Science.gov

Sample records for addressing software security

  1. Addressing Software Security

    NASA Technical Reports Server (NTRS)

    Bailey, Brandon

    2015-01-01

    Historically security within organizations was thought of as an IT function (web sites/servers, email, workstation patching, etc.) Threat landscape has evolved (Script Kiddies, Hackers, Advanced Persistent Threat (APT), Nation States, etc.) Attack surface has expanded -Networks interconnected!! Some security posture factors Network Layer (Routers, Firewalls, etc.) Computer Network Defense (IPS/IDS, Sensors, Continuous Monitoring, etc.) Industrial Control Systems (ICS) Software Security (COTS, FOSS, Custom, etc.)

  2. Addressing software security risk mitigations in the life cycle

    NASA Technical Reports Server (NTRS)

    Gilliam, David; Powell, John; Haugh, Eric; Bishop, Matt

    2003-01-01

    The NASA Office of Safety and Mission Assurance (OSMA) has funded the Jet Propulsion Laboratory (JPL) with a Center Initiative, 'Reducing Software Security Risk through an Integrated Approach' (RSSR), to address this need. The Initiative is a formal approach to addressing software security in the life cycle through the instantiation of a Software Security Assessment Instrument (SSAI) for the development and maintenance life cycles.

  3. Addressing software security and mitigations in the life cycle

    NASA Technical Reports Server (NTRS)

    Gilliam, David; Powell, John; Haugh, Eric; Bishop, Matt

    2004-01-01

    Traditionally, security is viewed as an organizational and Information Technology (IT) systems function comprising of firewalls, intrusion detection systems (IDS), system security settings and patches to the operating system (OS) and applications running on it. Until recently, little thought has been given to the importance of security as a formal approach in the software life cycle. The Jet Propulsion Laboratory has approached the problem through the development of an integrated formal Software Security Assessment Instrument (SSAI) with six foci for the software life cycle.

  4. Addressing software security and mitigations in the life cycle

    NASA Technical Reports Server (NTRS)

    Gilliam, David; Powell, John; Haugh, Eric; Bishop, Matt

    2003-01-01

    Traditionally, security is viewed as an organizational and Information Technology (IIJ systems function comprising of Firewalls, intrusion detection systems (IDS), system security settings and patches to the operating system (OS) and applications running on it. Until recently, little thought has been given to the importance of security as a formal approach in the software life cycle. The Jet Propulsion Laboratory has approached the problem through the development of an integrated formal Software Security Assessment Instrument (SSAI) with six foci for the software life cycle.

  5. Addressing Challenges in the Acquisition of Secure Software Systems With Open Architectures

    DTIC Science & Technology

    2012-04-30

    example, we can find functionally similar alternatives from software (component) producers of Web browsers like Mozilla (Firefox, Camino , Sea Monkey...producers produce more than one alternative of the same kind of component or service, such as Mozilla’s Web browsers (Firefox, Camino , SeaMonkey), so that

  6. Addressing Information Security Risk

    ERIC Educational Resources Information Center

    Qayoumi, Mohammad H.; Woody, Carol

    2005-01-01

    Good information security does not just happen--and often does not happen at all. Resources are always in short supply, and there are always other needs that seem more pressing. Why? Because information security is hard to define, the required tasks are unclear, and the work never seems to be finished. However, the loss to the organization can be…

  7. Security System Software

    NASA Technical Reports Server (NTRS)

    1993-01-01

    C Language Integration Production System (CLIPS), a NASA-developed expert systems program, has enabled a security systems manufacturer to design a new generation of hardware. C.CURESystem 1 Plus, manufactured by Software House, is a software based system that is used with a variety of access control hardware at installations around the world. Users can manage large amounts of information, solve unique security problems and control entry and time scheduling. CLIPS acts as an information management tool when accessed by C.CURESystem 1 Plus. It asks questions about the hardware and when given the answer, recommends possible quick solutions by non-expert persons.

  8. Software security checklist for the software life cycle

    NASA Technical Reports Server (NTRS)

    Gilliam, D. P.; Wolfe, T. L.; Sherif, J. S.

