    The Grid security mechanisms were designed under the assumption that users would submit their jobs directly to the Grid gatekeepers. Many groups are however starting to use pilot-based infrastructures, where users submit jobs to a centralized queue and are successively transferred to the Grid resources by the pilot infrastructure. While this approach greatly improves the user experience, it does introduce several security and policy issues, the more serious being the lack of system level protection between the users and the inability for Grid sites to apply fine grained authorization policies. One possible solution to the problem is provided by gLExec, a X.509 aware suexec derivative. By using gLExec, the pilot workflow becomes as secure as any traditional one.

  6. A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks

    PubMed Central

    Luo, Shibo; Dong, Mianxiong; Ota, Kaoru; Wu, Jun; Li, Jianhua

    2015-01-01

    Software-Defined Networking-based Mobile Networks (SDN-MNs) are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directly to SDN-MNs, and a novel security assessment methodology is needed. In this paper, an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process (AHP) is proposed for SDN-MNs. Firstly, this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP. Secondly, to address the diversity and complexity of SDN-MNs, a novel attack graph definition and attack graph generation algorithm are proposed. In order to quantify security levels, the Node Minimal Effort (NME) is defined to quantify attack cost and derive system security levels based on NME. Thirdly, to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration, we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS) as the methodology. Finally, we offer a case study to validate the proposed methodology. The case study and evaluation show the advantages of the proposed security assessment mechanism. PMID:26694409

  7. A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks.

    PubMed

    Luo, Shibo; Dong, Mianxiong; Ota, Kaoru; Wu, Jun; Li, Jianhua

    2015-01-01

    Software-Defined Networking-based Mobile Networks (SDN-MNs) are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directly to SDN-MNs, and a novel security assessment methodology is needed. In this paper, an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process (AHP) is proposed for SDN-MNs. Firstly, this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP. Secondly, to address the diversity and complexity of SDN-MNs, a novel attack graph definition and attack graph generation algorithm are proposed. In order to quantify security levels, the Node Minimal Effort (NME) is defined to quantify attack cost and derive system security levels based on NME. Thirdly, to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration, we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS) as the methodology. Finally, we offer a case study to validate the proposed methodology. The case study and evaluation show the advantages of the proposed security assessment mechanism. PMID:26694409

  8. A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks.

    PubMed

    Luo, Shibo; Dong, Mianxiong; Ota, Kaoru; Wu, Jun; Li, Jianhua

    2015-12-17

    Software-Defined Networking-based Mobile Networks (SDN-MNs) are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directly to SDN-MNs, and a novel security assessment methodology is needed. In this paper, an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process (AHP) is proposed for SDN-MNs. Firstly, this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP. Secondly, to address the diversity and complexity of SDN-MNs, a novel attack graph definition and attack graph generation algorithm are proposed. In order to quantify security levels, the Node Minimal Effort (NME) is defined to quantify attack cost and derive system security levels based on NME. Thirdly, to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration, we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS) as the methodology. Finally, we offer a case study to validate the proposed methodology. The case study and evaluation show the advantages of the proposed security assessment mechanism.

  9. Progress in Addressing DNFSB Recommendation 2002-1 Issues: Improving Accident Analysis Software Applications

    SciTech Connect

    VINCENT, ANDREW

    2005-04-25

    Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 2002-1 (''Quality Assurance for Safety-Related Software'') identified a number of quality assurance issues on the use of software in Department of Energy (DOE) facilities for analyzing hazards, and designing and operating controls to prevent or mitigate potential accidents. Over the last year, DOE has begun several processes and programs as part of the Implementation Plan commitments, and in particular, has made significant progress in addressing several sets of issues particularly important in the application of software for performing hazard and accident analysis. The work discussed here demonstrates that through these actions, Software Quality Assurance (SQA) guidance and software tools are available that can be used to improve resulting safety analysis. Specifically, five of the primary actions corresponding to the commitments made in the Implementation Plan to Recommendation 2002-1 are identified and discussed in this paper. Included are the web-based DOE SQA Knowledge Portal and the Central Registry, guidance and gap analysis reports, electronic bulletin board and discussion forum, and a DOE safety software guide. These SQA products can benefit DOE safety contractors in the development of hazard and accident analysis by precluding inappropriate software applications and utilizing best practices when incorporating software results to safety basis documentation. The improvement actions discussed here mark a beginning to establishing stronger, standard-compliant programs, practices, and processes in SQA among safety software users, managers, and reviewers throughout the DOE Complex. Additional effort is needed, however, particularly in: (1) processes to add new software applications to the DOE Safety Software Toolbox; (2) improving the effectiveness of software issue communication; and (3) promoting a safety software quality assurance culture.

  10. Integrating a flexible modeling framework (FMF) with the network security assessment instrument to reduce software security risk

    NASA Technical Reports Server (NTRS)

    Gilliam, D. P.; Powell, J. D.

    2002-01-01

    This paper presents a portion of an overall research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

  11. Personal computer security: part 1. Firewalls, antivirus software, and Internet security suites.

    PubMed

    Caruso, Ronald D

    2003-01-01

    Personal computer (PC) security in the era of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) involves two interrelated elements: safeguarding the basic computer system itself and protecting the information it contains and transmits, including personal files. HIPAA regulations have toughened the requirements for securing patient information, requiring every radiologist with such data to take further precautions. Security starts with physically securing the computer. Account passwords and a password-protected screen saver should also be set up. A modern antivirus program can easily be installed and configured. File scanning and updating of virus definitions are simple processes that can largely be automated and should be performed at least weekly. A software firewall is also essential for protection from outside intrusion, and an inexpensive hardware firewall can provide yet another layer of protection. An Internet security suite yields additional safety. Regular updating of the security features of installed programs is important. Obtaining a moderate degree of PC safety and security is somewhat inconvenient but is necessary and well worth the effort. PMID:12975519

  12. Personal computer security: part 1. Firewalls, antivirus software, and Internet security suites.

    PubMed

    Caruso, Ronald D

    2003-01-01

    Personal computer (PC) security in the era of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) involves two interrelated elements: safeguarding the basic computer system itself and protecting the information it contains and transmits, including personal files. HIPAA regulations have toughened the requirements for securing patient information, requiring every radiologist with such data to take further precautions. Security starts with physically securing the computer. Account passwords and a password-protected screen saver should also be set up. A modern antivirus program can easily be installed and configured. File scanning and updating of virus definitions are simple processes that can largely be automated and should be performed at least weekly. A software firewall is also essential for protection from outside intrusion, and an inexpensive hardware firewall can provide yet another layer of protection. An Internet security suite yields additional safety. Regular updating of the security features of installed programs is important. Obtaining a moderate degree of PC safety and security is somewhat inconvenient but is necessary and well worth the effort.

  13. Discovery Channel Telescope software progress report: addressing early commissioning and operations challenges

    NASA Astrophysics Data System (ADS)

    Lacasse, Michael; Lotz, Paul J.

    2014-07-01

    The Discovery Channel Telescope is a 4.3m astronomical research telescope in northern Arizona constructed through a partnership between Discovery Communications and Lowell Observatory. In transition from construction phase to commissioning and operations, we faced a variety of software challenges, both foreseen and unforeseen, and addressed those with a variety of solutions including, isolation of the control systems network, development of an Operations Log application, extension of the interface to instrumentation software, improvements to engineering data analysis, provisions to avoid failure modes, and enhanced user experience. We describe these solutions and present an overview of the current project status.

  14. SOEMPI: A Secure Open Enterprise Master Patient Index Software Toolkit for Private Record Linkage

    PubMed Central

    Toth, Csaba; Durham, Elizabeth; Kantarcioglu, Murat; Xue, Yuan; Malin, Bradley

    2014-01-01

    To mitigate bias in multi-institutional research studies, healthcare organizations need to integrate patient records. However, this process must be accomplished without disclosing the identities of the corresponding patients. Various private record linkage (PRL) techniques have been proposed, but there is a lack of translation into practice because no software suite supports the entire PRL lifecycle. This paper addresses this issue with the introduction of the Secure Open Enterprise Master Patient Index (SOEMPI). We show how SOEMPI covers the PRL lifecycle, illustrate the implementation of several PRL protocols, and provide a runtime analysis for the integration of two datasets consisting of 10,000 records. While the PRL process is slower than a non-secure setting, our analysis shows the majority of processes in a PRL protocol require several seconds or less and that SOEMPI completes the process in approximately two minutes, which is a practical amount of time for integration. PMID:25954421

  15. Secure Naming and Addressing Operations for Store, Carry and Forward Networks

    NASA Technical Reports Server (NTRS)

    Eddy, Wesley M.; Ivancic, William D.; Iannicca, Dennis C.; Ishac, Joseph; Hylton, Alan G.

    2014-01-01

    This paper describes concepts for secure naming and addressing directed at Store, Carry and Forward (SCF) distributed applications, where disconnection and intermittent connectivity between forwarding systems is the norm. The paper provides a brief overview of store, carry and forward distributed applications followed by an in depth discussion of how to securely: create a namespace; allocate names within the namespace; query for names known within a local processing system or connected subnetwork; validate ownership of a given name; authenticate data from a given name; and, encrypt data to a given name. Critical issues such as revocation of names, mobility and the ability to use various namespaces to secure operations or for Quality-of-Service are also presented. Although the concepts presented for naming and addressing have been developed for SCF, they are directly applicable to fully connected systems.

  16. For telehealth to succeed, privacy and security risks must be identified and addressed.

    PubMed

    Hall, Joseph L; McGraw, Deven

    2014-02-01

    The success of telehealth could be undermined if serious privacy and security risks are not addressed. For example, sensors that are located in a patient's home or that interface with the patient's body to detect safety issues or medical emergencies may inadvertently transmit sensitive information about household activities. Similarly, routine data transmissions from an app or medical device, such as an insulin pump, may be shared with third-party advertisers. Without adequate security and privacy protections for underlying telehealth data and systems, providers and patients will lack trust in the use of telehealth solutions. Although some federal and state guidelines for telehealth security and privacy have been established, many gaps remain. No federal agency currently has authority to enact privacy and security requirements to cover the telehealth ecosystem. This article examines privacy risks and security threats to telehealth applications and summarizes the extent to which technical controls and federal law adequately address these risks. We argue for a comprehensive federal regulatory framework for telehealth, developed and enforced by a single federal entity, the Federal Trade Commission, to bolster trust and fully realize the benefits of telehealth.

  17. SOFTWARE TOOLS THAT ADDRESS HAZARDOUS MATERIAL ISSUES DURING NUCLEAR FACILITY D and D

    SciTech Connect

    M. COURNOYER; R. GRUNDEMANN

    2001-03-01

    The 49-year-old Chemistry and Metallurgy Research (CMR) Facility is where analytical chemistry and metallurgical studies on samples of plutonium and nuclear materials are conduct in support of the Department of Energy's nuclear weapons program. The CMR Facility is expected to be decontaminated and decommissioned (D and D) over the next ten to twenty years. Over the decades, several hazardous material issues have developed that need to be address. Unstable chemicals must be properly reassigned or disposed of from the workspace during D and D operation. Materials that have critical effects that are primarily chronic in nature, carcinogens, reproductive toxin, and materials that exhibit high chronic toxicity, have unique decontamination requirements, including the decontrolling of areas where these chemicals were used. Certain types of equipment and materials that contain mercury, asbestos, lead, and polychlorinated biphenyls have special provisions that must be addressed. Utilization of commercially available software programs for addressing hazardous material issues during D and D operations such as legacy chemicals and documentation are presented. These user-friendly programs eliminate part of the tediousness associated with the complex requirements of legacy hazardous materials. A key element of this approach is having a program that inventories and tracks all hazardous materials. Without an inventory of chemicals stored in a particular location, many important questions pertinent to D and D operations can be difficult to answer. On the other hand, a well-managed inventory system can address unstable and highly toxic chemicals and hazardous material records concerns before they become an issue. Tapping into the institutional database provides a way to take advantage of the combined expertise of the institution in managing a cost effective D and D program as well as adding a quality assurance element to the program. Using laboratory requirements as a logic flow

  18. Reducing software security risk through an integrated approach

    NASA Technical Reports Server (NTRS)

    Gilliam, D.; Powell, J.; Kelly, J.; Bishop, M.

    2001-01-01

    The fourth quarter delivery, FY'01 for this RTOP is a Property-Based Testing (PBT), 'Tester's Assistant' (TA). The TA tool is to be used to check compiled and pre-compiled code for potential security weaknesses that could be exploited by hackers. The TA Instrumenter, implemented mostly in C++ (with a small part in Java), parsels two types of files: Java and TASPEC. Security properties to be checked are written in TASPEC. The Instrumenter is used in conjunction with the Tester's Assistant Specification (TASpec)execution monitor to verify the security properties of a given program.

  19. Strategies to Address Identified Education Gaps in the Preparation of a National Security Workforce

    SciTech Connect

    2008-06-30

    This report will discuss strategies available to address identified gaps and weaknesses in education efforts aimed at the preparation of a skilled and properly trained national security workforce.The need to adequately train and educate a national security workforce is at a critical juncture. Even though there are an increasing number of college graduates in the appropriate fields, many of these graduates choose to work in the private sector because of more desirable salary and benefit packages. This is contributing to an inability to fill vacant positions at NNSA resulting from high personnel turnover from the large number of retirements. Further, many of the retirees are practically irreplaceable because they are Cold War scientists that have experience and expertise with nuclear weapons.

  20. Addressing security, collaboration, and usability with tactical edge mobile devices and strategic cloud-based systems

    NASA Astrophysics Data System (ADS)

    Graham, Christopher J.

    2012-05-01

    Success in the future battle space is increasingly dependent on rapid access to the right information. Faced with a shrinking budget, the Government has a mandate to improve intelligence productivity, quality, and reliability. To achieve increased ISR effectiveness, leverage of tactical edge mobile devices via integration with strategic cloud-based infrastructure is the single, most likely candidate area for dramatic near-term impact. This paper discusses security, collaboration, and usability components of this evolving space. These three paramount tenets outlined below, embody how mission information is exchanged securely, efficiently, with social media cooperativeness. Tenet 1: Complete security, privacy, and data integrity, must be ensured within the net-centric battle space. This paper discusses data security on a mobile device, data at rest on a cloud-based system, authorization and access control, and securing data transport between entities. Tenet 2: Lack of collaborative information sharing and content reliability jeopardizes mission objectives and limits the end user capability. This paper discusses cooperative pairing of mobile devices and cloud systems, enabling social media style interaction via tagging, meta-data refinement, and sharing of pertinent data. Tenet 3: Fielded mobile solutions must address usability and complexity. Simplicity is a powerful paradigm on mobile platforms, where complex applications are not utilized, and simple, yet powerful, applications flourish. This paper discusses strategies for ensuring mobile applications are streamlined and usable at the tactical edge through focused features sets, leveraging the power of the back-end cloud, minimization of differing HMI concepts, and directed end-user feedback.teInput=

  1. A Security-façade Library for Virtual-observatory Software

    NASA Astrophysics Data System (ADS)

    Rixon, G.

    2009-09-01

    The security-façade library implements, for Java, IVOA's security standards. It supports the authentication mechanisms for SOAP and REST web-services, the sign-on mechanisms (with MyProxy, AstroGrid Accounts protocol or local credential-caches), the delegation protocol, and RFC3820-enabled HTTPS for Apache Tomcat. Using the façade, a developer who is not a security specialist can easily add access control to a virtual-observatory service and call secured services from an application. The library has been an internal part of AstroGrid software for some time and it is now offered for use by other developers.

  2. Reducing software security risk through an integrated approach research initiative model based verification of the Secure Socket Layer (SSL) Protocol

    NASA Technical Reports Server (NTRS)

    Powell, John D.

    2003-01-01

    This document discusses the verification of the Secure Socket Layer (SSL) communication protocol as a demonstration of the Model Based Verification (MBV) portion of the verification instrument set being developed under the Reducing Software Security Risk (RSSR) Trough an Integrated Approach research initiative. Code Q of the National Aeronautics and Space Administration (NASA) funds this project. The NASA Goddard Independent Verification and Validation (IV&V) facility manages this research program at the NASA agency level and the Assurance Technology Program Office (ATPO) manages the research locally at the Jet Propulsion Laboratory (California institute of Technology) where the research is being carried out.

  3. Addressing food security through public policy action in a community-based participatory research partnership.

    PubMed

    Vásquez, Victoria Breckwich; Lanza, Dana; Hennessey-Lavery, Susana; Facente, Shelley; Halpin, Helen Ann; Minkler, Meredith

    2007-10-01

    Community-based participatory research (CBPR) is an increasingly utilized research approach that involves the affected community identifying a health-related problem, developing a research agenda, and planning an appropriate intervention to address the problem. This report on a CBPR partnership in San Francisco's Bayview Hunters Point neighborhood documents the rise of a community food security policy in response to youth-involved research that found poor access to quality food in an economically disadvantaged area of the city. To analyze the impact of the research on public policy, a framework of specific steps in the policy-making process is used to organize and better understand the partnership's objectives, activities, strategies, and successes. This community-health department partnership has been able to achieve an innovative and sustainable public policy solution, the Good Neighbor Program, by working closely with policy makers and local businesses to expand community accessibility to healthy food. PMID:17728199

  4. Addressing China's grand challenge of achieving food security while ensuring environmental sustainability.

    PubMed

    Lu, Yonglong; Jenkins, Alan; Ferrier, Robert C; Bailey, Mark; Gordon, Iain J; Song, Shuai; Huang, Jikun; Jia, Shaofeng; Zhang, Fusuo; Liu, Xuejun; Feng, Zhaozhong; Zhang, Zhibin

    2015-02-01

    China's increasingly urbanized and wealthy population is driving a growing and changing demand for food, which might not be met without significant increase in agricultural productivity and sustainable use of natural resources. Given the past relationship between lack of access to affordable food and political instability, food security has to be given a high priority on national political agendas in the context of globalization. The drive for increased food production has had a significant impact on the environment, and the deterioration in ecosystem quality due to historic and current levels of pollution will potentially compromise the food production system in China. We discuss the grand challenges of not only producing more food but also producing it sustainably and without environmental degradation. In addressing these challenges, food production should be considered as part of an environmental system (soil, air, water, and biodiversity) and not independent from it. It is imperative that new ways of meeting the demand for food are developed while safeguarding the natural resources upon which food production is based. We present a holistic approach to both science and policy to ensure future food security while embracing the ambition of achieving environmental sustainability in China. It is a unique opportunity for China to be a role model as a new global player, especially for other emerging economies.

  5. Addressing China's grand challenge of achieving food security while ensuring environmental sustainability.

    PubMed

    Lu, Yonglong; Jenkins, Alan; Ferrier, Robert C; Bailey, Mark; Gordon, Iain J; Song, Shuai; Huang, Jikun; Jia, Shaofeng; Zhang, Fusuo; Liu, Xuejun; Feng, Zhaozhong; Zhang, Zhibin

    2015-02-01

    China's increasingly urbanized and wealthy population is driving a growing and changing demand for food, which might not be met without significant increase in agricultural productivity and sustainable use of natural resources. Given the past relationship between lack of access to affordable food and political instability, food security has to be given a high priority on national political agendas in the context of globalization. The drive for increased food production has had a significant impact on the environment, and the deterioration in ecosystem quality due to historic and current levels of pollution will potentially compromise the food production system in China. We discuss the grand challenges of not only producing more food but also producing it sustainably and without environmental degradation. In addressing these challenges, food production should be considered as part of an environmental system (soil, air, water, and biodiversity) and not independent from it. It is imperative that new ways of meeting the demand for food are developed while safeguarding the natural resources upon which food production is based. We present a holistic approach to both science and policy to ensure future food security while embracing the ambition of achieving environmental sustainability in China. It is a unique opportunity for China to be a role model as a new global player, especially for other emerging economies. PMID:26601127

  6. Addressing China’s grand challenge of achieving food security while ensuring environmental sustainability

    PubMed Central

    Lu, Yonglong; Jenkins, Alan; Ferrier, Robert C.; Bailey, Mark; Gordon, Iain J.; Song, Shuai; Huang, Jikun; Jia, Shaofeng; Zhang, Fusuo; Liu, Xuejun; Feng, Zhaozhong; Zhang, Zhibin

    2015-01-01

    China’s increasingly urbanized and wealthy population is driving a growing and changing demand for food, which might not be met without significant increase in agricultural productivity and sustainable use of natural resources. Given the past relationship between lack of access to affordable food and political instability, food security has to be given a high priority on national political agendas in the context of globalization. The drive for increased food production has had a significant impact on the environment, and the deterioration in ecosystem quality due to historic and current levels of pollution will potentially compromise the food production system in China. We discuss the grand challenges of not only producing more food but also producing it sustainably and without environmental degradation. In addressing these challenges, food production should be considered as part of an environmental system (soil, air, water, and biodiversity) and not independent from it. It is imperative that new ways of meeting the demand for food are developed while safeguarding the natural resources upon which food production is based. We present a holistic approach to both science and policy to ensure future food security while embracing the ambition of achieving environmental sustainability in China. It is a unique opportunity for China to be a role model as a new global player, especially for other emerging economies. PMID:26601127

  7. Recent advances to address European Union Health Security from cross border chemical health threats.

    PubMed

    Duarte-Davidson, R; Orford, R; Wyke, S; Griffiths, M; Amlôt, R; Chilcott, R

    2014-11-01

    The European Union (EU) Decision (1082/2013/EU) on serious cross border threats to health was adopted by the European Parliament in November 2013, in recognition of the need to strengthen the capacity of Member States to coordinate the public health response to cross border threats, whether from biological, chemical, environmental events or events which have an unknown origin. Although mechanisms have been in place for years for reporting cross border health threats from communicable diseases, this has not been the case for incidents involving chemicals and/or environmental events. A variety of collaborative EU projects have been funded over the past 10 years through the Health Programme to address gaps in knowledge on health security and to improve resilience and response to major incidents involving chemicals. This paper looks at the EU Health Programme that underpins recent research activities to address gaps in resilience, planning, responding to and recovering from a cross border chemical incident. It also looks at how the outputs from the research programme will contribute to improving public health management of transnational incidents that have the potential to overwhelm national capabilities, putting this into context with the new requirements as the Decision on serious cross border threats to health as well as highlighting areas for future development.

  8. A Proven Methodology for Developing Secure Software and Applying It to Ground Systems

    NASA Technical Reports Server (NTRS)

    Bailey, Brandon

    2016-01-01

    Part Two expands upon Part One in an attempt to translate the methodology for ground system personnel. The goal is to build upon the methodology presented in Part One by showing examples and details on how to implement the methodology. Section 1: Ground Systems Overview; Section 2: Secure Software Development; Section 3: Defense in Depth for Ground Systems; Section 4: What Now?

  9. Informatics in Radiology (infoRAD): personal computer security: part 2. Software Configuration and file protection.

    PubMed

    Caruso, Ronald D

    2004-01-01

    Proper configuration of software security settings and proper file management are necessary and important elements of safe computer use. Unfortunately, the configuration of software security options is often not user friendly. Safe file management requires the use of several utilities, most of which are already installed on the computer or available as freeware. Among these file operations are setting passwords, defragmentation, deletion, wiping, removal of personal information, and encryption. For example, Digital Imaging and Communications in Medicine medical images need to be anonymized, or "scrubbed," to remove patient identifying information in the header section prior to their use in a public educational or research environment. The choices made with respect to computer security may affect the convenience of the computing process. Ultimately, the degree of inconvenience accepted will depend on the sensitivity of the files and communications to be protected and the tolerance of the user.

  10. Understanding How the "Open" of Open Source Software (OSS) Will Improve Global Health Security.

    PubMed

    Hahn, Erin; Blazes, David; Lewis, Sheri

    2016-01-01

    Improving global health security will require bold action in all corners of the world, particularly in developing settings, where poverty often contributes to an increase in emerging infectious diseases. In order to mitigate the impact of emerging pandemic threats, enhanced disease surveillance is needed to improve early detection and rapid response to outbreaks. However, the technology to facilitate this surveillance is often unattainable because of high costs, software and hardware maintenance needs, limited technical competence among public health officials, and internet connectivity challenges experienced in the field. One potential solution is to leverage open source software, a concept that is unfortunately often misunderstood. This article describes the principles and characteristics of open source software and how it may be applied to solve global health security challenges. PMID:26889576

  11. A Coverage and Slicing Dependencies Analysis for Seeking Software Security Defects

    PubMed Central

    He, Hui; Zhang, Dongyan; Liu, Min; Zhang, Weizhe; Gao, Dongmin

    2014-01-01

    Software security defects have a serious impact on the software quality and reliability. It is a major hidden danger for the operation of a system that a software system has some security flaws. When the scale of the software increases, its vulnerability has becoming much more difficult to find out. Once these vulnerabilities are exploited, it may lead to great loss. In this situation, the concept of Software Assurance is carried out by some experts. And the automated fault localization technique is a part of the research of Software Assurance. Currently, automated fault localization method includes coverage based fault localization (CBFL) and program slicing. Both of the methods have their own location advantages and defects. In this paper, we have put forward a new method, named Reverse Data Dependence Analysis Model, which integrates the two methods by analyzing the program structure. On this basis, we finally proposed a new automated fault localization method. This method not only is automation lossless but also changes the basic location unit into single sentence, which makes the location effect more accurate. Through several experiments, we proved that our method is more effective. Furthermore, we analyzed the effectiveness among these existing methods and different faults. PMID:24982957

  12. How can we exploit above–belowground interactions to assist in addressing the challenges of food security?

    PubMed Central

    Orrell, Peter; Bennett, Alison E.

    2013-01-01

    Can above–belowground interactions help address issues of food security? We address this question in this manuscript, and review the intersection of above–belowground interactions and food security. We propose that above–belowground interactions could address two strategies identified by Godfray etal. (2010): reducing the Yield Gap, and Increasing Production Limits. In particular, to minimize the difference between potential and realized production (The Yield Gap) above–belowground interactions could be manipulated to reduce losses to pests and increase crop growth (and therefore yields). To Increase Production Limits we propose two mechanisms: utilizing intercropping (which uses multiple aspects of above–belowground interactions) and breeding for traits that promote beneficial above–belowground interactions, as well as breeding mutualistic organisms to improve their provided benefit. As a result, if they are managed correctly, there is great potential for above–belowground interactions to contribute to food security. PMID:24198821

  13. How can we exploit above-belowground interactions to assist in addressing the challenges of food security?

    PubMed

    Orrell, Peter; Bennett, Alison E

    2013-10-30

    Can above-belowground interactions help address issues of food security? We address this question in this manuscript, and review the intersection of above-belowground interactions and food security. We propose that above-belowground interactions could address two strategies identified by Godfray etal. (2010): reducing the Yield Gap, and Increasing Production Limits. In particular, to minimize the difference between potential and realized production (The Yield Gap) above-belowground interactions could be manipulated to reduce losses to pests and increase crop growth (and therefore yields). To Increase Production Limits we propose two mechanisms: utilizing intercropping (which uses multiple aspects of above-belowground interactions) and breeding for traits that promote beneficial above-belowground interactions, as well as breeding mutualistic organisms to improve their provided benefit. As a result, if they are managed correctly, there is great potential for above-belowground interactions to contribute to food security.

  14. Building a gateway with open source software for secure-DICOM communication over insecure networks

    NASA Astrophysics Data System (ADS)

    Emmel, Dirk; Ricke, Jens; Stohlmann, Lutz; Haderer, Alexander; Felix, Roland

    2002-05-01

    For Teleradiology the exchange of DICOM-images is needed for several purposes. Existing solutions often don't consider about the needs for data security and data privacy. Communication is done without any encryption over insecure networks or with encryption using proprietary solutions, which reduces the data communication possibilities to partners with the same equipment. Our goal was to build a gateway, which offers a transparent solution for secure DICOM-communication in a heterogeneous environment We developed a PC-based gateway system with DICOM-communication to the in-house network and secure DICOM communication for the communication over the insecure network. One gateway installed at each location is responsible for encryption/decryption. The sender just transfers the image data over the DICOM protocol to the local gateway. The gateway forwards the data to the gateway on the destination site using the secure DICOM protocol, which is part of the DICOM standard. The receiving gateway forwards the image data to the final destination again using the DICOM-Protocol. The gateway is based on Open Source software and runs under several operating systems. Our experience shows a reliable solution, which solves security issues for DICOM communication of image data and integrates seamless into a heterogeneous DICOM environment.

  15. Architecture design of virtual-optics data security using parallel hardware and software

    NASA Astrophysics Data System (ADS)

    Peng, Xiang; Zhang, Peng; Niu, Hanben

    In this paper, we present an approach of high-efficiency implementation of data security based on virtual-optics imaging methodology (VOIM) with the aid of parallel hardware and parallel software (PHPS) strategy. With this approach, we are able to greatly strengthen the performance of the VOIM through exploiting parallel architecture of the digital signal processor (DSP) and parallel software design. In order to achieve high performance, we build up Master-Slave design architecture with the aid of TMS320C6701-DSP to construct a PHPS implementation scheme for the multimedia data encryption and decryption based on the framework of virtual-optics. In addition, we also adopt software pipelines and other optimization techniques to further strengthen the performance of such a strategy. This approach makes it possible for the VOIM to be realized in real-time applications in embedded systems for multimedia data security. Experiment results with digital image and digital audio signals show the validity of proposed approach.

  16. An Embedded System for Safe, Secure and Reliable Execution of High Consequence Software

    SciTech Connect

    MCCOY,JAMES A.

    2000-08-29

    As more complex and functionally diverse requirements are placed on high consequence embedded applications, ensuring safe and secure operation requires an execution environment that is ultra reliable from a system viewpoint. In many cases the safety and security of the system depends upon the reliable cooperation between the hardware and the software to meet real-time system throughput requirements. The selection of a microprocessor and its associated development environment for an embedded application has the most far-reaching effects on the development and production of the system than any other element in the design. The effects of this choice ripple through the remainder of the hardware design and profoundly affect the entire software development process. While state-of-the-art software engineering principles indicate that an object oriented (OO) methodology provides a superior development environment, traditional programming languages available for microprocessors targeted for deeply embedded applications do not directly support OO techniques. Furthermore, the microprocessors themselves do not typically support nor do they enforce an OO environment. This paper describes a system level approach for the design of a microprocessor intended for use in deeply embedded high consequence applications that both supports and enforces an OO execution environment.

  17. The Need to Address Mobile Device Security in the Higher Education IT Curriculum

    ERIC Educational Resources Information Center

    Patten, Karen P.; Harris, Mark A.

    2013-01-01

    Mobile devices, including smartphones and tablets, enable users to access corporate data from anywhere. In 2013, people will purchase 1.2 billion mobile devices, surpassing personal computers as the most common method for accessing the Internet. However, security of these mobile devices is a major concern for organizations. The two leading…

  18. Status of Global Threat Reduction Initiative's Activities Underway to Address Major Domestic Radiological Security Challenges - 12105

    SciTech Connect

    Cuthbertson, Abigail; Jennison, Meaghan

    2012-07-01

    During their service lives, radioactive sealed sources are used for a wide variety of essential purposes. However, each year, thousands of radioactive sealed sources that pose a potential risk to national security, health, and safety become disused and unwanted in the United States. Due to their concentrated activity and portability, these sources could be used in radiological dispersal devices ('dirty bombs'). For more than a decade, the National Nuclear Security Administration and the U.S. Department of Energy, through the Global Threat Reduction Initiative Offsite Source Recovery Project (GTRI/OSRP), have facilitated the removal and disposition of thousands of disused/unwanted sources worldwide. However, the ability of GTRI/OSRP to continue its work is critically dependent on the ability to transport and appropriately dispose of these sources. On that front, GTRI/OSRP progress includes development of two prototype Type B transport containers and significant efforts toward certification, increased commercial disposal access for risk-significant sealed sources at commercial sites, and cooperation through the International Atomic Energy Agency to increase source repatriation. Disused sealed sources continue to pose a national security concern. The impact of a dirty bomb detonation could be costly both financially and to those exposed to the resulting radiation. However, significant progress has been made since 2008 on each of the challenges identified in the DHS Sealed Source Security Workshop. Not only will there be increased opportunity for commercial disposal of many sizes and types of sealed sources, but also stakeholders are studying front-end solutions to the problem of disused sealed sources, such as financial assurance and recycle. The lack of sealed source transport containers is also likely to be mitigated with the development and certification by NNSA of two new Type B models. Internationally, increased efforts at source repatriation will mitigate the

  19. A resilient and secure software platform and architecture for distributed spacecraft

    NASA Astrophysics Data System (ADS)

    Otte, William R.; Dubey, Abhishek; Karsai, Gabor

    2014-06-01

    A distributed spacecraft is a cluster of independent satellite modules flying in formation that communicate via ad-hoc wireless networks. This system in space is a cloud platform that facilitates sharing sensors and other computing and communication resources across multiple applications, potentially developed and maintained by different organizations. Effectively, such architecture can realize the functions of monolithic satellites at a reduced cost and with improved adaptivity and robustness. Openness of these architectures pose special challenges because the distributed software platform has to support applications from different security domains and organizations, and where information flows have to be carefully managed and compartmentalized. If the platform is used as a robust shared resource its management, configuration, and resilience becomes a challenge in itself. We have designed and prototyped a distributed software platform for such architectures. The core element of the platform is a new operating system whose services were designed to restrict access to the network and the file system, and to enforce resource management constraints for all non-privileged processes Mixed-criticality applications operating at different security labels are deployed and controlled by a privileged management process that is also pre-configuring all information flows. This paper describes the design and objective of this layer.

  20. REVIEW OF THE POTENTIAL OF NUCLEAR HYDROGEN FOR ADDRESSING ENERGY SECURITY AND CLIMATE CHANGE

    SciTech Connect

    James E. O'Brien

    2010-06-01

    Nuclear energy has the potential to exert a major positive impact on energy security and climate change by coupling it to the transportation sector, primarily through hydrogen production. In the short term, this coupling will provide carbon-free hydrogen for upgrading increasingly lower quality petroleum resources such as oil sands, offsetting carbon emissions associated with steam methane reforming. In the intermediate term, nuclear hydrogen will be needed for large-scale production of infrastructure-compatible synthetic liquid fuels. In the long term, there is great potential for the use of hydrogen as a direct vehicle fuel, most likely in the form of light-duty pluggable hybrid hydrogen fuel cell vehicles. This paper presents a review of the potential benefits of large-scale nuclear hydrogen production for energy security (i.e. displacing imported petroleum) and reduction of greenhouse gas emissions. Lifecycle benefits of nuclear energy in this context are presented, with reference to recent major publications on this topic. The status of US and international nuclear hydrogen research programs are discussed. Industry progress toward consumer-grade hydrogen fuel cell vehicles are also be examined.

  1. Security

    ERIC Educational Resources Information Center

    Technology & Learning, 2008

    2008-01-01

    Anytime, anywhere, learning provides opportunities to create digital learning environments for new teaching styles and personalized learning. As part of making sure the program is effective, the safety and security of students and assets are essential--and mandated by law. The Children's Internet Protection Act (CIPA) addresses Internet content…

  2. The ASSESS (Analytic System and Software for Evaluating Safeguards and Security) Outsider module with multiple analyses

    SciTech Connect

    Snell, M.K.; Winblad, A.E. ); Bingham, B.; Key, B.; Walker, S. )

    1990-01-01

    The Analytic System and Software for Evaluating Safeguards and Security (ASSESS) includes modules for analyzing vulnerabilities against outsider and insider adversaries. The ASSESS Outsider Analysis Module has been upgraded to allow for defining, analyzing, and displaying the results of multiple analyses. Once a set of threat definitions have been defined in one Outsider file, they can be readily copied to other Outsider files. This multiple analysis, or batch, mode of operation provides an efficient way of covering the standard DOE outsider threat spectrum. A new approach for coupling the probability of interruption, P(I), values and values calculated by the ASSESS Neutralization module has been implemented in Outsider and is described. An enhanced capability for printing results of these multiple analyses is also included in the upgraded Outside module. 7 refs., 7 figs., 1 tab.

  3. An evaluation of security measures implemented to address physical threats to water infrastructure in the state of Mississippi.

    PubMed

    Barrett, Jason R; French, P Edward

    2013-01-01

    The events of September 11, 2001, increased and intensified domestic preparedness efforts in the United States against terrorism and other threats. The heightened focus on protecting this nation's critical infrastructure included legislation requiring implementation of extensive new security measures to better defend water supply systems against physical, chemical/biological, and cyber attacks. In response, municipal officials have implemented numerous safeguards to reduce the vulnerability of these systems to purposeful intrusions including ongoing vulnerability assessments, extensive personnel training, and highly detailed emergency response and communication plans. This study evaluates fiscal year 2010 annual compliance assessments of public water systems with security measures that were implemented by Mississippi's Department of Health as a response to federal requirements to address these potential terrorist threats to water distribution systems. The results show that 20 percent of the water systems in this state had at least one security violation on their 2010 Capacity Development Assessment, and continued perseverance from local governments is needed to enhance the resiliency and robustness of these systems against physical threats.

  4. An evaluation of security measures implemented to address physical threats to water infrastructure in the state of Mississippi.

    PubMed

    Barrett, Jason R; French, P Edward

    2013-01-01

    The events of September 11, 2001, increased and intensified domestic preparedness efforts in the United States against terrorism and other threats. The heightened focus on protecting this nation's critical infrastructure included legislation requiring implementation of extensive new security measures to better defend water supply systems against physical, chemical/biological, and cyber attacks. In response, municipal officials have implemented numerous safeguards to reduce the vulnerability of these systems to purposeful intrusions including ongoing vulnerability assessments, extensive personnel training, and highly detailed emergency response and communication plans. This study evaluates fiscal year 2010 annual compliance assessments of public water systems with security measures that were implemented by Mississippi's Department of Health as a response to federal requirements to address these potential terrorist threats to water distribution systems. The results show that 20 percent of the water systems in this state had at least one security violation on their 2010 Capacity Development Assessment, and continued perseverance from local governments is needed to enhance the resiliency and robustness of these systems against physical threats. PMID:24187744

  5. ASSESS (Analytic System and Software for Evaluating Safeguards and Security) update: Current status and future developments

    SciTech Connect

    Al-Ayat, R.A. ); Cousins, T.D. ); Hoover, E.R. )

    1990-07-15

    The Analytic System and Software for Evaluating Safeguards and Security (ASSESS) has been released for use by DOE field offices and their contractors. In October, 1989, we offered a prototype workshop to selected representatives of the DOE community. Based on the prototype results, we held the first training workshop at the Central Training Academy in January, 1990. Four additional workshops are scheduled for FY 1990. ASSESS is a state-of-the-art analytical tool for management to conduct integrated evaluation of safeguards systems at facilities handling facilities. Currently, ASSESS focuses on the threat of theft/diversion of special nuclear material by insiders, outsiders, and a special form of insider/outsider collusion. ASSESS also includes a neutralization module. Development of the tool is continuing. Plans are underway to expand the capabilities of ASSESS to evaluate against violent insiders, to validate the databases, to expand the neutralization module, and to assist in demonstrating compliance with DOE Material Control and Accountability (MC A) Order 5633.3. These new capabilities include the ability to: compute a weighted average for performance capability against a spectrum of insider adversaries; conduct defense-in-depth analyses; and analyze against protracted theft scenarios. As they become available, these capabilities will be incorporated in our training program. ASSESS is being developed jointly by Lawrence Livermore and Sandia National Laboratories under the sponsorship of the Department of Energy (DOE) Office of Safeguards and Security.