    2002-01-01

    A formal approach to security in the software life cycle is essential to protect corporate resources. However, little thought has been given to this aspect of software development. Due to its criticality, security should be integrated as a formal approach in the software life cycle.

  9. Security Risks: Management and Mitigation in the Software Life Cycle

    NASA Technical Reports Server (NTRS)

    Gilliam, David P.

    2004-01-01

    A formal approach to managing and mitigating security risks in the software life cycle is requisite to developing software that has a higher degree of assurance that it is free of security defects which pose risk to the computing environment and the organization. Due to its criticality, security should be integrated as a formal approach in the software life cycle. Both a software security checklist and assessment tools should be incorporated into this life cycle process and integrated with a security risk assessment and mitigation tool. The current research at JPL addresses these areas through the development of a Sotfware Security Assessment Instrument (SSAI) and integrating it with a Defect Detection and Prevention (DDP) risk management tool.

  10. Secure software practices among Malaysian software practitioners: An exploratory study

    NASA Astrophysics Data System (ADS)

    Mohamed, Shafinah Farvin Packeer; Baharom, Fauziah; Deraman, Aziz; Yahya, Jamaiah; Mohd, Haslina

    2016-08-01

    Secure software practices is increasingly gaining much importance among software practitioners and researchers due to the rise of computer crimes in the software industry. It has become as one of the determinant factors for producing high quality software. Even though its importance has been revealed, its current practice in the software industry is still scarce, particularly in Malaysia. Thus, an exploratory study is conducted among software practitioners in Malaysia to study their experiences and practices in the real-world projects. This paper discusses the findings from the study, which involved 93 software practitioners. Structured questionnaire is utilized for data collection purpose whilst statistical methods such as frequency, mean, and cross tabulation are used for data analysis. Outcomes from this study reveal that software practitioners are becoming increasingly aware on the importance of secure software practices, however, they lack of appropriate implementation, which could affect the quality of produced software.

  11. Software Development Life Cycle Security Issues

    NASA Astrophysics Data System (ADS)

    Kaur, Daljit; Kaur, Parminder

    2011-12-01

    Security is now-a-days one of the major problems because of many reasons. Security is now-a-days one of the major problems because of many reasons. The main cause is that software can't withstand security attacks because of vulnerabilities in it which are caused by defective specifications design and implementation. We have conducted a survey asking software developers, project managers and other people in software development about their security awareness and implementation in Software Development Life Cycle (SDLC). The survey was open to participation for three weeks and this paper explains the survey results.

  12. Addressing social resistance in emerging security technologies.

    PubMed

    Mitchener-Nissen, Timothy

    2013-01-01

    In their efforts to enhance the safety and security of citizens, governments and law enforcement agencies look to scientists and engineers to produce modern methods for preventing, detecting, and prosecuting criminal activities. Whole body scanners, lie detection technologies, biometrics, etc., are all being developed for incorporation into the criminal justice apparatus. Yet despite their purported security benefits these technologies often evoke social resistance. Concerns over privacy, ethics, and function-creep appear repeatedly in analyses of these technologies. It is argued here that scientists and engineers continue to pay insufficient attention to this resistance; acknowledging the presence of these social concerns yet failing to meaningfully address them. In so doing they place at risk the very technologies and techniques they are seeking to develop, for socially controversial security technologies face restrictions and in some cases outright banning. By identifying sources of potential social resistance early in the research and design process, scientists can both engage with the public in meaningful debate and modify their security technologies before deployment so as to minimize social resistance and enhance uptake.

  13. Addressing social resistance in emerging security technologies

    PubMed Central

    Mitchener-Nissen, Timothy

    2013-01-01

    In their efforts to enhance the safety and security of citizens, governments and law enforcement agencies look to scientists and engineers to produce modern methods for preventing, detecting, and prosecuting criminal activities. Whole body scanners, lie detection technologies, biometrics, etc., are all being developed for incorporation into the criminal justice apparatus.1 Yet despite their purported security benefits these technologies often evoke social resistance. Concerns over privacy, ethics, and function-creep appear repeatedly in analyses of these technologies. It is argued here that scientists and engineers continue to pay insufficient attention to this resistance; acknowledging the presence of these social concerns yet failing to meaningfully address them. In so doing they place at risk the very technologies and techniques they are seeking to develop, for socially controversial security technologies face restrictions and in some cases outright banning. By identifying sources of potential social resistance early in the research and design process, scientists can both engage with the public in meaningful debate and modify their security technologies before deployment so as to minimize social resistance and enhance uptake. PMID:23970863

  14. Interactive Programming Support for Secure Software Development

    ERIC Educational Resources Information Center

    Xie, Jing

    2012-01-01

    Software vulnerabilities originating from insecure code are one of the leading causes of security problems people face today. Unfortunately, many software developers have not been adequately trained in writing secure programs that are resistant from attacks violating program confidentiality, integrity, and availability, a style of programming…

  15. Capturing security requirements for software systems.

    PubMed

    El-Hadary, Hassan; El-Kassas, Sherif

    2014-07-01

    Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.

  16. Formal assessment instrument for ensuring the security of NASA's networks, systems and software

    NASA Technical Reports Server (NTRS)

    Gilliam, D. P.; Powell, J. D.; Sherif, J.

    2002-01-01

    To address the problem of security for NASA's networks, systems and software, NASA has funded the Jet Propulsion Lab in conjunction with UC Davis to begin work on developing a software security assessment instrument for use in the software development and maintenance life cycle.

  17. Using software security analysis to verify the secure socket layer (SSL) protocol

    NASA Technical Reports Server (NTRS)

    Powell, John D.

    2004-01-01

    nal Aeronautics and Space Administration (NASA) have tens of thousands of networked computer systems and applications. Software Security vulnerabilities present risks such as lost or corrupted data, information the3, and unavailability of critical systems. These risks represent potentially enormous costs to NASA. The NASA Code Q research initiative 'Reducing Software Security Risk (RSSR) Trough an Integrated Approach '' offers, among its capabilities, formal verification of software security properties, through the use of model based verification (MBV) to address software security risks. [1,2,3,4,5,6] MBV is a formal approach to software assurance that combines analysis of software, via abstract models, with technology, such as model checkers, that provide automation of the mechanical portions of the analysis process. This paper will discuss: The need for formal analysis to assure software systems with respect to software and why testing alone cannot provide it. The means by which MBV with a Flexible Modeling Framework (FMF) accomplishes the necessary analysis task. An example of FMF style MBV in the verification of properties over the Secure Socket Layer (SSL) communication protocol as a demonstration.

  18. Software Security in the University Computer Laboratories.

    ERIC Educational Resources Information Center

    Kung, Mable T.

    1989-01-01

    Discussion of software security in university computer laboratories focuses on the causes of computer viruses. Possible ways to detect an infected disk are described; strategies for professors, students, and computer personnel to eradicate the spread of a computer virus are proposed; and two resources for further information are given. (LRW)

  19. Addressing Security Challenges in Pervasive Computing Applications

    DTIC Science & Technology

    2010-10-10

    the Dengue Decision Support System that has been developed at Colorado State University. Further, to accommodate the dynamic nature of pervasive...Expressiveness of Events using Parameter Con- texts", Proceedings of the 12th East European Conferences on Advances in Databases and Information Systems...Anura Jayasumana and Indrajit Ray, " Key Pre-distribution Based Secure Backbone Design for Wireless Sensor Networks", Proceedings of the 3rd IEEE

  20. Africa: addressing growing threats to food security.

    PubMed

    Rukuni, Mandivamba

    2002-11-01

    Africa remains the only region in the world where the number of hungry people will still be on the increase in 2020, and the number of malnourished children will have increased correspondingly. In this report I have acknowledged the general public policy trends across Africa in terms of macroeconomic policy reforms and political transitions. These welcome trends have to still produce stable nations and economies. Although economic development is the long-term solution to Africa's challenge on hunger and poverty, this will take time. And it follows therefore that African nations have to pursue policies and strategies that promote long-term growth while at the same time offering short-term safety nets for the poorest of the poor. The growth and development strategy will have at its core the need to increase significantly the levels of public-sector investment in agriculture and rural development and to give top priority to the commercialization of smallholder agriculture so as to increase productivity and competitiveness. But food security at the household level is ultimately a balance between availability and access, and in this regard governments need complementary food security policies that increase the probability of food access by the vulnerable groups.