  6. Creating a clinical video-conferencing facility in a security-constrained environment using open-source AccessGrid software and consumer hardware.

    PubMed

    Terrazas, Enrique; Hamill, Timothy R; Wang, Ye; Channing Rodgers, R P

    2007-10-11

    The Department of Laboratory Medicine at the University of California, San Francisco (UCSF) has been split into widely separated facilities, leading to much time being spent traveling between facilities for meetings. We installed an open-source AccessGrid multi-media-conferencing system using (largely) consumer-grade equipment, connecting 6 sites at 5 separate facilities. The system was accepted rapidly and enthusiastically, and was inexpensive compared to alternative approaches. Security was addressed by aspects of the AG software and by local network administrative practices. The chief obstacles to deployment arose from security restrictions imposed by multiple independent network administration regimes, requiring a drastically reduced list of network ports employed by AG components.

  7. Creating a Clinical Video-Conferencing Facility in a Security-Constrained Environment Using Open-Source AccessGrid Software and Consumer Hardware

    PubMed Central

    Terrazas, Enrique; Hamill, Timothy R.; Wang, Ye; Channing Rodgers, R. P.

    2007-01-01

    The Department of Laboratory Medicine at the University of California, San Francisco (UCSF) has been split into widely separated facilities, leading to much time being spent traveling between facilities for meetings. We installed an open-source AccessGrid multi-media-conferencing system using (largely) consumer-grade equipment, connecting 6 sites at 5 separate facilities. The system was accepted rapidly and enthusiastically, and was inexpensive compared to alternative approaches. Security was addressed by aspects of the AG software and by local network administrative practices. The chief obstacles to deployment arose from security restrictions imposed by multiple independent network administration regimes, requiring a drastically reduced list of network ports employed by AG components. PMID:18693930

  8. Policy Framework for Addressing Personal Security Issues Concerning Women and Girls. National Strategy on Community Safety and Crime Prevention.

    ERIC Educational Resources Information Center

    National Crime Prevention Centre, Ottawa (Ontario).

    This document presents a policy framework for improving the personal security of women and girls. The document includes: (1) "Introduction"; (2) "Policy Background" (the concept of personal security, the societal context of women's personal security, consequences of violence for women and girls, long-term policy concern, and building an integrated…

  9. Addressing the Complexity of Mobile App Design in Hospital Setting with a Tailored Software Development Life Cycle Model.

    PubMed

    Ehrler, Frederic; Lovis, Christian; Blondon, Katherine

    2016-01-01

    Recent studies on workflow processes in hospital settings have shown that, since the introduction of EHRs, care-providers spend an increasing amount of their time on documentation rather than on bedside patient care. In order to improve the bedside work process and facilitate bedside documentation, we are developing an evidence-based mobile app for healthcare providers. In this paper, we present a tailored software development life cycle model that we created and validated during the design and development of this smartphone application. PMID:27577371

  10. Towards improving software security by using simulation to inform requirements and conceptual design

    SciTech Connect

    Nutaro, James J.; Allgood, Glenn O.; Kuruganti, Teja

    2015-06-17

    We illustrate the use of modeling and simulation early in the system life-cycle to improve security and reduce costs. The models that we develop for this illustration are inspired by problems in reliability analysis and supervisory control, for which similar models are used to quantify failure probabilities and rates. In the context of security, we propose that models of this general type can be used to understand trades between risk and cost while writing system requirements and during conceptual design, and thereby significantly reduce the need for expensive security corrections after a system enters operation

  11. Software Quality and Security in Teachers' and Students' Codes When Learning a New Programming Language

    ERIC Educational Resources Information Center

    Boutnaru, Shlomi; Hershkovitz, Arnon

    2015-01-01

    In recent years, schools (as well as universities) have added cyber security to their computer science curricula. This topic is still new for most of the current teachers, who would normally have a standard computer science background. Therefore the teachers are trained and then teaching their students what they have just learned. In order to…

  12. National Institute of Justice (NIJ): improving the effectiveness of law enforcement via homeland security technology improvements (Keynote Address)

    NASA Astrophysics Data System (ADS)

    Morgan, John S.

    2005-05-01

    Law enforcement agencies play a key role in protecting the nation from and responding to terrorist attacks. Preventing terrorism and promoting the nation"s security is the Department of Justice"s number one strategic priority. This is reflected in its technology development efforts, as well as its operational focus. The National Institute of Justice (NIJ) is the national focal point for the research, development, test and evaluation of technology for law enforcement. In addition to its responsibilities in supporting day-to-day criminal justice needs in areas such as less lethal weapons and forensic science, NIJ also provides critical support for counter-terrorism capacity improvements in state and local law enforcement in several areas. The most important of these areas are bomb response, concealed weapons detection, communications and information technology, which together offer the greatest potential benefit with respect to improving the ability to law enforcement agencies to respond to all types of crime including terrorist acts. NIJ coordinates its activities with several other key federal partners, including the Department of Homeland Security"s Science and Technology Directorate, the Technical Support Working Group, and the Department of Defense.

  13. Keynote Address "Preserving the Past to Secure the Future": The Center for Indian Education--The Next 50 Years

    ERIC Educational Resources Information Center

    Roessel, Monty

    2011-01-01

    This article presents the keynote address given by Dr. Monty Roessel, Superintendent of the Rough Rock (Navajo) Community School, at the Center for Indian Education Relaunch Celebration held on the ASU Tempe campus May 6, 2011. Here, the author reflects on the legacy of the Center, co-founded by his father, Dr. Robert A. (Bob) Roessel, Jr., who…

  14. Sixth Warren K. Sinclair keynote address: The role of a strong regulator in safe and secure nuclear energy.

    PubMed

    Lyons, Peter B

    2011-01-01

    The history of nuclear regulation is briefly reviewed to underscore the early recognition that independence of the regulator was essential in achieving and maintaining public credibility. The current licensing process is reviewed along with the status of applications. Challenges faced by both the NRC and the industry are reviewed, such as new construction techniques involving modular construction, digital controls replacing analog circuitry, globalization of the entire supply chain, and increased security requirements. The vital area of safety culture is discussed in some detail, and its importance is emphasized.

  15. Sixth Warren K. Sinclair keynote address: The role of a strong regulator in safe and secure nuclear energy.

    PubMed

    Lyons, Peter B

    2011-01-01

    The history of nuclear regulation is briefly reviewed to underscore the early recognition that independence of the regulator was essential in achieving and maintaining public credibility. The current licensing process is reviewed along with the status of applications. Challenges faced by both the NRC and the industry are reviewed, such as new construction techniques involving modular construction, digital controls replacing analog circuitry, globalization of the entire supply chain, and increased security requirements. The vital area of safety culture is discussed in some detail, and its importance is emphasized. PMID:21399404

  16. Space Station Software Issues

    NASA Technical Reports Server (NTRS)

    Voigt, S. (Editor); Beskenis, S. (Editor)

    1985-01-01

    Issues in the development of software for the Space Station are discussed. Software acquisition and management, software development environment, standards, information system support for software developers, and a future software advisory board are addressed.

  17. Toward improved software security training using a cyber warfare opposing force (CW OPFOR): the knowledge base design

    NASA Astrophysics Data System (ADS)

    Stytz, Martin R.; Banks, Sheila B.

    2005-03-01

    "Train the way you will fight" has been a guiding principle for military training and has served the warfighter well as evidenced by numerous successful operations over the last decade. This need for realistic training for all combatants has been recognized and proven by the warfighter and continues to guide military training. However, to date, this key training principle has not been applied fully in the arena of cyberwarfare due to the lack of realistic, cost effective, reasonable, and formidable cyberwarfare opponents. Recent technological advances, improvements in the capability of computer-generated forces (CGFs) to emulate human behavior, and current results in research in information assurance and software protection, coupled with increasing dependence upon information superiority, indicate that the cyberbattlespace will be a key aspect of future conflict and that it is time to address the cyberwarfare training shortfall. To address the need for a cyberwarfare training and defensive testing capability, we propose research and development to yield a prototype computerized, semi-autonomous (SAF) red team capability. We term this capability the Cyber Warfare Opposing Force (CW OPFOR). There are several technologies that are now mature enough to enable, for the first time, the development of this powerful, effective, high fidelity CW OPFOR. These include improved knowledge about cyberwarfare attack and defense, improved techniques for assembling CGFs, improved techniques for capturing and expressing knowledge, software technologies that permit effective rapid prototyping to be effectively used on large projects, and the capability for effective hybrid reasoning systems. Our development approach for the CW OPFOR lays out several phases in order to address these requirements in an orderly manner and to enable us to test the capabilities of the CW OPFOR and exploit them as they are developed. We have completed the first phase of the research project, which

  18. Key Considerations of Community, Scalability, Supportability, Security, and Functionality in Selecting Open-Source Software in California Universities as Perceived by Technology Leaders

    ERIC Educational Resources Information Center

    Britton, Todd Alan

    2014-01-01

    Purpose: The purpose of this study was to examine the key considerations of community, scalability, supportability, security, and functionality for selecting open-source software in California universities as perceived by technology leaders. Methods: After a review of the cogent literature, the key conceptual framework categories were identified…

  19. Final Report "CoDeveloper: A Secure Web-Invocable Collaborative Software Development Tool"

    SciTech Connect

    Svetlana Shasharina

    2005-11-27

    Modern scientific simulations generate large datasets at remote sites with appropriate resources (supercomputers and clusters). Bringing these large datasets to the computers of all members of a distributed team of collaborators is often impractical or even impossible: there might not be enough bandwidth, storage capacity or appropriate data analysis and visualization tools locally available. To address the need to access remote data, avoid heavy Internet traffic and unnecessary data replication, Tech-X Corporation developed a tool, which allows running remote data visualization collaboratively and sharing the visualization objects as they get generated. The size of these objects is typically much smaller than the size of the original data. For marketing reasons, we renamed the product CoReViz. The detailed information on this product can be found at http://www.txcorp.com/products/CoReViz/. We installed and tested this tool at multiple machines at Tech-X and on seaborg at NERSC. In what follows, we give a detailed description of this tool.

  20. Beyond engagement in working with children in eight Nairobi slums to address safety, security, and housing: Digital tools for policy and community dialogue.

    PubMed

    Mitchell, Claudia; Chege, Fatuma; Maina, Lucy; Rothman, Margot

    2016-01-01

    This article studies the ways in which researchers working in the area of health and social research and using participatory visual methods might extend the reach of participant-generated creations such as photos and drawings to engage community leaders and policy-makers. Framed as going 'beyond engagement', the article explores the idea of the production of researcher-led digital dialogue tools, focusing on one example, based on a series of visual arts-based workshops with children from eight slums in Nairobi addressing issues of safety, security, and well-being in relation to housing. The authors conclude that there is a need for researchers to embark upon the use of visual tools to expand the life and use of visual productions, and in particular to ensure meaningful participation of communities in social change. PMID:27132645

  1. Beyond engagement in working with children in eight Nairobi slums to address safety, security, and housing: Digital tools for policy and community dialogue.

    PubMed

    Mitchell, Claudia; Chege, Fatuma; Maina, Lucy; Rothman, Margot

    2016-01-01

    This article studies the ways in which researchers working in the area of health and social research and using participatory visual methods might extend the reach of participant-generated creations such as photos and drawings to engage community leaders and policy-makers. Framed as going 'beyond engagement', the article explores the idea of the production of researcher-led digital dialogue tools, focusing on one example, based on a series of visual arts-based workshops with children from eight slums in Nairobi addressing issues of safety, security, and well-being in relation to housing. The authors conclude that there is a need for researchers to embark upon the use of visual tools to expand the life and use of visual productions, and in particular to ensure meaningful participation of communities in social change.

  2. NASA's Approach to Software Assurance

    NASA Technical Reports Server (NTRS)

    Wetherholt, Martha

    2015-01-01

    NASA defines software assurance as: the planned and systematic set of activities that ensure conformance of software life cycle processes and products to requirements, standards, and procedures via quality, safety, reliability, and independent verification and validation. NASA's implementation of this approach to the quality, safety, reliability, security and verification and validation of software is brought together in one discipline, software assurance. Organizationally, NASA has software assurance at each NASA center, a Software Assurance Manager at NASA Headquarters, a Software Assurance Technical Fellow (currently the same person as the SA Manager), and an Independent Verification and Validation Organization with its own facility. An umbrella risk mitigation strategy for safety and mission success assurance of NASA's software, software assurance covers a wide area and is better structured to address the dynamic changes in how software is developed, used, and managed, as well as it's increasingly complex functionality. Being flexible, risk based, and prepared for challenges in software at NASA is essential, especially as much of our software is unique for each mission.

  3. Quality and security - They work together

    NASA Technical Reports Server (NTRS)

    Carr, Richard; Tynan, Marie; Davis, Russell

    1991-01-01

    This paper describes the importance of considering computer security as part of software quality assurance practice. The intended audience is primarily those professionals involved in the design, development, and quality assurance of software. Many issues are raised which point to the need ultimately for integration of quality assurance and computer security disciplines. To address some of the issues raised, the NASA Automated Information Security program is presented as a model which may be used for improving interactions between the quality assurance and computer security community of professionals.

  4. Addressing the impact of environmental uncertainty in plankton model calibration with a dedicated software system: the Marine Model Optimization Testbed (MarMOT)

    NASA Astrophysics Data System (ADS)

    Hemmings, J. C. P.; Challenor, P. G.

    2011-08-01

    A wide variety of different marine plankton system models have been coupled with ocean circulation models, with the aim of understanding and predicting aspects of environmental change. However, an ability to make reliable inferences about real-world processes from the model behaviour demands a quantitative understanding of model error that remains elusive. Assessment of coupled model output is inhibited by relatively limited observing system coverage of biogeochemical components. Any direct assessment of the plankton model is further inhibited by uncertainty in the physical state. Furthermore, comparative evaluation of plankton models on the basis of their design is inhibited by the sensitivity of their dynamics to many adjustable parameters. The Marine Model Optimization Testbed is a new software tool designed for rigorous analysis of plankton models in a multi-site 1-D framework, in particular to address uncertainty issues in model assessment. A flexible user interface ensures its suitability to more general inter-comparison, sensitivity and uncertainty analyses, including model comparison at the level of individual processes, and to state estimation for specific locations. The principal features of MarMOT are described and its application to model calibration is demonstrated by way of a set of twin experiments, in which synthetic observations are assimilated in an attempt to recover the true parameter values of a known system. The experimental aim is to investigate the effect of different misfit weighting schemes on parameter recovery in the presence of error in the plankton model's environmental input data. Simulated errors are derived from statistical characterizations of the mixed layer depth, the horizontal flux divergences of the biogeochemical tracers and the initial state. Plausible patterns of uncertainty in these data are shown to produce strong temporal and spatial variability in the expected simulation error over an annual cycle, indicating

  5. Addressing the impact of environmental uncertainty in plankton model calibration with a dedicated software system: the Marine Model Optimization Testbed (MarMOT 1.1 alpha)

    NASA Astrophysics Data System (ADS)

    Hemmings, J. C. P.; Challenor, P. G.

    2012-04-01

    A wide variety of different plankton system models have been coupled with ocean circulation models, with the aim of understanding and predicting aspects of environmental change. However, an ability to make reliable inferences about real-world processes from the model behaviour demands a quantitative understanding of model error that remains elusive. Assessment of coupled model output is inhibited by relatively limited observing system coverage of biogeochemical components. Any direct assessment of the plankton model is further inhibited by uncertainty in the physical state. Furthermore, comparative evaluation of plankton models on the basis of their design is inhibited by the sensitivity of their dynamics to many adjustable parameters. Parameter uncertainty has been widely addressed by calibrating models at data-rich ocean sites. However, relatively little attention has been given to quantifying uncertainty in the physical fields required by the plankton models at these sites, and tendencies in the biogeochemical properties due to the effects of horizontal processes are often neglected. Here we use model twin experiments, in which synthetic data are assimilated to estimate a system's known "true" parameters, to investigate the impact of error in a plankton model's environmental input data. The experiments are supported by a new software tool, the Marine Model Optimization Testbed, designed for rigorous analysis of plankton models in a multi-site 1-D framework. Simulated errors are derived from statistical characterizations of the mixed layer depth, the horizontal flux divergence tendencies of the biogeochemical tracers and the initial state. Plausible patterns of uncertainty in these data are shown to produce strong temporal and spatial variability in the expected simulation error variance over an annual cycle, indicating variation in the significance attributable to individual model-data differences. An inverse scheme using ensemble-based estimates of the

  6. A Single Case Design Evaluation of a Software and Tutor Intervention Addressing Emotion Recognition and Social Interaction in Four Boys with ASD

    ERIC Educational Resources Information Center

    Lacava, Paul G.; Rankin, Ana; Mahlios, Emily; Cook, Katie; Simpson, Richard L.

    2010-01-01

    Many students with Autism Spectrum Disorders (ASD) have delays learning to recognize emotions. Social behavior is also challenging, including initiating interactions, responding to others, developing peer relationships, and so forth. In this single case design study we investigated the relationship between use of computer software ("Mind Reading:…

  7. How agro-ecological research helps to address food security issues under new IPM and pesticide reduction policies for global crop production systems.

    PubMed

    E Birch, A Nicholas; Begg, Graham S; Squire, Geoffrey R

    2011-06-01

    Drivers behind food security and crop protection issues are discussed in relation to food losses caused by pests. Pests globally consume food estimated to feed an additional one billion people. Key drivers include rapid human population increase, climate change, loss of beneficial on-farm biodiversity, reduction in per capita cropped land, water shortages, and EU pesticide withdrawals under policies relating to 91/414 EEC. IPM (Integrated Pest Management) will be compulsory for all EU agriculture by 2014 and is also being widely adopted globally. IPM offers a 'toolbox' of complementary crop- and region-specific crop protection solutions to address these rising pressures. IPM aims for more sustainable solutions by using complementary technologies. The applied research challenge now is to reduce selection pressure on single solution strategies, by creating additive/synergistic interactions between IPM components. IPM is compatible with organic, conventional, and GM cropping systems and is flexible, allowing regional fine-tuning. It reduces pests below economic thresholds utilizing key 'ecological services', particularly biocontrol. A recent global review demonstrates that IPM can reduce pesticide use and increase yields of most of the major crops studied. Landscape scale 'ecological engineering', together with genetic improvement of new crop varieties, will enhance the durability of pest-resistant cultivars (conventional and GM). IPM will also promote compatibility with semiochemicals, biopesticides, precision pest monitoring tools, and rapid diagnostics. These combined strategies are urgently needed and are best achieved via multi-disciplinary research, including complex spatio-temporal modelling at farm and landscape scales. Integrative and synergistic use of existing and new IPM technologies will help meet future food production needs more sustainably in developed and developing countries, in an era of reduced pesticide availability. Current IPM research gaps are

  8. Idaho National Laboratory/Nuclear Power Industry Strategic Plan for Light Water Reactor Research and Development An Industry-Government Partnership to Address Climate Change and Energy Security

    SciTech Connect

    Electric Power Research

    2007-11-01

    The dual issues of energy security and climate change mitigation are driving a renewed debate over how to best provide safe, secure, reliable and environmentally responsible electricity to our nation. The combination of growing energy demand and aging electricity generation infrastructure suggests major new capacity additions will be required in the years ahead.

  9. Strengthening Software Authentication with the ROSE Software Suite

    SciTech Connect

    White, G

    2006-06-15

    Many recent nonproliferation and arms control software projects include a software authentication regime. These include U.S. Government-sponsored projects both in the United States and in the Russian Federation (RF). This trend toward requiring software authentication is only accelerating. Demonstrating assurance that software performs as expected without hidden ''backdoors'' is crucial to a project's success. In this context, ''authentication'' is defined as determining that a software package performs only its intended purpose and performs said purpose correctly and reliably over the planned duration of an agreement. In addition to visual inspections by knowledgeable computer scientists, automated tools are needed to highlight suspicious code constructs, both to aid visual inspection and to guide program development. While many commercial tools are available for portions of the authentication task, they are proprietary and not extensible. An open-source, extensible tool can be customized to the unique needs of each project (projects can have both common and custom rules to detect flaws and security holes). Any such extensible tool has to be based on a complete language compiler. ROSE is precisely such a compiler infrastructure developed within the Department of Energy (DOE) and targeted at the optimization of scientific applications and user-defined libraries within large-scale applications (typically applications of a million lines of code). ROSE is a robust, source-to-source analysis and optimization infrastructure currently addressing large, million-line DOE applications in C and C++ (handling the full C, C99, C++ languages and with current collaborations to support Fortran90). We propose to extend ROSE to address a number of security-specific requirements, and apply it to software authentication for nonproliferation and arms control projects.

  10. Software Update.

    ERIC Educational Resources Information Center

    Currents, 2000

    2000-01-01

    A chart of 40 alumni-development database systems provides information on vendor/Web site, address, contact/phone, software name, price range, minimum suggested workstation/suggested server, standard reports/reporting tools, minimum/maximum record capacity, and number of installed sites/client type. (DB)

  11. Software Patents.

    ERIC Educational Resources Information Center

    Burke, Edmund B.

    1994-01-01

    Outlines basic patent law information that pertains to computer software programs. Topics addressed include protection in other countries; how to obtain patents; kinds of patents; duration; classes of patentable subject matter, including machines and processes; patentability searches; experimental use prior to obtaining a patent; and patent…

  12. Antiterrorist Software

    NASA Technical Reports Server (NTRS)

    Clark, David A.

    1998-01-01

    In light of the escalation of terrorism, the Department of Defense spearheaded the development of new antiterrorist software for all Government agencies by issuing a Broad Agency Announcement to solicit proposals. This Government-wide competition resulted in a team that includes NASA Lewis Research Center's Computer Services Division, who will develop the graphical user interface (GUI) and test it in their usability lab. The team launched a program entitled Joint Sphere of Security (JSOS), crafted a design architecture (see the following figure), and is testing the interface. This software system has a state-ofthe- art, object-oriented architecture, with a main kernel composed of the Dynamic Information Architecture System (DIAS) developed by Argonne National Laboratory. DIAS will be used as the software "breadboard" for assembling the components of explosions, such as blast and collapse simulations.

  13. Computer Security Systems Enable Access.

    ERIC Educational Resources Information Center

    Riggen, Gary

    1989-01-01

    A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

  14. Addressing Concerns.

    ERIC Educational Resources Information Center

    Cronin, Greg; Helmig, Mary; Kaplan, Bill; Kosch, Sharon

    2002-01-01

    Four camp directors discuss how the September 11 tragedy and current world events will affect their camps. They describe how they are addressing safety concerns, working with parents, cooperating with outside agencies, hiring and screening international staff, and revising emergency plans. Camps must continue to offer community and support to…

  15. Hybrid architecture for building secure sensor networks

    NASA Astrophysics Data System (ADS)

    Owens, Ken R., Jr.; Watkins, Steve E.

    2012-04-01

    Sensor networks have various communication and security architectural concerns. Three approaches are defined to address these concerns for sensor networks. The first area is the utilization of new computing architectures that leverage embedded virtualization software on the sensor. Deploying a small, embedded virtualization operating system on the sensor nodes that is designed to communicate to low-cost cloud computing infrastructure in the network is the foundation to delivering low-cost, secure sensor networks. The second area focuses on securing the sensor. Sensor security components include developing an identification scheme, and leveraging authentication algorithms and protocols that address security assurance within the physical, communication network, and application layers. This function will primarily be accomplished through encrypting the communication channel and integrating sensor network firewall and intrusion detection/prevention components to the sensor network architecture. Hence, sensor networks will be able to maintain high levels of security. The third area addresses the real-time and high priority nature of the data that sensor networks collect. This function requires that a quality-of-service (QoS) definition and algorithm be developed for delivering the right data at the right time. A hybrid architecture is proposed that combines software and hardware features to handle network traffic with diverse QoS requirements.

  16. Lemnos Interoperable Security Program

    SciTech Connect

    Stewart, John; Halbgewachs, Ron; Chavez, Adrian; Smith, Rhett; Teumim, David

    2012-01-31

    The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relating to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or tunnels , to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock

  17. Addressing healthcare.

    PubMed

    Daly, Rich

    2013-02-11

    Though President Barack Obama has rarely made healthcare references in his State of the Union addresses, health policy experts are hoping he changes that strategy this year. "The question is: Will he say anything? You would hope that he would, given that that was the major issue he started his presidency with," says Dr. James Weinstein, left, of the Dartmouth-Hitchcock health system. PMID:23487896

  18. Software Configuration Management Guidebook

    NASA Technical Reports Server (NTRS)

    1995-01-01

    The growth in cost and importance of software to NASA has caused NASA to address the improvement of software development across the agency. One of the products of this program is a series of guidebooks that define a NASA concept of the assurance processes which are used in software development. The Software Assurance Guidebook, SMAP-GB-A201, issued in September, 1989, provides an overall picture of the concepts and practices of NASA in software assurance. Lower level guidebooks focus on specific activities that fall within the software assurance discipline, and provide more detailed information for the manager and/or practitioner. This is the Software Configuration Management Guidebook which describes software configuration management in a way that is compatible with practices in industry and at NASA Centers. Software configuration management is a key software development process, and is essential for doing software assurance.

  19. Opening Address

    NASA Astrophysics Data System (ADS)

    Abalakin, V. K.

    1997-03-01

    Dear Colleagues, It is a great pleasure and honor for me to invite you on the occasion of the IAU Colloquium International Cooperation in Dissemination of the Astronomical Data to the Central (Pulkovo) Astronomical Observatory of the Russian Academy of Sciences. This distinguished gathering of experts in the vast field of modern methods for archiving and managing almost infinite astronomical data files of everlasting value will doubtlessly make a considerable and important contribution to success in the present and future research in astronomy. All of us are witnesses of a great technological, even psychological upturn that occurs in the everyday astronomical practice. The small but the most powerful handy devices known as desktop, laptop, or even palm-top PCs, have rendered a tedious calculating work and stressing search in the card-file or book-form catalogs to a pure pleasure and raised an admiration for those brilliant minds that have invented such a kind of hard- and software. The networks of all kinds and sorts -- Internet, Bitnet, World Wide Web, etc. -- have realized ancient dreams of a Man to fly with thought all over the world communicating with other human beings. But ... don't forget that the most real and valuable communication is the live one, when one can see the face and the eyes of his (or her) partner, listen to his voice as large as life, and the only opportunity for this is to stay together. And this just occurs at the colloquium like ours! So, let me heartily welcome you to the Pulkovo Observatory.

  20. Inaugural address

    NASA Astrophysics Data System (ADS)

    Joshi, P. S.

    2014-03-01

    From jets to cosmos to cosmic censorship P S Joshi Tata Institute of Fundamental Research, Homi Bhabha Road, Colaba, Mumbai 400005, India E-mail: psj@tifr.res.in 1. Introduction At the outset, I should like to acknowledge that part of the title above, which tries to capture the main flavour of this meeting, and has been borrowed from one of the plenary talks at the conference. When we set out to make the programme for the conference, we thought of beginning with observations on the Universe, but then we certainly wanted to go further and address deeper questions, which were at the very foundations of our inquiry, and understanding on the nature and structure of the Universe. I believe, we succeeded to a good extent, and it is all here for you in the form of these Conference Proceedings, which have been aptly titled as 'Vishwa Mimansa', which could be possibly translated as 'Analysis of the Universe'! It is my great pleasure and privilege to welcome you all to the ICGC-2011 meeting at Goa. The International Conference on Gravitation and Cosmology (ICGC) series of meetings are being organized by the Indian Association for General Relativity and Gravitation (IAGRG), and the first such meeting was planned and conducted in Goa in 1987, with subsequent meetings taking place at a duration of about four years at various locations in India. So, it was thought appropriate to return to Goa to celebrate the 25 years of the ICGC meetings. The recollections from that first meeting have been recorded elsewhere here in these Proceedings. The research and teaching on gravitation and cosmology was initiated quite early in India, by V V Narlikar at the Banares Hindu University, and by N R Sen in Kolkata in the 1930s. In course of time, this activity grew and gained momentum, and in early 1969, at the felicitation held for the 60 years of V V Narlikar at a conference in Ahmedabad, P C Vaidya proposed the formation of the IAGRG society, with V V Narlikar being the first President. This

  1. Computer security engineering management

    SciTech Connect

    McDonald, G.W.

    1988-01-01

    For best results, computer security should be engineered into a system during its development rather than being appended later on. This paper addresses the implementation of computer security in eight stages through the life cycle of the system; starting with the definition of security policies and ending with continuing support for the security aspects of the system throughout its operational life cycle. Security policy is addressed relative to successive decomposition of security objectives (through policy, standard, and control stages) into system security requirements. This is followed by a discussion of computer security organization and responsibilities. Next the paper directs itself to analysis and management of security-related risks, followed by discussion of design and development of the system itself. Discussion of security test and evaluation preparations, and approval to operate (certification and accreditation), is followed by discussion of computer security training for users is followed by coverage of life cycle support for the security of the system.

  2. Opening Address

    NASA Astrophysics Data System (ADS)

    Yamada, T.

    2014-12-01

    Ladies and Gentlemen, it is my great honor and pleasure to present an opening address of the 3rd International Workshop on "State of the Art in Nuclear Cluster Physics"(SOTANCP3). On the behalf of the organizing committee, I certainly welcome all your visits to KGU Kannai Media Center belonging to Kanto Gakuin University, and stay in Yokohama. In particular, to whom come from abroad more than 17 countries, I would appreciate your participations after long long trips from your homeland to Yokohama. The first international workshop on "State of the Art in Nuclear Cluster Physics", called SOTANCP, was held in Strasbourg, France, in 2008, and the second one was held in Brussels, Belgium, in 2010. Then the third workshop is now held in Yokohama. In this period, we had the traditional 10th cluster conference in Debrecen, Hungary, in 2012. Thus we have the traditional cluster conference and SOTANCP, one after another, every two years. This obviously shows our field of nuclear cluster physics is very active and flourishing. It is for the first time in about 10 years to hold the international workshop on nuclear cluster physics in Japan, because the last cluster conference held in Japan was in Nara in 2003, about 10 years ago. The president in Nara conference was Prof. K. Ikeda, and the chairpersons were Prof. H. Horiuchi and Prof. I. Tanihata. I think, quite a lot of persons in this room had participated at the Nara conference. Since then, about ten years passed. So, this workshop has profound significance for our Japanese colleagues. The subjects of this workshop are to discuss "the state of the art in nuclear cluster physics" and also discuss the prospect of this field. In a couple of years, we saw significant progresses of this field both in theory and in experiment, which have brought better and new understandings on the clustering aspects in stable and unstable nuclei. I think, the concept of clustering has been more important than ever. This is true also in the

  3. Convocation address.

    PubMed

    Ghatowar, P S

    1993-07-01

    The Union Deputy Minister of Health and Family Welfare in India addressed the 35th convocation of the International Institute for Population Sciences in Bombay in 1993. Officials in developing countries have been concerned about population growth for more than 30 years and have instituted policies to reduce population growth. In the 1960s, population growth in developing countries was around 2.5%, but today it is about 2%. Despite this decline, the world will have 1 billion more individuals by the year 2001. 95% of these new people will be born in developing countries. India's population size is so great that India does not have the time to wait for development to reduce population growth. Population needs to be viewed as an integrated part of overall development, since it is linked to poverty, illiteracy, environmental damage, gender issues, and reproductive health. Despite a large population size, India has made some important advancements in health and family planning. For example, India has reduced population growth (to 2.14% annually between 1981-1991), infant mortality, and its birth rate. It has increased the contraceptive use rate and life expectancy. Its southern states have been more successful at achieving demographic goals than have the northern states. India needs to implement efforts to improve living conditions, to change attitudes and perceptions about small families and contraception, and to promote family planning acceptance earlier among young couples. Improvement of living conditions is especially important in India, since almost 33% of the people live in poverty. India needs to invest in nutrition, health, and education. The mass media and nongovernmental organizations need to create population awareness and demand for family planning services. Improvement in women's status accelerates fertility decline, as has happened in Kerala State. The government needs to facilitate generation of jobs. Community participation is needed for India to achieve

  4. Software assurance standard

    NASA Technical Reports Server (NTRS)

    1992-01-01

    This standard specifies the software assurance program for the provider of software. It also delineates the assurance activities for the provider and the assurance data that are to be furnished by the provider to the acquirer. In any software development effort, the provider is the entity or individual that actually designs, develops, and implements the software product, while the acquirer is the entity or individual who specifies the requirements and accepts the resulting products. This standard specifies at a high level an overall software assurance program for software developed for and by NASA. Assurance includes the disciplines of quality assurance, quality engineering, verification and validation, nonconformance reporting and corrective action, safety assurance, and security assurance. The application of these disciplines during a software development life cycle is called software assurance. Subsequent lower-level standards will specify the specific processes within these disciplines.

  5. Welcome Address

    NASA Astrophysics Data System (ADS)

    Kiku, H.

    2014-12-01

    Ladies and Gentlemen, It is an honor for me to present my welcome address in the 3rd International Workshop on "State of the Art in Nuclear Cluster Physics"(SOTANCP3), as the president of Kanto Gakuin University. Particularly to those from abroad more than 17 countries, I am very grateful for your participation after long long trips from your home to Yokohama. On the behalf of the Kanto Gakuin University, we certainly welcome your visit to our university and stay in Yokohama. First I would like to introduce Kanto Gakuin University briefly. Kanto Gakuin University, which is called KGU, traces its roots back to the Yokohama Baptist Seminary founded in 1884 in Yamate, Yokohama. The seminary's founder was Albert Arnold Bennett, alumnus of Brown University, who came to Japan from the United States to establish a theological seminary for cultivating and training Japanese missionaries. Now KGU is a major member of the Kanto Gakuin School Corporation, which is composed of two kindergartens, two primary schools, two junior high schools, two senior high schools as well as KGU. In this university, we have eight faculties with graduate school including Humanities, Economics, Law, Sciences and Engineering, Architecture and Environmental Design, Human and Environmental Studies, Nursing, and Law School. Over eleven thousands students are currently learning in our university. By the way, my major is the geotechnical engineering, and I belong to the faculty of Sciences and Engineering in my university. Prof. T. Yamada, here, is my colleague in the same faculty. I know that the nuclear physics is one of the most active academic fields in the world. In fact, about half of the participants, namely, more than 50 scientists, come from abroad in this conference. Moreover, I know that the nuclear physics is related to not only the other fundamental physics such as the elementary particle physics and astrophysics but also chemistry, medical sciences, medical cares, and radiation metrology

  6. Space Station Software Recommendations

    NASA Technical Reports Server (NTRS)

    Voigt, S. (Editor)

    1985-01-01

    Four panels of invited experts and NASA representatives focused on the following topics: software management, software development environment, languages, and software standards. Each panel deliberated in private, held two open sessions with audience participation, and developed recommendations for the NASA Space Station Program. The major thrusts of the recommendations were as follows: (1) The software management plan should establish policies, responsibilities, and decision points for software acquisition; (2) NASA should furnish a uniform modular software support environment and require its use for all space station software acquired (or developed); (3) The language Ada should be selected for space station software, and NASA should begin to address issues related to the effective use of Ada; and (4) The space station software standards should be selected (based upon existing standards where possible), and an organization should be identified to promulgate and enforce them. These and related recommendations are described in detail in the conference proceedings.

  7. Software reengineering

    NASA Technical Reports Server (NTRS)

    Fridge, Ernest M., III

    1991-01-01

    Programs in use today generally have all of the function and information processing capabilities required to do their specified job. However, older programs usually use obsolete technology, are not integrated properly with other programs, and are difficult to maintain. Reengineering is becoming a prominent discipline as organizations try to move their systems to more modern and maintainable technologies. The Johnson Space Center (JSC) Software Technology Branch (STB) is researching and developing a system to support reengineering older FORTRAN programs into more maintainable forms that can also be more readily translated to a modern languages such as FORTRAN 8x, Ada, or C. This activity has led to the development of maintenance strategies for design recovery and reengineering. These strategies include a set of standards, methodologies, and the concepts for a software environment to support design recovery and reengineering. A brief description of the problem being addressed and the approach that is being taken by the STB toward providing an economic solution to the problem is provided. A statement of the maintenance problems, the benefits and drawbacks of three alternative solutions, and a brief history of the STB experience in software reengineering are followed by the STB new FORTRAN standards, methodology, and the concepts for a software environment.

  8. School Security Roundtable, 2000.

    ERIC Educational Resources Information Center

    Agron, Joe, Ed.; Anderson, Larry, Ed.

    A roundtable discussion is presented revealing what experts say about school security problems and how they are being addressed. Also included are trend data from the School Security 2000 survey revealing top security concerns, strategies, and security equipment preferences; how site surveys can be used to keep schools safe; and how creating a…

  9. Incidents of Security Concern

    SciTech Connect

    Atencio, Julian J.

    2014-05-01

    This presentation addresses incidents of security concern and an incident program for addressing them. It addresses the phases of an inquiry, and it divides incidents into categories based on severity and interest types based on whether security, management, or procedural interests are involved. A few scenarios are then analyzed according to these breakdowns.

  10. Computer Software.

    ERIC Educational Resources Information Center

    Kay, Alan

    1984-01-01

    Discusses the nature and development of computer software. Programing, programing languages, types of software (including dynamic spreadsheets), and software of the future are among the topics considered. (JN)

  11. Collected software engineering papers, volume 2

    NASA Technical Reports Server (NTRS)

    1983-01-01

    Topics addressed include: summaries of the software engineering laboratory (SEL) organization, operation, and research activities; results of specific research projects in the areas of resource models and software measures; and strategies for data collection for software engineering research.

  12. Healthcare Software Assurance

    PubMed Central

    Cooper, Jason G.; Pauley, Keith A.

    2006-01-01

    Software assurance is a rigorous, lifecycle phase-independent set of activities which ensure completeness, safety, and reliability of software processes and products. This is accomplished by guaranteeing conformance to all requirements, standards, procedures, and regulations. These assurance processes are even more important when coupled with healthcare software systems, embedded software in medical instrumentation, and other healthcare-oriented life-critical systems. The current Food and Drug Administration (FDA) regulatory requirements and guidance documentation do not address certain aspects of complete software assurance activities. In addition, the FDA’s software oversight processes require enhancement to include increasingly complex healthcare systems such as Hospital Information Systems (HIS). The importance of complete software assurance is introduced, current regulatory requirements and guidance discussed, and the necessity for enhancements to the current processes shall be highlighted. PMID:17238324

  13. Visual analysis of code security

    SciTech Connect

    Goodall, John R; Radwan, Hassan; Halseth, Lenny

    2010-01-01

    To help increase the confidence that software is secure, researchers and vendors have developed different kinds of automated software security analysis tools. These tools analyze software for weaknesses and vulnerabilities, but the individual tools catch different vulnerabilities and produce voluminous data with many false positives. This paper describes a system that brings together the results of disparate software analysis tools into a visual environment to support the triage and exploration of code vulnerabilities. Our system allows software developers to explore vulnerability results to uncover hidden trends, triage the most important code weaknesses, and show who is responsible for introducing software vulnerabilities. By correlating and normalizing multiple software analysis tools' data, the overall vulnerability detection coverage of software is increased. A visual overview and powerful interaction allows the user to focus attention on the most pressing vulnerabilities within huge volumes of data, and streamlines the secure software development workflow through integration with development tools.