  1. Software For Computer-Security Audits

    NASA Technical Reports Server (NTRS)

    Arndt, Kate; Lonsford, Emily

    1994-01-01

    Information relevant to potential breaches of security gathered efficiently. Automated Auditing Tools for VAX/VMS program includes following automated software tools performing noted tasks: Privileged ID Identification, program identifies users and their privileges to circumvent existing computer security measures; Critical File Protection, critical files not properly protected identified; Inactive ID Identification, identifications of users no longer in use found; Password Lifetime Review, maximum lifetimes of passwords of all identifications determined; and Password Length Review, minimum allowed length of passwords of all identifications determined. Written in DEC VAX DCL language.

  2. Demographic-Based Perceptions of Adequacy of Software Security's Presence within Individual Phases of the Software Development Life Cycle

    ERIC Educational Resources Information Center

    Kramer, Aleksey

    2013-01-01

    The topic of software security has become paramount in information technology (IT) related scholarly research. Researchers have addressed numerous software security topics touching on all phases of the Software Development Life Cycle (SDLC): requirements gathering phase, design phase, development phase, testing phase, and maintenance phase.…

  3. Military Education Workshop Addresses Threats to Stability and Security

    DTIC Science & Technology

    2007-08-01

    operations and in support of partner countries to address such destabilizing issues as competition for scare resources, forced migration, food security...for an upcoming National Intelligence Estimate (NIE), the National Inteligence Council (NIC) has reached out to a broad group of U.S. government...OFFICIAL BUSINESS resource competition and conflict; water and food security; health and disease, and the stability of governments. The Army should be

  4. Secure it now or secure it later: the benefits of addressing cyber-security from the outset

    NASA Astrophysics Data System (ADS)

    Olama, Mohammed M.; Nutaro, James

    2013-05-01

    The majority of funding for research and development (R&D) in cyber-security is focused on the end of the software lifecycle where systems have been deployed or are nearing deployment. Recruiting of cyber-security personnel is similarly focused on end-of-life expertise. By emphasizing cyber-security at these late stages, security problems are found and corrected when it is most expensive to do so, thus increasing the cost of owning and operating complex software systems. Worse, expenditures on expensive security measures often mean less money for innovative developments. These unwanted increases in cost and potential slowing of innovation are unavoidable consequences of an approach to security that finds and remediate faults after software has been implemented. We argue that software security can be improved and the total cost of a software system can be substantially reduced by an appropriate allocation of resources to the early stages of a software project. By adopting a similar allocation of R&D funds to the early stages of the software lifecycle, we propose that the costs of cyber-security can be better controlled and, consequently, the positive effects of this R&D on industry will be much more pronounced.

  5. Hydrocomplexity: Addressing water security and emergent environmental risks

    NASA Astrophysics Data System (ADS)

    Kumar, Praveen

    2015-07-01

    Water security and emergent environmental risks are among the most significant societal concerns. They are highly interlinked to other global risks such as those related to climate, human health, food, human migration, biodiversity loss, urban sustainability, etc. Emergent risks result from the confluence of unanticipated interactions from evolving interdependencies between complex systems, such as those embedded in the water cycle. They are associated with the novelty of dynamical possibilities that have significant potential consequences to human and ecological systems, and not with probabilities based on historical precedence. To ensure water security we need to be able to anticipate the likelihood of risk possibilities as they present the prospect of the most impact through cascade of vulnerabilities. They arise due to a confluence of nonstationary drivers that include growing population, climate change, demographic shifts, urban growth, and economic expansion, among others, which create novel interdependencies leading to a potential of cascading network effects. Hydrocomplexity aims to address water security and emergent risks through the development of science, methods, and practices with the potential to foster a "Blue Revolution" akin to the Green revolution for food security. It blends both hard infrastructure based solution with soft knowledge driven solutions to increase the range of planning and design, management, mitigation and adaptation strategies. It provides a conceptual and synthetic framework to enable us to integrate discovery science and engineering, observational and information science, computational and communication systems, and social and institutional approaches to address consequential water and environmental challenges.

  6. An Analysis of Open Source Security Software Products Downloads

    ERIC Educational Resources Information Center

    Barta, Brian J.

    2014-01-01

    Despite the continued demand for open source security software, a gap in the identification of success factors related to the success of open source security software persists. There are no studies that accurately assess the extent of this persistent gap, particularly with respect to the strength of the relationships of open source software…

  7. Computing Legacy Software Behavior to Understand Functionality and Security Properties: An IBM/370 Demonstration

    SciTech Connect

    Linger, Richard C; Pleszkoch, Mark G; Prowell, Stacy J; Sayre, Kirk D; Ankrum, Scott

    2013-01-01

    Organizations maintaining mainframe legacy software can benefit from code modernization and incorporation of security capabilities to address the current threat environment. Oak Ridge National Laboratory is developing the Hyperion system to compute the behavior of software as a means to gain understanding of software functionality and security properties. Computation of functionality is critical to revealing security attributes, which are in fact specialized functional behaviors of software. Oak Ridge is collaborating with MITRE Corporation to conduct a demonstration project to compute behavior of legacy IBM Assembly Language code for a federal agency. The ultimate goal is to understand functionality and security vulnerabilities as a basis for code modernization. This paper reports on the first phase, to define functional semantics for IBM Assembly instructions and conduct behavior computation experiments.

  8. Securing PCs and Data in Libraries and Schools: A Handbook with Menuing, Anti-Virus, and Other Protective Software.

    ERIC Educational Resources Information Center

    Benson, Allen C.

    This handbook is designed to help readers identify and eliminate security risks, with sound recommendations and library-tested security software. Chapter 1 "Managing Your Facilities and Assessing Your Risks" addresses fundamental management responsibilities including planning for a secure system, organizing computer-related information, assessing…

  9. Software To Secure Distributed Propulsion Simulations

    NASA Technical Reports Server (NTRS)

    Blaser, Tammy M.

    2003-01-01

    Distributed-object computing systems are presented with many security threats, including network eavesdropping, message tampering, and communications middleware masquerading. NASA Glenn Research Center, and its industry partners, has taken an active role in mitigating the security threats associated with developing and operating their proprietary aerospace propulsion simulations. In particular, they are developing a collaborative Common Object Request Broker Architecture (CORBA) Security (CORBASec) test bed to secure their distributed aerospace propulsion simulations. Glenn has been working with its aerospace propulsion industry partners to deploy the Numerical Propulsion System Simulation (NPSS) object-based technology. NPSS is a program focused on reducing the cost and time in developing aerospace propulsion engines

  10. Security Verification Techniques Applied to PatchLink COTS Software

    NASA Technical Reports Server (NTRS)

    Gilliam, David P.; Powell, John D.; Bishop, Matt; Andrew, Chris; Jog, Sameer

    2006-01-01

    Verification of the security of software artifacts is a challenging task. An integrated approach that combines verification techniques can increase the confidence in the security of software artifacts. Such an approach has been developed by the Jet Propulsion Laboratory (JPL) and the University of California at Davis (UC Davis). Two security verification instruments were developed and then piloted on PatchLink's UNIX Agent, a Commercial-Off-The-Shelf (COTS) software product, to assess the value of the instruments and the approach. The two instruments are the Flexible Modeling Framework (FMF) -- a model-based verification instrument (JPL), and a Property-Based Tester (UC Davis). Security properties were formally specified for the COTS artifact and then verified using these instruments. The results were then reviewed to determine the effectiveness of the approach and the security of the COTS product.