  14. Developing a Security Profile.

    ERIC Educational Resources Information Center

    Woodcock, Chris

    1999-01-01

    Examines the questions schools should address when re-evaluating how to protect people, property, and assets. Questions addressed include where and how to begin to improve security in a school, getting the most protection economically, establishing where electronic security should be used, using surveillance cameras and systems, and what the role…

  15. Software and the future of programming languages.

    PubMed

    Aho, Alfred V

    2004-02-27

    Although software is the key enabler of the global information infrastructure, the amount and extent of software in use in the world today are not widely understood, nor are the programming languages and paradigms that have been used to create the software. The vast size of the embedded base of existing software and the increasing costs of software maintenance, poor security, and limited functionality are posing significant challenges for the software R&D community.

  16. Addressing the workforce pipeline challenge

    SciTech Connect

    Leonard Bond; Kevin Kostelnik; Richard Holman

    2006-11-01

    A secure and affordable energy supply is essential for achieving U.S. national security, in continuing U.S. prosperity and in laying the foundations to enable future economic growth. To meet this goal the next generation energy workforce in the U.S., in particular those needed to support instrumentation, controls and advanced operations and maintenance, is a critical element. The workforce is aging and a new workforce pipeline, to support both current generation and new build has yet to be established. The paper reviews the challenges and some actions being taken to address this need.

  17. Advanced fingerprint verification software

    NASA Astrophysics Data System (ADS)

    Baradarani, A.; Taylor, J. R. B.; Severin, F.; Maev, R. Gr.

    2016-05-01

    We have developed a fingerprint software package that can be used in a wide range of applications from law enforcement to public and private security systems, and to personal devices such as laptops, vehicles, and door- locks. The software and processing units are a unique implementation of new and sophisticated algorithms that compete with the current best systems in the world. Development of the software package has been in line with the third generation of our ultrasonic fingerprinting machine1. Solid and robust performance is achieved in the presence of misplaced and low quality fingerprints.

  18. Applications for cyber security - System and application monitoring

    SciTech Connect

    Marron, J. E.

    2006-07-01

    Standard network security measures are adequate for defense against external attacks. However, many experts agree that the greater threat is from internal sources. Insiders with malicious intentions can change controller instructions, change alarm thresholds, and issue commands to equipment which can damage equipment and compromise control system integrity. In addition to strict physical security the state of the system must be continually monitored. System and application monitoring goes beyond the capabilities of network security appliances. It will include active processes, operating system services, files, network adapters and IP addresses. The generation of alarms is a crucial feature of system and application monitoring. The alarms should be integrated to avoid the burden on operators of checking multiple locations for security violations. Tools for system and application monitoring include commercial software, free software, and ad-hoc tools that can be easily created. System and application monitoring is part of a 'defense-in-depth' approach to a control network security plan. Layered security measures prevent an individual security measure failure from being exploited into a successful security breach. Alarming of individual failures is essential for rapid isolation and correction of single failures. System and application monitoring is the innermost layer of this defense strategy. (authors)

  19. Social Security and Undergraduates with Disabilities: An Analysis of the National Postsecondary Student Aid Survey. Addressing Trends in Development in Secondary Education and Transition. Information Brief. Vol. 3, Issue 4.

    ERIC Educational Resources Information Center

    Berry, Hugh; Conway, Megan A.; Change, Kelly B.T.

    2004-01-01

    The purpose of this brief is to describe the characteristics of undergraduate students receiving Social Security Disability Insurance (SSDI) and Social Security Administration (SSI) benefits as they relate to issues of participation in postsecondary education and employment. This brief describes results from the National Postsecondary Student Aid…

  20. Selecting Software.

    ERIC Educational Resources Information Center

    Pereus, Steven C.

    2002-01-01

    Describes a comprehensive computer software selection and evaluation process, including documenting district needs, evaluating software packages, weighing the alternatives, and making the purchase. (PKP)

  1. Security model for picture archiving and communication systems.

    PubMed

    Harding, D B; Gac, R J; Reynolds, C T; Romlein, J; Chacko, A K

    2000-05-01

    The modern information revolution has facilitated a metamorphosis of health care delivery wrought with the challenges of securing patient sensitive data. To accommodate this reality, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). While final guidance has not fully been resolved at this time, it is up to the health care community to develop and implement comprehensive security strategies founded on procedural, hardware and software solutions in preparation for future controls. The Virtual Radiology Environment (VRE) Project, a landmark US Army picture archiving and communications system (PACS) implemented across 10 geographically dispersed medical facilities, has addressed that challenge by planning for the secure transmission of medical images and reports over their local (LAN) and wide area network (WAN) infrastructure. Their model, which is transferable to general PACS implementations, encompasses a strategy of application risk and dataflow identification, data auditing, security policy definition, and procedural controls. When combined with hardware and software solutions that are both non-performance limiting and scalable, the comprehensive approach will not only sufficiently address the current security requirements, but also accommodate the natural evolution of the enterprise security model. PMID:10847401

  2. Privacy and security of patient data in the pathology laboratory

    PubMed Central

    Cucoranu, Ioan C.; Parwani, Anil V.; West, Andrew J.; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B.; Balis, Ulysses J.; Tuthill, Mark J.; Pantanowitz, Liron

    2013-01-01

    Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States. PMID:23599904

  3. Privacy and security of patient data in the pathology laboratory.

    PubMed

    Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

    2013-01-01

    Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

  4. Privacy and security of patient data in the pathology laboratory.

    PubMed

    Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

    2013-01-01

    Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States. PMID:23599904

  5. Secure portal.

    SciTech Connect

    Nelson, Cynthia Lee

    2007-09-01

    There is a need in security systems to rapidly and accurately grant access of authorized personnel to a secure facility while denying access to unauthorized personnel. In many cases this role is filled by security personnel, which can be very costly. Systems that can perform this role autonomously without sacrificing accuracy or speed of throughput are very appealing. To address the issue of autonomous facility access through the use of technology, the idea of a ''secure portal'' is introduced. A secure portal is a defined zone where state-of-the-art technology can be implemented to grant secure area access or to allow special privileges for an individual. Biometric technologies are of interest because they are generally more difficult to defeat than technologies such as badge swipe and keypad entry. The biometric technologies selected for this concept were facial and gait recognition. They were chosen since they require less user cooperation than other biometrics such as fingerprint, iris, and hand geometry and because they have the most potential for flexibility in deployment. The secure portal concept could be implemented within the boundaries of an entry area to a facility. As a person is approaching a badge and/or PIN portal, face and gait information can be gathered and processed. The biometric information could be fused for verification against the information that is gathered from the badge. This paper discusses a facial recognition technology that was developed for the purposes of providing high verification probabilities with low false alarm rates, which would be required of an autonomous entry control system. In particular, a 3-D facial recognition approach using Fisher Linear Discriminant Analysis is described. Gait recognition technology, based on Hidden Markov Models has been explored, but those results are not included in this paper. Fusion approaches for combining the results of the biometrics would be the next step in realizing the secure portal

  6. Configuration Fuzzing for Software Vulnerability Detection

    PubMed Central

    Dai, Huning; Murphy, Christian; Kaiser, Gail

    2010-01-01

    Many software security vulnerabilities only reveal themselves under certain conditions, i.e., particular configurations of the software together with its particular runtime environment. One approach to detecting these vulnerabilities is fuzz testing, which feeds a range of randomly modified inputs to a software application while monitoring it for failures. However, typical fuzz testing makes no guarantees regarding the syntactic and semantic validity of the input, or of how much of the input space will be explored. To address these problems, in this paper we present a new testing methodology called configuration fuzzing. Configuration fuzzing is a technique whereby the configuration of the running application is randomly modified at certain execution points, in order to check for vulnerabilities that only arise in certain conditions. As the application runs in the deployment environment, this testing technique continuously fuzzes the configuration and checks “security invariants” that, if violated, indicate a vulnerability; however, the fuzzing is performed in a duplicated copy of the original process, so that it does not affect the state of the running application. In addition to discussing the approach and describing a prototype framework for implementation, we also present the results of a case study to demonstrate the approach’s efficiency. PMID:21461049

  7. Water Security Toolkit

    SciTech Connect

    2012-09-11

    The Water Security Toolkit (WST) provides software for modeling and analyzing water distribution systems to minimize the potential impact of contamination incidents. WST wraps capabilities for contaminant transport, impact assessment, and sensor network design with response action plans, including source identification, rerouting, and decontamination, to provide a range of water security planning and real-time applications.

  8. Addressing Failures in Exascale Computing

    SciTech Connect

    Snir, Marc; Wisniewski, Robert; Abraham, Jacob; Adve, Sarita; Bagchi, Saurabh; Balaji, Pavan; Belak, J.; Bose, Pradip; Cappello, Franck; Carlson, Bill; Chien, Andrew; Coteus, Paul; DeBardeleben, Nathan; Diniz, Pedro; Engelmann, Christian; Erez, Mattan; Fazzari, Saverio; Geist, Al; Gupta, Rinku; Johnson, Fred; Krishnamoorthy, Sriram; Leyffer, Sven; Liberty, Dean; Mitra, Subhasish; Munson, Todd; Schreiber, Rob; Stearley, Jon; Van Hensbergen, Eric

    2014-01-01

    We present here a report produced by a workshop on Addressing failures in exascale computing' held in Park City, Utah, 4-11 August 2012. The charter of this workshop was to establish a common taxonomy about resilience across all the levels in a computing system, discuss existing knowledge on resilience across the various hardware and software layers of an exascale system, and build on those results, examining potential solutions from both a hardware and software perspective and focusing on a combined approach. The workshop brought together participants with expertise in applications, system software, and hardware; they came from industry, government, and academia, and their interests ranged from theory to implementation. The combination allowed broad and comprehensive discussions and led to this document, which summarizes and builds on those discussions.

  9. Addressing failures in exascale computing

    SciTech Connect

    Snir, Marc; Wisniewski, Robert W.; Abraham, Jacob A.; Adve, Sarita; Bagchi, Saurabh; Balaji, Pavan; Belak, Jim; Bose, Pradip; Cappello, Franck; Carlson, William; Chien, Andrew A.; Coteus, Paul; Debardeleben, Nathan A.; Diniz, Pedro; Engelmann, Christian; Erez, Mattan; Saverio, Fazzari; Geist, Al; Gupta, Rinku; Johnson, Fred; Krishnamoorthy, Sriram; Leyffer, Sven; Liberty, Dean; Mitra, Subhasish; Munson, Todd; Schreiber, Robert; Stearly, Jon; Van Hensbergen, Eric

    2014-05-01

    We present here a report produced by a workshop on “Addressing Failures in Exascale Computing” held in Park City, Utah, August 4–11, 2012. The charter of this workshop was to establish a common taxonomy about resilience across all the levels in a computing system; discuss existing knowledge on resilience across the various hardware and software layers of an exascale system; and build on those results, examining potential solutions from both a hardware and software perspective and focusing on a combined approach. The workshop brought together participants with expertise in applications, system software, and hardware; they came from industry, government, and academia; and their interests ranged from theory to implementation. The combination allowed broad and comprehensive discussions and led to this document, which summarizes and builds on those discussions.

  10. Scientific Software Component Technology

    SciTech Connect

    Kohn, S.; Dykman, N.; Kumfert, G.; Smolinski, B.

    2000-02-16

    We are developing new software component technology for high-performance parallel scientific computing to address issues of complexity, re-use, and interoperability for laboratory software. Component technology enables cross-project code re-use, reduces software development costs, and provides additional simulation capabilities for massively parallel laboratory application codes. The success of our approach will be measured by its impact on DOE mathematical and scientific software efforts. Thus, we are collaborating closely with library developers and application scientists in the Common Component Architecture forum, the Equation Solver Interface forum, and other DOE mathematical software groups to gather requirements, write and adopt a variety of design specifications, and develop demonstration projects to validate our approach. Numerical simulation is essential to the science mission at the laboratory. However, it is becoming increasingly difficult to manage the complexity of modern simulation software. Computational scientists develop complex, three-dimensional, massively parallel, full-physics simulations that require the integration of diverse software packages written by outside development teams. Currently, the integration of a new software package, such as a new linear solver library, can require several months of effort. Current industry component technologies such as CORBA, JavaBeans, and COM have all been used successfully in the business domain to reduce software development costs and increase software quality. However, these existing industry component infrastructures will not scale to support massively parallel applications in science and engineering. In particular, they do not address issues related to high-performance parallel computing on ASCI-class machines, such as fast in-process connections between components, language interoperability for scientific languages such as Fortran, parallel data redistribution between components, and massively

  11. NASA Software Documentation Standard

    NASA Technical Reports Server (NTRS)

    1991-01-01

    The NASA Software Documentation Standard (hereinafter referred to as "Standard") is designed to support the documentation of all software developed for NASA; its goal is to provide a framework and model for recording the essential information needed throughout the development life cycle and maintenance of a software system. The NASA Software Documentation Standard can be applied to the documentation of all NASA software. The Standard is limited to documentation format and content requirements. It does not mandate specific management, engineering, or assurance standards or techniques. This Standard defines the format and content of documentation for software acquisition, development, and sustaining engineering. Format requirements address where information shall be recorded and content requirements address what information shall be recorded. This Standard provides a framework to allow consistency of documentation across NASA and visibility into the completeness of project documentation. The basic framework consists of four major sections (or volumes). The Management Plan contains all planning and business aspects of a software project, including engineering and assurance planning. The Product Specification contains all technical engineering information, including software requirements and design. The Assurance and Test Procedures contains all technical assurance information, including Test, Quality Assurance (QA), and Verification and Validation (V&V). The Management, Engineering, and Assurance Reports is the library and/or listing of all project reports.

  12. 45 CFR 164.306 - Security standards: General rules.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ..., hardware, and software security capabilities. (iii) The costs of security measures. (iv) The probability... provision of reasonable and appropriate protection of electronic protected health information, and...

  13. 45 CFR 164.306 - Security standards: General rules.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ..., hardware, and software security capabilities. (iii) The costs of security measures. (iv) The probability... provision of reasonable and appropriate protection of electronic protected health information, and...

  14. Information Systems, Security, and Privacy.

    ERIC Educational Resources Information Center

    Ware, Willis H.

    1984-01-01

    Computer security and computer privacy issues are discussed. Among the areas addressed are technical and human security threats, security and privacy issues for information in electronic mail systems, the need for a national commission to examine these issues, and security/privacy issues relevant to colleges and universities. (JN)

  15. NASA software documentation standard software engineering program

    NASA Technical Reports Server (NTRS)

    1991-01-01

    The NASA Software Documentation Standard (hereinafter referred to as Standard) can be applied to the documentation of all NASA software. This Standard is limited to documentation format and content requirements. It does not mandate specific management, engineering, or assurance standards or techniques. This Standard defines the format and content of documentation for software acquisition, development, and sustaining engineering. Format requirements address where information shall be recorded and content requirements address what information shall be recorded. This Standard provides a framework to allow consistency of documentation across NASA and visibility into the completeness of project documentation. This basic framework consists of four major sections (or volumes). The Management Plan contains all planning and business aspects of a software project, including engineering and assurance planning. The Product Specification contains all technical engineering information, including software requirements and design. The Assurance and Test Procedures contains all technical assurance information, including Test, Quality Assurance (QA), and Verification and Validation (V&V). The Management, Engineering, and Assurance Reports is the library and/or listing of all project reports.

  16. Software engineering methodologies and tools

    NASA Technical Reports Server (NTRS)

    Wilcox, Lawrence M.

    1993-01-01

    Over the years many engineering disciplines have developed, including chemical, electronic, etc. Common to all engineering disciplines is the use of rigor, models, metrics, and predefined methodologies. Recently, a new engineering discipline has appeared on the scene, called software engineering. For over thirty years computer software has been developed and the track record has not been good. Software development projects often miss schedules, are over budget, do not give the user what is wanted, and produce defects. One estimate is there are one to three defects per 1000 lines of deployed code. More and more systems are requiring larger and more complex software for support. As this requirement grows, the software development problems grow exponentially. It is believed that software quality can be improved by applying engineering principles. Another compelling reason to bring the engineering disciplines to software development is productivity. It has been estimated that productivity of producing software has only increased one to two percent a year in the last thirty years. Ironically, the computer and its software have contributed significantly to the industry-wide productivity, but computer professionals have done a poor job of using the computer to do their job. Engineering disciplines and methodologies are now emerging supported by software tools that address the problems of software development. This paper addresses some of the current software engineering methodologies as a backdrop for the general evaluation of computer assisted software engineering (CASE) tools from actual installation of and experimentation with some specific tools.

  17. Foreign Languages: Workforce Planning Could Help Address Staffing and Proficiency Shortfalls. Testimony before the Subcommittee on International Security, Proliferation, and Federal Services, Committee on Governmental Affairs, U.S. Senate.

    ERIC Educational Resources Information Center

    Westin, Susan S.

    This statement examines the nature and impact of foreign language proficiency and personnel shortages in the Army, State Department, Central Intelligence Agency, and Federal Bureau of Investigation (FBI), discussing strategies used to address these shortages and efforts made to address current and projected shortages. All four agencies reported…

  18. Securing collaborative environments

    SciTech Connect

    Agarwal, Deborah; Jackson, Keith; Thompson, Mary

    2002-05-16

    The diverse set of organizations and software components involved in a typical collaboratory make providing a seamless security solution difficult. In addition, the users need support for a broad range of frequency and locations for access to the collaboratory. A collaboratory security solution needs to be robust enough to ensure that valid participants are not denied access because of its failure. There are many tools that can be applied to the task of securing collaborative environments and these include public key infrastructure, secure sockets layer, Kerberos, virtual and real private networks, grid security infrastructure, and username/password. A combination of these mechanisms can provide effective secure collaboration capabilities. In this paper, we discuss the requirements of typical collaboratories and some proposals for applying various security mechanisms to collaborative environments.

  19. Software Reviews.

    ERIC Educational Resources Information Center

    Smith, Richard L., Ed.

    1985-01-01

    Reviews software packages by providing extensive descriptions and discussions of their strengths and weaknesses. Software reviewed include (1) "VISIFROG: Vertebrate Anatomy" (grade seven-adult); (2) "Fraction Bars Computer Program" (grades three to six) and (3) four telecommunications utilities. (JN)

  20. Software Program: Software Management Guidebook

    NASA Technical Reports Server (NTRS)

    1996-01-01

    The purpose of this NASA Software Management Guidebook is twofold. First, this document defines the core products and activities required of NASA software projects. It defines life-cycle models and activity-related methods but acknowledges that no single life-cycle model is appropriate for all NASA software projects. It also acknowledges that the appropriate method for accomplishing a required activity depends on characteristics of the software project. Second, this guidebook provides specific guidance to software project managers and team leaders in selecting appropriate life cycles and methods to develop a tailored plan for a software engineering project.

  1. Proprietary software

    NASA Technical Reports Server (NTRS)

    Marnock, M. J.

    1971-01-01

    The protection of intellectual property by a patent, a copyright, or trade secrets is reviewed. The present and future use of computers and software are discussed, along with the governmental uses of software. The popularity of contractual agreements for sale or lease of computer programs and software services is also summarized.

  2. Ten recommendations for software engineering in research.

    PubMed

    Hastings, Janna; Haug, Kenneth; Steinbeck, Christoph

    2014-01-01

    Research in the context of data-driven science requires a backbone of well-written software, but scientific researchers are typically not trained at length in software engineering, the principles for creating better software products. To address this gap, in particular for young researchers new to programming, we give ten recommendations to ensure the usability, sustainability and practicality of research software.

  3. The cost of software fault tolerance

    NASA Technical Reports Server (NTRS)

    Migneault, G. E.

    1982-01-01

    The proposed use of software fault tolerance techniques as a means of reducing software costs in avionics and as a means of addressing the issue of system unreliability due to faults in software is examined. A model is developed to provide a view of the relationships among cost, redundancy, and reliability which suggests strategies for software development and maintenance which are not conventional.

  4. Wildlife software: procedures for publication of computer software

    USGS Publications Warehouse

    Samuel, M.D.

    1990-01-01

    Computers and computer software have become an integral part of the practice of wildlife science. Computers now play an important role in teaching, research, and management applications. Because of the specialized nature of wildlife problems, specific computer software is usually required to address a given problem (e.g., home range analysis). This type of software is not usually available from commercial vendors and therefore must be developed by those wildlife professionals with particular skill in computer programming. Current journal publication practices generally prevent a detailed description of computer software associated with new techniques. In addition, peer review of journal articles does not usually include a review of associated computer software. Thus, many wildlife professionals are usually unaware of computer software that would meet their needs or of major improvements in software they commonly use. Indeed most users of wildlife software learn of new programs or important changes only by word of mouth.

  5. Computer software.

    PubMed

    Rosenthal, L E

    1986-10-01

    Software is the component in a computer system that permits the hardware to perform the various functions that a computer system is capable of doing. The history of software and its development can be traced to the early nineteenth century. All computer systems are designed to utilize the "stored program concept" as first developed by Charles Babbage in the 1850s. The concept was lost until the mid-1940s, when modern computers made their appearance. Today, because of the complex and myriad tasks that a computer system can perform, there has been a differentiation of types of software. There is software designed to perform specific business applications. There is software that controls the overall operation of a computer system. And there is software that is designed to carry out specialized tasks. Regardless of types, software is the most critical component of any computer system. Without it, all one has is a collection of circuits, transistors, and silicone chips.

  6. Disarmament and security

    SciTech Connect

    Alley, R.M.

    1985-01-01

    This book contains the following five selections: Opening address; Global disarmament negotiations; Global security and the nuclear balance; Nuclear politics and the environment; and New Zealand's approach: another perspective.

  7. ECLIPSE, an Emerging Standardized Modular, Secure and Affordable Software Toolset in Support of Product Assurance, Quality Assurance and Project Management for the Entire European Space Industry (from Innovative SMEs to Primes and Institutions)

    NASA Astrophysics Data System (ADS)

    Bennetti, Andrea; Ansari, Salim; Dewhirst, Tori; Catanese, Giuseppe

    2010-08-01

    The development of satellites and ground systems (and the technologies that support them) is complex and demands a great deal of rigor in the management of both the information it relies upon and the information it generates via the performance of well established processes. To this extent for the past fifteen years Sapienza Consulting has been supporting the European Space Agency (ESA) in the management of this information and provided ESA with ECSS (European Cooperation for Space Standardization) Standards based Project Management (PM), Product Assurance (PA) and Quality Assurance (QA) software applications. In 2009 Sapienza recognised the need to modernize, standardizing and integrate its core ECSS-based software tools into a single yet modularised suite of applications named ECLIPSE aimed at: • Fulfilling a wider range of historical and emerging requirements, • Providing a better experience for users, • Increasing the value of the information it collects and manages • Lowering the cost of ownership and operation • Increasing collaboration within and between space sector organizations • Aiding in the performance of several PM, PA, QA, and configuration management tasks in adherence to ECSS standards. In this paper, Sapienza will first present the toolset, and a rationale for its development, describing and justifying its architecture, and basic modules composition. Having defined the toolset architecture, this paper will address the current status of the individual applications. A compliance assessment will be presented for each module in the toolset with respect to the ECSS standard it addresses. Lastly experience from early industry and Institutional users will be presented.

  8. Software Quality Assurance Audits Guidebooks

    NASA Technical Reports Server (NTRS)

    1990-01-01

    The growth in cost and importance of software to NASA has caused NASA to address the improvement of software development across the agency. One of the products of this program is a series of guidebooks that define a NASA concept of the assurance processes that are used in software development. The Software Assurance Guidebook, NASA-GB-A201, issued in September, 1989, provides an overall picture of the NASA concepts and practices in software assurance. Second level guidebooks focus on specific activities that fall within the software assurance discipline, and provide more detailed information for the manager and/or practitioner. This is the second level Software Quality Assurance Audits Guidebook that describes software quality assurance audits in a way that is compatible with practices at NASA Centers.

  9. Software Engineering Education--Adjusting Our Sails.

    ERIC Educational Resources Information Center

    Pomberger, Gustav

    1993-01-01

    Discusses software engineering and suggests necessary elements in a software engineering curriculum. Topics addressed include the importance of theory, project-oriented education, prototyping, exploratory programing, human-computer communication, thought models, distributed systems, parallel processing, documentation, testing and quality…

  10. School Security Technologies

    ERIC Educational Resources Information Center

    Schneider, Tod

    2010-01-01

    Over the past decade electronic security technology has evolved from an exotic possibility into an essential safety consideration. Before resorting to high-tech security solutions, school officials should think carefully about the potential for unintended consequences. Technological fixes may be mismatched to the problems being addressed. They can…

  11. Alternative security

    SciTech Connect

    Weston, B.H. )

    1990-01-01

    This book contains the following chapters: The Military and Alternative Security: New Missions for Stable Conventional Security; Technology and Alternative Security: A Cherished Myth Expires; Law and Alternative Security: Toward a Just World Peace; Politics and Alternative Security: Toward a More Democratic, Therefore More Peaceful, World; Economics and Alternative Security: Toward a Peacekeeping International Economy; Psychology and Alternative Security: Needs, Perceptions, and Misperceptions; Religion and Alternative Security: A Prophetic Vision; and Toward Post-Nuclear Global Security: An Overview.

  12. Software safety

    NASA Technical Reports Server (NTRS)

    Leveson, Nancy

    1987-01-01

    Software safety and its relationship to other qualities are discussed. It is shown that standard reliability and fault tolerance techniques will not solve the safety problem for the present. A new attitude requires: looking at what you do NOT want software to do along with what you want it to do; and assuming things will go wrong. New procedures and changes to entire software development process are necessary: special software safety analysis techniques are needed; and design techniques, especially eliminating complexity, can be very helpful.

  13. Software Reviews.

    ERIC Educational Resources Information Center

    Beezer, Robert A.; And Others

    1988-01-01

    Reviews for three software packages are given. Those packages are: Linear Algebra Computer Companion; Probability and Statistics Demonstrations and Tutorials; and Math Utilities: CURVES, SURFS, AND DIFFS. (PK)

  14. 17 CFR 12.3 - Business address; hours.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 1 2014-04-01 2014-04-01 false Business address; hours. 12.3 Section 12.3 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES RELATING TO REPARATIONS General Information and Preliminary Consideration of Pleadings § 12.3 Business address; hours....

  15. 17 CFR 10.4 - Business address; hours.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 1 2014-04-01 2014-04-01 false Business address; hours. 10.4 Section 10.4 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES OF PRACTICE General Provisions § 10.4 Business address; hours. The Office of Proceedings is located at Three...

  16. NASA's Software Safety Standard

    NASA Technical Reports Server (NTRS)

    Ramsay, Christopher M.

    2007-01-01

    requirements. This allows the projects leeway to meet these requirements in many forms that best suit a particular project's needs and safety risk. In other words, it tells the project what to do, not how to do it. This update also incorporated advances in the state of the practice of software safety from academia and private industry. It addresses some of the more common issues now facing software developers in the NASA environment such as the use of Commercial-Off-the-Shelf Software (COTS), Modified OTS (MOTS), Government OTS (GOTS), and reused software. A team from across NASA developed the update and it has had both NASA-wide internal reviews by software engineering, quality, safety, and project management. It has also had expert external review. This presentation and paper will discuss the new NASA Software Safety Standard, its organization, and key features. It will start with a brief discussion of some NASA mission failures and incidents that had software as one of their root causes. It will then give a brief overview of the NASA Software Safety Process. This will include an overview of the key personnel responsibilities and functions that must be performed for safety-critical software.

  17. NASA PC software evaluation project

    NASA Technical Reports Server (NTRS)

    Dominick, Wayne D. (Editor); Kuan, Julie C.

    1986-01-01

    The USL NASA PC software evaluation project is intended to provide a structured framework for facilitating the development of quality NASA PC software products. The project will assist NASA PC development staff to understand the characteristics and functions of NASA PC software products. Based on the results of the project teams' evaluations and recommendations, users can judge the reliability, usability, acceptability, maintainability and customizability of all the PC software products. The objective here is to provide initial, high-level specifications and guidelines for NASA PC software evaluation. The primary tasks to be addressed in this project are as follows: to gain a strong understanding of what software evaluation entails and how to organize a structured software evaluation process; to define a structured methodology for conducting the software evaluation process; to develop a set of PC software evaluation criteria and evaluation rating scales; and to conduct PC software evaluations in accordance with the identified methodology. Communication Packages, Network System Software, Graphics Support Software, Environment Management Software, General Utilities. This report represents one of the 72 attachment reports to the University of Southwestern Louisiana's Final Report on NASA Grant NGT-19-010-900. Accordingly, appropriate care should be taken in using this report out of context of the full Final Report.

  18. Software Development at Belle II

    NASA Astrophysics Data System (ADS)

    Kuhr, Thomas; Hauth, Thomas

    2015-12-01

    Belle II is a next generation B-factory experiment that will collect 50 times more data than its predecessor Belle. This requires not only a major upgrade of the detector hardware, but also of the simulation, reconstruction, and analysis software. The challenges of the software development at Belle II and the tools and procedures to address them are reviewed in this article.

  19. Statistical security for Social Security.

    PubMed

    Soneji, Samir; King, Gary

    2012-08-01

    The financial viability of Social Security, the single largest U.S. government program, depends on accurate forecasts of the solvency of its intergenerational trust fund. We begin by detailing information necessary for replicating the Social Security Administration's (SSA's) forecasting procedures, which until now has been unavailable in the public domain. We then offer a way to improve the quality of these procedures via age- and sex-specific mortality forecasts. The most recent SSA mortality forecasts were based on the best available technology at the time, which was a combination of linear extrapolation and qualitative judgments. Unfortunately, linear extrapolation excludes known risk factors and is inconsistent with long-standing demographic patterns, such as the smoothness of age profiles. Modern statistical methods typically outperform even the best qualitative judgments in these contexts. We show how to use such methods, enabling researchers to forecast using far more information, such as the known risk factors of smoking and obesity and known demographic patterns. Including this extra information makes a substantial difference. For example, by improving only mortality forecasting methods, we predict three fewer years of net surplus, $730 billion less in Social Security Trust Funds, and program costs that are 0.66% greater for projected taxable payroll by 2031 compared with SSA projections. More important than specific numerical estimates are the advantages of transparency, replicability, reduction of uncertainty, and what may be the resulting lower vulnerability to the politicization of program forecasts. In addition, by offering with this article software and detailed replication information, we hope to marshal the efforts of the research community to include ever more informative inputs and to continue to reduce uncertainties in Social Security forecasts. PMID:22592944

  20. Automating risk analysis of software design models.

    PubMed

    Frydman, Maxime; Ruiz, Guifré; Heymann, Elisa; César, Eduardo; Miller, Barton P

    2014-01-01

    The growth of the internet and networked systems has exposed software to an increased amount of security threats. One of the responses from software developers to these threats is the introduction of security activities in the software development lifecycle. This paper describes an approach to reduce the need for costly human expertise to perform risk analysis in software, which is common in secure development methodologies, by automating threat modeling. Reducing the dependency on security experts aims at reducing the cost of secure development by allowing non-security-aware developers to apply secure development with little to no additional cost, making secure development more accessible. To automate threat modeling two data structures are introduced, identification trees and mitigation trees, to identify threats in software designs and advise mitigation techniques, while taking into account specification requirements and cost concerns. These are the components of our model for automated threat modeling, AutSEC. We validated AutSEC by implementing it in a tool based on data flow diagrams, from the Microsoft security development methodology, and applying it to VOMS, a grid middleware component, to evaluate our model's performance. PMID:25136688

  1. Automating Risk Analysis of Software Design Models

    PubMed Central

    Ruiz, Guifré; Heymann, Elisa; César, Eduardo; Miller, Barton P.

    2014-01-01

    The growth of the internet and networked systems has exposed software to an increased amount of security threats. One of the responses from software developers to these threats is the introduction of security activities in the software development lifecycle. This paper describes an approach to reduce the need for costly human expertise to perform risk analysis in software, which is common in secure development methodologies, by automating threat modeling. Reducing the dependency on security experts aims at reducing the cost of secure development by allowing non-security-aware developers to apply secure development with little to no additional cost, making secure development more accessible. To automate threat modeling two data structures are introduced, identification trees and mitigation trees, to identify threats in software designs and advise mitigation techniques, while taking into account specification requirements and cost concerns. These are the components of our model for automated threat modeling, AutSEC. We validated AutSEC by implementing it in a tool based on data flow diagrams, from the Microsoft security development methodology, and applying it to VOMS, a grid middleware component, to evaluate our model's performance. PMID:25136688

  2. Secure Sensor Platform

    SciTech Connect

    Troy Ross, Barry Schoeneman

    2010-08-25

    The Secure Sensor Platform (SSP) software provides a framework of functionality to support the development of low-power autonomous sensors for nuclear safeguards. This framework provides four primary functional blocks of capabilities required to implement autonomous sensors. The capabilities are: communications, security, power management, and cryptography. Utilizing this framework establishes a common set of functional capabilities for seamless interoperability of any sensor based upon the SSP concept.

  3. Software Bridge

    NASA Technical Reports Server (NTRS)

    1995-01-01

    I-Bridge is a commercial version of software developed by I-Kinetics under a NASA Small Business Innovation Research (SBIR) contract. The software allows users of Windows applications to gain quick, easy access to databases, programs and files on UNIX services. Information goes directly onto spreadsheets and other applications; users need not manually locate, transfer and convert data.

  4. Software Reviews.

    ERIC Educational Resources Information Center

    Miller, Anne, Ed.; Radziemski, Cathy, Ed.

    1988-01-01

    Reviews two software packages for the Macintosh series. "Course Builder 2.0," a courseware authoring system, allows the user to create programs which stand alone and may be used independently in the classroom. "World Builder," an artificial intelligence software package, allows creative thinking, problem-solving, and decision-making. (YP)

  5. Software Reviews.

    ERIC Educational Resources Information Center

    Bitter, Gary G., Ed.

    1990-01-01

    Reviews three computer software: (1) "Elastic Lines: The Electronic Geoboard" on elementary geometry; (2) "Wildlife Adventures: Whales" on environmental science; and (3) "What Do You Do with a Broken Calculator?" on computation and problem solving. Summarizes the descriptions, strengths and weaknesses, and applications of each software. (YP)

  6. Software Reviews.

    ERIC Educational Resources Information Center

    Wulfson, Stephen

    1988-01-01

    Presents reviews of six computer software programs for teaching science. Provides the publisher, grade level, cost, and descriptions of software, including: (1) "Recycling Logic"; (2) "Introduction to Biochemistry"; (3) "Food for Thought"; (4) "Watts in a Home"; (5) "Geology in Action"; and (6) "Biomes." All are for Apple series microcomputers.…

  7. Software Reviews.

    ERIC Educational Resources Information Center

    Science and Children, 1988

    1988-01-01

    Reviews six software packages for the Apple II family. Programs reviewed include "Science Courseware: Earth Science Series"; "Heat and Light"; "In Search of Space: Introduction to Model Rocketry"; "Drug Education Series: Drugs--Their Effects on You'"; "Uncertainties and Measurement"; and "Software Films: Learning about Science Series," which…

  8. Managing risk in software systems

    SciTech Connect

    Fletcher, S.K.; Jansma, R.M.; Murphy, M.D.

    1995-07-01

    A methodology for risk management in the design of software systems is presented. It spans security, safety, and correct operation of software within the context of its environment, and produces a risk analysis and documented risk management strategy. It is designed to be iteratively applied, to attain appropriate levels of detail throughout the analysis. The methodology and supporting tools are discussed. The methodology is critiqued relative to other research in the field. Some sample applications of the methodology are presented.

  9. Software Smarts

    NASA Technical Reports Server (NTRS)

    1998-01-01

    Under an SBIR (Small Business Innovative Research) contract with Johnson Space Center, Knowledge Based Systems Inc. (KBSI) developed an intelligent software environment for modeling and analyzing mission planning activities, simulating behavior, and, using a unique constraint propagation mechanism, updating plans with each change in mission planning activities. KBSI developed this technology into a commercial product, PROJECTLINK, a two-way bridge between PROSIm, KBSI's process modeling and simulation software and leading project management software like Microsoft Project and Primavera's SureTrak Project Manager.

  10. Software testing

    NASA Astrophysics Data System (ADS)

    Price-Whelan, Adrian M.

    2016-01-01

    Now more than ever, scientific results are dependent on sophisticated software and analysis. Why should we trust code written by others? How do you ensure your own code produces sensible results? How do you make sure it continues to do so as you update, modify, and add functionality? Software testing is an integral part of code validation and writing tests should be a requirement for any software project. I will talk about Python-based tools that make managing and running tests much easier and explore some statistics for projects hosted on GitHub that contain tests.

  11. Web Application Software for Ground Operations Planning Database (GOPDb) Management

    NASA Technical Reports Server (NTRS)

    Lanham, Clifton; Kallner, Shawn; Gernand, Jeffrey

    2013-01-01

    A Web application facilitates collaborative development of the ground operations planning document. This will reduce costs and development time for new programs by incorporating the data governance, access control, and revision tracking of the ground operations planning data. Ground Operations Planning requires the creation and maintenance of detailed timelines and documentation. The GOPDb Web application was created using state-of-the-art Web 2.0 technologies, and was deployed as SaaS (Software as a Service), with an emphasis on data governance and security needs. Application access is managed using two-factor authentication, with data write permissions tied to user roles and responsibilities. Multiple instances of the application can be deployed on a Web server to meet the robust needs for multiple, future programs with minimal additional cost. This innovation features high availability and scalability, with no additional software that needs to be bought or installed. For data governance and security (data quality, management, business process management, and risk management for data handling), the software uses NAMS. No local copy/cloning of data is permitted. Data change log/tracking is addressed, as well as collaboration, work flow, and process standardization. The software provides on-line documentation and detailed Web-based help. There are multiple ways that this software can be deployed on a Web server to meet ground operations planning needs for future programs. The software could be used to support commercial crew ground operations planning, as well as commercial payload/satellite ground operations planning. The application source code and database schema are owned by NASA.