  11. Automated, Certified Program-rewriting for Software Security Enforcement

    DTIC Science & Technology

    2012-03-05

    NOTES Year 4 of the project finalized, tested, and published the Chekov IRM verification system (see outcome 2 of attached report), and extended the...software satisfies user-specified security policies. The research resulted in new software security systems for Java, ActionScript. and x86 native code that...the research, or credited with the content of the report. The form of entry is the last name, first name, middle initial, and additional qualifiers

  12. Ensuring system security through formal software evaluation

    SciTech Connect

    Howell, J A; Fuyat, C; Elvy, M

    1992-01-01

    With the increasing use of computer systems and networks to process safeguards information in nuclear facilities, the issue of system and data integrity is receiving worldwide attention. Among the many considerations are validation that the software performs as intended and that the information is adequately protected. Such validations are often requested of the Safeguards Systems Group of the Los Alamos National Laboratory. This paper describes our methodology for performing these software evaluations.

  13. Addressing security issues related to virtual institute distributed activities

    NASA Astrophysics Data System (ADS)

    Stytz, Martin R.; Banks, Sheila B.

    2008-03-01

    One issue confounding the development and experimentation of distributed modeling and simulation environments is the inability of the project team to identify and collaborate with resources, both human and technical, from outside the United States. This limitation is especially significant within the human behavior representation area where areas such as cultural effects research and joint command team behavior modeling require the participation of various cultural and national representatives. To address this limitation, as well as other human behavior representation research issues, NATO Research and Technology Organization initiated a project to develop a NATO virtual institute that enables more effective and more collaborative research into human behavior representation. However, in building and operating a virtual institute one of the chief concerns must be the cyber security of the institute. Because the institute "exists" in cyberspace, all of its activities are susceptible to cyberattacks, subterfuge, denial of service and all of the vulnerabilities that networked computers must face. In our opinion, for the concept of virtual institutes to be successful and useful, their operations and services must be protected from the threats in the cyber environment. A key to developing the required protection is the development and promulgation of standards for cyber security. In this paper, we discuss the types of cyber standards that are required, how new internet technologies can be exploited and can benefit the promulgation, development, maintenance, and robustness of the standards. This paper is organized as follows. Section One introduces the concept of the virtual institutes, the expected benefits, and the motivation for our research and for research in this area. Section Two presents background material and a discussion of topics related to VIs, uman behavior and cultural modeling, and network-centric warfare. Section Three contains a discussion of the

  14. Asbestos: Securing Untrusted Software with Interposition

    DTIC Science & Technology

    2005-09-01

    consistent intelligible interfaces to different types of resource. Message-based operating systems, such as Accent, Amoeba , Chorus, L4, Spring...based interfaces. However, none of these systems can provide the combined security and flexibility of Asbestos. For example, Amoeba bases access...systems such as L4, Amoeba , V, Chorus and Spring can isolate system services by run- ning them as independent, user-level processes and pro- vide

  15. Software Assurance vs. Security Compliance: Why is Compliance Not Enough

    DTIC Science & Technology

    2012-04-26

    Goodenough , Charles Weinstock, & Carol Woody. (CMU/SEI-2008-TR- 008), May 2008. http://www.sei.cmu.edu/library/abstracts/reports/08tr008.cfm 24 Supply...Supply Chain Resources Software Supply Chain Risk Management: From Products to Systems of Systems, Robert J. Ellison, John B. Goodenough , Charles B...Software Supply Chain Security Risks, Robert J. Ellison, , John B. Goodenough , Charles B. Weinstock, & Carol Woody. (CMU/SEI-2010-TN-016), May 2010

  16. NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 1

    ScienceCinema

    Thomas D'Agostino

    2016-07-12

    Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

  17. NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 2

    ScienceCinema

    Thomas D'Agostino

    2016-07-12

    Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

  18. NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 2

    SciTech Connect

    Thomas D'Agostino

    2009-07-14

    Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

  19. NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 1

    SciTech Connect

    Thomas D'Agostino

    2009-07-14

    Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

  20. Are safety, security, and dependability achievable in software?

    SciTech Connect

    Fletcher, S.K.

    1996-07-01

    Critical software must be safe, secure, and dependable. Traditionally, these have been pursued as separate disciplines. This presentation looks at the traditional approaches and highlights commonalities and differences among them. Each can learn from the history of the others. More importantly, it is imperative to seek a systems approach which blends all three.