  12. Securing mobile code.

    SciTech Connect

    Link, Hamilton E.; Schroeppel, Richard Crabtree; Neumann, William Douglas; Campbell, Philip LaRoche; Beaver, Cheryl Lynn; Pierson, Lyndon George; Anderson, William Erik

    2004-10-01

    If software is designed so that the software can issue functions that will move that software from one computing platform to another, then the software is said to be 'mobile'. There are two general areas of security problems associated with mobile code. The 'secure host' problem involves protecting the host from malicious mobile code. The 'secure mobile code' problem, on the other hand, involves protecting the code from malicious hosts. This report focuses on the latter problem. We have found three distinct camps of opinions regarding how to secure mobile code. There are those who believe special distributed hardware is necessary, those who believe special distributed software is necessary, and those who believe neither is necessary. We examine all three camps, with a focus on the third. In the distributed software camp we examine some commonly proposed techniques including Java, D'Agents and Flask. For the specialized hardware camp, we propose a cryptographic technique for 'tamper-proofing' code over a large portion of the software/hardware life cycle by careful modification of current architectures. This method culminates by decrypting/authenticating each instruction within a physically protected CPU, thereby protecting against subversion by malicious code. Our main focus is on the camp that believes that neither specialized software nor hardware is necessary. We concentrate on methods of code obfuscation to render an entire program or a data segment on which a program depends incomprehensible. The hope is to prevent or at least slow down reverse engineering efforts and to prevent goal-oriented attacks on the software and execution. The field of obfuscation is still in a state of development with the central problem being the lack of a basis for evaluating the protection schemes. We give a brief introduction to some of the main ideas in the field, followed by an in depth analysis of a technique called 'white-boxing'. We put forth some new attacks and improvements

  13. Using Dynamic Software to Address Common College Calculus Stumbling Blocks

    ERIC Educational Resources Information Center

    Seneres, Alice W.; Kerrigan, John A.

    2014-01-01

    There are specific topics in college calculus that can be major stumbling blocks for students. Having taught college calculus for four years to over a thousand students, we observed that even the students who have already taken pre-calculus or calculus during their high school careers had common misunderstandings. Students may remember a technique…

  14. Technical Reference Suite Addressing Challenges of Providing Assurance for Fault Management Architectural Design

    NASA Technical Reports Server (NTRS)

    Fitz, Rhonda; Whitman, Gerek

    2016-01-01

    Research into complexities of software systems Fault Management (FM) and how architectural design decisions affect safety, preservation of assets, and maintenance of desired system functionality has coalesced into a technical reference (TR) suite that advances the provision of safety and mission assurance. The NASA Independent Verification and Validation (IV&V) Program, with Software Assurance Research Program support, extracted FM architectures across the IV&V portfolio to evaluate robustness, assess visibility for validation and test, and define software assurance methods applied to the architectures and designs. This investigation spanned IV&V projects with seven different primary developers, a wide range of sizes and complexities, and encompassed Deep Space Robotic, Human Spaceflight, and Earth Orbiter mission FM architectures. The initiative continues with an expansion of the TR suite to include Launch Vehicles, adding the benefit of investigating differences intrinsic to model-based FM architectures and insight into complexities of FM within an Agile software development environment, in order to improve awareness of how nontraditional processes affect FM architectural design and system health management. The identification of particular FM architectures, visibility, and associated IV&V techniques provides a TR suite that enables greater assurance that critical software systems will adequately protect against faults and respond to adverse conditions. Additionally, the role FM has with regard to strengthened security requirements, with potential to advance overall asset protection of flight software systems, is being addressed with the development of an adverse conditions database encompassing flight software vulnerabilities. Capitalizing on the established framework, this TR suite provides assurance capability for a variety of FM architectures and varied development approaches. Research results are being disseminated across NASA, other agencies, and the

  15. Network systems security analysis

    NASA Astrophysics Data System (ADS)

    Yilmaz, Ä.°smail

    2015-05-01

    Network Systems Security Analysis has utmost importance in today's world. Many companies, like banks which give priority to data management, test their own data security systems with "Penetration Tests" by time to time. In this context, companies must also test their own network/server systems and take precautions, as the data security draws attention. Based on this idea, the study cyber-attacks are researched throughoutly and Penetration Test technics are examined. With these information on, classification is made for the cyber-attacks and later network systems' security is tested systematically. After the testing period, all data is reported and filed for future reference. Consequently, it is found out that human beings are the weakest circle of the chain and simple mistakes may unintentionally cause huge problems. Thus, it is clear that some precautions must be taken to avoid such threats like updating the security software.

  16. Software Reviews.

    ERIC Educational Resources Information Center

    Dwyer, Donna; And Others

    1989-01-01

    Reviewed are seven software packages for Apple and IBM computers. Included are: "Toxicology"; "Science Corner: Space Probe"; "Alcohol and Pregnancy"; "Science Tool Kit Plus"; Computer Investigations: Plant Growth"; "Climatrolls"; and "Animal Watch: Whales." (CW)

  17. Software Reviews.

    ERIC Educational Resources Information Center

    McGrath, Diane

    1990-01-01

    Reviews two programs: (1) "The Weather Machine" on understanding weather and weather forecasting and (2) "The Mystery of the Hotel Victoria" on problem solving in mathematics. Presents the descriptions, advantages, and weaknesses of the software. (YP)

  18. Software Reviews.

    ERIC Educational Resources Information Center

    Wulfson, Stephen, Ed.

    1990-01-01

    Reviewed are six computer software packages including "Lunar Greenhouse,""Dyno-Quest,""How Weather Works,""Animal Trackers,""Personal Science Laboratory," and "The Skeletal and Muscular Systems." Availability, functional, and hardware requirements are discussed. (CW)

  19. Software Reviews.

    ERIC Educational Resources Information Center

    Classroom Computer Learning, 1990

    1990-01-01

    Reviewed are three computer software packages including "Martin Luther King, Jr.: Instant Replay of History,""Weeds to Trees," and "The New Print Shop, School Edition." Discussed are hardware requirements, costs, grade levels, availability, emphasis, strengths, and weaknesses. (CW)

  20. Software Reviews.

    ERIC Educational Resources Information Center

    Davis, Shelly J., Ed.; Knaupp, Jon, Ed.

    1984-01-01

    Reviewed is computer software on: (1) classification of living things, a tutorial program for grades 5-10; and (2) polynomial practice using tiles, a drill-and-practice program for algebra students. (MNS)

  1. Software Reviews.

    ERIC Educational Resources Information Center

    Wulfson, Stephen, Ed.

    1987-01-01

    Reviews seven computer software programs that can be used in science education programs. Describes courseware which deals with muscles and bones, terminology, classifying animals without backbones, molecular structures, drugs, genetics, and shaping the earth's surface. (TW)

  2. Software Reviews.

    ERIC Educational Resources Information Center

    Mathematics and Computer Education, 1988

    1988-01-01

    Presents reviews of six software packages. Includes (1) "Plain Vanilla Statistics"; (2) "MathCAD 2.0"; (3) "GrFx"; (4) "Trigonometry"; (5) "Algebra II"; (6) "Algebra Drill and Practice I, II, and III." (PK)

  3. Software Reviews.

    ERIC Educational Resources Information Center

    Wulfson, Eugene T., Ed.

    1988-01-01

    Presents reviews by classroom teachers of software for teaching science. Includes material on the work of geologists, genetics, earth science, classification of living things, astronomy, endangered species, skeleton, drugs, and heartbeat. Provides information on availability and equipment needed. (RT)

  4. Software Reviews.

    ERIC Educational Resources Information Center

    Wulfson, Stephen, Ed.

    1987-01-01

    Provides a review of four science software programs. Includes topics such as plate tectonics, laboratory experiment simulations, the human body, and light and temperature. Contains information on ordering and reviewers' comments. (ML)

  5. Software Reviews.

    ERIC Educational Resources Information Center

    Wulfson, Stephen, Ed.

    1987-01-01

    Provides reviews of six computer software programs designed for use in elementary science education programs. Provides the title, publisher, grade level, and descriptions of courseware on ant farms, drugs, genetics, beachcombing, matter, and test generation. (TW)

  6. Development methodology for scientific software

    SciTech Connect

    Cort, G.; Goldstone, J.A.; Nelson, R.O.; Poore, R.V.; Miller, L.; Barrus, D.M.

    1985-01-01

    We present the details of a software development methodology that addresses all phases of the software life cycle, yet is well suited for application by small projects with limited resources. The methodology has been developed at the Los Alamos Weapons Neutron Research (WNR) Facility and was utilized during the recent development of the WNR Data Acquisition Command Language. The methodology emphasizes the development and maintenance of comprehensive documentation for all software components. The impact of the methodology upon software quality and programmer productivity is assessed.

  7. Cyber security best practices for the nuclear industry

    SciTech Connect

    Badr, I.

    2012-07-01

    When deploying software based systems, such as, digital instrumentation and controls for the nuclear industry, it is vital to include cyber security assessment as part of architecture and development process. When integrating and delivering software-intensive systems for the nuclear industry, engineering teams should make use of a secure, requirements driven, software development life cycle, ensuring security compliance and optimum return on investment. Reliability protections, data loss prevention, and privacy enforcement provide a strong case for installing strict cyber security policies. (authors)

  8. Application Security Automation

    ERIC Educational Resources Information Center

    Malaika, Majid A.

    2011-01-01

    With today's high demand for online applications and services running on the Internet, software has become a vital component in our lives. With every revolutionary technology comes challenges unique to its characteristics; for online applications, security is one huge concern and challenge. Currently, there are several schemes that address…

  9. New Aspects of Test Security.

    ERIC Educational Resources Information Center

    Lambert, Joyce C.; Lousteau, Carolyn L.; Mochetta, Page T.

    2001-01-01

    Discusses the security of computerized test files based on a survey of collegiate educators and offers recommendations to make tests more secure. Highlights include passwords; firewalls; keeping test files offline rather than on a hard drive; encryption; and using software to write over files rather than just deleting them. (LRW)

  10. Variable addressability imaging systems

    NASA Astrophysics Data System (ADS)

    Kubala, Kenneth Scott

    The use of variable addressability for creating an optimum human-machine interface is investigated. Current wide field optical systems present more information to the human visual system than it has the capacity to perceive. The axial resolution, and/or the field of view can be increased by minimizing the difference between what the eye can perceive and what the system presents. The variable addressability function was developed through the use of a human factors experiment that characterized the position of the eye during the simulated use of a binocular system. Applying the variable addressability function to a conventional optical design required the development of a new metric for evaluating the expected performance of the variable addressability system. The new metric couples psycho-visual data and traditional optical data in order to specify the required performance of the variable addressability system. A non-linear mapping of the pixels is required in order to have the system work most efficiently with the human visual system, while also compensating for eye motion. The non-linear mapping function, which is the backbone of the variable addressability technique, can be created using optical distortion. The lens and system design is demonstrated in two different spectral bands. One of the designs was fabricated, tested, and assembled into a prototype. Through a second human factors study aimed at measuring performance, the variable addressability prototype was directly compared to a uniform addressability prototype, quantifying the difference in performance for the two prototypes. The human factors results showed that the variable addressability prototype provided better resolution 13% of the time throughout the experiment, but was 15% slower in use than the uniform addressability prototype.

  11. Secure Control Systems for the Energy Sector

    SciTech Connect

    Smith, Rhett; Campbell, Jack; Hadley, Mark

    2012-03-31

    Schweitzer Engineering Laboratories (SEL) will conduct the Hallmark Project to address the need to reduce the risk of energy disruptions because of cyber incidents on control systems. The goals is to develop solutions that can be both applied to existing control systems and designed into new control systems to add the security measures needed to mitigate energy network vulnerabilities. The scope of the Hallmark Project contains four primary elements: 1. Technology transfer of the Secure Supervisory Control and Data Acquisition (SCADA) Communications Protocol (SSCP) from Pacific Northwest National Laboratories (PNNL) to Schweitzer Engineering Laboratories (SEL). The project shall use this technology to develop a Federal Information Processing Standard (FIPS) 140-2 compliant original equipment manufacturer (OEM) module to be called a Cryptographic Daughter Card (CDC) with the ability to directly connect to any PC enabling that computer to securely communicate across serial to field devices. Validate the OEM capabilities with another vendor. 2. Development of a Link Authenticator Module (LAM) using the FIPS 140-2 validated Secure SCADA Communications Protocol (SSCP) CDC module with a central management software kit. 3. Validation of the CDC and Link Authenticator modules via laboratory and field tests. 4. Creation of documents that record the impact of the Link Authenticator to the operators of control systems and on the control system itself. The information in the documents can assist others with technology deployment and maintenance.

  12. Security Evolution.

    ERIC Educational Resources Information Center

    De Patta, Joe

    2003-01-01

    Examines how to evaluate school security, begin making schools safe, secure schools without turning them into fortresses, and secure schools easily and affordably; the evolution of security systems into information technology systems; using schools' high-speed network lines; how one specific security system was developed; pros and cons of the…

  13. Collection Security.

    ERIC Educational Resources Information Center

    Boss, Richard W.

    1984-01-01

    Presents a systematic approach to the problem of security of library collections and facilities from theft and vandalism. Highlights include responses to losses, defining security needs, typical weaknesses of facilities, policies and procedures that weaken a library's security, conducting a security audit, cost of security, cost-effectiveness, and…

  14. What's Where In Software: An Update.

    ERIC Educational Resources Information Center

    Currents, 1995

    1995-01-01

    A directory lists computer software vendors offering software useful in administering college alumni and development programs. Listings include client/server system vendors and minicomputer and mainframe system vendors. Each listing contains the vendor name and address, contact person, software title(s), cost, hardware requirements, and client…

  15. What's Where in Software: An Update.

    ERIC Educational Resources Information Center

    Currents, 1992

    1992-01-01

    A listing of new software packages appropriate to college alumni and fund-raising program administration includes 26 packages for personal computer systems and 25 for larger systems. Listings include the name and address of the vendor, contact person's name and telephone number, software titles, software cost, hardware, and intended institutional…

  16. Addressing Employer Services.

    ERIC Educational Resources Information Center

    Perspective: Essays and Reviews of Issues in Employment Security and Employment and Training Programs, 1986

    1986-01-01

    This volume of an annual journal contains 21 articles focusing on the many services that state Employment Security (ES) agencies are providing to improve outreach to employers who pay for the programs through the dedicated revenues of the Federal Unemployment Tax Act and state benefit taxes and to improve their own staff ability to deliver…

  17. Software reengineering

    NASA Technical Reports Server (NTRS)

    Fridge, Ernest M., III

    1991-01-01

    Today's software systems generally use obsolete technology, are not integrated properly with other software systems, and are difficult and costly to maintain. The discipline of reverse engineering is becoming prominent as organizations try to move their systems up to more modern and maintainable technology in a cost effective manner. JSC created a significant set of tools to develop and maintain FORTRAN and C code during development of the Space Shuttle. This tool set forms the basis for an integrated environment to re-engineer existing code into modern software engineering structures which are then easier and less costly to maintain and which allow a fairly straightforward translation into other target languages. The environment will support these structures and practices even in areas where the language definition and compilers do not enforce good software engineering. The knowledge and data captured using the reverse engineering tools is passed to standard forward engineering tools to redesign or perform major upgrades to software systems in a much more cost effective manner than using older technologies. A beta vision of the environment was released in Mar. 1991. The commercial potential for such re-engineering tools is very great. CASE TRENDS magazine reported it to be the primary concern of over four hundred of the top MIS executives.

  18. The development process for the space shuttle primary avionics software system

    NASA Technical Reports Server (NTRS)

    Keller, T. W.

    1987-01-01

    Primary avionics software system; software development approach; user support and problem diagnosis; software releases and configuration; quality/productivity programs; and software development/production facilities are addressed. Also examined are the external evaluations of the IBM process.

  19. Remotely Monitored Sealing Array Software

    2012-09-12

    The Remotely Monitored Sealing Array (RMSA) utilizes the Secure Sensor Platform (SSP) framework to establish the fundamental operating capabilities for communication, security, power management, and cryptography. In addition to the SSP framework the RMSA software has unique capabilities to support monitoring a fiber optic seal. Fiber monitoring includes open and closed as well as parametric monitoring to detect tampering attacks. The fiber monitoring techniques, using the SSP power management processes, allow the seals to lastmore » for years while maintaining the security requirements of the monitoring application. The seal is enclosed in a tamper resistant housing with software to support active tamper monitoring. New features include LED notification of fiber closure, the ability to retrieve the entire fiber optic history via translator command, separate memory storage for fiber optic events, and a more robust method for tracking and resending failed messages.« less

  20. Remotely Monitored Sealing Array Software

    SciTech Connect

    2012-09-12

    The Remotely Monitored Sealing Array (RMSA) utilizes the Secure Sensor Platform (SSP) framework to establish the fundamental operating capabilities for communication, security, power management, and cryptography. In addition to the SSP framework the RMSA software has unique capabilities to support monitoring a fiber optic seal. Fiber monitoring includes open and closed as well as parametric monitoring to detect tampering attacks. The fiber monitoring techniques, using the SSP power management processes, allow the seals to last for years while maintaining the security requirements of the monitoring application. The seal is enclosed in a tamper resistant housing with software to support active tamper monitoring. New features include LED notification of fiber closure, the ability to retrieve the entire fiber optic history via translator command, separate memory storage for fiber optic events, and a more robust method for tracking and resending failed messages.

  1. 6 CFR 37.41 - Security plan.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... Information (SSI) and must be handled and protected in accordance with 49 CFR part 1520. ... 6 Domestic Security 1 2013-01-01 2013-01-01 false Security plan. 37.41 Section 37.41 Domestic... Security plan. (a) In General. States must have a security plan that addresses the provisions in...

  2. Addressivity in cogenerative dialogues

    NASA Astrophysics Data System (ADS)

    Hsu, Pei-Ling

    2014-03-01

    Ashraf Shady's paper provides a first-hand reflection on how a foreign teacher used cogens as culturally adaptive pedagogy to address cultural misalignments with students. In this paper, Shady drew on several cogen sessions to showcase his journey of using different forms of cogens with his students. To improve the quality of cogens, one strategy he used was to adjust the number of participants in cogens. As a result, some cogens worked and others did not. During the course of reading his paper, I was impressed by his creative and flexible use of cogens and at the same time was intrigued by the question of why some cogens work and not others. In searching for an answer, I found that Mikhail Bakhtin's dialogism, especially the concept of addressivity, provides a comprehensive framework to address this question. In this commentary, I reanalyze the cogen episodes described in Shady's paper in the light of dialogism. My analysis suggests that addressivity plays an important role in mediating the success of cogens. Cogens with high addressivity function as internally persuasive discourse that allows diverse consciousnesses to coexist and so likely affords productive dialogues. The implications of addressivity in teaching and learning are further discussed.

  3. [Software version and medical device software supervision].

    PubMed

    Peng, Liang; Liu, Xiaoyan

    2015-01-01

    The importance of software version in the medical device software supervision does not cause enough attention at present. First of all, the effect of software version in the medical device software supervision is discussed, and then the necessity of software version in the medical device software supervision is analyzed based on the discussion of the misunderstanding of software version. Finally the concrete suggestions on software version naming rules, software version supervision for the software in medical devices, and software version supervision scheme are proposed.

  4. Software Reviews.

    ERIC Educational Resources Information Center

    Wulfson, Stephen, Ed.

    1990-01-01

    Reviewed are six software packages for Apple and/or IBM computers. Included are "Autograph,""The New Game Show,""Science Probe-Earth Science,""Pollution Patrol,""Investigating Plant Growth," and "AIDS: The Investigation." Discussed are the grade level, function, availability, cost, and hardware requirements of each. (CW)

  5. Software Reviews.

    ERIC Educational Resources Information Center

    Science and Children, 1989

    1989-01-01

    Reviews of seven software packages are presented including "The Environment I: Habitats and EcoSystems; II Cycles and Interactions"; "Super Sign Maker"; "The Great Knowledge Race: Substance Abuse"; "Exploring Science: Temperature"; "Fast Food Calculator and RD Aide"; "The Human Body: Circulation and Respiration" and "Forces in Liquids and Gases."…

  6. Star Software.

    ERIC Educational Resources Information Center

    Kloza, Brad

    2000-01-01

    Presents a collection of computer software programs designed to spark learning enthusiasm at every grade level and across the curriculum. They include Reader Rabbit's Learn to Read, Spelling Power, Mind Twister Math, Community Construction Kit, Breaking the Code, Encarta Africana 2000, Virtual Serengeti, Operation: Frog (Deluxe), and My First…

  7. Software Reviews.

    ERIC Educational Resources Information Center

    Science and Children, 1988

    1988-01-01

    Reviews five software packages for use with school age children. Includes "Science Toolkit Module 2: Earthquake Lab"; "Adaptations and Identification"; "Geoworld"; "Body Systems II Series: The Blood System: A Liquid of Life," all for Apple II, and "Science Courseware: Life Science/Biology" for Apple II and IBM. (CW)

  8. Software Comparison

    NASA Technical Reports Server (NTRS)

    Blanchard, D. C.

    1986-01-01

    Software Comparison Package (SCP) compares similar files. Normally, these are 90-character files produced by CDC UPDATE utility from program libraries that contain FORTRAN source code plus identifier. SCP also used to compare load maps, cross-reference outputs, and UPDATE corrections sets. Helps wherever line-by-line comparison of similarly structured files required.

  9. Software Reviews.

    ERIC Educational Resources Information Center

    Classroom Computer Learning, 1990

    1990-01-01

    Reviewed are two computer software packages: "Super Solvers Midnight Rescue!" a problem-solving program for IBM PCs; and "Interactive Physics," a simulation program for the Macintosh computer. The functions of the package are discussed including strengths and weaknesses and teaching suggestions. (CW)

  10. Software Reviews.

    ERIC Educational Resources Information Center

    Bitter, Gary G., Ed.

    1989-01-01

    Describes three software packages: (1) "MacMendeleev"--database/graphic display for chemistry, grades 10-12, Macintosh; (2) "Geometry One: Foundations"--geometry tutorial, grades 7-12, IBM; (3) "Mathematics Exploration Toolkit"--algebra and calculus tutorial, grades 8-12, IBM. (MVL)

  11. Software Reviews.

    ERIC Educational Resources Information Center

    Mathematics and Computer Education, 1987

    1987-01-01

    Presented are reviews of several microcomputer software programs. Included are reviews of: (1) Microstat (Zenith); (2) MathCAD (MathSoft); (3) Discrete Mathematics (True Basic); (4) CALCULUS (True Basic); (5) Linear-Kit (John Wiley); and (6) Geometry Sensei (Broderbund). (RH)

  12. Software Reviews.

    ERIC Educational Resources Information Center

    Smith, Richard L., Ed.

    1988-01-01

    Reviews two software packages, "Solutions Unlimited" and "BASIC Data Base System." Provides a description, summary, strengths and weaknesses, availability and costs. Includes reviews of three structured BASIC packages: "True BASIC (2.0)"; "Turbo BASIC (1.0)"; and "QuickBASIC (3.0)." Explains significant features such as graphics, costs,…

  13. Reviews: Software.

    ERIC Educational Resources Information Center

    Mackenzie, Norma N.; And Others

    1988-01-01

    Reviews four computer software packages including: "The Physical Science Series: Sound" which demonstrates making waves, speed of sound, doppler effect, and human hearing; "Andromeda" depicting celestial motions in any direction; "Biology Quiz: Humans" covering chemistry, cells, viruses, and human biology; and "MacStronomy" covering information on…

  14. Reviews, Software.

    ERIC Educational Resources Information Center

    Science Teacher, 1988

    1988-01-01

    Reviews two software programs for Apple series computers. Includes "Orbital Mech," a basic planetary orbital simulation for the Macintosh, and "START: Stimulus and Response Tools for Experiments in Memory, Learning, Cognition, and Perception," a program that demonstrates basic psychological principles and experiments. (CW)

  15. Software Reviews.

    ERIC Educational Resources Information Center

    Teles, Elizabeth, Ed.; And Others

    1990-01-01

    Reviewed are two computer software packages for Macintosh microcomputers including "Phase Portraits," an exploratory graphics tool for studying first-order planar systems; and "MacMath," a set of programs for exploring differential equations, linear algebra, and other mathematical topics. Features, ease of use, cost, availability, and hardware…

  16. Software Reviews.

    ERIC Educational Resources Information Center

    Wulfson, Stephen, Ed.

    1989-01-01

    Six software packages are described in this review. Included are "Molecules and Atoms: Exploring the Essence of Matter"; "Heart Probe"; "GM Sunraycer"; "Six Puzzles"; "Information Laboratory--Life Science"; and "Science Test Builder." Hardware requirements, prices, and a summary of the abilities of each program are presented. (CW)

  17. Software Reviews.

    ERIC Educational Resources Information Center

    Wulfson, Stephen, Ed.

    1989-01-01

    Presents comments by classroom teachers on software for science teaching including topics on: the size of a molecule, matter, leaves, vitamins and minerals, dinosaurs, and collecting and measuring data. Each is an Apple computer series. Availability and costs are included. (RT)

  18. Software Reviews.

    ERIC Educational Resources Information Center

    Smith, Richard L., Ed.

    1987-01-01

    Reviewed are three computer software programs: the Astronomer (astronomy program for middle school students and older); Hands-on-Statistics: Explorations with a Microcomputer (statistics program for secondary school students and older); and CATGEN (a genetics program for secondary school students and older). Each review provides information on:…

  19. Software Review.

    ERIC Educational Resources Information Center

    McGrath, Diane, Ed.

    1989-01-01

    Reviewed is a computer software package entitled "Audubon Wildlife Adventures: Grizzly Bears" for Apple II and IBM microcomputers. Included are availability, hardware requirements, cost, and a description of the program. The murder-mystery flavor of the program is stressed in this program that focuses on illegal hunting and game management. (CW)

  20. Software Reviews.

    ERIC Educational Resources Information Center

    Science and Children, 1990

    1990-01-01

    Reviewed are seven computer software packages for IBM and/or Apple Computers. Included are "Windows on Science: Volume 1--Physical Science"; "Science Probe--Physical Science"; "Wildlife Adventures--Grizzly Bears"; "Science Skills--Development Programs"; "The Clean Machine"; "Rock Doctor"; and "Geology Search." Cost, quality, hardware, and…

  1. Software Reviews.

    ERIC Educational Resources Information Center

    McGrath, Diane, Ed.

    1989-01-01

    Reviewed are two computer software programs for Apple II computers on weather for upper elementary and middle school grades. "Weather" introduces the major factors (temperature, humidity, wind, and air pressure) affecting weather. "How Weather Works" uses simulation and auto-tutorial formats on sun, wind, fronts, clouds, and storms. (YP)

  2. Software Reviews.

    ERIC Educational Resources Information Center

    Bitter, Gary G., Ed.

    1989-01-01

    Reviews three software packages: (1) "The Weather Machine Courseware Kit" for grades 7-12; (2) "Exploring Measurement, Time, and Money--Level I," for primary level mathematics; and (3) "Professor DOS with SmartGuide for DOS" providing an extensive tutorial covering DOS 2.1 to 4.0. Discusses the strengths and weaknesses of each package. (YP)

  3. Software Reviews.

    ERIC Educational Resources Information Center

    Science and Children, 1990

    1990-01-01

    Reviewed are six computer software packages including "Invisible Bugs,""Chaos Plus...,""The Botanist's Apprentice,""A Baby is Born," Storyboard Plus-Version 2.0," and "Weather." Hardware requirements, functions, performance, and use in the classroom are discussed. (CW)

  4. Software Reviews.

    ERIC Educational Resources Information Center

    Science and Children, 1988

    1988-01-01

    Reviews six software packages for use with school age children ranging from grade 3 to grade 12. Includes "The Microcomputer Based Lab Project: Motion, Sound"; "Genetics"; "Geologic History"; "The Microscope Simulator"; and "Wiz Works" all for Apple II and "Reading for Information: Level II" for IBM. (CW)

  5. Software Reviews.

    ERIC Educational Resources Information Center

    Mackenzie, Norma N.; And Others

    1988-01-01

    Describes computer software for use with various age groups. Topics include activities involving temperature, simulations, earth science, the circulatory system, human body, reading in science, and ecology. Provides information on equipment needed, availability, package contents, and price. Comments of reviews are presented by classroom teachers.…

  6. Predicting Vulnerability Risks Using Software Characteristics

    ERIC Educational Resources Information Center

    Roumani, Yaman

    2012-01-01

    Software vulnerabilities have been regarded as one of the key reasons for computer security breaches that have resulted in billions of dollars in losses per year (Telang and Wattal 2005). With the growth of the software industry and the Internet, the number of vulnerability attacks and the ease with which an attack can be made have increased. From…

  7. Defense and security of a wireless tactical network

    NASA Astrophysics Data System (ADS)

    Younger, Michael; Young, Stuart H.

    2001-08-01

    Recall the adage `a chain is as strong as its weakest link'- -a phrase that could serve as the official mantra of computer security. Operating Systems are difficult system to administer because it is not only complex and cantankerous but also hard to secure. They are enormous configurability, the fact that vendors don't ship secure systems, and that it requires significant amounts of time, resources, and expertise to safeguard a host are only some of the reasons that so many systems are insecure any type of network commercial or tactical. To compound the problem, like all modern operating systems it not only becomes less secure as time goes on (simply due to usage), but with the rapidly changing security field, it also requires considerably effort to stay abreast of the latest information. Army Research Labs is trying to address the security of the operating system in a tactical wireless environment. Through the use of public domain and/or commercial mans. ARL is evaluating monitoring, deployment, and auditing techniques to the wire commercial domain. By evaluating the wire domain ARL will determine what works and how they work in the tactical area. There are numerous ways to protect the wire/wireless network via public domain or commercial software.

  8. Framework for Flexible Security in Group Communications

    NASA Technical Reports Server (NTRS)

    McDaniel, Patrick; Prakash, Atul

    2006-01-01

    The Antigone software system defines a framework for the flexible definition and implementation of security policies in group communication systems. Antigone does not dictate the available security policies, but provides high-level mechanisms for implementing them. A central element of the Antigone architecture is a suite of such mechanisms comprising micro-protocols that provide the basic services needed by secure groups.

  9. Novel Duplicate Address Detection with Hash Function

    PubMed Central

    Song, GuangJia; Ji, ZhenZhou

    2016-01-01

    Duplicate address detection (DAD) is an important component of the address resolution protocol (ARP) and the neighbor discovery protocol (NDP). DAD determines whether an IP address is in conflict with other nodes. In traditional DAD, the target address to be detected is broadcast through the network, which provides convenience for malicious nodes to attack. A malicious node can send a spoofing reply to prevent the address configuration of a normal node, and thus, a denial-of-service attack is launched. This study proposes a hash method to hide the target address in DAD, which prevents an attack node from launching destination attacks. If the address of a normal node is identical to the detection address, then its hash value should be the same as the “Hash_64” field in the neighboring solicitation message. Consequently, DAD can be successfully completed. This process is called DAD-h. Simulation results indicate that address configuration using DAD-h has a considerably higher success rate when under attack compared with traditional DAD. Comparative analysis shows that DAD-h does not require third-party devices and considerable computing resources; it also provides a lightweight security resolution. PMID:26991901

  10. Novel Duplicate Address Detection with Hash Function.

    PubMed

    Song, GuangJia; Ji, ZhenZhou

    2016-01-01

    Duplicate address detection (DAD) is an important component of the address resolution protocol (ARP) and the neighbor discovery protocol (NDP). DAD determines whether an IP address is in conflict with other nodes. In traditional DAD, the target address to be detected is broadcast through the network, which provides convenience for malicious nodes to attack. A malicious node can send a spoofing reply to prevent the address configuration of a normal node, and thus, a denial-of-service attack is launched. This study proposes a hash method to hide the target address in DAD, which prevents an attack node from launching destination attacks. If the address of a normal node is identical to the detection address, then its hash value should be the same as the "Hash_64" field in the neighboring solicitation message. Consequently, DAD can be successfully completed. This process is called DAD-h. Simulation results indicate that address configuration using DAD-h has a considerably higher success rate when under attack compared with traditional DAD. Comparative analysis shows that DAD-h does not require third-party devices and considerable computing resources; it also provides a lightweight security resolution.

  11. Novel Duplicate Address Detection with Hash Function.

    PubMed

    Song, GuangJia; Ji, ZhenZhou

    2016-01-01

    Duplicate address detection (DAD) is an important component of the address resolution protocol (ARP) and the neighbor discovery protocol (NDP). DAD determines whether an IP address is in conflict with other nodes. In traditional DAD, the target address to be detected is broadcast through the network, which provides convenience for malicious nodes to attack. A malicious node can send a spoofing reply to prevent the address configuration of a normal node, and thus, a denial-of-service attack is launched. This study proposes a hash method to hide the target address in DAD, which prevents an attack node from launching destination attacks. If the address of a normal node is identical to the detection address, then its hash value should be the same as the "Hash_64" field in the neighboring solicitation message. Consequently, DAD can be successfully completed. This process is called DAD-h. Simulation results indicate that address configuration using DAD-h has a considerably higher success rate when under attack compared with traditional DAD. Comparative analysis shows that DAD-h does not require third-party devices and considerable computing resources; it also provides a lightweight security resolution. PMID:26991901

  12. 24 CFR 891.435 - Security deposits.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... security deposit. The Owner (or Borrower, as applicable) must place the security deposits in a segregated... Owner (or Borrower, as applicable) with a forwarding address or arrange to pick up the refund. (3)...

  13. 24 CFR 891.435 - Security deposits.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... security deposit. The Owner (or Borrower, as applicable) must place the security deposits in a segregated... Owner (or Borrower, as applicable) with a forwarding address or arrange to pick up the refund. (3)...

  14. 24 CFR 891.435 - Security deposits.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... security deposit. The Owner (or Borrower, as applicable) must place the security deposits in a segregated... Owner (or Borrower, as applicable) with a forwarding address or arrange to pick up the refund. (3)...

  15. A Holistic Approach to School Security.

    ERIC Educational Resources Information Center

    Timm, Paul

    2002-01-01

    Asserts that school security requires a variety of methods combined into a single, cohesive solution that addresses five areas: management, building security, violence prevention and intervention, staff training, and crisis management. (EV)

  16. Infusing Reliability Techniques into Software Safety Analysis

    NASA Technical Reports Server (NTRS)

    Shi, Ying

    2015-01-01

    Software safety analysis for a large software intensive system is always a challenge. Software safety practitioners need to ensure that software related hazards are completely identified, controlled, and tracked. This paper discusses in detail how to incorporate the traditional reliability techniques into the entire software safety analysis process. In addition, this paper addresses how information can be effectively shared between the various practitioners involved in the software safety analyses. The author has successfully applied the approach to several aerospace applications. Examples are provided to illustrate the key steps of the proposed approach.

  17. Intelligent Sensors Security

    PubMed Central

    Bialas, Andrzej

    2010-01-01

    The paper is focused on the security issues of sensors provided with processors and software and used for high-risk applications. Common IT related threats may cause serious consequences for sensor system users. To improve their robustness, sensor systems should be developed in a restricted way that would provide them with assurance. One assurance creation methodology is Common Criteria (ISO/IEC 15408) used for IT products and systems. The paper begins with a primer on the Common Criteria, and then a general security model of the intelligent sensor as an IT product is discussed. The paper presents how the security problem of the intelligent sensor is defined and solved. The contribution of the paper is to provide Common Criteria (CC) related security design patterns and to improve the effectiveness of the sensor development process. PMID:22315571

  18. Performance evaluation of secured DICOM image communication with next generation internet protocol IPv6

    NASA Astrophysics Data System (ADS)

    Yu, Fenghai; Zhang, Jianguo; Chen, Xiaomeng; Huang, H. K.

    2005-04-01

    Next Generation Internet (NGI) technology with new communication protocol IPv6 emerges as a potential solution for low-cost and high-speed networks for image data transmission. IPv6 is designed to solve many of the problems of the current version of IP (known as IPv4) with regard to address depletion, security, autoconfiguration, extensibility, and more. We choose CTN (Central Test Node) DICOM software developed by The Mallinckrodt Institute of Radiology to implement IPv6/IPv4 enabled DICOM communication software on different operating systems (Windows/Linux), and used this DICOM software to evaluate the performance of the IPv6/IPv4 enabled DICOM image communication with different security setting and environments. We compared the security communications of IPsec with SSL/TLS on different TCP/IP protocols (IPv6/IPv4), and find that there are some trade-offs to choose security solution between IPsec and SSL/TLS in the security implementation of IPv6/IPv4 communication networks.

  19. 38 CFR 1.518 - Addresses of claimants.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... claimants. (a) It is the general policy of the Department of Veterans Affairs to refuse to furnish addresses... file number, Social Security number, and date of birth. (Authority: 38 U.S.C. 5701(g))...

  20. Final report for the Integrated and Robust Security Infrastructure (IRSI) laboratory directed research and development project

    SciTech Connect

    Hutchinson, R.L.; Hamilton, V.A.; Istrail, G.G.; Espinoza, J.; Murphy, M.D.

    1997-11-01

    This report describes the results of a Sandia-funded laboratory-directed research and development project titled {open_quotes}Integrated and Robust Security Infrastructure{close_quotes} (IRSI). IRSI was to provide a broad range of commercial-grade security services to any software application. IRSI has two primary goals: application transparency and manageable public key infrastructure. IRSI must provide its security services to any application without the need to modify the application to invoke the security services. Public key mechanisms are well suited for a network with many end users and systems. There are many issues that make it difficult to deploy and manage a public key infrastructure. IRSI addressed some of these issues to create a more manageable public key infrastructure.

  1. SPAN security policies and guidelines

    NASA Technical Reports Server (NTRS)

    Sisson, Patricia L.; Green, James L.

    1989-01-01

    A guide is provided to system security with emphasis on requirements and guidelines that are necessary to maintain an acceptable level of security on the network. To have security for the network, each node on the network must be secure. Therefore, each system manager, must strictly adhere to the requirements and must consider implementing the guidelines discussed. There are areas of vulnerability within the operating system that may not be addressed. However, when a requirement or guideline is discussed, implementation techniques are included. Information related to computer and data security is discussed to provide information on implementation options. The information is presented as it relates to a VAX computer environment.

  2. Addressing Social Issues.

    ERIC Educational Resources Information Center

    Schoebel, Susan

    1991-01-01

    Maintains that advertising can help people become more aware of social responsibilities. Describes a successful nationwide newspaper advertising competition for college students in which ads address social issues such as literacy, drugs, teen suicide, and teen pregnancy. Notes how the ads have helped grassroots programs throughout the United…

  3. Addressing Sexual Harassment

    ERIC Educational Resources Information Center

    Young, Ellie L.; Ashbaker, Betty Y.

    2008-01-01

    This article discusses ways on how to address the problem of sexual harassment in schools. Sexual harassment--simply defined as any unwanted and unwelcome sexual behavior--is a sensitive topic. Merely providing students, parents, and staff members with information about the school's sexual harassment policy is insufficient; schools must take…

  4. Telemedicine Security: A Systematic Review

    PubMed Central

    Garg, Vaibhav; Brewer, Jeffrey

    2011-01-01

    Telemedicine is a technology-based alternative to traditional health care delivery. However, poor security measures in telemedicine services can have an adverse impact on the quality of care provided, regardless of the chronic condition being studied. We undertook a systematic review of 58 journal articles pertaining to telemedicine security. These articles were selected based on a keyword search on 14 relevant journals. The articles were coded to evaluate the methodology and to identify the key areas of research in security that are being reviewed. Seventy-six percent of the articles defined the security problem they were addressing, and only 47% formulated a research question pertaining to security. Sixty-one percent proposed a solution, and 20% of these tested the security solutions that they proposed. Prior research indicates inadequate reporting of methodology in telemedicine research. We found that to be true for security research as well. We also identified other issues such as using outdated security standards. PMID:21722592

  5. Telemedicine security: a systematic review.

    PubMed

    Garg, Vaibhav; Brewer, Jeffrey

    2011-05-01

    Telemedicine is a technology-based alternative to traditional health care delivery. However, poor security measures in telemedicine services can have an adverse impact on the quality of care provided, regardless of the chronic condition being studied. We undertook a systematic review of 58 journal articles pertaining to telemedicine security. These articles were selected based on a keyword search on 14 relevant journals. The articles were coded to evaluate the methodology and to identify the key areas of research in security that are being reviewed. Seventy-six percent of the articles defined the security problem they were addressing, and only 47% formulated a research question pertaining to security. Sixty-one percent proposed a solution, and 20% of these tested the security solutions that they proposed. Prior research indicates inadequate reporting of methodology in telemedicine research. We found that to be true for security research as well. We also identified other issues such as using outdated security standards.

  6. 17 CFR 171.3 - Business address; hours.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 17 Commodity and Securities Exchanges 1 2013-04-01 2013-04-01 false Business address; hours. 171.3 Section 171.3 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES RELATING TO REVIEW OF NATIONAL FUTURES ASSOCIATION DECISIONS IN DISCIPLINARY, MEMBERSHIP DENIAL, REGISTRATION AND MEMBER RESPONSIBILITY ACTIONS...

  7. 75 FR 11610 - Notice Announcing Addresses for Service of Process

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-03-11

    ... responsible for the jurisdiction in which the complaint has been filed. This notice replaces 70 FR 73320-01... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Notice Announcing Addresses for Service of Process AGENCY: Social Security Administration....

  8. Computer Security Risk Assessment

    1992-02-11

    LAVA/CS (LAVA for Computer Security) is an application of the Los Alamos Vulnerability Assessment (LAVA) methodology specific to computer and information security. The software serves as a generic tool for identifying vulnerabilities in computer and information security safeguards systems. Although it does not perform a full risk assessment, the results from its analysis may provide valuable insights into security problems. LAVA/CS assumes that the system is exposed to both natural and environmental hazards and tomore » deliberate malevolent actions by either insiders or outsiders. The user in the process of answering the LAVA/CS questionnaire identifies missing safeguards in 34 areas ranging from password management to personnel security and internal audit practices. Specific safeguards protecting a generic set of assets (or targets) from a generic set of threats (or adversaries) are considered. There are four generic assets: the facility, the organization''s environment; the hardware, all computer-related hardware; the software, the information in machine-readable form stored both on-line or on transportable media; and the documents and displays, the information in human-readable form stored as hard-copy materials (manuals, reports, listings in full-size or microform), film, and screen displays. Two generic threats are considered: natural and environmental hazards, storms, fires, power abnormalities, water and accidental maintenance damage; and on-site human threats, both intentional and accidental acts attributable to a perpetrator on the facility''s premises.« less

  9. A Systematic Comprehensive Computational Model for Stake Estimation in Mission Assurance: Applying Cyber Security Econometrics System (CSES) to Mission Assurance Analysis Protocol (MAAP)

    SciTech Connect

    Abercrombie, Robert K; Sheldon, Frederick T; Grimaila, Michael R

    2010-01-01

    In earlier works, we presented a computational infrastructure that allows an analyst to estimate the security of a system in terms of the loss that each stakeholder stands to sustain as a result of security breakdowns. In this paper, we discuss how this infrastructure can be used in the subject domain of mission assurance as defined as the full life-cycle engineering process to identify and mitigate design, production, test, and field support deficiencies of mission success. We address the opportunity to apply the Cyberspace Security Econometrics System (CSES) to Carnegie Mellon University and Software Engineering Institute s Mission Assurance Analysis Protocol (MAAP) in this context.

  10. Mapping virtual addresses to different physical addresses for value disambiguation for thread memory access requests

    DOEpatents

    Gala, Alan; Ohmacht, Martin

    2014-09-02

    A multiprocessor system includes nodes. Each node includes a data path that includes a core, a TLB, and a first level cache implementing disambiguation. The system also includes at least one second level cache and a main memory. For thread memory access requests, the core uses an address associated with an instruction format of the core. The first level cache uses an address format related to the size of the main memory plus an offset corresponding to hardware thread meta data. The second level cache uses a physical main memory address plus software thread meta data to store the memory access request. The second level cache accesses the main memory using the physical address with neither the offset nor the thread meta data after resolving speculation. In short, this system includes mapping of a virtual address to a different physical addresses for value disambiguation for different threads.

  11. 17 CFR 230.154 - Delivery of prospectuses to investors at the same address.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 3 2014-04-01 2014-04-01 false Delivery of prospectuses to investors at the same address. 230.154 Section 230.154 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION GENERAL RULES AND REGULATIONS, SECURITIES ACT OF 1933 General § 230.154 Delivery of prospectuses to investors at the...

  12. The ALMA software architecture

    NASA Astrophysics Data System (ADS)

    Schwarz, Joseph; Farris, Allen; Sommer, Heiko

    2004-09-01

    The software for the Atacama Large Millimeter Array (ALMA) is being developed by many institutes on two continents. The software itself will function in a distributed environment, from the 0.5-14 kmbaselines that separate antennas to the larger distances that separate the array site at the Llano de Chajnantor in Chile from the operations and user support facilities in Chile, North America and Europe. Distributed development demands 1) interfaces that allow separated groups to work with minimal dependence on their counterparts at other locations; and 2) a common architecture to minimize duplication and ensure that developers can always perform similar tasks in a similar way. The Container/Component model provides a blueprint for the separation of functional from technical concerns: application developers concentrate on implementing functionality in Components, which depend on Containers to provide them with services such as access to remote resources, transparent serialization of entity objects to XML, logging, error handling and security. Early system integrations have verified that this architecture is sound and that developers can successfully exploit its features. The Containers and their services are provided by a system-orienteddevelopment team as part of the ALMA Common Software (ACS), middleware that is based on CORBA.

  13. Cyber Security Evaluation Tool

    2009-08-03

    CSET is a desktop software tool that guides users through a step-by-step process to assess their control system network security practices against recognized industry standards. The output from CSET is a prioritized list of recommendations for improving the cyber security posture of your organization’s ICS or enterprise network. CSET derives the recommendations from a database of cybersecurity standards, guidelines, and practices. Each recommendation is linked to a set of actions that can be applied tomore » enhance cybersecurity controls.« less

  14. Cyber Security Evaluation Tool

    SciTech Connect

    2009-08-03

    CSET is a desktop software tool that guides users through a step-by-step process to assess their control system network security practices against recognized industry standards. The output from CSET is a prioritized list of recommendations for improving the cyber security posture of your organization’s ICS or enterprise network. CSET derives the recommendations from a database of cybersecurity standards, guidelines, and practices. Each recommendation is linked to a set of actions that can be applied to enhance cybersecurity controls.

  15. The Effect of Software Features on Software Adoption and Training in the Audit Profession

    ERIC Educational Resources Information Center

    Kim, Hyo-Jeong

    2012-01-01

    Although software has been studied with technology adoption and training research, the study of specific software features for professional groups has been limited. To address this gap, I researched the impact of software features of varying complexity on internal audit (IA) professionals. Two studies along with the development of training…

  16. Software error detection

    NASA Technical Reports Server (NTRS)

    Buechler, W.; Tucker, A. G.

    1981-01-01

    Several methods were employed to detect both the occurrence and source of errors in the operational software of the AN/SLQ-32. A large embedded real time electronic warfare command and control system for the ROLM 1606 computer are presented. The ROLM computer provides information about invalid addressing, improper use of privileged instructions, stack overflows, and unimplemented instructions. Additionally, software techniques were developed to detect invalid jumps, indices out of range, infinte loops, stack underflows, and field size errors. Finally, data are saved to provide information about the status of the system when an error is detected. This information includes I/O buffers, interrupt counts, stack contents, and recently passed locations. The various errors detected, techniques to assist in debugging problems, and segment simulation on a nontarget computer are discussed. These error detection techniques were a major factor in the success of finding the primary cause of error in 98% of over 500 system dumps.

  17. Software engineering and the role of Ada: Executive seminar

    NASA Technical Reports Server (NTRS)

    Freedman, Glenn B.

    1987-01-01

    The objective was to introduce the basic terminology and concepts of software engineering and Ada. The life cycle model is reviewed. The application of the goals and principles of software engineering is applied. An introductory understanding of the features of the Ada language is gained. Topics addressed include: the software crises; the mandate of the Space Station Program; software life cycle model; software engineering; and Ada under the software engineering umbrella.

  18. Holographic content addressable storage

    NASA Astrophysics Data System (ADS)

    Chao, Tien-Hsin; Lu, Thomas; Reyes, George

    2015-03-01

    We have developed a Holographic Content Addressable Storage (HCAS) architecture. The HCAS systems consists of a DMD (Digital Micromirror Array) as the input Spatial Light Modulator (SLM), a CMOS (Complementary Metal-oxide Semiconductor) sensor as the output photodetector and a photorefractive crystal as the recording media. The HCAS system is capable of performing optical correlation of an input image/feature against massive reference data set stored in the holographic memory. Detailed system analysis will be reported in this paper.

  19. Social Security and Supplemental Security Income Benefits for Children with Disabilities. The Arc Q & A Series.

    ERIC Educational Resources Information Center

    Arc, Arlington, TX.

    Basic information about Social Security and Supplementary Security Income benefits for children with disabilities is presented in a question-and-answer format. The following questions are addressed: "How can a child get benefits from Social Security or Supplemental Security Income (SSI)?"; "How is eligibility determined?"; "What is the definition…

  20. New security system for ID certificates in IT society

    NASA Astrophysics Data System (ADS)

    Nagashima, Hisato; Saito, Kazuharu

    2004-06-01

    This paper introduces a new security solution regarding security documents with secure unique information. Our newly proposed security measure enables outputting ID documents by commercially available printer. On this basis, a citizen can apply and accept his ID certificates to and from Issuing Authority via website. A unique gradational latent image emerges if a third party authenticates it under Infrared ray. The principle of this new measure lies in the complicated microstructure generated by our specially designed software. It is understood that its security feature based on secure software and wide applicability for commercially available printers show profound potentiality to construct new security system for ID documents in IT society.

  1. Enhancing Seismic Calibration Research Through Software Automation

    SciTech Connect

    Ruppert, S; Dodge, D; Elliott, A; Ganzberger, M; Hauk, T; Matzel, E; Ryall, F

    2004-07-09

    The National Nuclear Security Administration (NNSA) Ground-Based Nuclear Explosion Monitoring Research and Engineering (GNEM R&E) Program has made significant progress enhancing the process of deriving seismic calibrations and performing scientific integration with automation tools. We present an overview of our software automation efforts and framework to address the problematic issues of very large datasets and varied formats utilized during seismic calibration research. The software and scientific automation initiatives directly support the rapid collection of raw and contextual seismic data used in research, provide efficient interfaces for researchers to measure/analyze data, and provide a framework for research dataset integration. The automation also improves the researcher's ability to assemble quality controlled research products for delivery into the NNSA Knowledge Base (KB). The software and scientific automation tasks provide the robust foundation upon which synergistic and efficient development of, GNEM R&E Program, seismic calibration research may be built. The task of constructing many seismic calibration products is labor intensive and complex, hence expensive. However, aspects of calibration product construction are susceptible to automation and future economies. We are applying software and scientific automation to problems within two distinct phases or 'tiers' of the seismic calibration process. The first tier involves initial collection of waveform and parameter (bulletin) data that comprise the 'raw materials' from which signal travel-time and amplitude correction surfaces are derived and is highly suited for software automation. The second tier in seismic research content development activities include development of correction surfaces and other calibrations. This second tier is less susceptible to complete automation, as these activities require the judgment of scientists skilled in the interpretation of often highly unpredictable event

  2. Analysis Software

    NASA Technical Reports Server (NTRS)

    1994-01-01

    General Purpose Boundary Element Solution Technology (GPBEST) software employs the boundary element method of mechanical engineering analysis, as opposed to finite element. It is, according to one of its developers, 10 times faster in data preparation and more accurate than other methods. Its use results in less expensive products because the time between design and manufacturing is shortened. A commercial derivative of a NASA-developed computer code, it is marketed by Best Corporation to solve problems in stress analysis, heat transfer, fluid analysis and yielding and cracking of solids. Other applications include designing tractor and auto parts, household appliances and acoustic analysis.

  3. Scheduling Software

    NASA Technical Reports Server (NTRS)

    1993-01-01

    Advanced Scheduling Environment is a software product designed and marketed by AVYX, Inc. to provide scheduling solutions for complex manufacturing environments. It can be adapted to specific scheduling and manufacturing processes and has led to substantial cost savings. The system was originally developed for NASA use in scheduling Space Shuttle flights and satellite activities. AVYX, Inc. is an offshoot of a company formed to provide computer-related services to NASA. TREES-plus, the company's initial product became the programming language for the advanced scheduling environment system.

  4. Space Software

    NASA Technical Reports Server (NTRS)

    1990-01-01

    Xontech, Inc.'s software package, XonVu, simulates the missions of Voyager 1 at Jupiter and Saturn, Voyager 2 at Jupiter, Saturn, Uranus and Neptune, and Giotto in close encounter with Comet Halley. With the program, the user can generate scenes of the planets, moons, stars or Halley's nucleus and tail as seen by Giotto, all graphically reproduced with high accuracy in wireframe representation. Program can be used on a wide range of computers, including PCs. User friendly and interactive, with many options, XonVu can be used by a space novice or a professional astronomer. With a companion user's manual, it sells for $79.

  5. Simulation Software

    NASA Technical Reports Server (NTRS)

    1996-01-01

    Various NASA Small Business Innovation Research grants from Marshall Space Flight Center, Langley Research Center and Ames Research Center were used to develop the 'kernel' of COMCO's modeling and simulation software, the PHLEX finite element code. NASA needed it to model designs of flight vehicles; one of many customized commercial applications is UNISIM, a PHLEX-based code for analyzing underground flows in oil reservoirs for Texaco, Inc. COMCO's products simulate a computational mechanics problem, estimate the solution's error and produce the optimal hp-adapted mesh for the accuracy the user chooses. The system is also used as a research or training tool in universities and in mechanical design in industrial corporations.

  6. Seminar Software

    NASA Technical Reports Server (NTRS)

    1993-01-01

    The Society for Computer Simulation International is a professional technical society that distributes information on methodology techniques and uses of computer simulation. The society uses NETS, a NASA-developed program, to assist seminar participants in learning to use neural networks for computer simulation. NETS is a software system modeled after the human brain; it is designed to help scientists exploring artificial intelligence to solve pattern matching problems. Examples from NETS are presented to seminar participants, who can then manipulate, alter or enhance them for their own applications.

  7. Software to Manage the Unmanageable

    NASA Technical Reports Server (NTRS)

    2005-01-01

    In 1995, NASA s Jet Propulsion Laboratory (JPL) contracted Redmond, Washington-based Lucidoc Corporation, to design a technology infrastructure to automate the intersection between policy management and operations management with advanced software that automates document workflow, document status, and uniformity of document layout. JPL had very specific parameters for the software. It expected to store and catalog over 8,000 technical and procedural documents integrated with hundreds of processes. The project ended in 2000, but NASA still uses the resulting highly secure document management system, and Lucidoc has managed to help other organizations, large and small, with integrating document flow and operations management to ensure a compliance-ready culture.

  8. Lawrence Livermore National Laboratory safeguards and security quarterly progress report to the U.S. Department of Energy. Quarter ending September 30, 1996

    SciTech Connect

    Davis, G.; Johnson, D.; Mansur, D.L.; Ruhter, W.D.; Strait, R.S.

    1996-10-01

    The paper describes tasks undertaken in each of the following areas: Safeguards technology program (STP); Safeguards and material accountability (SMA); Computer security, distributed systems; Complex-wide access control system (CWAC); and Standardization of security systems (SSS). The STP develops advanced, nondestructive analysis technology for measurement of special nuclear materials. Work focuses on R and D relating to X- and gamma-ray spectrometry and to development of computer codes for interpreting the spectral data obtained by these techniques. The SMA is concerned with four areas: insider protection; material accountability; planning and evaluation; and information security. The Computer Security Technology Center provides expertise and solutions to the many information security problems present in today`s computer systems and networks. Incidents of intrusions, computer viruses, the purposeful replacement of legitimate software for illegal purposes, and similar acts are being addressed by the creation of security software, the delivery of incident response expertise, and research and development into secure systems. The purpose of the CWAC is to develop an approach that will allow visitors to use their DOE standard badge in access control systems throughout the DOE complex. The purpose of the SSS project is to support the standardization of security systems to meet DOE orders and requirements, and to support the DOE in offering relevant security technology and capabilities to Federal standardization efforts.

  9. Security and Policy for Group Collaboration

    SciTech Connect

    Ian Foster; Carl Kesselman

    2006-07-31

    Security and Policy for Group Collaboration” was a Collaboratory Middleware research project aimed at providing the fundamental security and policy infrastructure required to support the creation and operation of distributed, computationally enabled collaborations. The project developed infrastructure that exploits innovative new techniques to address challenging issues of scale, dynamics, distribution, and role. To reduce greatly the cost of adding new members to a collaboration, we developed and evaluated new techniques for creating and managing credentials based on public key certificates, including support for online certificate generation, online certificate repositories, and support for multiple certificate authorities. To facilitate the integration of new resources into a collaboration, we improved significantly the integration of local security environments. To make it easy to create and change the role and associated privileges of both resources and participants of collaboration, we developed community wide authorization services that provide distributed, scalable means for specifying policy. These services make it possible for the delegation of capability from the community to a specific user, class of user or resource. Finally, we instantiated our research results into a framework that makes it useable to a wide range of collaborative tools. The resulting mechanisms and software have been widely adopted within DOE projects and in many other scientific projects. The widespread adoption of our Globus Toolkit technology has provided, and continues to provide, a natural dissemination and technology transfer vehicle for our results.

  10. Managing information technology security risk

    NASA Technical Reports Server (NTRS)

    Gilliam, David

    2003-01-01

    Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

  11. Data security in occupational health.

    PubMed

    Damrongsak, Mantana; Brown, Kathleen C

    2008-10-01

    Occupational health nurses are increasingly using computer systems in the delivery of efficient, high-quality occupational health services. However, potential breaches in data security are posing more risks to these data systems. The purpose of this article is to address concerns related to data security in occupational health nursing. Occupational health nurses must protect the personal health information of employees by proactively developing methods to ensure data security.

  12. The ALMA Software System

    NASA Astrophysics Data System (ADS)

    Schwarz, J.; Sommer, H.; Farris, A.

    2004-07-01

    Prospective users, instrumentation and location of the Atacama Large Millimeter Array (ALMA) all present its software developers with major challenges. The development of this software will be distributed among many institutes on two continents, mimicking the software itself, which will have to function in a distributed environment, spanning the 0.5-10 km baselines between antennas, as well as the much larger distances that will separate the array site at the 5000m-high Llano de Chajnantor, the Operations Support Facility in San Pedro de Atacama, the Santiago Central Office, and the ALMA Regional Centers in North America and Europe. To make distributed development successful, we have defined interfaces that allow separated groups to work independently of their counterparts at other locations as much as possible. We have defined a common architecture and infrastructure, so that work done at one location is not unnecessarily duplicated at another, and that similar tasks are done in a similar way throughout the project. A single, integrated Archive attends to the needs of all subsystems for persistent storage, and hides details of the underlying database technology. The separation of functional from technical concerns is built into the system architecture through the use of the Container-Component model: application developers can concentrate on implementing functionality in runtime-deployable components, which in turn depend on Containers to provide them with services such as access to remote resources, transparent serialization of value objects to XML, logging, error-handling and security. The resulting middleware, which forms part of the ALMA Common Software (ACS), is based on CORBA and XML.

  13. Secured Advanced Federated Environment (SAFE): A NASA Solution for Secure Cross-Organization Collaboration

    NASA Technical Reports Server (NTRS)

    Chow, Edward; Spence, Matthew Chew; Pell, Barney; Stewart, Helen; Korsmeyer, David; Liu, Joseph; Chang, Hsin-Ping; Viernes, Conan; Gogorth, Andre

    2003-01-01

    This paper discusses the challenges and security issues inherent in building complex cross-organizational collaborative projects and software systems within NASA. By applying the design principles of compartmentalization, organizational hierarchy and inter-organizational federation, the Secured Advanced Federated Environment (SAFE) is laying the foundation for a collaborative virtual infrastructure for the NASA community. A key element of SAFE is the Micro Security Domain (MSD) concept, which balances the need to collaborate and the need to enforce enterprise and local security rules. With the SAFE approach, security is an integral component of enterprise software and network design, not an afterthought.

  14. Software system safety

    NASA Technical Reports Server (NTRS)

    Uber, James G.

    1988-01-01

    Software itself is not hazardous, but since software and hardware share common interfaces there is an opportunity for software to create hazards. Further, these software systems are complex, and proven methods for the design, analysis, and measurement of software safety are not yet available. Some past software failures, future NASA software trends, software engineering methods, and tools and techniques for various software safety analyses are reviewed. Recommendations to NASA are made based on this review.

  15. Bioreactors Addressing Diabetes Mellitus

    PubMed Central

    Minteer, Danielle M.; Gerlach, Jorg C.

    2014-01-01

    The concept of bioreactors in biochemical engineering is a well-established process; however, the idea of applying bioreactor technology to biomedical and tissue engineering issues is relatively novel and has been rapidly accepted as a culture model. Tissue engineers have developed and adapted various types of bioreactors in which to culture many different cell types and therapies addressing several diseases, including diabetes mellitus types 1 and 2. With a rising world of bioreactor development and an ever increasing diagnosis rate of diabetes, this review aims to highlight bioreactor history and emerging bioreactor technologies used for diabetes-related cell culture and therapies. PMID:25160666

  16. Bioreactors addressing diabetes mellitus.

    PubMed

    Minteer, Danielle M; Gerlach, Jorg C; Marra, Kacey G

    2014-11-01

    The concept of bioreactors in biochemical engineering is a well-established process; however, the idea of applying bioreactor technology to biomedical and tissue engineering issues is relatively novel and has been rapidly accepted as a culture model. Tissue engineers have developed and adapted various types of bioreactors in which to culture many different cell types and therapies addressing several diseases, including diabetes mellitus types 1 and 2. With a rising world of bioreactor development and an ever increasing diagnosis rate of diabetes, this review aims to highlight bioreactor history and emerging bioreactor technologies used for diabetes-related cell culture and therapies.

  17. Content addressable memory project

    NASA Technical Reports Server (NTRS)

    Hall, J. Storrs; Levy, Saul; Smith, Donald E.; Miyake, Keith M.

    1992-01-01

    A parameterized version of the tree processor was designed and tested (by simulation). The leaf processor design is 90 percent complete. We expect to complete and test a combination of tree and leaf cell designs in the next period. Work is proceeding on algorithms for the computer aided manufacturing (CAM), and once the design is complete we will begin simulating algorithms for large problems. The following topics are covered: (1) the practical implementation of content addressable memory; (2) design of a LEAF cell for the Rutgers CAM architecture; (3) a circuit design tool user's manual; and (4) design and analysis of efficient hierarchical interconnection networks.

  18. Addressing Environmental Health Inequalities

    PubMed Central

    Gouveia, Nelson

    2016-01-01

    Environmental health inequalities refer to health hazards disproportionately or unfairly distributed among the most vulnerable social groups, which are generally the most discriminated, poor populations and minorities affected by environmental risks. Although it has been known for a long time that health and disease are socially determined, only recently has this idea been incorporated into the conceptual and practical framework for the formulation of policies and strategies regarding health. In this Special Issue of the International Journal of Environmental Research and Public Health (IJERPH), “Addressing Environmental Health Inequalities—Proceedings from the ISEE Conference 2015”, we incorporate nine papers that were presented at the 27th Conference of the International Society for Environmental Epidemiology (ISEE), held in Sao Paulo, Brazil, in 2015. This small collection of articles provides a brief overview of the different aspects of this topic. Addressing environmental health inequalities is important for the transformation of our reality and for changing the actual development model towards more just, democratic, and sustainable societies driven by another form of relationship between nature, economy, science, and politics. PMID:27618906

  19. Addressing Environmental Health Inequalities.

    PubMed

    Gouveia, Nelson

    2016-01-01

    Environmental health inequalities refer to health hazards disproportionately or unfairly distributed among the most vulnerable social groups, which are generally the most discriminated, poor populations and minorities affected by environmental risks. Although it has been known for a long time that health and disease are socially determined, only recently has this idea been incorporated into the conceptual and practical framework for the formulation of policies and strategies regarding health. In this Special Issue of the International Journal of Environmental Research and Public Health (IJERPH), "Addressing Environmental Health Inequalities-Proceedings from the ISEE Conference 2015", we incorporate nine papers that were presented at the 27th Conference of the International Society for Environmental Epidemiology (ISEE), held in Sao Paulo, Brazil, in 2015. This small collection of articles provides a brief overview of the different aspects of this topic. Addressing environmental health inequalities is important for the transformation of our reality and for changing the actual development model towards more just, democratic, and sustainable societies driven by another form of relationship between nature, economy, science, and politics. PMID:27618906

  20. 46 CFR 14.103 - Addresses of Coast Guard.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 46 Shipping 1 2012-10-01 2012-10-01 false Addresses of Coast Guard. 14.103 Section 14.103 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN SHIPMENT AND DISCHARGE OF MERCHANT MARINERS General § 14.103 Addresses of Coast Guard. (a) U.S. postal mail: U.S....

  1. 46 CFR 107.117 - Coast Guard addresses.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 46 Shipping 4 2010-10-01 2010-10-01 false Coast Guard addresses. 107.117 Section 107.117 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS INSPECTION AND CERTIFICATION General § 107.117 Coast Guard addresses. When approval of the Commandant is required under...

  2. 46 CFR 14.103 - Addresses of Coast Guard.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 46 Shipping 1 2010-10-01 2010-10-01 false Addresses of Coast Guard. 14.103 Section 14.103 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN SHIPMENT AND DISCHARGE OF MERCHANT MARINERS General § 14.103 Addresses of Coast Guard. (a) U.S. postal mail: U.S....

  3. 46 CFR 14.103 - Addresses of Coast Guard.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 46 Shipping 1 2014-10-01 2014-10-01 false Addresses of Coast Guard. 14.103 Section 14.103 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN SHIPMENT AND DISCHARGE OF MERCHANT MARINERS General § 14.103 Addresses of Coast Guard. (a) U.S. postal mail: U.S....

  4. 46 CFR 107.117 - Coast Guard addresses.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 46 Shipping 4 2011-10-01 2011-10-01 false Coast Guard addresses. 107.117 Section 107.117 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS INSPECTION AND CERTIFICATION General § 107.117 Coast Guard addresses. When approval of the Commandant is required under...

  5. 46 CFR 107.117 - Coast Guard addresses.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 46 Shipping 4 2012-10-01 2012-10-01 false Coast Guard addresses. 107.117 Section 107.117 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS INSPECTION AND CERTIFICATION General § 107.117 Coast Guard addresses. When approval of the Commandant is required under...

  6. 46 CFR 107.117 - Coast Guard addresses.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 46 Shipping 4 2014-10-01 2014-10-01 false Coast Guard addresses. 107.117 Section 107.117 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS INSPECTION AND CERTIFICATION General § 107.117 Coast Guard addresses. When approval of the Commandant is required under...

  7. 46 CFR 14.103 - Addresses of Coast Guard.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 46 Shipping 1 2011-10-01 2011-10-01 false Addresses of Coast Guard. 14.103 Section 14.103 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN SHIPMENT AND DISCHARGE OF MERCHANT MARINERS General § 14.103 Addresses of Coast Guard. (a) U.S. postal mail: U.S....

  8. 46 CFR 107.117 - Coast Guard addresses.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 46 Shipping 4 2013-10-01 2013-10-01 false Coast Guard addresses. 107.117 Section 107.117 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS INSPECTION AND CERTIFICATION General § 107.117 Coast Guard addresses. When approval of the Commandant is required under...

  9. 46 CFR 14.103 - Addresses of Coast Guard.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 46 Shipping 1 2013-10-01 2013-10-01 false Addresses of Coast Guard. 14.103 Section 14.103 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN SHIPMENT AND DISCHARGE OF MERCHANT MARINERS General § 14.103 Addresses of Coast Guard. (a) U.S. postal mail: U.S....

  10. Space station: The role of software

    NASA Technical Reports Server (NTRS)

    Hall, D.

    1985-01-01

    Software will play a critical role throughout the Space Station Program. This presentation sets the stage and prompts participant interaction at the Software Issues Forum. The presentation is structured into three major topics: (1) an overview of the concept and status of the Space Station Program; (2) several charts designed to lay out the scope and role of software; and (3) information addressing the four specific areas selected for focus at the forum, specifically: software management, the software development environment, languages, and standards. NASA's current thinking is highlighted and some of the relevant critical issues are raised.

  11. Public Domain Software for Education.

    ERIC Educational Resources Information Center

    Scholastech, Inc., Cambridge, MA.

    This report describes a project undertaken by Scholastech, a public charity addressing the development needs of computing educators, which was designed to advocate and support the increased use of free software in the college curriculum. The first of five sections provides a brief overview and statement of project objectives, i.e., to serve…

  12. A Multidimensional Software Engineering Course

    ERIC Educational Resources Information Center

    Barzilay, O.; Hazzan, O.; Yehudai, A.

    2009-01-01

    Software engineering (SE) is a multidimensional field that involves activities in various areas and disciplines, such as computer science, project management, and system engineering. Though modern SE curricula include designated courses that address these various subjects, an advanced summary course that synthesizes them is still missing. Such a…

  13. Security Locks

    ERIC Educational Resources Information Center

    Hart, Kevin

    2010-01-01

    According to a 2008 "Year in Review" report by Educational Security Incidents, an online repository that collects data on higher education security issues, the total number of security incidents reported at universities and colleges worldwide rose to 173 in 2008, a 24.5 percent increase over 2007. The number of institutions affected--perhaps the…

  14. Addressing the insider threat

    SciTech Connect

    Hochberg, J.G.; Jackson, K.A.; McClary, J.F.; Simmonds, D.D.

    1993-05-01

    Computers have come to play a major role in the processing of information vital to our national security. As we grow more dependent on computers, we also become more vulnerable to their misuse. Misuse may be accidental, or may occur deliberately for purposes of personal gain, espionage, terrorism, or revenge. While it is difficult to obtain exact statistics on computer misuse, clearly it is growing. It is also clear that insiders -- authorized system users -- are responsible for most of this increase. Unfortunately, their insider status gives them a greater potential for harm This paper takes an asset-based approach to the insider threat. We begin by characterizing the insider and the threat posed by variously motivated insiders. Next, we characterize the asset of concern: computerized information of strategic or economic value. We discuss four general ways in which computerized information is vulnerable to adversary action by the insider: disclosure, violation of integrity, denial of service, and unauthorized use of resources. We then look at three general remedies for these vulnerabilities. The first is formality of operations, such as training, personnel screening, and configuration management. The second is the institution of automated safeguards, such as single-use passwords, encryption, and biometric devices. The third is the development of automated systems that collect and analyze system and user data to look for signs of misuse.

  15. Addressing the insider threat

    SciTech Connect

    Hochberg, J.G.; Jackson, K.A.; McClary, J.F.; Simmonds, D.D.

    1993-01-01

    Computers have come to play a major role in the processing of information vital to our national security. As we grow more dependent on computers, we also become more vulnerable to their misuse. Misuse may be accidental, or may occur deliberately for purposes of personal gain, espionage, terrorism, or revenge. While it is difficult to obtain exact statistics on computer misuse, clearly it is growing. It is also clear that insiders -- authorized system users -- are responsible for most of this increase. Unfortunately, their insider status gives them a greater potential for harm This paper takes an asset-based approach to the insider threat. We begin by characterizing the insider and the threat posed by variously motivated insiders. Next, we characterize the asset of concern: computerized information of strategic or economic value. We discuss four general ways in which computerized information is vulnerable to adversary action by the insider: disclosure, violation of integrity, denial of service, and unauthorized use of resources. We then look at three general remedies for these vulnerabilities. The first is formality of operations, such as training, personnel screening, and configuration management. The second is the institution of automated safeguards, such as single-use passwords, encryption, and biometric devices. The third is the development of automated systems that collect and analyze system and user data to look for signs of misuse.

  16. Content addressable memory project

    NASA Technical Reports Server (NTRS)

    Hall, Josh; Levy, Saul; Smith, D.; Wei, S.; Miyake, K.; Murdocca, M.

    1991-01-01

    The progress on the Rutgers CAM (Content Addressable Memory) Project is described. The overall design of the system is completed at the architectural level and described. The machine is composed of two kinds of cells: (1) the CAM cells which include both memory and processor, and support local processing within each cell; and (2) the tree cells, which have smaller instruction set, and provide global processing over the CAM cells. A parameterized design of the basic CAM cell is completed. Progress was made on the final specification of the CPS. The machine architecture was driven by the design of algorithms whose requirements are reflected in the resulted instruction set(s). A few of these algorithms are described.

  17. Bax: Addressed to kill.

    PubMed

    Renault, Thibaud T; Manon, Stéphen

    2011-09-01

    The pro-apoptototic protein Bax (Bcl-2 Associated protein X) plays a central role in the mitochondria-dependent apoptotic pathway. In healthy mammalian cells, Bax is essentially cytosolic and inactive. Following a death signal, the protein is translocated to the outer mitochondrial membrane, where it promotes a permeabilization that favors the release of different apoptogenic factors, such as cytochrome c. The regulation of Bax translocation is associated to conformational changes that are under the control of different factors. The evidences showing the involvement of different Bax domains in its mitochondrial localization are presented. The interactions between Bax and its different partners are described in relation to their ability to promote (or prevent) Bax conformational changes leading to mitochondrial addressing and to the acquisition of the capacity to permeabilize the outer mitochondrial membrane. PMID:21641962

  18. Evidence of Absence software

    USGS Publications Warehouse

    Dalthorp, Daniel; Huso, Manuela M. P.; Dail, David; Kenyon, Jessica

    2014-01-01

    Evidence of Absence software (EoA) is a user-friendly application used for estimating bird and bat fatalities at wind farms and designing search protocols. The software is particularly useful in addressing whether the number of fatalities has exceeded a given threshold and what search parameters are needed to give assurance that thresholds were not exceeded. The software is applicable even when zero carcasses have been found in searches. Depending on the effectiveness of the searches, such an absence of evidence of mortality may or may not be strong evidence that few fatalities occurred. Under a search protocol in which carcasses are detected with nearly 100 percent certainty, finding zero carcasses would be convincing evidence that overall mortality rate was near zero. By contrast, with a less effective search protocol with low probability of detecting a carcass, finding zero carcasses does not rule out the possibility that large numbers of animals were killed but not detected in the searches. EoA uses information about the search process and scavenging rates to estimate detection probabilities to determine a maximum credible number of fatalities, even when zero or few carcasses are observed.

  19. Choosing Software for Children.

    ERIC Educational Resources Information Center

    Spencer, Mima

    This Digest points out characteristics of quality computer software for children, describes different kinds of software, and suggests ways to get software for preview. The need to consider the purpose for which the software is to be used and the degree to which the software meets its stated goals is noted. Desirable software characteristics and…

  20. 31 CFR 202.6 - Collateral security.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... collateral security are addressed in 31 CFR part 380. For a current list of acceptable classes of securities and instruments described in 31 CFR part 380 and their valuations, see the Bureau of the Public Debt's... 31 Money and Finance: Treasury 2 2010-07-01 2010-07-01 false Collateral security. 202.6...

  1. Open source IPSEC software in manned and unmanned space missions

    NASA Astrophysics Data System (ADS)

    Edwards, Jacob

    Network security is a major topic of research because cyber attackers pose a threat to national security. Securing ground-space communications for NASA missions is important because attackers could endanger mission success and human lives. This thesis describes how an open source IPsec software package was used to create a secure and reliable channel for ground-space communications. A cost efficient, reproducible hardware testbed was also created to simulate ground-space communications. The testbed enables simulation of low-bandwidth and high latency communications links to experiment how the open source IPsec software reacts to these network constraints. Test cases were built that allowed for validation of the testbed and the open source IPsec software. The test cases also simulate using an IPsec connection from mission control ground routers to points of interest in outer space. Tested open source IPsec software did not meet all the requirements. Software changes were suggested to meet requirements.

  2. Legal issues critical in software license agreements.

    PubMed

    Manfredi, M J; Peterson, D M

    1989-05-01

    The complex legal aspects of software license agreements are addressed in this final part of a three-part series. A healthcare organization that has selected a software vendor and has reviewed the central provisions of a licensing agreement must then take a close look at the other provisions of the agreement. These include numerous legal provisions, regulatory requirements, and ancillary agreements related to maintenance and access to the software.

  3. Loran-C flight test software

    NASA Technical Reports Server (NTRS)

    Nickum, J. D.

    1978-01-01

    The software package developed for the KIM-1 Micro-System and the Mini-L PLL receiver to simplify taking flight test data is described along with the address and data bus buffers used in the KIM-1 Micro-system. The interface hardware and timing are also presented to describe completely the software programs.

  4. Software for Middle School Physical Science.

    ERIC Educational Resources Information Center

    Podany, Zita

    This final report in the MicroSIFT series reviews 10 software packages that deal mainly with the areas of electricity, magnetism, and heat energy. Software titles appearing in this report were selected because they were judged to be exemplary according to various criteria in the MicroSIFT Evaluator's Guide, with some additions to address science…

  5. Software Piracy: A Look at Legal Issues.

    ERIC Educational Resources Information Center

    Carlson, David

    1986-01-01

    Addresses several differences between computer software and books that affect copyright-related issues. Discussion covers durability of the physical medium, dilemma of backup copies, software licensing agreements, integrity of honest customers, and policy suggestions for libraries that have or are considering microcomputer labs and are concerned…

  6. Critical Considerations for WORM Software Development.

    ERIC Educational Resources Information Center

    Berg, Brian A.

    1987-01-01

    Addresses advantages and disadvantages of write-once read-many (WORM) optical disks and other software considerations resulting from the write-once nature of WORM media to provide guidelines for determining whether this technology is appropriate for an application. Three brief case studies describe WORM software development efforts. (MES)

  7. Software engineering as an engineering discipline

    NASA Technical Reports Server (NTRS)

    Freedman, Glenn B.

    1988-01-01

    The purpose of this panel is to explore the emerging field of software engineering from a variety of perspectives: university programs; industry training and definition; government development; and technology transfer. In doing this, the panel will address the issues of distinctions among software engineering, computer science, and computer hardware engineering as they relate to the challenges of large, complex systems.

  8. [Keynote address: Climate change

    SciTech Connect

    Forrister, D.