  1. Reducing Software Security Risk Through an Integrated Approach

    NASA Technical Reports Server (NTRS)

    Gilliam, D.; Kelly, J.; Bishop, M.

    2000-01-01

    This paper discusses new joint work by the California Institute of Technology's Jet Propulsion Laboratory and the University of California at Davis sponsored by the National Aeronautics and Space Administration to develop a security assessment instrument for the software development and maintenance life cycle.

  2. Application of Lightweight Formal Methods to Software Security

    NASA Technical Reports Server (NTRS)

    Gilliam, David P.; Powell, John D.; Bishop, Matt

    2005-01-01

    Formal specification and verification of security has proven a challenging task. There is no single method that has proven feasible. Instead, an integrated approach which combines several formal techniques can increase the confidence in the verification of software security properties. Such an approach which species security properties in a library that can be reused by 2 instruments and their methodologies developed for the National Aeronautics and Space Administration (NASA) at the Jet Propulsion Laboratory (JPL) are described herein The Flexible Modeling Framework (FMF) is a model based verijkation instrument that uses Promela and the SPIN model checker. The Property Based Tester (PBT) uses TASPEC and a Text Execution Monitor (TEM). They are used to reduce vulnerabilities and unwanted exposures in software during the development and maintenance life cycles.

  3. Addressing the Pilot security problem with gLExec

    SciTech Connect

    Sfiligoi, I.; Koeroo, O.; Venekamp, G.; Yocum, D.; Groep, D.; Petravick, D.; /Fermilab

    2007-09-01

    The Grid security mechanisms were designed under the assumption that users would submit their jobs directly to the Grid gatekeepers. Many groups are however starting to use pilot-based infrastructures, where users submit jobs to a centralized queue and are successively transferred to the Grid resources by the pilot infrastructure. While this approach greatly improves the user experience, it does introduce several security and policy issues, the more serious being the lack of system level protection between the users and the inability for Grid sites to apply fine grained authorization policies. One possible solution to the problem is provided by gLExec, a X.509 aware suexec derivative. By using gLExec, the pilot workflow becomes as secure as any traditional one.

  4. Development of Security Software: A High Assurance Methodology

    NASA Astrophysics Data System (ADS)

    Hardin, David; Hiratzka, T. Douglas; Johnson, D. Randolph; Wagner, Lucas; Whalen, Michael

    This paper reports on a project to exercise, evaluate and enhance a methodology for developing high assurance software for an embedded system controller. In this approach, researchers at the National Security Agency capture system requirements precisely and unambiguously through functional specifications in Z. Rockwell Collins then implements these requirements using an integrated, model-based software development approach. The development effort is supported by a tool chain that provides automated code generation and support for formal verification. The specific system is a prototype high speed encryption system, although the controller could be adapted for use in a variety of critical systems in which very high assurance of correctness, reliability, and security or safety properties is essential.

  5. Social Software and National Security: An Initial Net Assessment

    DTIC Science & Technology

    2009-04-01

    net assessment of how social software interacts with government and security in the broadest sense.1 The analysis looks at both sides of what once...operations, within a lessons-learned process, military intelligence gathering and analysis , human resources decisionmaking, networking warfighters’ families...Importantly, such Inward Sharing tools not only have conventional uses, like intelligence analysis , but also relatively mundane but very important advantages

  6. Software Security Assurance: A State-of-Art Report (SAR)

    DTIC Science & Technology

    2007-07-31

    systems . The CORAS model has been tested successfully on telemedicine and e - commerce systems ...Security Assurance E X C E L L E N C E S E R V IC E IN INFORMAT IO N DoD Data & Analysis Center for Software Information Assurance Technology Analysis...Computer Systems ), “Attack- Potential- based Survivability Modeling for High-Consequence Systems ,” in Proceedings