    1994-12-31

    Broadly speaking, the climate issue is moving from talk to action both in the United States and internationally. While few nations have adopted strict controls or stiff new taxes, a number of them are developing action plans that are making clear their intention to ramp up activity between now and the year 2000... and beyond. There are sensible, economically efficient strategies to be undertaken in the near term that offer the possibility, in many countries, to avoid more draconian measures. These strategies are by-and-large the same measures that the National Academy of Sciences recommended in a 1991 report called, Policy Implications of Greenhouse Warming. The author thinks the Academy`s most important policy contribution was how it recommended the nations act in the face of uncertain science and high risks--that cost effective measures are adopted as cheap insurance... just as nations insure against other high risk, low certainty possibilities, like catastrophic health insurance, auto insurance, and fire insurance. This insurance theme is still right. First, the author addresses how the international climate change negotiations are beginning to produce insurance measures. Next, the author will discuss some of the key issues to watch in those negotiations that relate to longer-term insurance. And finally, the author will report on progress in the United States on the climate insurance plan--The President`s Climate Action Plan.

  9. Security control methods for CEDR

    SciTech Connect

    Rotem, D.

    1990-09-01

    The purpose of this document is to summarize the findings of recent studies on the security problem in statistical databases and examine their applicability to the specific needs of CEDR. The document is organized as follows: In Section 2 we describe some general control methods which are available on most commercial database software. In Section 3 we provide a classification of statistical security methods. In Section 4 we analyze the type of users of CEDR and the security control methods which may be applied to each type. In Section 5 we summarize the findings of this study and recommend possible solutions.

  10. Information risk and security modeling

    NASA Astrophysics Data System (ADS)

    Zivic, Predrag

    2005-03-01

    This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

  11. PCASSO: a design for secure communication of personal health information via the internet.

    PubMed

    Baker, D B; Masys, D R

    1999-05-01

    The Internet holds both promise and peril for the communications of person-identifiable health information. Because of technical features designed to promote accessibility and interoperability rather than security, Internet addressing conventions and transport protocols are vulnerable to compromise by malicious persons and programs. In addition, most commonly used personal computer (PC) operating systems currently lack the hardware-based system software protection and process isolation that are essential for ensuring the integrity of trusted applications. Security approaches designed for electronic commerce, that trade known security weaknesses for limited financial liability, are not sufficient for personal health data, where the personal damage caused by unintentional disclosure may be far more serious. To overcome these obstacles, we are developing and evaluating an Internet-based communications system called PCASSO (Patient-centered access to secure systems online) that applies state of the art security to health information. PCASSO includes role-based access control, multi-level security, strong device and user authentication, session-specific encryption and audit trails. Unlike Internet-based electronic commerce 'solutions,' PCASSO secures data end-to-end: in the server; in the data repository; across the network; and on the client. PCASSO is designed to give patients as well as providers access to personal health records via the Internet. PMID:10219949

  12. PCASSO: a design for secure communication of personal health information via the internet.

    PubMed

    Baker, D B; Masys, D R

    1999-05-01

    The Internet holds both promise and peril for the communications of person-identifiable health information. Because of technical features designed to promote accessibility and interoperability rather than security, Internet addressing conventions and transport protocols are vulnerable to compromise by malicious persons and programs. In addition, most commonly used personal computer (PC) operating systems currently lack the hardware-based system software protection and process isolation that are essential for ensuring the integrity of trusted applications. Security approaches designed for electronic commerce, that trade known security weaknesses for limited financial liability, are not sufficient for personal health data, where the personal damage caused by unintentional disclosure may be far more serious. To overcome these obstacles, we are developing and evaluating an Internet-based communications system called PCASSO (Patient-centered access to secure systems online) that applies state of the art security to health information. PCASSO includes role-based access control, multi-level security, strong device and user authentication, session-specific encryption and audit trails. Unlike Internet-based electronic commerce 'solutions,' PCASSO secures data end-to-end: in the server; in the data repository; across the network; and on the client. PCASSO is designed to give patients as well as providers access to personal health records via the Internet.

  13. Security systems engineering overview

    SciTech Connect

    Steele, B.J.

    1996-12-31

    Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at $70 billion in direct costs and up to $300 billion in indirect costs. Health insurance fraud alone is estimated to cost American businesses $100 billion. Theft, warranty fraud, and counterfeiting of computer hardware totaled $3 billion in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies (counterfeit currency, cellular phone billing, credit card fraud, health care fraud, passport, green cards, and questionable documents); industrial espionage detection and prevention (intellectual property, computer chips, etc.); and security barrier technology (creation of delay such as gates, vaults, etc.).

  14. Security systems engineering overview

    NASA Astrophysics Data System (ADS)

    Steele, Basil J.

    1997-01-01

    Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at 70 billion dollars in direct costs and up to 300 billion dollars in indirect costs. Health insurance fraud alone is estimated to cost American businesses 100 billion dollars. Theft, warranty fraud, and counterfeiting of computer hardware totaled 3 billion dollars in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies; industrial espionage detection and prevention; security barrier technology.

  15. Software Model Of Software-Development Process

    NASA Technical Reports Server (NTRS)

    Lin, Chi Y.; Synott, Debra J.; Levary, Reuven R.

    1990-01-01

    Collection of computer programs constitutes software tool for simulation of medium- to large-scale software-development projects. Necessary to include easily identifiable and more-readily quantifiable characteristics like costs, times, and numbers of errors. Mathematical model incorporating these and other factors of dynamics of software-development process implemented in the Software Life Cycle Simulator (SLICS) computer program. Simulates dynamics of software-development process. In combination with input and output expert software systems and knowledge-based management software system, develops information for use in managing large software-development project. Intended to aid managers in planning, managing, and controlling software-development processes by reducing uncertainties in budgets, required personnel, and schedules.

  16. CB-EMIS WEB SERVICE SOFTWARE

    2007-01-01

    This software provides CB-EMIS data to remote devices using a secure internet connection. The CB-EMIS Web Service filters and repackages data in a form suitable for resource limited devices such as a cell phone. Data transmission is filtered based on a user's authentical level. The web services acts as intermediary so that no direct connection is possible between the internet and the CB-EMIS server software.

  17. Addressing psychiatric comorbidity.

    PubMed

    Woody, G E; McLellan, A T; O'Brien, C P; Luborsky, L

    1991-01-01

    Research studies indicate that addressing psychiatric comorbidity can improve treatment for selected groups of substance-abusing patients. However, the chances for implementing the necessary techniques on a large scale are compromised by the absence of professional input and guidance within programs. This is especially true in public programs, which treat some of the most disadvantaged, disturbed, and socially destructive individuals in the entire mental health system. One starting point for upgrading the level of knowledge and training of staff members who work in this large treatment system could be to develop a better and more authoritative information dissemination network. Such a system exists in medicine; physicians are expected to read appropriate journals and to guide their treatment decisions using the data contained in the journals. Standards of practice and methods for modifying current practice are within the tradition of reading new facts, studying old ones, and comparing treatment outcome under different conditions with what is actually being done. No such general system of information-gathering or -sharing exists, particularly in public treatment programs. One of the most flagrant examples of this "educational shortfall" can be found among those methadone programs that adamantly insist on prescribing no more than 30 to 35 mg/day for all patients, in spite of the overwhelming evidence that these dose levels generally are inadequate. In some cases, program directors are unaware of studies that have shown the relationship between dose and outcome. In other cases, they are aware of the studies but do not modify their practices accordingly. This example of inadequate dosing is offered as an example of one situation that could be improved by adherence to a system of authoritative and systematic information dissemination. Many issues in substance abuse treatment do not lend themselves to information dissemination as readily as that of methadone dosing

  18. TacNet Tracker Software

    SciTech Connect

    WISEMAN, JAMES; & STEVENS, JAMES

    2008-08-04

    The TacNet Tracker will be used for the monitoring and real-time tracking of personnel and assets in an unlimited number of specific applications. The TacNet Tracker software is a VxWorks Operating System based programming package that controls the functionality for the wearable Tracker. One main use of the TacNet Tracker is in Blue Force Tracking, the ability to track the good guys in an adversarial situation or in a force-on-force or real battle conditions. The purpose of blue force tracking is to provide situational awareness to the battlefield commanders and personnel. There are practical military applications with the TacNet Tracker.The mesh network is a wireless IP communications network that moves data packets from source IP addresses to specific destination IP addresses. Addresses on the TacNet infrastructure utilize an 8-bit network mask (255.0.0.0). In other words, valid TacNet addresses range from 10.0.0.1 to 10.254.254.254. The TacNet software design uses uni-cast transmission techniques because earlier mesh network software releases did not provide for the ability to utilize multi-cast data movement. The TacNet design employs a list of addresses to move information within the TacNet infrastructure. For example, a convoy text file containing the IP addresses of all valid receivers of TacNet information could be used for transmitting the information and for limiting transmission to addresses on the list.

  19. TacNet Tracker Software

    2008-08-04

    The TacNet Tracker will be used for the monitoring and real-time tracking of personnel and assets in an unlimited number of specific applications. The TacNet Tracker software is a VxWorks Operating System based programming package that controls the functionality for the wearable Tracker. One main use of the TacNet Tracker is in Blue Force Tracking, the ability to track the good guys in an adversarial situation or in a force-on-force or real battle conditions. Themore » purpose of blue force tracking is to provide situational awareness to the battlefield commanders and personnel. There are practical military applications with the TacNet Tracker.The mesh network is a wireless IP communications network that moves data packets from source IP addresses to specific destination IP addresses. Addresses on the TacNet infrastructure utilize an 8-bit network mask (255.0.0.0). In other words, valid TacNet addresses range from 10.0.0.1 to 10.254.254.254. The TacNet software design uses uni-cast transmission techniques because earlier mesh network software releases did not provide for the ability to utilize multi-cast data movement. The TacNet design employs a list of addresses to move information within the TacNet infrastructure. For example, a convoy text file containing the IP addresses of all valid receivers of TacNet information could be used for transmitting the information and for limiting transmission to addresses on the list.« less

  20. 76 FR 34650 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-06-14

    ... expected to include the following items: --Cloud Security and Privacy Panel discussion on addressing security and privacy for different types of cloud computing, --Presentation from National Strategy...

  1. A secure data outsourcing scheme based on Asmuth-Bloom secret sharing

    NASA Astrophysics Data System (ADS)

    Idris Muhammad, Yusuf; Kaiiali, Mustafa; Habbal, Adib; Wazan, A. S.; Sani Ilyasu, Auwal

    2016-11-01

    Data outsourcing is an emerging paradigm for data management in which a database is provided as a service by third-party service providers. One of the major benefits of offering database as a service is to provide organisations, which are unable to purchase expensive hardware and software to host their databases, with efficient data storage accessible online at a cheap rate. Despite that, several issues of data confidentiality, integrity, availability and efficient indexing of users' queries at the server side have to be addressed in the data outsourcing paradigm. Service providers have to guarantee that their clients' data are secured against internal (insider) and external attacks. This paper briefly analyses the existing indexing schemes in data outsourcing and highlights their advantages and disadvantages. Then, this paper proposes a secure data outsourcing scheme based on Asmuth-Bloom secret sharing which tries to address the issues in data outsourcing such as data confidentiality, availability and order preservation for efficient indexing.

  2. Lock It Up! Computer Security.

    ERIC Educational Resources Information Center

    Wodarz, Nan

    1997-01-01

    The data contained on desktop computer systems and networks pose security issues for virtually every district. Sensitive information can be protected by educating users, altering the physical layout, using password protection, designating access levels, backing up data, reformatting floppy disks, using antivirus software, and installing encryption…

  3. Staying Secure for School Safety

    ERIC Educational Resources Information Center

    Youngkin, Minu

    2012-01-01

    Proper planning and preventive maintenance can increase school security and return on investment. Preventive maintenance begins with planning. Through careful planning, education institutions can determine what is working and if any equipment, hardware or software needs to be replaced or upgraded. When reviewing a school's safety and security…

  4. Bundle Security Protocol for ION

    NASA Technical Reports Server (NTRS)

    Burleigh, Scott C.; Birrane, Edward J.; Krupiarz, Christopher

    2011-01-01

    This software implements bundle authentication, conforming to the Delay-Tolerant Networking (DTN) Internet Draft on Bundle Security Protocol (BSP), for the Interplanetary Overlay Network (ION) implementation of DTN. This is the only implementation of BSP that is integrated with ION.

  5. Access Control Is More than Security.

    ERIC Educational Resources Information Center

    Fickes, Michael

    2002-01-01

    Describes the University of New Mexico's photo identification LOBO card system, which performs both security and validation tasks. It is used in conjunction with several C-CURE 800 Integrated Security Management Systems supplied by Software House of Lexington, Massachusetts. (EV)

  6. High Assurance Models for Secure Systems

    ERIC Educational Resources Information Center

    Almohri, Hussain M. J.

    2013-01-01

    Despite the recent advances in systems and network security, attacks on large enterprise networks consistently impose serious challenges to maintaining data privacy and software service integrity. We identify two main problems that contribute to increasing the security risk in a networked environment: (i) vulnerable servers, workstations, and…

  7. Double layer secure sketch

    NASA Astrophysics Data System (ADS)

    Li, Cai

    2012-09-01

    Secure sketch has been applied successfully in a wide variety of applications like cryptography, biometric authentication systems and so on. All of these secure sketches have properties in common namely error-tolerance and small entropy loss. The former ensures an input set w' can unlock the system if w' is substantially overlapped with a template set w while the latter means it is hard for an adversary to get the information of w even with the knowledge of s, which is produced by w and stored in the system publicly. In their constructions, they all consider w as a set of atomic elements. However, in the real word, it is very likely the elements in the template set are sets as well. In this paper, we propose a double layer secure sketch to address this issue.

  8. NASA Software Engineering Benchmarking Study

    NASA Technical Reports Server (NTRS)

    Rarick, Heather L.; Godfrey, Sara H.; Kelly, John C.; Crumbley, Robert T.; Wifl, Joel M.

    2013-01-01

    was its software assurance practices, which seemed to rate well in comparison to the other organizational groups and also seemed to include a larger scope of activities. An unexpected benefit of the software benchmarking study was the identification of many opportunities for collaboration in areas including metrics, training, sharing of CMMI experiences and resources such as instructors and CMMI Lead Appraisers, and even sharing of assets such as documented processes. A further unexpected benefit of the study was the feedback on NASA practices that was received from some of the organizations interviewed. From that feedback, other potential areas where NASA could improve were highlighted, such as accuracy of software cost estimation and budgetary practices. The detailed report contains discussion of the practices noted in each of the topic areas, as well as a summary of observations and recommendations from each of the topic areas. The resulting 24 recommendations from the topic areas were then consolidated to eliminate duplication and culled into a set of 14 suggested actionable recommendations. This final set of actionable recommendations, listed below, are items that can be implemented to improve NASA's software engineering practices and to help address many of the items that were listed in the NASA top software engineering issues. 1. Develop and implement standard contract language for software procurements. 2. Advance accurate and trusted software cost estimates for both procured and in-house software and improve the capture of actual cost data to facilitate further improvements. 3. Establish a consistent set of objectives and expectations, specifically types of metrics at the Agency level, so key trends and models can be identified and used to continuously improve software processes and each software development effort. 4. Maintain the CMMI Maturity Level requirement for critical NASA projects and use CMMI to measure organizations developing software for NASA. 5

  9. Social Security.

    ERIC Educational Resources Information Center

    Social and Labour Bulletin, 1983

    1983-01-01

    This group of articles discusses a variety of studies related to social security and retirement benefits. These studies are related to both developing and developed nations and are also concerned with studying work conditions and government role in administering a democratic social security system. (SSH)

  10. Physical Security

    SciTech Connect

    2008-01-01

    The future of physical security at government facilities and national laboratories is rapidly progressing beyond the cliché of gates, guns and guards, and is quickly being replaced by radars, sensors and cameras. Learn more about INL's security research at http://www.facebook.com/idahonationallaboratory.

  11. Software attribute visualization for high integrity software

    SciTech Connect

    Pollock, G.M.

    1998-03-01

    This report documents a prototype tool developed to investigate the use of visualization and virtual reality technologies for improving software surety confidence. The tool is utilized within the execution phase of the software life cycle. It provides a capability to monitor an executing program against prespecified requirements constraints provided in a program written in the requirements specification language SAGE. The resulting Software Attribute Visual Analysis Tool (SAVAnT) also provides a technique to assess the completeness of a software specification.

  12. 17 CFR 248.202 - Duties of card issuers regarding changes of address.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Duties of card issuers regarding changes of address. 248.202 Section 248.202 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) REGULATIONS S-P, S-AM, AND S-ID Regulation S-ID: Identity Theft Red...

  13. The U.S./IAEA Workshop on Software Sustainability for Safeguards Instrumentation: Report to the NNSA DOE Office of International Nuclear Safeguards (NA-241)

    SciTech Connect

    Pepper, Susan E.; Pickett, Chris A.; Queirolo, Al; Bachner, Katherine M.; Worrall, Louise G.

    2015-04-07

    The U.S Department of Energy (DOE) National Nuclear Security Administration (NNSA) Next Generation Safeguards Initiative (NGSI) and the International Atomic Energy Agency (IAEA) convened a workshop on Software Sustainability for Safeguards Instrumentation in Vienna, Austria, May 6-8, 2014. Safeguards instrumentation software must be sustained in a changing environment to ensure existing instruments can continue to perform as designed, with improved security. The approaches to the development and maintenance of instrument software used in the past may not be the best model for the future and, therefore, the organizers’ goal was to investigate these past approaches and to determine an optimal path forward. The purpose of this report is to provide input for the DOE NNSA Office of International Nuclear Safeguards (NA-241) and other stakeholders that can be utilized when making decisions related to the development and maintenance of software used in the implementation of international nuclear safeguards. For example, this guidance can be used when determining whether to fund the development, upgrade, or replacement of a particular software product. The report identifies the challenges related to sustaining software, and makes recommendations for addressing these challenges, supported by summaries and detailed notes from the workshop discussions. In addition the authors provide a set of recommendations for institutionalizing software sustainability practices in the safeguards community. The term “software sustainability” was defined for this workshop as ensuring that safeguards instrument software and algorithm functionality can be maintained efficiently throughout the instrument lifecycle, without interruption and providing the ability to continue to improve that software as needs arise.

  14. Global Software Engineering: A Software Process Approach

    NASA Astrophysics Data System (ADS)

    Richardson, Ita; Casey, Valentine; Burton, John; McCaffery, Fergal

    Our research has shown that many companies are struggling with the successful implementation of global software engineering, due to temporal, cultural and geographical distance, which causes a range of factors to come into play. For example, cultural, project managementproject management and communication difficulties continually cause problems for software engineers and project managers. While the implementation of efficient software processes can be used to improve the quality of the software product, published software process models do not cater explicitly for the recent growth in global software engineering. Our thesis is that global software engineering factors should be included in software process models to ensure their continued usefulness in global organisations. Based on extensive global software engineering research, we have developed a software process, Global Teaming, which includes specific practices and sub-practices. The purpose is to ensure that requirements for successful global software engineering are stipulated so that organisations can ensure successful implementation of global software engineering.

  15. Software Vulnerability Taxonomy Consolidation

    SciTech Connect

    Polepeddi, Sriram S.

    2004-12-07

    In today's environment, computers and networks are increasing exposed to a number of software vulnerabilities. Information about these vulnerabilities is collected and disseminated via various large publicly available databases such as BugTraq, OSVDB and ICAT. Each of these databases, individually, do not cover all aspects of a vulnerability and lack a standard format among them, making it difficult for end-users to easily compare various vulnerabilities. A central database of vulnerabilities has not been available until today for a number of reasons, such as the non-uniform methods by which current vulnerability database providers receive information, disagreement over which features of a particular vulnerability are important and how best to present them, and the non-utility of the information presented in many databases. The goal of this software vulnerability taxonomy consolidation project is to address the need for a universally accepted vulnerability taxonomy that classifies vulnerabilities in an unambiguous manner. A consolidated vulnerability database (CVDB) was implemented that coalesces and organizes vulnerability data from disparate data sources. Based on the work done in this paper, there is strong evidence that a consolidated taxonomy encompassing and organizing all relevant data can be achieved. However, three primary obstacles remain: lack of referencing a common ''primary key'', un-structured and free-form descriptions of necessary vulnerability data, and lack of data on all aspects of a vulnerability. This work has only considered data that can be unambiguously extracted from various data sources by straightforward parsers. It is felt that even with the use of more advanced, information mining tools, which can wade through the sea of unstructured vulnerability data, this current integration methodology would still provide repeatable, unambiguous, and exhaustive results. Though the goal of coalescing all available data, which would be of use to

  16. Report: Scientific Software.

    ERIC Educational Resources Information Center

    Borman, Stuart A.

    1985-01-01

    Discusses various aspects of scientific software, including evaluation and selection of commercial software products; program exchanges, catalogs, and other information sources; major data analysis packages; statistics and chemometrics software; and artificial intelligence. (JN)

  17. Space Flight Software Development Software for Intelligent System Health Management

    NASA Technical Reports Server (NTRS)

    Trevino, Luis C.; Crumbley, Tim

    2004-01-01

    The slide presentation examines the Marshall Space Flight Center Flight Software Branch, including software development projects, mission critical space flight software development, software technical insight, advanced software development technologies, and continuous improvement in the software development processes and methods.

  18. Secure Objectives for School Security

    ERIC Educational Resources Information Center

    Dalton-Noblitt, April

    2012-01-01

    In a study conducted among more than 980 American four-year and two-year colleges and universities, including institutions such as the University of Michigan, MIT, UCLA and Columbia, security staff and other administrators identified the five leading goals for their security systems: (1) Preventing unauthorized people from entering their…

  19. High-performance, distributed computing software libraries and services

    2002-01-24

    The Globus toolkit provides basic Grid software infrastructure (i.e. middleware), to facilitate the development of applications which securely integrate geographically separated resources, including computers, storage systems, instruments, immersive environments, etc.

  20. A Matrix Approach to Software Process Definition

    NASA Technical Reports Server (NTRS)

    Schultz, David; Bachman, Judith; Landis, Linda; Stark, Mike; Godfrey, Sally; Morisio, Maurizio; Powers, Edward I. (Technical Monitor)

    2000-01-01

    The Software Engineering Laboratory (SEL) is currently engaged in a Methodology and Metrics program for the Information Systems Center (ISC) at Goddard Space Flight Center (GSFC). This paper addresses the Methodology portion of the program. The purpose of the Methodology effort is to assist a software team lead in selecting and tailoring a software development or maintenance process for a specific GSFC project. It is intended that this process will also be compliant with both ISO 9001 and the Software Engineering Institute's Capability Maturity Model (CMM). Under the Methodology program, we have defined four standard ISO-compliant software processes for the ISC, and three tailoring criteria that team leads can use to categorize their projects. The team lead would select a process and appropriate tailoring factors, from which a software process tailored to the specific project could be generated. Our objective in the Methodology program is to present software process information in a structured fashion, to make it easy for a team lead to characterize the type of software engineering to be performed, and to apply tailoring parameters to search for an appropriate software process description. This will enable the team lead to follow a proven, effective software process and also satisfy NASA's requirement for compliance with ISO 9001 and the anticipated requirement for CMM assessment. This work is also intended to support the deployment of sound software processes across the ISC.

  1. Software Engineering Guidebook

    NASA Technical Reports Server (NTRS)

    Connell, John; Wenneson, Greg

    1993-01-01

    The Software Engineering Guidebook describes SEPG (Software Engineering Process Group) supported processes and techniques for engineering quality software in NASA environments. Three process models are supported: structured, object-oriented, and evolutionary rapid-prototyping. The guidebook covers software life-cycles, engineering, assurance, and configuration management. The guidebook is written for managers and engineers who manage, develop, enhance, and/or maintain software under the Computer Software Services Contract.

  2. Computer Network Security: Best Practices for Alberta School Jurisdictions.

    ERIC Educational Resources Information Center

    Alberta Dept. of Education, Edmonton.

    This paper provides a snapshot of the computer network security industry and addresses specific issues related to network security in public education. The following topics are covered: (1) security policy, including reasons for establishing a policy, risk assessment, areas to consider, audit tools; (2) workstations, including physical security,…

  3. School Security: For Whom and with What Results?

    ERIC Educational Resources Information Center

    Servoss, Timothy J.; Finn, Jeremy D.

    2014-01-01

    This study utilized school-level data from several combined national databases to address two questions regarding school security policy: (1) What are the school characteristics related to levels of security? (2) How does security relate to school suspension, dropout, and college attendance rates? Among the predictors of school security, having a…

  4. Application of the AHP method in modeling the trust and reputation of software agents

    NASA Astrophysics Data System (ADS)

    Zytniewski, Mariusz; Klementa, Marek; Skorupka, Dariusz; Stanek, Stanislaw; Duchaczek, Artur

    2016-06-01

    Given the unique characteristics of cyberspace and, in particular, the number of inherent security threats, communication between software agents becomes a highly complex issue and a major challenge that, on the one hand, needs to be continuously monitored and, on the other, awaits new solutions addressing its vulnerabilities. An approach that has recently come into view mimics mechanisms typical of social systems and is based on trust and reputation that assist agents in deciding which other agents to interact with. The paper offers an enhancement to existing trust and reputation models, involving the application of the AHP method that is widely used for decision support in social systems, notably for risks analysis. To this end, it is proposed to expand the underlying conceptual basis by including such notions as self-trust and social trust, and to apply these to software agents. The discussion is concluded with an account of an experiment aimed at testing the effectiveness of the proposed solution.

  5. Information Security and Integrity Systems

    NASA Technical Reports Server (NTRS)

    1990-01-01

    Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

  6. Secure PVM

    SciTech Connect

    Dunigan, T.H.; Venugopal, N.

    1996-09-01

    This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user`s PVM application, or, optionally, security can be provided on a message-by message basis. Diffe-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.

  7. Software-defined anything challenges status quo

    SciTech Connect

    Simpson, Wayne; Borders, Tammie

    2015-01-01

    INL successfully developed a proof of concept for "Software Defined Anything" by emulating the laboratory's business applications that run on Virtual Machines. The work INL conducted demonstrates to industry on how this methodology can be used to improve security, automate and repeat processes, and improve consistency.

  8. Additional Security Considerations for Grid Management

    NASA Technical Reports Server (NTRS)

    Eidson, Thomas M.

    2003-01-01

    The use of Grid computing environments is growing in popularity. A Grid computing environment is primarily a wide area network that encompasses multiple local area networks, where some of the local area networks are managed by different organizations. A Grid computing environment also includes common interfaces for distributed computing software so that the heterogeneous set of machines that make up the Grid can be used more easily. The other key feature of a Grid is that the distributed computing software includes appropriate security technology. The focus of most Grid software is on the security involved with application execution, file transfers, and other remote computing procedures. However, there are other important security issues related to the management of a Grid and the users who use that Grid. This note discusses these additional security issues and makes several suggestions as how they can be managed.

  9. ClassCompass: A Software Design Mentoring System

    ERIC Educational Resources Information Center

    Coelho, Wesley; Murphy, Gail

    2007-01-01

    Becoming a quality software developer requires practice under the guidance of an expert mentor. Unfortunately, in most academic environments, there are not enough experts to provide any significant design mentoring for software engineering students. To address this problem, we present a collaborative software design tool intended to maximize an…

  10. Proceedings, Conference on the Computing Environment for Mathematical Software

    NASA Technical Reports Server (NTRS)

    1981-01-01

    Recent advances in software and hardware technology which make it economical to create computing environments appropriate for specialized applications are addressed. Topics included software tools, FORTRAN standards activity, and features of languages, operating systems, and hardware that are important for the development, testing, and maintenance of mathematical software.

  11. The 1988 Directory of Educational Software Publishing Companies.

    ERIC Educational Resources Information Center

    Electronic Learning, 1988

    1988-01-01

    Based on questionnaires sent to educational software companies in January 1988, this directory lists 78 companies. Information given includes company address, curriculum subject areas for which the company publishes software, types of machines and operating systems on which the software operates, and grade level for which it is targeted. (LRW)

  12. Framework for Address Cooperative Extended Transactions

    1997-12-01

    The Framework for Addressing Cooperative Extended Transactions (FACET) is an object-oriented software framework for building models of complex, cooperative behaviors of agents. it can be used to implement simulation models of societal processes such as the complex interplay of participating individuals and organizations engaged in multiple concurrent transactions in pursuit of their various goals. These transactions can be patterned on, for example, clinical guidelines and procedures, business practices, government and corporate policies, etc. FACET canmore » also address other complex behaviors such as biological life cycles or manufacturing processes. FACET includes generic software objects representing the fundamental classes of agent -- Person and Organization - with mechanisms for resource management, including resolution of conflicting requests for participation and/or use of the agent's resources. The FACET infrastructure supports stochastic behavioral elements and coping mechanisms by which specified special conditions and events can cause an active cooperative process to be preempted, diverting the participants onto appropriate alternative behavioral pathways.« less

  13. Insights into software development in Japan

    NASA Technical Reports Server (NTRS)

    Duvall, Lorraine M.

    1992-01-01

    The interdependence of the U.S.-Japanese economies makes it imperative that we in the United States understand how business and technology developments take place in Japan. We can gain insight into these developments in software engineering by studying the context in which Japanese software is developed, the practices that are used, the problems encountered, the setting surrounding these problems, and the resolution of these problems. Context includes the technological and sociological characteristics of the software development environment, the software processes applied, personnel involved in the development process, and the corporate and social culture surrounding the development. Presented in this paper is a summary of results of a study that addresses these issues. Data for this study was collected during a three month visit to Japan where the author interviewed 20 software managers representing nine companies involved in developing software in Japan. These data are compared to similar data from the United States in which 12 managers from five companies were interviewed.

  14. GridOPTICS Software System

    2014-02-24

    GridOPTICS Software System (GOSS) is a middleware that facilitates creation of new, modular and flexible operational and planning platforms that can meet the challenges of the next generation power grid. GOSS enables Department of Energy, power system utilities, and vendors to build better tools faster. GOSS makes it possible to integrate Future Power Grid Initiative software products/prototypes into existing power grid software systems, including the PNNL PowerNet and EIOC environments. GOSS is designed to allowmore » power grid applications developed for different underlying software platforms installed in different utilities to communicate with ease. This can be done in compliance with existing security and data sharing policies between the utilities. GOSS not only supports one-to-one data transfer between applications, but also publisher/subscriber scheme. To support interoperability requirements of future EMS, GOSS is designed for CIM compliance. In addition to this, it supports authentication and authorization capabilities to protect the system from cyber threats. In summary, the contributions of the GOSS middleware are as follows: • A platform to support future EMS development. • A middleware that promotes interoperability between power grid applications. • A distributed architecture that separates data sources from power grid applications. • Support for data exchange with either one-to-one or publisher/subscriber interfaces. • An authentication and authorization scheme for limiting the access to data between utilities.« less

  15. GridOPTICS Software System

    SciTech Connect

    Akyol, Bora A; Ciraci, PNNL Selim; Gibson, PNNL Tara; Rice, PNNL Mark; Sharma, PNNL Poorva; Yin, PNNL Jian; Allwardt, PNNL Craig; PNNL,

    2014-02-24

    GridOPTICS Software System (GOSS) is a middleware that facilitates creation of new, modular and flexible operational and planning platforms that can meet the challenges of the next generation power grid. GOSS enables Department of Energy, power system utilities, and vendors to build better tools faster. GOSS makes it possible to integrate Future Power Grid Initiative software products/prototypes into existing power grid software systems, including the PNNL PowerNet and EIOC environments. GOSS is designed to allow power grid applications developed for different underlying software platforms installed in different utilities to communicate with ease. This can be done in compliance with existing security and data sharing policies between the utilities. GOSS not only supports one-to-one data transfer between applications, but also publisher/subscriber scheme. To support interoperability requirements of future EMS, GOSS is designed for CIM compliance. In addition to this, it supports authentication and authorization capabilities to protect the system from cyber threats. In summary, the contributions of the GOSS middleware are as follows: • A platform to support future EMS development. • A middleware that promotes interoperability between power grid applications. • A distributed architecture that separates data sources from power grid applications. • Support for data exchange with either one-to-one or publisher/subscriber interfaces. • An authentication and authorization scheme for limiting the access to data between utilities.

  16. Security in Full-Force

    NASA Technical Reports Server (NTRS)

    2002-01-01

    When fully developed for NASA, Vanguard Enforcer(TM) software-which emulates the activities of highly technical security system programmers, auditors, and administrators-was among the first intrusion detection programs to restrict human errors from affecting security, and to ensure the integrity of a computer's operating systems, as well as the protection of mission critical resources. Vanguard Enforcer was delivered in 1991 to Johnson Space Center and has been protecting systems and critical data there ever since. In August of 1999, NASA granted Vanguard exclusive rights to commercialize the Enforcer system for the private sector. In return, Vanguard continues to supply NASA with ongoing research, development, and support of Enforcer. The Vanguard Enforcer 4.2 is one of several surveillance technologies that make up the Vanguard Security Solutions line of products. Using a mainframe environment, Enforcer 4.2 achieves previously unattainable levels of automated security management.

  17. Computer Security and the Data Encryption Standard. Proceedings of the Conference on Computer Security and the Data Encryption Standard.

    ERIC Educational Resources Information Center

    Branstad, Dennis K., Ed.

    The 15 papers and summaries of presentations in this collection provide technical information and guidance offered by representatives from federal agencies and private industry. Topics discussed include physical security, risk assessment, software security, computer network security, and applications and implementation of the Data Encryption…

  18. Security patterns and a weighting scheme for mobile agents

    NASA Astrophysics Data System (ADS)

    Walker, Jessie J.

    The notion of mobility has always been a prime factor in human endeavor and achievement. This need to migrate by humans has been distilled into software entities, which are their representatives on distant environments. Software agents are developed to act on behalf of a user. Mobile agents were born from the understanding that many times it was much more useful to move the code (program) to where the resources are located, instead of connecting remotely. Within the mobile agent research community, security has traditionally been the most defining issue facing the community and preventing the paradigm from gaining wide acceptance. There are still numerous difficult problems being addressed with very few practical solutions, such as the malicious host and agent problems. These problems are some of the most active areas of research within the mobile agent community. The major principles, facets, fundamental concepts, techniques and architectures of the field are well understood within the community. This is evident by the many mobile agent systems developed in the last decade that share common core components such as agent management, communication facilities, and mobility services. In other words new mobile agent systems and frameworks do not provide any new insights into agent system architecture or mobility services, agent coordination, communication that could be useful to the agent research community, although these new mobile agent systems do in many instances validate, refine, demonstrate the reuse of many previously proposed and discussed mobile agent research elements. Since mobile agent research for the last decade has been defined by security and related issues, our research into security patterns are within this narrow arena of mobile agent research. The research presented in this thesis examines the issue of mobile agent security from the standpoint of security pattern documented from the universe of mobile agent systems. In addition, we explore how

  19. Predicting Software Suitability Using a Bayesian Belief Network

    NASA Technical Reports Server (NTRS)

    Beaver, Justin M.; Schiavone, Guy A.; Berrios, Joseph S.

    2005-01-01

    The ability to reliably predict the end quality of software under development presents a significant advantage for a development team. It provides an opportunity to address high risk components earlier in the development life cycle, when their impact is minimized. This research proposes a model that captures the evolution of the quality of a software product, and provides reliable forecasts of the end quality of the software being developed in terms of product suitability. Development team skill, software process maturity, and software problem complexity are hypothesized as driving factors of software product quality. The cause-effect relationships between these factors and the elements of software suitability are modeled using Bayesian Belief Networks, a machine learning method. This research presents a Bayesian Network for software quality, and the techniques used to quantify the factors that influence and represent software quality. The developed model is found to be effective in predicting the end product quality of small-scale software development efforts.

  20. Software productivity improvement through software engineering technology

    NASA Technical Reports Server (NTRS)

    Mcgarry, F. E.

    1985-01-01

    It has been estimated that NASA expends anywhere from 6 to 10 percent of its annual budget on the acquisition, implementation and maintenance of computer software. Although researchers have produced numerous software engineering approaches over the past 5-10 years; each claiming to be more effective than the other, there is very limited quantitative information verifying the measurable impact htat any of these technologies may have in a production environment. At NASA/GSFC, an extended research effort aimed at identifying and measuring software techniques that favorably impact productivity of software development, has been active over the past 8 years. Specific, measurable, software development technologies have been applied and measured in a production environment. Resulting software development approaches have been shown to be effective in both improving quality as well as productivity in this one environment.

  1. Software distribution using xnetlib

    SciTech Connect

    Dongarra, J.J. |; Rowan, T.H.; Wade, R.C.

    1993-06-01

    Xnetlib is a new tool for software distribution. Whereas its predecessor netlib uses e-mail as the user interface to its large collection of public-domain mathematical software, xnetlib uses an X Window interface and socket-based communication. Xnetlib makes it easy to search through a large distributed collection of software and to retrieve requested software in seconds.

  2. Agile Software Development

    ERIC Educational Resources Information Center

    Biju, Soly Mathew

    2008-01-01

    Many software development firms are now adopting the agile software development method. This method involves the customer at every level of software development, thus reducing the impact of change in the requirement at a later stage. In this article, the principles of the agile method for software development are explored and there is a focus on…

  3. Birds of a Feather: Supporting Secure Systems

    SciTech Connect

    Braswell III, H V

    2006-04-24

    Over the past few years Lawrence Livermore National Laboratory has begun the process of moving to a diskless environment in the Secure Computer Support realm. This movement has included many moving targets and increasing support complexity. We would like to set up a forum for Security and Support professionals to get together from across the Complex and discuss current deployments, lessons learned, and next steps. This would include what hardware, software, and hard copy based solutions are being used to manage Secure Computing. The topics to be discussed include but are not limited to: Diskless computing, port locking and management, PC, Mac, and Linux/UNIX support and setup, system imaging, security setup documentation and templates, security documentation and management, customer tracking, ticket tracking, software download and management, log management, backup/disaster recovery, and mixed media environments.

  4. Software Formal Inspections Standard

    NASA Technical Reports Server (NTRS)

    1993-01-01

    This Software Formal Inspections Standard (hereinafter referred to as Standard) is applicable to NASA software. This Standard defines the requirements that shall be fulfilled by the software formal inspections process whenever this process is specified for NASA software. The objective of this Standard is to define the requirements for a process that inspects software products to detect and eliminate defects as early as possible in the software life cycle. The process also provides for the collection and analysis of inspection data to improve the inspection process as well as the quality of the software.

  5. 2015 ASHG Awards and Addresses

    PubMed Central

    2016-01-01

    Each year at the annual meeting of The American Society of Human Genetics (ASHG), addresses are given in honor of The Society and a number of award winners. A summary of each of these is given below. On the following pages, we have printed the presidential address and the addresses for the William Allan Award, the Curt Stern Award, and the Victor A. McKusick Leadership Award. Webcasts of these addresses, as well as those of many other presentations, can be found at http://www.ashg.org.

  6. Responsbility for unreliable software

    SciTech Connect

    Wahl, N.J.

    1994-12-31

    Unreliable software exposes software developers and distributors to legal risks. Under certain circumstances, the developer and distributor of unreliable software can be sued. To avoid lawsuits, software developers should do the following: determine what the risks am, understand the extent of the risks, and identify ways of avoiding the risks and lessening the consequences of the risks. Liability issues associated with unreliable software are explored in this article.

  7. Los Alamos Center for Computer Security formal computer security model

    SciTech Connect

    Dreicer, J.S.; Hunteman, W.J.; Markin, J.T.

    1989-01-01

    This paper provides a brief presentation of the formal computer security model currently being developed at the Los Alamos Department of Energy (DOE) Center for Computer Security (CCS). The need to test and verify DOE computer security policy implementation first motivated this effort. The actual analytical model was a result of the integration of current research in computer security and previous modeling and research experiences. The model is being developed to define a generic view of the computer and network security domains, to provide a theoretical basis for the design of a security model, and to address the limitations of present formal mathematical models for computer security. The fundamental objective of computer security is to prevent the unauthorized and unaccountable access to a system. The inherent vulnerabilities of computer systems result in various threats from unauthorized access. The foundation of the Los Alamos DOE CCS model is a series of functionally dependent probability equations, relations, and expressions. The model is undergoing continued discrimination and evolution. We expect to apply the model to the discipline of the Bell and LaPadula abstract sets of objects and subjects. 6 refs.

  8. Security Equipment and Systems Certification Program (SESCP)

    SciTech Connect

    Steele, B.J.; Papier, I.I.

    1996-06-20

    Sandia National Laboratories (SNL) and Underwriters Laboratories, Inc., (UL) have jointly established the Security Equipment and Systems Certification Program (SESCP). The goal of this program is to enhance industrial and national security by providing a nationally recognized method for making informed selection and use decisions when buying security equipment and systems. The SESCP will provide a coordinated structure for private and governmental security standardization review. Members will participate in meetings to identify security problems, develop ad-hoc subcommittees (as needed) to address these identified problems, and to maintain a communications network that encourages a meaningful exchange of ideas. This program will enhance national security by providing improved security equipment and security systems based on consistent, reliable standards and certification programs.

  9. Argonne Director Eric Isaacs addresses the National Press Club

    ScienceCinema

    Eric Isaccs

    2016-07-12

    Argonne Director Eric Isaacs addresses the National Press Club on 9/15/2009. To build a national economy based on sustainable energy, the nation must first "reignite its innovation ecology," he said. Issacs makes the case for investing in science to secure America's future.

  10. 33 CFR 174.125 - Coast Guard address.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... 33 Navigation and Navigable Waters 2 2012-07-01 2012-07-01 false Coast Guard address. 174.125 Section 174.125 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) BOATING SAFETY STATE NUMBERING AND CASUALTY REPORTING SYSTEMS State Reports § 174.125 Coast Guard...

  11. 33 CFR 174.125 - Coast Guard address.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... 33 Navigation and Navigable Waters 2 2014-07-01 2014-07-01 false Coast Guard address. 174.125 Section 174.125 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) BOATING SAFETY STATE NUMBERING AND CASUALTY REPORTING SYSTEMS State Reports § 174.125 Coast Guard...

  12. 33 CFR 174.125 - Coast Guard address.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Coast Guard address. 174.125 Section 174.125 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) BOATING SAFETY STATE NUMBERING AND CASUALTY REPORTING SYSTEMS State Reports § 174.125 Coast Guard...

  13. 33 CFR 174.125 - Coast Guard address.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... 33 Navigation and Navigable Waters 2 2013-07-01 2013-07-01 false Coast Guard address. 174.125 Section 174.125 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) BOATING SAFETY STATE NUMBERING AND CASUALTY REPORTING SYSTEMS State Reports § 174.125 Coast Guard...

  14. 33 CFR 174.125 - Coast Guard address.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... 33 Navigation and Navigable Waters 2 2011-07-01 2011-07-01 false Coast Guard address. 174.125 Section 174.125 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) BOATING SAFETY STATE NUMBERING AND CASUALTY REPORTING SYSTEMS State Reports § 174.125 Coast Guard...

  15. 33 CFR 67.35-15 - To whom addressed.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false To whom addressed. 67.35-15 Section 67.35-15 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY AIDS TO NAVIGATION AIDS TO NAVIGATION ON ARTIFICIAL ISLANDS AND FIXED STRUCTURES Applications § 67.35-15 To...

  16. Argonne Director Eric Isaacs addresses the National Press Club

    SciTech Connect

    Eric Isaccs

    2009-09-17

    Argonne Director Eric Isaacs addresses the National Press Club on 9/15/2009. To build a national economy based on sustainable energy, the nation must first "reignite its innovation ecology," he said. Issacs makes the case for investing in science to secure America's future.

  17. CONFU: Configuration Fuzzing Testing Framework for Software Vulnerability Detection

    PubMed Central

    Dai, Huning; Murphy, Christian; Kaiser, Gail

    2010-01-01

    Many software security vulnerabilities only reveal themselves under certain conditions, i.e., particular configurations and inputs together with a certain runtime environment. One approach to detecting these vulnerabilities is fuzz testing. However, typical fuzz testing makes no guarantees regarding the syntactic and semantic validity of the input, or of how much of the input space will be explored. To address these problems, we present a new testing methodology called Configuration Fuzzing. Configuration Fuzzing is a technique whereby the configuration of the running application is mutated at certain execution points, in order to check for vulnerabilities that only arise in certain conditions. As the application runs in the deployment environment, this testing technique continuously fuzzes the configuration and checks “security invariants” that, if violated, indicate a vulnerability. We discuss the approach and introduce a prototype framework called ConFu (CONfiguration FUzzing testing framework) for implementation. We also present the results of case studies that demonstrate the approach’s feasibility and evaluate its performance. PMID:21037923

  18. Software Quality Assurance Metrics

    NASA Technical Reports Server (NTRS)

    McRae, Kalindra A.

    2004-01-01

    Software Quality Assurance (SQA) is a planned and systematic set of activities that ensures conformance of software life cycle processes and products conform to requirements, standards and procedures. In software development, software quality means meeting requirements and a degree of excellence and refinement of a project or product. Software Quality is a set of attributes of a software product by which its quality is described and evaluated. The set of attributes includes functionality, reliability, usability, efficiency, maintainability, and portability. Software Metrics help us understand the technical process that is used to develop a product. The process is measured to improve it and the product is measured to increase quality throughout the life cycle of software. Software Metrics are measurements of the quality of software. Software is measured to indicate the quality of the product, to assess the productivity of the people who produce the product, to assess the benefits derived from new software engineering methods and tools, to form a baseline for estimation, and to help justify requests for new tools or additional training. Any part of the software development can be measured. If Software Metrics are implemented in software development, it can save time, money, and allow the organization to identify the caused of defects which have the greatest effect on software development. The summer of 2004, I worked with Cynthia Calhoun and Frank Robinson in the Software Assurance/Risk Management department. My task was to research and collect, compile, and analyze SQA Metrics that have been used in other projects that are not currently being used by the SA team and report them to the Software Assurance team to see if any metrics can be implemented in their software assurance life cycle process.

  19. Data security.

    PubMed

    2016-09-01

    A government-commissioned review of data security across health and care has led to the proposal of new standards for security and options for a consent/opt-out model. Standards include that all staff complete appropriate annual data security training and pass a mandatory test provided through the revised Information Governance Toolkit, that personal confidential data is only accessible to staff who need it for their current role, and that access is removed as soon as it is no longer required. The consent/opt-out model is outlined under 8 statements, and includes certain circumstances where it will not apply, for example, where there is an overriding public interest, or mandatory legal requirement.

  20. Data security.

    PubMed

    2016-09-01

    A government-commissioned review of data security across health and care has led to the proposal of new standards for security and options for a consent/opt-out model. Standards include that all staff complete appropriate annual data security training and pass a mandatory test provided through the revised Information Governance Toolkit, that personal confidential data is only accessible to staff who need it for their current role, and that access is removed as soon as it is no longer required. The consent/opt-out model is outlined under 8 statements, and includes certain circumstances where it will not apply, for example, where there is an overriding public interest, or mandatory legal requirement. PMID:27581899

  1. Securing smart grid technology

    NASA Astrophysics Data System (ADS)

    Chaitanya Krishna, E.; Kosaleswara Reddy, T.; Reddy, M. YogaTeja; Reddy G. M., Sreerama; Madhusudhan, E.; AlMuhteb, Sulaiman

    2013-03-01

    In the developing countries electrical energy is very important for its all-round improvement by saving thousands of dollars and investing them in other sector for development. For Growing needs of power existing hierarchical, centrally controlled grid of the 20th Century is not sufficient. To produce and utilize effective power supply for industries or people we should have Smarter Electrical grids that address the challenges of the existing power grid. The Smart grid can be considered as a modern electric power grid infrastructure for enhanced efficiency and reliability through automated control, high-power converters, modern communications infrastructure along with modern IT services, sensing and metering technologies, and modern energy management techniques based on the optimization of demand, energy and network availability and so on. The main objective of this paper is to provide a contemporary look at the current state of the art in smart grid communications as well as critical issues on smart grid technologies primarily in terms of information and communication technology (ICT) issues like security, efficiency to communications layer field. In this paper we propose new model for security in Smart Grid Technology that contains Security Module(SM) along with DEM which will enhance security in Grid. It is expected that this paper will provide a better understanding of the technologies, potential advantages and research challenges of the smart grid and provoke interest among the research community to further explore this promising research area.

  2. Payload software technology: Software technology development plan

    NASA Technical Reports Server (NTRS)

    1977-01-01

    Programmatic requirements for the advancement of software technology are identified for meeting the space flight requirements in the 1980 to 1990 time period. The development items are described, and software technology item derivation worksheets are presented along with the cost/time/priority assessments.

  3. Software Engineering Program: Software Process Improvement Guidebook

    NASA Technical Reports Server (NTRS)

    1996-01-01

    The purpose of this document is to provide experience-based guidance in implementing a software process improvement program in any NASA software development or maintenance community. This guidebook details how to define, operate, and implement a working software process improvement program. It describes the concept of the software process improvement program and its basic organizational components. It then describes the structure, organization, and operation of the software process improvement program, illustrating all these concepts with specific NASA examples. The information presented in the document is derived from the experiences of several NASA software organizations, including the SEL, the SEAL, and the SORCE. Their experiences reflect many of the elements of software process improvement within NASA. This guidebook presents lessons learned in a form usable by anyone considering establishing a software process improvement program within his or her own environment. This guidebook attempts to balance general and detailed information. It provides material general enough to be usable by NASA organizations whose characteristics do not directly match those of the sources of the information and models presented herein. It also keeps the ideas sufficiently close to the sources of the practical experiences that have generated the models and information.

  4. Software Defined Radio with Parallelized Software Architecture

    NASA Technical Reports Server (NTRS)

    Heckler, Greg

    2013-01-01

    This software implements software-defined radio procession over multicore, multi-CPU systems in a way that maximizes the use of CPU resources in the system. The software treats each processing step in either a communications or navigation modulator or demodulator system as an independent, threaded block. Each threaded block is defined with a programmable number of input or output buffers; these buffers are implemented using POSIX pipes. In addition, each threaded block is assigned a unique thread upon block installation. A modulator or demodulator system is built by assembly of the threaded blocks into a flow graph, which assembles the processing blocks to accomplish the desired signal processing. This software architecture allows the software to scale effortlessly between single CPU/single-core computers or multi-CPU/multi-core computers without recompilation. NASA spaceflight and ground communications systems currently rely exclusively on ASICs or FPGAs. This software allows low- and medium-bandwidth (100 bps to approx.50 Mbps) software defined radios to be designed and implemented solely in C/C++ software, while lowering development costs and facilitating reuse and extensibility.

  5. Software Defined Radio with Parallelized Software Architecture

    NASA Technical Reports Server (NTRS)

    Heckler, Greg

    2013-01-01

    This software implements software-defined radio procession over multi-core, multi-CPU systems in a way that maximizes the use of CPU resources in the system. The software treats each processing step in either a communications or navigation modulator or demodulator system as an independent, threaded block. Each threaded block is defined with a programmable number of input or output buffers; these buffers are implemented using POSIX pipes. In addition, each threaded block is assigned a unique thread upon block installation. A modulator or demodulator system is built by assembly of the threaded blocks into a flow graph, which assembles the processing blocks to accomplish the desired signal processing. This software architecture allows the software to scale effortlessly between single CPU/single-core computers or multi-CPU/multi-core computers without recompilation. NASA spaceflight and ground communications systems currently rely exclusively on ASICs or FPGAs. This software allows low- and medium-bandwidth (100 bps to .50 Mbps) software defined radios to be designed and implemented solely in C/C++ software, while lowering development costs and facilitating reuse and extensibility.

  6. Safety Software Guide Perspectives for the Design of New Nuclear Facilities (U)

    SciTech Connect

    VINCENT, Andrew

    2005-07-14

    In June of this year, the Department of Energy (DOE) issued directives DOE O 414.1C and DOE G 414.1-4 to improve quality assurance programs, processes, and procedures among its safety contractors. Specifically, guidance entitled, ''Safety Software Guide for use with 10 CFR 830 Subpart A, Quality Assurance Requirements, and DOE O 414.1C, Quality Assurance, DOE G 414.1-4'', provides information and acceptable methods to comply with safety software quality assurance (SQA) requirements. The guidance provides a roadmap for meeting DOE O 414.1C, ''Quality Assurance'', and the quality assurance program (QAP) requirements of Title 10 Code of Federal Regulations (CFR) 830, Subpart A, Quality Assurance, for DOE nuclear facilities and software application activities. [1, 2] The order and guide are part of a comprehensive implementation plan that addresses issues and concerns documented in Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 2002-1. [3] Safety SQA requirements for DOE as well as National Nuclear Security Administration contractors are necessary to implement effective quality assurance (QA) processes and achieve safe nuclear facility operations. DOE G 414.1-4 was developed to provide guidance on establishing and implementing effective QA processes tied specifically to nuclear facility safety software applications. The Guide includes software application practices covered by appropriate national and international consensus standards and various processes currently in use at DOE facilities. While the safety software guidance is considered to be of sufficient rigor and depth to ensure acceptable reliability of safety software at all DOE nuclear facilities, new nuclear facilities are well suited to take advantage of the guide to ensure compliant programs and processes are implemented. Attributes such as the facility life-cycle stage and the hazardous nature of each facility operations are considered, along with the category and level of importance of the

  7. 78 FR 17939 - Announcement of Funding Awards; Capital Fund Safety and Security Grants; Fiscal Year 2012

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-03-25

    ... provides grants to PHAs for physical safety and security measures necessary to address crime and drug... safety and security measures necessary to address crime and drug-related activity as well as needs... addresses of this year's award recipients under the Capital Fund Safety and Security grant program....

  8. Secure electronic commerce communication system based on CA

    NASA Astrophysics Data System (ADS)

    Chen, Deyun; Zhang, Junfeng; Pei, Shujun

    2001-07-01

    In this paper, we introduce the situation of electronic commercial security, then we analyze the working process and security for SSL protocol. At last, we propose a secure electronic commerce communication system based on CA. The system provide secure services such as encryption, integer, peer authentication and non-repudiation for application layer communication software of browser clients' and web server. The system can implement automatic allocation and united management of key through setting up the CA in the network.

  9. 24 CFR 880.608 - Security deposits.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... sources. The owner may collect the security deposit on an installment basis. (b) The owner must place the... vacates its unit will provide the owner with its forwarding address or arrange to pick up the refund....

  10. 24 CFR 880.608 - Security deposits.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... sources. The owner may collect the security deposit on an installment basis. (b) The owner must place the... vacates its unit will provide the owner with its forwarding address or arrange to pick up the refund....

  11. 24 CFR 880.608 - Security deposits.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... sources. The owner may collect the security deposit on an installment basis. (b) The owner must place the... vacates its unit will provide the owner with its forwarding address or arrange to pick up the refund....

  12. How To Secure E-Rate Funding.

    ERIC Educational Resources Information Center

    Dietrich, Donald

    2003-01-01

    Describes how to secure E-Rate funding from the Universal Service Administrative Company's School and Libraries Division (SLD) to help school districts obtain telecommunications and Internet access. The SLD Web site address is www.sl.universalservice.org. (PKP)

  13. Non-developmental item computer systems and the malicious software threat

    NASA Technical Reports Server (NTRS)

    Bown, Rodney L.

    1991-01-01

    The following subject areas are covered: a DOD development system - the Army Secure Operating System; non-development commercial computer systems; security, integrity, and assurance of service (SI and A); post delivery SI and A and malicious software; computer system unique attributes; positive feedback to commercial computer systems vendors; and NDI (Non-Development Item) computers and software safety.

  14. Applying evolutionary biology to address global challenges

    PubMed Central

    Carroll, Scott P.; Jørgensen, Peter Søgaard; Kinnison, Michael T.; Bergstrom, Carl T.; Denison, R. Ford; Gluckman, Peter; Smith, Thomas B.; Strauss, Sharon Y.; Tabashnik, Bruce E.

    2014-01-01

    Two categories of evolutionary challenges result from escalating human impacts on the planet. The first arises from cancers, pathogens and pests that evolve too quickly, and the second from the inability of many valued species to adapt quickly enough. Applied evolutionary biology provides a suite of strategies to address these global challenges that threaten human health, food security, and biodiversity. This review highlights both progress and gaps in genetic, developmental and environmental manipulations across the life sciences that either target the rate and direction of evolution, or reduce the mismatch between organisms and human-altered environments. Increased development and application of these underused tools will be vital in meeting current and future targets for sustainable development. PMID:25213376

  15. Applying evolutionary biology to address global challenges.

    PubMed

    Carroll, Scott P; Jørgensen, Peter Søgaard; Kinnison, Michael T; Bergstrom, Carl T; Denison, R Ford; Gluckman, Peter; Smith, Thomas B; Strauss, Sharon Y; Tabashnik, Bruce E

    2014-10-17

    Two categories of evolutionary challenges result from escalating human impacts on the planet. The first arises from cancers, pathogens, and pests that evolve too quickly and the second, from the inability of many valued species to adapt quickly enough. Applied evolutionary biology provides a suite of strategies to address these global challenges that threaten human health, food security, and biodiversity. This Review highlights both progress and gaps in genetic, developmental, and environmental manipulations across the life sciences that either target the rate and direction of evolution or reduce the mismatch between organisms and human-altered environments. Increased development and application of these underused tools will be vital in meeting current and future targets for sustainable development.

  16. Scientific Software - Publish, Cite, and get Credit for your Code

    NASA Astrophysics Data System (ADS)

    Hammitzsch, M.; Klump, J. F.; Fenner, M.; Pampel, H.; Bertelmann, R.; Brembs, B.; Deinzer, G.; Reusser, D. E.; Fritzsch, B.; Loewe, P.; Wächter, J.

    2014-12-01

    Scientific software takes on an increasingly prominent role in research. In particular in the sciences software has become an indispensable element in the research process. The way we handle software has a significant influence on the quality of research results, their traceability and reproducibility. In order to strengthen the recognition of scientific results achieved by software and to improve its visibility, the scientific community is actively working on concepts and solutions enabling researchers to publish software, cite it and be credited for it. For software to be a valuable and citeable contribution to science, the publication of scientific software must meet the quality criteria of the scientific discourse. As with data publication, defined processes and persistent identifiers should be used to make the results of research reproducible. Also, the specific needs of research have to be addressed and joined with experience gained in the field of development of free and open source software. A common understanding of handling scientific software with defined processes must be developed jointly. These processes have to address questions regarding quality assurance, versioning and documentation, traceability, reproducibility and reusability. Furthermore, the archiving of source code and executables, the use of persistent identifiers, and metrics measuring productivity, impact, and recognition have to be addressed. Especially when looking at software in the context of scientific publications only insufficient solutions exist to date. Even though it is possible to mint DOIs to identify archived source code copies, quality ensured by reviews is not addressed properly. But deserving credit for a software publication requires measures assessing the value of the published software. Subject-specific reviews paired with software-specific expertise would open up new possibilities leveraging interdisciplinarity and the interplay of complementary scientific fields such

  17. The safety implications of emerging software paradigms

    SciTech Connect

    Suski, G.J.; Persons, W.L.; Johnson, G.L.

    1994-10-01

    This paper addresses some of the emerging software paradigms that may be used in developing safety-critical software applications. Paradigms considered in this paper include knowledge-based systems, neural networks, genetic algorithms, and fuzzy systems. It presents one view of the software verification and validation activities that should be associated with each paradigm. The paper begins with a discussion of the historical evolution of software verification and validation. Next, a comparison is made between the verification and validation processes used for conventional and emerging software systems. Several verification and validation issues for the emerging paradigms are discussed and some specific research topics are identified. This work is relevant for monitoring and control at nuclear power plants.

  18. Space Shuttle Software Development and Certification

    NASA Technical Reports Server (NTRS)

    Orr, James K.; Henderson, Johnnie A

    2000-01-01

    Man-rated software, "software which is in control of systems and environments upon which human life is critically dependent," must be highly reliable. The Space Shuttle Primary Avionics Software System is an excellent example of such a software system. Lessons learn from more than 20 years of effort have identified basic elements that must be present to achieve this high degree of reliability. The elements include rigorous application of appropriate software development processes, use of trusted tools to support those processes, quantitative process management, and defect elimination and prevention. This presentation highlights methods used within the Space Shuttle project and raises questions that must be addressed to provide similar success in a cost effective manner on future long-term projects where key application development tools are COTS rather than internally developed custom application development tools

  19. A Probabilistic Software System Attribute Acceptance Paradigm for COTS Software Evaluation

    NASA Technical Reports Server (NTRS)

    Morris, A. Terry

    2005-01-01

    Standard software requirement formats are written from top-down perspectives only, that is, from an ideal notion of a client s needs. Despite the exactness of the standard format, software and system errors in designed systems have abounded. Bad and inadequate requirements have resulted in cost overruns, schedule slips and lost profitability. Commercial off-the-shelf (COTS) software components are even more troublesome than designed systems because they are often provided as is and subsequently delivered with unsubstantiated validation of described capabilities. For COTS software, there needs to be a way to express the client s software needs in a consistent and formal manner using software system attributes derived from software quality standards. Additionally, the format needs to be amenable to software evaluation processes that integrate observable evidence garnered from historical data. This paper presents a paradigm that effectively bridges the gap between what a client desires (top-down) and what has been demonstrated (bottom-up) for COTS software evaluation. The paradigm addresses the specification of needs before the software evaluation is performed and can be used to increase the shared understanding between clients and software evaluators about what is required and what is technically possible.

  20. Barriers to creating a secure MPI

    SciTech Connect

    Brightwell, R.; Greenberg, D.S.; Matt, B.J.; Davida, G.I.

    1997-08-01

    This paper explores some of the many issues in developing security enhanced MPI for embedded real-time systems supporting the Department of Defense`s Multi-level Security policy (DoD MLS) are presented along with the preliminary design for such an MPI variant. In addition some of the many issues that need to be addressed in creating security enhanced versions of MPI for other domains are discussed. 19 refs.

  1. What's Ahead for Campus Security?

    ERIC Educational Resources Information Center

    Queeno, Cam

    2000-01-01

    Identifies five trends in security technology and what they mean for colleges and universities in the near future. Trends addressed are: less emphasis on complete system integration; increased prevalence of open networking protocol systems; rising use of proximity and smart cards; increased use of digital technology and remote video surveillance;…

  2. School Security: Planning and Costs.

    ERIC Educational Resources Information Center

    Hunter, Richard C.; Mazingo, Terri H.

    2003-01-01

    Describes efforts by two school districts to address the potential threats of shootings and other school disruptions: Baltimore City Public Schools in Maryland and Charlotte-Mecklenburg Public Schools in North Carolina. Also describes the growing costs of providing safety and security in elementary and secondary schools. (Contains 13 references.)…

  3. Security Services Discovery by ATM Endsystems

    SciTech Connect

    Sholander, Peter; Tarman, Thomas

    1999-07-15

    This contribution proposes strawman techniques for Security Service Discovery by ATM endsystems in ATM networks. Candidate techniques include ILMI extensions, ANS extensions and new ATM anycast addresses. Another option is a new protocol based on an IETF service discovery protocol, such as Service Location Protocol (SLP). Finally, this contribution provides strawman requirements for Security-Based Routing in ATM networks.

  4. Library and Archival Security: Policies and Procedures To Protect Holdings from Theft and Damage.

    ERIC Educational Resources Information Center

    Trinkaus-Randall, Gregor

    1998-01-01

    Firm policies and procedures that address the environment, patron/staff behavior, general attitude, and care and handling of materials need to be at the core of the library/archival security program. Discussion includes evaluating a repository's security needs, collections security, security in non-public areas, security in the reading room,…

  5. Software Engineering Improvement Plan

    NASA Technical Reports Server (NTRS)

    2006-01-01

    In performance of this task order, bd Systems personnel provided support to the Flight Software Branch and the Software Working Group through multiple tasks related to software engineering improvement and to activities of the independent Technical Authority (iTA) Discipline Technical Warrant Holder (DTWH) for software engineering. To ensure that the products, comments, and recommendations complied with customer requirements and the statement of work, bd Systems personnel maintained close coordination with the customer. These personnel performed work in areas such as update of agency requirements and directives database, software effort estimation, software problem reports, a web-based process asset library, miscellaneous documentation review, software system requirements, issue tracking software survey, systems engineering NPR, and project-related reviews. This report contains a summary of the work performed and the accomplishments in each of these areas.

  6. Commercial Data Mining Software

    NASA Astrophysics Data System (ADS)

    Zhang, Qingyu; Segall, Richard S.

    This chapter discusses selected commercial software for data mining, supercomputing data mining, text mining, and web mining. The selected software are compared with their features and also applied to available data sets. The software for data mining are SAS Enterprise Miner, Megaputer PolyAnalyst 5.0, PASW (formerly SPSS Clementine), IBM Intelligent Miner, and BioDiscovery GeneSight. The software for supercomputing are Avizo by Visualization Science Group and JMP Genomics from SAS Institute. The software for text mining are SAS Text Miner and Megaputer PolyAnalyst 5.0. The software for web mining are Megaputer PolyAnalyst and SPSS Clementine . Background on related literature and software are presented. Screen shots of each of the selected software are presented, as are conclusions and future directions.

  7. Guidelines for software inspections

    NASA Technical Reports Server (NTRS)

    1983-01-01

    Quality control inspections are software problem finding procedures which provide defect removal as well as improvements in software functionality, maintenance, quality, and development and testing methodology is discussed. The many side benefits include education, documentation, training, and scheduling.

  8. The Problem of Software.

    ERIC Educational Resources Information Center

    Alexander, Wilma Jean

    1982-01-01

    Explains how schools can purchase computer software. Lists are presented of (1) sources of published evaluations of selected software, (2) publications which contain names and sources of programs, and (3) magazines providing program listings appropriate for classroom use. (CT)

  9. Design software for reuse

    NASA Technical Reports Server (NTRS)

    Tracz, Will

    1990-01-01

    Viewgraphs are presented on the designing of software for reuse. Topics include terminology, software reuse maxims, the science of programming, an interface design example, a modularization example, and reuse and implementation guidelines.

  10. Addressing adolescent pregnancy with legislation.

    PubMed

    Montgomery, Tiffany M; Folken, Lori; Seitz, Melody A

    2014-01-01

    Adolescent pregnancy is a concern among many women's health practitioners. While it is practical and appropriate to work to prevent adolescent pregnancy by educating adolescents in health care clinics, schools and adolescent-friendly community-based organizations, suggesting and supporting legislative efforts to reduce adolescent pregnancy can help address the issue on an even larger scale. This article aims to help nurses better understand current legislation that addresses adolescent pregnancy, and to encourage support of future adolescent pregnancy prevention legislation. PMID:25145716

  11. Addressing adolescent pregnancy with legislation.

    PubMed

    Montgomery, Tiffany M; Folken, Lori; Seitz, Melody A

    2014-01-01

    Adolescent pregnancy is a concern among many women's health practitioners. While it is practical and appropriate to work to prevent adolescent pregnancy by educating adolescents in health care clinics, schools and adolescent-friendly community-based organizations, suggesting and supporting legislative efforts to reduce adolescent pregnancy can help address the issue on an even larger scale. This article aims to help nurses better understand current legislation that addresses adolescent pregnancy, and to encourage support of future adolescent pregnancy prevention legislation.

  12. Network Security Validation Using Game Theory

    NASA Astrophysics Data System (ADS)

    Papadopoulou, Vicky; Gregoriades, Andreas

    Non-functional requirements (NFR) such as network security recently gained widespread attention in distributed information systems. Despite their importance however, there is no systematic approach to validate these requirements given the complexity and uncertainty characterizing modern networks. Traditionally, network security requirements specification has been the results of a reactive process. This however, limited the immunity property of the distributed systems that depended on these networks. Security requirements specification need a proactive approach. Networks' infrastructure is constantly under attack by hackers and malicious software that aim to break into computers. To combat these threats, network designers need sophisticated security validation techniques that will guarantee the minimum level of security for their future networks. This paper presents a game-theoretic approach to security requirements validation. An introduction to game theory is presented along with an example that demonstrates the application of the approach.

  13. DSS command software update

    NASA Technical Reports Server (NTRS)

    Stinnett, W. G.

    1980-01-01

    The modifications, additions, and testing results for a version of the Deep Space Station command software, generated for support of the Voyager Saturn encounter, are discussed. The software update requirements included efforts to: (1) recode portions of the software to permit recovery of approximately 2000 words of memory; (2) correct five Voyager Ground data System liens; (3) provide capability to automatically turn off the command processor assembly local printer during periods of low activity; and (4) correct anomalies existing in the software.

  14. Software verification and testing

    NASA Technical Reports Server (NTRS)

    1985-01-01

    General procedures for software verification and validation are provided as a guide for managers, programmers, and analysts involved in software development. The verification and validation procedures described are based primarily on testing techniques. Testing refers to the execution of all or part of a software system for the purpose of detecting errors. Planning, execution, and analysis of tests are outlined in this document. Code reading and static analysis techniques for software verification are also described.

  15. Cyber-Security Considerations for the Smart Grid

    SciTech Connect

    Clements, Samuel L.; Kirkham, Harold

    2010-07-26

    The electrical power grid is evolving into the “smart grid”. The goal of the smart grid is to improve efficiency and availability of power by adding more monitoring and control capabilities. These new technologies and mechanisms are certain to introduce vulnerabilities into the power grid. In this paper we provide an overview of the cyber security state of the electrical power grid. We highlight some of the vulnerabilities that already exist in the power grid including limited capacity systems, implicit trust and the lack of authentication. We also address challenges of complexity, scale, added capabilities and the move to multipurpose hardware and software as the power grid is upgraded. These changes create vulnerabilities that did not exist before and bring increased risks. We conclude the paper by showing that there are a number mitigation strategies that can help keep the risk at an acceptable level.

  16. Day, night and all-weather security surveillance automation synergy from combining two powerful technologies

    SciTech Connect

    Morellas, Vassilios; Johnson, Andrew; Johnston, Chris; Roberts, Sharon D.; Francisco, Glen L.

    2006-07-01

    Thermal imaging is rightfully a real-world technology proven to bring confidence to daytime, night-time and all weather security surveillance. Automatic image processing intrusion detection algorithms are also a real world technology proven to bring confidence to system surveillance security solutions. Together, day, night and all weather video imagery sensors and automated intrusion detection software systems create the real power to protect early against crime, providing real-time global homeland protection, rather than simply being able to monitor and record activities for post event analysis. These solutions, whether providing automatic security system surveillance at airports (to automatically detect unauthorized aircraft takeoff and landing activities) or at high risk private, public or government facilities (to automatically detect unauthorized people or vehicle intrusion activities) are on the move to provide end users the power to protect people, capital equipment and intellectual property against acts of vandalism and terrorism. As with any technology, infrared sensors and automatic image intrusion detection systems for global homeland security protection have clear technological strengths and limitations compared to other more common day and night vision technologies or more traditional manual man-in-the-loop intrusion detection security systems. This paper addresses these strength and limitation capabilities. False Alarm (FAR) and False Positive Rate (FPR) is an example of some of the key customer system acceptability metrics and Noise Equivalent Temperature Difference (NETD) and Minimum Resolvable Temperature are examples of some of the sensor level performance acceptability metrics. (authors)

  17. Cyber Security Threats to Safety-Critical, Space-Based Infrastructures

    NASA Astrophysics Data System (ADS)

    Johnson, C. W.; Atencia Yepez, A.

    2012-01-01

    Space-based systems play an important role within national critical infrastructures. They are being integrated into advanced air-traffic management applications, rail signalling systems, energy distribution software etc. Unfortunately, the end users of communications, location sensing and timing applications often fail to understand that these infrastructures are vulnerable to a wide range of security threats. The following pages focus on concerns associated with potential cyber-attacks. These are important because future attacks may invalidate many of the safety assumptions that support the provision of critical space-based services. These safety assumptions are based on standard forms of hazard analysis that ignore cyber-security considerations This is a significant limitation when, for instance, security attacks can simultaneously exploit multiple vulnerabilities in a manner that would never occur without a deliberate enemy seeking to damage space based systems and ground infrastructures. We address this concern through the development of a combined safety and security risk assessment methodology. The aim is to identify attack scenarios that justify the allocation of additional design resources so that safety barriers can be strengthened to increase our resilience against security threats.

  18. Day, night, and all-weather security surveillance automation: synergy from combining two powerful technologies

    NASA Astrophysics Data System (ADS)

    Morellas, Vassilios; Johnston, Chris; Johnson, Andrew; Roberts, Sharon D.; Francisco, Glen L.

    2005-05-01

    Thermal imaging is rightfully a real-world technology proven to bring confidence to daytime, nighttime and all weather security surveillance. Automatic image processing intrusion detection algorithms are also a real world technology proven to bring confidence to system surveillance security solutions. Together, day, night and all weather video imagery sensors and automated intrusion detection software systems create the real power to protect early against crime, providing real-time global homeland protection, rather than simply being able to monitor and record activities for post event analysis. These solutions, whether providing automatic security system surveillance at airports (to automatically detect unauthorized aircraft takeoff and landing activities) or at high risk private, public or government facilities (to automatically detect unauthorized people or vehicle intrusion activities) are on the move to provide end users the power to protect people, capital equipment and intellectual property against acts of vandalism and terrorism. As with any technology, infrared sensors and automatic image intrusion detection systems for global homeland security protection have clear technological strengths and limitations compared to other more common day and night vision technologies or more traditional manual man-in-the-loop intrusion detection security systems. This paper addresses these strength and limitation capabilities. False Alarm (FAR) and False Positive Rate (FPR) is an example of some of the key customer system acceptability metrics and Noise Equivalent Temperature Difference (NETD) and Minimum Resolvable Temperature are examples of some of the sensor level performance acceptability metrics.

  19. Astronomical Software Directory Service

    NASA Technical Reports Server (NTRS)

    Hanisch, R. J.; Payne, H.; Hayes, J.

    1998-01-01

    This is the final report on the development of the Astronomical Software Directory Service (ASDS), a distributable, searchable, WWW-based database of software packages and their related documentation. ASDS provides integrated access to 56 astronomical software packages, with more than 16,000 URL's indexed for full-text searching.

  20. Software Shopper. Revised.

    ERIC Educational Resources Information Center

    Davis, Sandra Hart, Comp.

    This annotated index describes and illustrates a wide selection of public domain instructional software that may be useful in the education of deaf students and provides educators with a way to order the listed programs. The software programs are designed for use on Apple computers and their compatibles. The software descriptions are presented in…

  1. Software Architecture Evolution

    ERIC Educational Resources Information Center

    Barnes, Jeffrey M.

    2013-01-01

    Many software systems eventually undergo changes to their basic architectural structure. Such changes may be prompted by new feature requests, new quality attribute requirements, changing technology, or other reasons. Whatever the causes, architecture evolution is commonplace in real-world software projects. Today's software architects, however,…

  2. Java for flight software

    NASA Technical Reports Server (NTRS)

    Benowitz, E.; Niessner, A.

    2003-01-01

    This work involves developing representative mission-critical spacecraft software using the Real-Time Specification for Java (RTSJ). This work currently leverages actual flight software used in the design of actual flight software in the NASA's Deep Space 1 (DSI), which flew in 1998.

  3. Suggestions for better election security.

    SciTech Connect

    Johnston, R.G.; Warner, J.S.

    2011-01-01

    Summary of Common Security Mistakes: (1) Electronic voting machines that fundamentally lack security thought and features, including an ability to detect tampering or intrusion, or to be reliably locked or sealed; (2) Failure to disassemble, inspect, and thoroughly inspect (not just test) a sufficient number of voting machines before and after elections in order to detect hardware or software tampering; (3) Assuming that tamper - indicating seals will either be blatantly ripped/smashed open, or else there is no tampering. In reality, even amateurs can spoof most seals leaving (at most) subtle evidence; (4) Inadequate seal use protocols and training of seal installers and inspectors. Failure to show examples of blatantly and subtly attacked seals to seal inspectors; (5) Over confidence in use of a voter verified paper record (VVPR), a VVPR is an excellent security countermeasure, but it is not a silver bullet, especially for an election organization with poor overall security; (6) Little or no insider thr at mitigation; and (7) A poor security culture, including denial and no a priori procedures for dealing with security questions or concerns.

  4. Software design for professional risk evaluation

    NASA Astrophysics Data System (ADS)

    Ionescu, V.; Calea, G.; Amza, G.; Iacobescu, G.; Nitoi, D.; Dimitrescu, A.

    2016-08-01

    Professional risk evaluation represents a complex activity involving each economic operator, with important repercussion upon health and security in work. Article represents an innovative study method, regarding professional risk analyze in which cumulative working posts are evaluated. Work presents a new software that helps in putting together all the working positions from a complex organizational system and analyzing them in order to evaluate the possible risks. Using this software, a multiple analysis can be done like: risk estimation, risk evaluation, estimation of residual risks and finally searching of risk reduction measures.

  5. Formal Verification of Large Software Systems

    NASA Technical Reports Server (NTRS)

    Yin, Xiang; Knight, John

    2010-01-01

    We introduce a scalable proof structure to facilitate formal verification of large software systems. In our approach, we mechanically synthesize an abstract specification from the software implementation, match its static operational structure to that of the original specification, and organize the proof as the conjunction of a series of lemmas about the specification structure. By setting up a different lemma for each distinct element and proving each lemma independently, we obtain the important benefit that the proof scales easily for large systems. We present details of the approach and an illustration of its application on a challenge problem from the security domain

  6. Asian Energy Security

    SciTech Connect

    Peter Hayes, PhD

    2003-12-01

    OAK-B135 In the Asian Energy Security (AES) Project, Nautilus Institute works together with a network of collaborating groups from the countries of Northeast Asia to evaluate the energy security implications of different national and regional energy ''paths''. The goal of the Asia Energy Security project is to illuminate energy paths--and the energy policy choices that might help to bring them about--that result in a higher degree of energy security for the region and for the world as a whole, that is, to identify energy paths that are ''robust'' in meeting many different energy security and development objectives, while also offering flexibility in the face of uncertainty. In work to date, Nautilus has carefully assembled a network of colleagues from the countries of the region, trained them together as a group in the use of a common, flexible, and transparent energy and environmental analysis planning software tool (LEAP, the Long-range Energy Alternatives Planning system), and worked with them to prepare base-year energy sector models for each country. To date, complete data sets and models for ''Business as Usual'' (BAU) energy paths have been compiled for China, Japan, the Republic of Korea, and the Democratic Peoples' Republic of Korea. A partial data set and BAU path has been compiled for the Russian Far East, and a data set is being started in Mongolia, where a team of researchers has just joined the AES project. In several countries, ''Alternative'' energy paths have been developed as well, or partially elaborated. National energy sector developments, progress on national LEAP modeling, additional LEAP training, and planning for the next phase of the AES project were the topics of a recent (early November) workshop held in Vancouver, British Columbia. With funding from the Department of Energy, Nautilus is poised to build upon the successes of the project to date with a coordinated international effort to research the energy security ramifications of

  7. Secure Video Surveillance System (SVSS) for unannounced safeguards inspections.

    SciTech Connect

    Galdoz, Erwin G. , Rio de Janeiro, Brazil); Pinkalla, Mark

    2010-09-01

    The Secure Video Surveillance System (SVSS) is a collaborative effort between the U.S. Department of Energy (DOE), Sandia National Laboratories (SNL), and the Brazilian-Argentine Agency for Accounting and Control of Nuclear Materials (ABACC). The joint project addresses specific requirements of redundant surveillance systems installed in two South American nuclear facilities as a tool to support unannounced inspections conducted by ABACC and the International Atomic Energy Agency (IAEA). The surveillance covers the critical time (as much as a few hours) between the notification of an inspection and the access of inspectors to the location in facility where surveillance equipment is installed. ABACC and the IAEA currently use the EURATOM Multiple Optical Surveillance System (EMOSS). This outdated system is no longer available or supported by the manufacturer. The current EMOSS system has met the project objective; however, the lack of available replacement parts and system support has made this system unsustainable and has increased the risk of an inoperable system. A new system that utilizes current technology and is maintainable is required to replace the aging EMOSS system. ABACC intends to replace one of the existing ABACC EMOSS systems by the Secure Video Surveillance System. SVSS utilizes commercial off-the shelf (COTS) technologies for all individual components. Sandia National Laboratories supported the system design for SVSS to meet Safeguards requirements, i.e. tamper indication, data authentication, etc. The SVSS consists of two video surveillance cameras linked securely to a data collection unit. The collection unit is capable of retaining historical surveillance data for at least three hours with picture intervals as short as 1sec. Images in .jpg format are available to inspectors using various software review tools. SNL has delivered two SVSS systems for test and evaluation at the ABACC Safeguards Laboratory. An additional 'proto-type' system remains

  8. Analyses Of Two End-User Software Vulnerability Exposure Metrics

    SciTech Connect

    Jason L. Wright; Miles McQueen; Lawrence Wellman

    2012-08-01

    The risk due to software vulnerabilities will not be completely resolved in the near future. Instead, putting reliable vulnerability measures into the hands of end-users so that informed decisions can be made regarding the relative security exposure incurred by choosing one software package over another is of importance. To that end, we propose two new security metrics, average active vulnerabilities (AAV) and vulnerability free days (VFD). These metrics capture both the speed with which new vulnerabilities are reported to vendors and the rate at which software vendors fix them. We then examine how the metrics are computed using currently available datasets and demonstrate their estimation in a simulation experiment using four different browsers as a case study. Finally, we discuss how the metrics may be used by the various stakeholders of software and to software usage decisions.

  9. The theory of diversity and redundancy in information system security : LDRD final report.

    SciTech Connect

    Mayo, Jackson R.; Torgerson, Mark Dolan; Walker, Andrea Mae; Armstrong, Robert C.; Allan, Benjamin A.; Pierson, Lyndon George

    2010-10-01

    The goal of this research was to explore first principles associated with mixing of diverse implementations in a redundant fashion to increase the security and/or reliability of information systems. Inspired by basic results in computer science on the undecidable behavior of programs and by previous work on fault tolerance in hardware and software, we have investigated the problem and solution space for addressing potentially unknown and unknowable vulnerabilities via ensembles of implementations. We have obtained theoretical results on the degree of security and reliability benefits from particular diverse system designs, and mapped promising approaches for generating and measuring diversity. We have also empirically studied some vulnerabilities in common implementations of the Linux operating system and demonstrated the potential for diversity to mitigate these vulnerabilities. Our results provide foundational insights for further research on diversity and redundancy approaches for information systems.

  10. Proceedings of the Third International Workshop on Proof-Carrying Code and Software Certification

    NASA Technical Reports Server (NTRS)

    Ewen, Denney, W. (Editor); Jensen, Thomas (Editor)

    2009-01-01

    This NASA conference publication contains the proceedings of the Third International Workshop on Proof-Carrying Code and Software Certification, held as part of LICS in Los Angeles, CA, USA, on August 15, 2009. Software certification demonstrates the reliability, safety, or security of software systems in such a way that it can be checked by an independent authority with minimal trust in the techniques and tools used in the certification process itself. It can build on existing validation and verification (V&V) techniques but introduces the notion of explicit software certificates, Vvilich contain all the information necessary for an independent assessment of the demonstrated properties. One such example is proof-carrying code (PCC) which is an important and distinctive approach to enhancing trust in programs. It provides a practical framework for independent assurance of program behavior; especially where source code is not available, or the code author and user are unknown to each other. The workshop wiII address theoretical foundations of logic-based software certification as well as practical examples and work on alternative application domains. Here "certificate" is construed broadly, to include not just mathematical derivations and proofs but also safety and assurance cases, or any fonnal evidence that supports the semantic analysis of programs: that is, evidence about an intrinsic property of code and its behaviour that can be independently checked by any user, intermediary, or third party. These guarantees mean that software certificates raise trust in the code itself, distinct from and complementary to any existing trust in the creator of the code, the process used to produce it, or its distributor. In addition to the contributed talks, the workshop featured two invited talks, by Kelly Hayhurst and Andrew Appel. The PCC 2009 website can be found at http://ti.arc.nasa.gov /event/pcc 091.

  11. Security system

    DOEpatents

    Baumann, Mark J.; Kuca, Michal; Aragon, Mona L.

    2016-02-02

    A security system includes a structure having a structural surface. The structure is sized to contain an asset therein and configured to provide a forceful breaching delay. The structure has an opening formed therein to permit predetermined access to the asset contained within the structure. The structure includes intrusion detection features within or associated with the structure that are activated in response to at least a partial breach of the structure.

  12. Security seal

    DOEpatents

    Gobeli, Garth W.

    1985-01-01

    Security for a package or verifying seal in plastic material is provided by a print seal with unique thermally produced imprints in the plastic. If tampering is attempted, the material is irreparably damaged and thus detectable. The pattern of the imprints, similar to "fingerprints" are recorded as a positive identification for the seal, and corresponding recordings made to allow comparison. The integrity of the seal is proved by the comparison of imprint identification records made by laser beam projection.

  13. Problem-Solving Software

    NASA Technical Reports Server (NTRS)

    1992-01-01

    CBR Express software solves problems by adapting sorted solutions to new problems specified by a user. It is applicable to a wide range of situations. The technology was originally developed by Inference Corporation for Johnson Space Center's Advanced Software Development Workstation. The project focused on the reuse of software designs, and Inference used CBR as part of the ACCESS prototype software. The commercial CBR Express is used as a "help desk" for customer support, enabling reuse of existing information when necessary. It has been adopted by several companies, among them American Airlines, which uses it to solve reservation system software problems.

  14. Bioinformatics software resources.

    PubMed

    Gilbert, Don

    2004-09-01

    This review looks at internet archives, repositories and lists for obtaining popular and useful biology and bioinformatics software. Resources include collections of free software, services for the collaborative development of new programs, software news media and catalogues of links to bioinformatics software and web tools. Problems with such resources arise from needs for continued curator effort to collect and update these, combined with less than optimal community support, funding and collaboration. Despite some problems, the available software repositories provide needed public access to many tools that are a foundation for analyses in bioscience research efforts.

  15. Tracker 300 Software

    SciTech Connect

    Wysor, R. Wes

    2006-01-12

    The Tracker300 software is downloaded to an off-the-shelf product called RCM3400/RCM3410 made by Rabbit Semiconductor. The software is a closed loop control which computes the sun's position and provides stability compensation. Using the RCM3400/RCM3410 module, the software stores and retrieves parameters from the onboard flash. The software also allows for communication with a host. It will allow the parameters to be downloaded or uploaded, it will show the status of the controller, it will provide real-time feedback, and it will send command acknowledgements. The software will capture the GPS response and ensure the internal clock is set correctly.

  16. Payload software technology

    NASA Technical Reports Server (NTRS)

    1976-01-01

    A software analysis was performed of known STS sortie payload elements and their associated experiments. This provided basic data for STS payload software characteristics and sizes. A set of technology drivers was identified based on a survey of future technology needs and an assessment of current software technology. The results will be used to evolve a planned approach to software technology development. The purpose of this plan is to ensure that software technology is advanced at a pace and a depth sufficient to fulfill the identified future needs.

  17. The Management and Security Expert (MASE)

    NASA Technical Reports Server (NTRS)

    Miller, Mark D.; Barr, Stanley J.; Gryphon, Coranth D.; Keegan, Jeff; Kniker, Catherine A.; Krolak, Patrick D.

    1991-01-01

    The Management and Security Expert (MASE) is a distributed expert system that monitors the operating systems and applications of a network. It is capable of gleaning the information provided by the different operating systems in order to optimize hardware and software performance; recognize potential hardware and/or software failure, and either repair the problem before it becomes an emergency, or notify the systems manager of the problem; and monitor applications and known security holes for indications of an intruder or virus. MASE can eradicate much of the guess work of system management.

  18. Computer Software for Vocational Education: Development and Evaluation. State-of-the-Art Paper.

    ERIC Educational Resources Information Center

    Matthews, John; Winsauer, John

    This paper presents a basis for judging the merits and shortcomings of computer software for vocational education and contains a comprehensive evaluation tool for educational software. The historical development of computer hardware and software as used in education is addressed. A discussion of the evaluation of educational software stresses the…

  19. CYBER/PHYSICAL SECURITY VULNERABILITY ASSESSMENT INTEGRATION

    SciTech Connect

    MacDonald, Douglas G.; Key, Brad; Clements, Samuel L.; Hutton, William J.; Craig, Philip A.; Patrick, Scott W.; Crawford, Cary E.

    2011-07-17

    This internally funded Laboratory-Directed R&D project by the Pacific Northwest National Laboratory, in conjunction with QinetiQ North America, is intended to identify and properly assess areas of overlap (and interaction) in the vulnerability assessment process between cyber security and physical protection. Existing vulnerability analysis (VA) processes and software tools exist, and these are heavily utilized in the determination of predicted vulnerability within the physical and cyber security domains. These determinations are normally performed independently of one another, and only interact on a superficial level. Both physical and cyber security subject matter experts have come to realize that though the various interactive elements exist, they are not currently quantified in most periodic security assessments. This endeavor aims to evaluate both physical and cyber VA techniques and provide a strategic approach to integrate the interdependent relationships of each into a single VA capability. This effort will also transform the existing suite of software currently utilized in the physical protection world to more accurately quantify the risk associated with a blended attack scenario. Performance databases will be created to support the characterization of the cyber security elements, and roll them into prototype software tools. This new methodology and software capability will enable analysts to better identify and assess the overall risk during a vulnerability analysis.

  20. Software unit testing in Ada environment

    NASA Technical Reports Server (NTRS)

    Warnock, Glenn

    1986-01-01

    A validation procedure for the Ada binding of the Graphical Kernel System (GKS) is being developed. PRIOR Data Sciences is also producing a version of the GKS written in Ada. These major software engineering projects will provide an opportunity to demonstrate a sound approach for software testing in an Ada environment. The GKS/Ada validation capability will be a collection of test programs and data, and test management guidelines. These products will be used to assess the correctness, completeness, and efficiency of any GKS/Ada implementation. The GKS/Ada developers will be able to obtain the validation software for their own use. It is anticipated that this validation software will eventually be taken over by an independent standards body to provide objective assessments of GKS/Ada implementations, using an approach similar to the validation testing currently applied to Ada compilers. In the meantime, if requested, this validation software will be used to assess GKS/Ada products. The second project, implementation of GKS using the Ada language, is a conventional software engineering tasks. It represents a large body of Ada code and has some interesting testing problems associated with automatic testing of graphics routines. Here the normal test practices which include automated regression testing, independent quality assistance, test configuration management, and the application of software quality metrics will be employed. The software testing methods emphasize quality enhancement and automated procedures. Ada makes some aspects of testing easier, and introduces some concerns. These issues are addressed.

  1. Security for safety critical space borne systems

    NASA Technical Reports Server (NTRS)

    Legrand, Sue

    1987-01-01

    The Space Station contains safety critical computer software components in systems that can affect life and vital property. These components require a multilevel secure system that provides dynamic access control of the data and processes involved. A study is under way to define requirements for a security model providing access control through level B3 of the Orange Book. The model will be prototyped at NASA-Johnson Space Center.

  2. Enhanced Usage of Keys Obtained by Physical, Unconditionally Secure Distributions

    NASA Astrophysics Data System (ADS)

    Kish, Laszlo B.; Granqvist, Claes-Göran

    2015-04-01

    Unconditionally secure physical key distribution schemes are very slow, and it is practically impossible to use a one-time-pad based cipher to guarantee unconditional security for the encryption of data because using the key bits more than once gives out statistical information, for example via the known-plain-text-attack or by utilizing known components of the protocol and language statistics. Here, we outline a protocol that reduces this speed problem and allows almost-one-time-pad based communication with an unconditionally secure physical key of finite length. The physical, unconditionally secure key is not used for data encryption but is employed in order to generate and share a new software-based key without any known-plain-text component. The software-only-based key distribution is then changed from computationally secure to unconditionally secure, because the communicated key-exchange data (algorithm parameters, one-way functions of random numbers, etc.) are encrypted in an unconditionally secure way with a one-time-pad. For practical applications, this combined physical/software key distribution based communication looks favorable compared to the software-only and physical-only key distribution based communication whenever the speed of the physical key distribution is much lower than that of the software-based key distribution. A mathematical security proof of this new scheme remains an open problem.

  3. Publishing Platform for Scientific Software - Lessons Learned

    NASA Astrophysics Data System (ADS)

    Hammitzsch, Martin; Fritzsch, Bernadette; Reusser, Dominik; Brembs, Björn; Deinzer, Gernot; Loewe, Peter; Fenner, Martin; van Edig, Xenia; Bertelmann, Roland; Pampel, Heinz; Klump, Jens; Wächter, Joachim

    2015-04-01

    Scientific software has become an indispensable commodity for the production, processing and analysis of empirical data but also for modelling and simulation of complex processes. Software has a significant influence on the quality of research results. For strengthening the recognition of the academic performance of scientific software development, for increasing its visibility and for promoting the reproducibility of research results, concepts for the publication of scientific software have to be developed, tested, evaluated, and then transferred into operations. For this, the publication and citability of scientific software have to fulfil scientific criteria by means of defined processes and the use of persistent identifiers, similar to data publications. The SciForge project is addressing these challenges. Based on interviews a blueprint for a scientific software publishing platform and a systematic implementation plan has been designed. In addition, the potential of journals, software repositories and persistent identifiers have been evaluated to improve the publication and dissemination of reusable software solutions. It is important that procedures for publishing software as well as methods and tools for software engineering are reflected in the architecture of the platform, in order to improve the quality of the software and the results of research. In addition, it is necessary to work continuously on improving specific conditions that promote the adoption and sustainable utilization of scientific software publications. Among others, this would include policies for the development and publication of scientific software in the institutions but also policies for establishing the necessary competencies and skills of scientists and IT personnel. To implement the concepts developed in SciForge a combined bottom-up / top-down approach is considered that will be implemented in parallel in different scientific domains, e.g. in earth sciences, climate research and

  4. Evaluation of commercially available lighting design software

    SciTech Connect

    McConnell, D.G.

    1990-09-01

    This report addresses the need for commercially available lighting design computer programs and evaluates several of these programs. Sandia National Laboratories uses these programs to provide lighting designs for exterior closed-circuit television camera intrusion detection assessment for high-security perimeters.

  5. Addressing the Need for Independence in the CSE Model

    SciTech Connect

    Abercrombie, Robert K; Ferragut, Erik M; Sheldon, Frederick T; Grimaila, Michael R

    2011-01-01

    Abstract Information system security risk, defined as the product of the monetary losses associated with security incidents and the probability that they occur, is a suitable decision criterion when considering different information system architectures. Risk assessment is the widely accepted process used to understand, quantify, and document the effects of undesirable events on organizational objectives so that risk management, continuity of operations planning, and contingency planning can be performed. One technique, the Cyberspace Security Econometrics System (CSES), is a methodology for estimating security costs to stakeholders as a function of possible risk postures. In earlier works, we presented a computational infrastructure that allows an analyst to estimate the security of a system in terms of the loss that each stakeholder stands to sustain, as a result of security breakdowns. Additional work has applied CSES to specific business cases. The current state-of-the-art of CSES addresses independent events. In typical usage, analysts create matrices that capture their expert opinion, and then use those matrices to quantify costs to stakeholders. This expansion generalizes CSES to the common real-world case where events may be dependent.

  6. Teaching and Assessment of Mathematical Principles for Software Correctness Using a Reasoning Concept Inventory

    ERIC Educational Resources Information Center

    Drachova-Strang, Svetlana V.

    2013-01-01

    As computing becomes ubiquitous, software correctness has a fundamental role in ensuring the safety and security of the systems we build. To design and develop software correctly according to their formal contracts, CS students, the future software practitioners, need to learn a critical set of skills that are necessary and sufficient for…

  7. Addressing problems of employee performance.

    PubMed

    McConnell, Charles R

    2011-01-01

    Employee performance problems are essentially of 2 kinds: those that are motivational in origin and those resulting from skill deficiencies. Both kinds of problems are the province of the department manager. Performance problems differ from problems of conduct in that traditional disciplinary processes ordinarily do not apply. Rather, performance problems are addressed through educational and remedial processes. The manager has a basic responsibility in ensuring that everything reasonable is done to help each employee succeed. There are a number of steps the manager can take to address employee performance problems.

  8. Noviceware: a model for learning the software development process.

    PubMed

    Slate, M A

    1992-01-01

    Students and nursing faculty without formal computer science training can collaborate within an independent study structure to assist the student in gaining experience with the fundamentals of software development. The systems development life cycle approach provides an essential map to structure such independent studies. This article describes the development within an academic setting of a computerized research management system. The software builds a database of research case demographic data and data from a 65-item tool used in scoring videotapes of caregiver-infant interactions. For students and faculty contemplating similar projects, recommendations about planning software development experiences and securing hardware, software, and expert resources are provided.

  9. Specific interoperability problems of security infrastructure services.

    PubMed

    Pharow, Peter; Blobel, Bernd

    2006-01-01

    Communication and co-operation in healthcare and welfare require a well-defined set of security services based on a standards-based interoperable security infrastructure and provided by a Trusted Third Party. Generally, the services describe status and relation of communicating principals, corresponding keys and attributes, and the access rights to both applications and data. Legal, social, behavioral and ethical requirements demand securely stored patient information and well-established access tools and tokens. Electronic signatures as means for securing integrity of messages and files, certified time stamps and time signatures are important for accessing and storing data in Electronic Health Record Systems. The key for all these services is a secure and reliable procedure for authentication (identification and verification). While mentioning technical problems (e.g. lifetime of the storage devices, migration of retrieval and presentation software), this paper aims at identifying harmonization and interoperability requirements of securing data items, files, messages, sets of archived items or documents, and life-long Electronic Health Records based on a secure certificate-based identification. It's commonly known that just relying on existing and emerging security standards does not necessarily guarantee interoperability of different security infrastructure approaches. So certificate separation can be a key to modern interoperable security infrastructure services.

  10. Peer review of the trusted software methodology

    SciTech Connect

    Chisholm, G.H.; Gannon, J.D. |; Kemmerer, R.A. |; McHugh, J. |

    1994-02-01

    The review and analysis of the Trusted Software Methodology (TSM) by a panel of experts in various areas of computer science, computer security, and engineering are reported. The approach to the conduct of the review is described, and a brief introduction to the TSM is provided. The findings from the review fall into three categories: achievements, desirable additions, and changes. In addition, several recommendations are made with respect to application of the TSM within the purview of the Ballistic Missile Defense Organization.

  11. Performing Verification and Validation in Reuse-Based Software Engineering

    NASA Technical Reports Server (NTRS)

    Addy, Edward A.

    1999-01-01

    The implementation of reuse-based software engineering not only introduces new activities to the software development process, such as domain analysis and domain modeling, it also impacts other aspects of software engineering. Other areas of software engineering that are affected include Configuration Management, Testing, Quality Control, and Verification and Validation (V&V). Activities in each of these areas must be adapted to address the entire domain or product line rather than a specific application system. This paper discusses changes and enhancements to the V&V process, in order to adapt V&V to reuse-based software engineering.

  12. Microcomputer Software Programs for Vocational Education.

    ERIC Educational Resources Information Center

    Rodenstein, Judith, Ed.; Lambert, Roger, Ed.

    Over 200 microcomputer software packages applicable to vocational education are listed. Most of the programs are available for the Apple, TRS-80, and Commodore microcomputers. The packages have been reviewed, but have not been formally evaluated. Titles of the programs with names and addresses of the distributors are provided. Telephone numbers…

  13. User Interface Design for Dynamic Geometry Software

    ERIC Educational Resources Information Center

    Kortenkamp, Ulrich; Dohrmann, Christian

    2010-01-01

    In this article we describe long-standing user interface issues with Dynamic Geometry Software and common approaches to address them. We describe first prototypes of multi-touch-capable DGS. We also give some hints on the educational benefits of proper user interface design.

  14. SEED: A Suite of Instructional Laboratories for Computer Security Education

    ERIC Educational Resources Information Center

    Du, Wenliang; Wang, Ronghua

    2008-01-01

    The security and assurance of our computing infrastructure has become a national priority. To address this priority, higher education has gradually incorporated the principles of computer and information security into the mainstream undergraduate and graduate computer science curricula. To achieve effective education, learning security principles…

  15. 77 FR 11385 - Security Considerations for Lavatory Oxygen Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-02-27

    ... (Amendment Nos. 21-94, 25-133, 121-354, 129-50; SFAR 111) on security considerations for lavatory oxygen systems (77 FR 12550). The interim final rule addresses a security vulnerability and is needed so the...-94, 25-133, 121-354, 129-50; SFAR 111] RIN 2120-AJ92 Security Considerations for Lavatory...

  16. 6 CFR 27.225 - Site security plans.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM...) Identify and describe how security measures selected by the facility will address the applicable risk-based... facility will meet or exceed each applicable performance standard for the appropriate risk-based tier...

  17. 6 CFR 27.225 - Site security plans.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM...) Identify and describe how security measures selected by the facility will address the applicable risk-based... facility will meet or exceed each applicable performance standard for the appropriate risk-based tier...

  18. 6 CFR 27.225 - Site security plans.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM...) Identify and describe how security measures selected by the facility will address the applicable risk-based... facility will meet or exceed each applicable performance standard for the appropriate risk-based tier...

  19. Addressing Phonological Questions with Ultrasound

    ERIC Educational Resources Information Center

    Davidson, Lisa

    2005-01-01

    Ultrasound can be used to address unresolved questions in phonological theory. To date, some studies have shown that results from ultrasound imaging can shed light on how differences in phonological elements are implemented. Phenomena that have been investigated include transitional schwa, vowel coalescence, and transparent vowels. A study of…

  20. Every Other Day. Keynote Address.

    ERIC Educational Resources Information Center

    Tiller, Tom

    Schools need to be reoriented and restructured so that what is taught and learned, and the way in which it is taught and learned, are better integrated with young people's real-world experiences. Many indicators suggest that the meaningful aspects of school have been lost in the encounter with modern times. The title of this address--"Every Other…

  1. State of the Lab Address

    SciTech Connect

    King, Alex

    2010-01-01

    In his third-annual State of the Lab address, Ames Laboratory Director Alex King called the past year one of "quiet but strong progress" and called for Ames Laboratory to continue to build on its strengths while responding to changing expectations for energy research.

  2. State of the Lab Address

    ScienceCinema

    King, Alex

    2016-07-12

    In his third-annual State of the Lab address, Ames Laboratory Director Alex King called the past year one of "quiet but strong progress" and called for Ames Laboratory to continue to build on its strengths while responding to changing expectations for energy research.

  3. Draft secure medical database standard.

    PubMed

    Pangalos, George

    2002-01-01

    Medical database security is a particularly important issue for all Healthcare establishments. Medical information systems are intended to support a wide range of pertinent health issues today, for example: assure the quality of care, support effective management of the health services institutions, monitor and contain the cost of care, implement technology into care without violating social values, ensure the equity and availability of care, preserve humanity despite the proliferation of technology etc.. In this context, medical database security aims primarily to support: high availability, accuracy and consistency of the stored data, the medical professional secrecy and confidentiality, and the protection of the privacy of the patient. These properties, though of technical nature, basically require that the system is actually helpful for medical care and not harmful to patients. These later properties require in turn not only that fundamental ethical principles are not violated by employing database systems, but instead, are effectively enforced by technical means. This document reviews the existing and emerging work on the security of medical database systems. It presents in detail the related problems and requirements related to medical database security. It addresses the problems of medical database security policies, secure design methodologies and implementation techniques. It also describes the current legal framework and regulatory requirements for medical database security. The issue of medical database security guidelines is also examined in detailed. The current national and international efforts in the area are studied. It also gives an overview of the research work in the area. The document also presents in detail the most complete to our knowledge set of security guidelines for the development and operation of medical database systems.

  4. 49 CFR 172.802 - Components of a security plan.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... unloaded incidental to movement, and appropriate measures to address the assessed risks. Specific measures...) Unauthorized access. Measures to address the assessed risk that unauthorized persons may gain access to the... the assessed security risks of shipments of hazardous materials covered by the security plan en...

  5. Experimental Internet Environment Software Development

    NASA Technical Reports Server (NTRS)

    Maddux, Gary A.

    1998-01-01

    Geographically distributed project teams need an Internet based collaborative work environment or "Intranet." The Virtual Research Center (VRC) is an experimental Intranet server that combines several services such as desktop conferencing, file archives, on-line publishing, and security. Using the World Wide Web (WWW) as a shared space paradigm, the Graphical User Interface (GUI) presents users with images of a lunar colony. Each project has a wing of the colony and each wing has a conference room, library, laboratory, and mail station. In FY95, the VRC development team proved the feasibility of this shared space concept by building a prototype using a Netscape commerce server and several public domain programs. Successful demonstrations of the prototype resulted in approval for a second phase. Phase 2, documented by this report, will produce a seamlessly integrated environment by introducing new technologies such as Java and Adobe Web Links to replace less efficient interface software.

  6. Nuclear security

    SciTech Connect

    Dingell, J.D.

    1991-02-01

    The Department of Energy's (DOE) Lawrence Livermore National Laboratory, located in Livermore, California, generates and controls large numbers of classified documents associated with the research and testing of nuclear weapons. Concern has been raised about the potential for espionage at the laboratory and the national security implications of classified documents being stolen. This paper determines the extent of missing classified documents at the laboratory and assesses the adequacy of accountability over classified documents in the laboratory's custody. Audit coverage was limited to the approximately 600,000 secret documents in the laboratory's custody. The adequacy of DOE's oversight of the laboratory's secret document control program was also assessed.

  7. Secured Communication for Business Process Outsourcing Using Optimized Arithmetic Cryptography Protocol Based on Virtual Parties

    NASA Astrophysics Data System (ADS)

    Pathak, Rohit; Joshi, Satyadhar

    Within a span of over a decade, India has become one of the most favored destinations across the world for Business Process Outsourcing (BPO) operations. India has rapidly achieved the status of being the most preferred destination for BPO for companies located in the US and Europe. Security and privacy are the two major issues needed to be addressed by the Indian software industry to have an increased and long-term outsourcing contract from the US. Another important issue is about sharing employee’s information to ensure that data and vital information of an outsourcing company is secured and protected. To ensure that the confidentiality of a client’s information is maintained, BPOs need to implement some data security measures. In this paper, we propose a new protocol for specifically for BPO Secure Multi-Party Computation (SMC). As there are many computations and surveys which involve confidential data from many parties or organizations and the concerned data is property of the organization, preservation and security of this data is of prime importance for such type of computations. Although the computation requires data from all the parties, but none of the associated parties would want to reveal their data to the other parties. We have proposed a new efficient and scalable protocol to perform computation on encrypted information. The information is encrypted in a manner that it does not affect the result of the computation. It uses modifier tokens which are distributed among virtual parties, and finally used in the computation. The computation function uses the acquired data and modifier tokens to compute right result from the encrypted data. Thus without revealing the data, right result can be computed and privacy of the parties is maintained. We have given a probabilistic security analysis of hacking the protocol and shown how zero hacking security can be achieved. Also we have analyzed the specific case of Indian BPO.

  8. COTS software selection process.

    SciTech Connect

    Watkins, William M. (Strike Wire Technologies, Louisville, CO); Lin, Han Wei; McClelland, Kelly (U.S. Security Associates, Livermore, CA); Ullrich, Rebecca Ann; Khanjenoori, Soheil; Dalton, Karen; Lai, Anh Tri; Kuca, Michal; Pacheco, Sandra; Shaffer-Gant, Jessica

    2006-05-01

    Today's need for rapid software development has generated a great interest in employing Commercial-Off-The-Shelf (COTS) software products as a way of managing cost, developing time, and effort. With an abundance of COTS software packages to choose from, the problem now is how to systematically evaluate, rank, and select a COTS product that best meets the software project requirements and at the same time can leverage off the current corporate information technology architectural environment. This paper describes a systematic process for decision support in evaluating and ranking COTS software. Performed right after the requirements analysis, this process provides the evaluators with more concise, structural, and step-by-step activities for determining the best COTS software product with manageable risk. In addition, the process is presented in phases that are flexible to allow for customization or tailoring to meet various projects' requirements.

  9. Interoperability of Neuroscience Modeling Software

    PubMed Central

    Cannon, Robert C.; Gewaltig, Marc-Oliver; Gleeson, Padraig; Bhalla, Upinder S.; Cornelis, Hugo; Hines, Michael L.; Howell, Fredrick W.; Muller, Eilif; Stiles, Joel R.; Wils, Stefan; De Schutter, Erik

    2009-01-01

    Neuroscience increasingly uses computational models to assist in the exploration and interpretation of complex phenomena. As a result, considerable effort is invested in the development of software tools and technologies for numerical simulations and for the creation and publication of models. The diversity of related tools leads to the duplication of effort and hinders model reuse. Development practices and technologies that support interoperability between software systems therefore play an important role in making the modeling process more efficient and in ensuring that published models can be reliably and easily reused. Various forms of interoperability are possible including the development of portable model description standards, the adoption of common simulation languages or the use of standardized middleware. Each of these approaches finds applications within the broad range of current modeling activity. However more effort is required in many areas to enable new scientific questions to be addressed. Here we present the conclusions of the “Neuro-IT Interoperability of Simulators” workshop, held at the 11th computational neuroscience meeting in Edinburgh (July 19-20 2006; http://www.cnsorg.org). We assess the current state of interoperability of neural simulation software and explore the future directions that will enable the field to advance. PMID:17873374

  10. Study of fault-tolerant software technology

    NASA Technical Reports Server (NTRS)

    Slivinski, T.; Broglio, C.; Wild, C.; Goldberg, J.; Levitt, K.; Hitt, E.; Webb, J.

    1984-01-01

    Presented is an overview of the current state of the art of fault-tolerant software and an analysis of quantitative techniques and models developed to assess its impact. It examines research efforts as well as experience gained from commercial application of these techniques. The paper also addresses the computer architecture and design implications on hardware, operating systems and programming languages (including Ada) of using fault-tolerant software in real-time aerospace applications. It concludes that fault-tolerant software has progressed beyond the pure research state. The paper also finds that, although not perfectly matched, newer architectural and language capabilities provide many of the notations and functions needed to effectively and efficiently implement software fault-tolerance.

  11. Security engineering: systems engineering of security through the adaptation and application of risk management

    NASA Technical Reports Server (NTRS)

    Gilliam, David P.; Feather, Martin S.

    2004-01-01

    Information Technology (IT) Security Risk Management is a critical task in the organization, which must protect its resources and data against the loss of confidentiality, integrity, and availability. As systems become more complex and diverse, and more vulnerabilities are discovered while attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security. This paper describes an approach to address IT security risk through risk management and mitigation in both the institution and in the project life cycle.

  12. Gammasphere software development

    SciTech Connect

    Piercey, R.B.

    1993-01-01

    Activities of the nuclear physics group are described. Progress was made in organizing the Gammasphere Software Working Group, establishing a nuclear computing facility, participating in software development at Lawrence Berkeley, developing a common data file format, and adapting the ORNL UPAK software to run at Gammasphere. A universal histogram object was developed that defines a file format and provides for an objective-oriented programming model. An automated liquid nitrogen fill system was developed for Gammasphere (110 Ge detectors comprise the sphere).

  13. Child Care Administrative Software--Questions from the Field.

    ERIC Educational Resources Information Center

    Kalinowski, Michael

    2000-01-01

    Addresses questions concerning the selection and use of specialized child care administrative software packages. Examines the timing of the purchase, uniqueness of packages, selection considerations, long-term features, indicators of flexibility, cautions, technological change, and future trends. (SD)

  14. A taxonomy and discussion of software attack technologies

    NASA Astrophysics Data System (ADS)

    Banks, Sheila B.; Stytz, Martin R.

    2005-03-01

    Software is a complex thing. It is not an engineering artifact that springs forth from a design by simply following software coding rules; creativity and the human element are at the heart of the process. Software development is part science, part art, and part craft. Design, architecture, and coding are equally important activities and in each of these activities, errors may be introduced that lead to security vulnerabilities. Therefore, inevitably, errors enter into the code. Some of these errors are discovered during testing; however, some are not. The best way to find security errors, whether they are introduced as part of the architecture development effort or coding effort, is to automate the security testing process to the maximum extent possible and add this class of tools to the tools available, which aids in the compilation process, testing, test analysis, and software distribution. Recent technological advances, improvements in computer-generated forces (CGFs), and results in research in information assurance and software protection indicate that we can build a semi-intelligent software security testing tool. However, before we can undertake the security testing automation effort, we must understand the scope of the required testing, the security failures that need to be uncovered during testing, and the characteristics of the failures. Therefore, we undertook the research reported in the paper, which is the development of a taxonomy and a discussion of software attacks generated from the point of view of the security tester with the goal of using the taxonomy to guide the development of the knowledge base for the automated security testing tool. The representation for attacks and threat cases yielded by this research captures the strategies, tactics, and other considerations that come into play during the planning and execution of attacks upon application software. The paper is organized as follows. Section one contains an introduction to our research

  15. Computerized nursing staffing: a software evaluation.

    PubMed

    Pereira, Irene Mari; Gaidzinski, Raquel Rapone; Fugulin, Fernanda Maria Togeiro; Peres, Heloísa Helena Ciqueto; Lima, Antônio Fernandes Costa; Castilho, Valéria; Mira, Vera Lúcia; Massarollo, Maria Cristina Komatsu Braga

    2011-12-01

    The complexity involved in operationalizing the method for nursing staffing, in view of the uncountable variable related to identifying the workload, the effective working time of the staff, and the Technical Security Index (TSI) revealed the need to develop a software program named: Computerized Nursing Staffing (DIPE, in Portuguese acronyms). This exploratory, descriptive study was performed with the objective to evaluate the technical quality and functional performance of DIPE. Participants were eighteen evaluators, ten of whom where nurse faculty or nurse hospital unit managers, and eight health informatics experts. The software evaluation was performed according to norm NBR ISO/IEC 9126-1, considering the features functionality, reliability, usability, efficiency, and maintainability. The software evaluation reached positive results and agreement among the evaluators for all the evaluated features. The reported suggestions are important for proposing further improving and enhancing the DIPE.

  16. Information Security Assessment of SMEs as Coursework -- Learning Information Security Management by Doing

    ERIC Educational Resources Information Center

    Ilvonen, Ilona

    2013-01-01

    Information security management is an area with a lot of theoretical models. The models are designed to guide practitioners in prioritizing management resources in companies. Information security management education should address the gap between the academic ideals and practice. This paper introduces a teaching method that has been in use as…

  17. Dtest Testing Software

    NASA Technical Reports Server (NTRS)

    Jain, Abhinandan; Cameron, Jonathan M.; Myint, Steven

    2013-01-01

    This software runs a suite of arbitrary software tests spanning various software languages and types of tests (unit level, system level, or file comparison tests). The dtest utility can be set to automate periodic testing of large suites of software, as well as running individual tests. It supports distributing multiple tests over multiple CPU cores, if available. The dtest tool is a utility program (written in Python) that scans through a directory (and its subdirectories) and finds all directories that match a certain pattern and then executes any tests in that directory as described in simple configuration files.

  18. NASA's Software Safety Standard

    NASA Technical Reports Server (NTRS)

    Ramsay, Christopher M.

    2005-01-01

    NASA (National Aeronautics and Space Administration) relies more and more on software to control, monitor, and verify its safety critical systems, facilities and operations. Since the 1960's there has hardly been a spacecraft (manned or unmanned) launched that did not have a computer on board that provided vital command and control services. Despite this growing dependence on software control and monitoring, there has been no consistent application of software safety practices and methodology to NASA's projects with safety critical software. Led by the NASA Headquarters Office of Safety and Mission Assurance, the NASA Software Safety Standard (STD-18l9.13B) has recently undergone a significant update in an attempt to provide that consistency. This paper will discuss the key features of the new NASA Software Safety Standard. It will start with a brief history of the use and development of software in safety critical applications at NASA. It will then give a brief overview of the NASA Software Working Group and the approach it took to revise the software engineering process across the Agency.

  19. Software Reuse Issues

    NASA Technical Reports Server (NTRS)

    Voigt, Susan J. (Editor); Smith, Kathryn A. (Editor)

    1989-01-01

    NASA Langley Research Center sponsored a Workshop on NASA Research in Software Reuse on November 17-18, 1988 in Melbourne, Florida, hosted by Software Productivity Solutions, Inc. Participants came from four NASA centers and headquarters, eight NASA contractor companies, and three research institutes. Presentations were made on software reuse research at the four NASA centers; on Eli, the reusable software synthesis system designed and currently under development by SPS; on Space Station Freedom plans for reuse; and on other reuse research projects. This publication summarizes the presentations made and the issues discussed during the workshop.

  20. On Software Compatibility.

    ERIC Educational Resources Information Center

    Ershov, Andrei P.

    The problem of compatibility of software hampers the development of computer application. One solution lies in standardization of languages, terms, peripherais, operating systems and computer characteristics. (AB)