  7. A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks

    PubMed Central

    Luo, Shibo; Dong, Mianxiong; Ota, Kaoru; Wu, Jun; Li, Jianhua

    2015-01-01

    Software-Defined Networking-based Mobile Networks (SDN-MNs) are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directly to SDN-MNs, and a novel security assessment methodology is needed. In this paper, an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process (AHP) is proposed for SDN-MNs. Firstly, this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP. Secondly, to address the diversity and complexity of SDN-MNs, a novel attack graph definition and attack graph generation algorithm are proposed. In order to quantify security levels, the Node Minimal Effort (NME) is defined to quantify attack cost and derive system security levels based on NME. Thirdly, to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration, we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS) as the methodology. Finally, we offer a case study to validate the proposed methodology. The case study and evaluation show the advantages of the proposed security assessment mechanism. PMID:26694409

  8. A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks.

    PubMed

    Luo, Shibo; Dong, Mianxiong; Ota, Kaoru; Wu, Jun; Li, Jianhua

    2015-12-17

    Software-Defined Networking-based Mobile Networks (SDN-MNs) are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directly to SDN-MNs, and a novel security assessment methodology is needed. In this paper, an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process (AHP) is proposed for SDN-MNs. Firstly, this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP. Secondly, to address the diversity and complexity of SDN-MNs, a novel attack graph definition and attack graph generation algorithm are proposed. In order to quantify security levels, the Node Minimal Effort (NME) is defined to quantify attack cost and derive system security levels based on NME. Thirdly, to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration, we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS) as the methodology. Finally, we offer a case study to validate the proposed methodology. The case study and evaluation show the advantages of the proposed security assessment mechanism.

  9. Integrating a flexible modeling framework (FMF) with the network security assessment instrument to reduce software security risk

    NASA Technical Reports Server (NTRS)

    Gilliam, D. P.; Powell, J. D.

    2002-01-01

    This paper presents a portion of an overall research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

  10. Progress in Addressing DNFSB Recommendation 2002-1 Issues: Improving Accident Analysis Software Applications

    SciTech Connect

    VINCENT, ANDREW

    2005-04-25

    Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 2002-1 (''Quality Assurance for Safety-Related Software'') identified a number of quality assurance issues on the use of software in Department of Energy (DOE) facilities for analyzing hazards, and designing and operating controls to prevent or mitigate potential accidents. Over the last year, DOE has begun several processes and programs as part of the Implementation Plan commitments, and in particular, has made significant progress in addressing several sets of issues particularly important in the application of software for performing hazard and accident analysis. The work discussed here demonstrates that through these actions, Software Quality Assurance (SQA) guidance and software tools are available that can be used to improve resulting safety analysis. Specifically, five of the primary actions corresponding to the commitments made in the Implementation Plan to Recommendation 2002-1 are identified and discussed in this paper. Included are the web-based DOE SQA Knowledge Portal and the Central Registry, guidance and gap analysis reports, electronic bulletin board and discussion forum, and a DOE safety software guide. These SQA products can benefit DOE safety contractors in the development of hazard and accident analysis by precluding inappropriate software applications and utilizing best practices when incorporating software results to safety basis documentation. The improvement actions discussed here mark a beginning to establishing stronger, standard-compliant programs, practices, and processes in SQA among safety software users, managers, and reviewers throughout the DOE Complex. Additional effort is needed, however, particularly in: (1) processes to add new software applications to the DOE Safety Software Toolbox; (2) improving the effectiveness of software issue communication; and (3) promoting a safety software quality assurance culture.

  11. Personal computer security: part 1. Firewalls, antivirus software, and Internet security suites.

    PubMed

    Caruso, Ronald D

    2003-01-01

    Personal computer (PC) security in the era of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) involves two interrelated elements: safeguarding the basic computer system itself and protecting the information it contains and transmits, including personal files. HIPAA regulations have toughened the requirements for securing patient information, requiring every radiologist with such data to take further precautions. Security starts with physically securing the computer. Account passwords and a password-protected screen saver should also be set up. A modern antivirus program can easily be installed and configured. File scanning and updating of virus definitions are simple processes that can largely be automated and should be performed at least weekly. A software firewall is also essential for protection from outside intrusion, and an inexpensive hardware firewall can provide yet another layer of protection. An Internet security suite yields additional safety. Regular updating of the security features of installed programs is important. Obtaining a moderate degree of PC safety and security is somewhat inconvenient but is necessary and well worth the effort.

  12. SOEMPI: A Secure Open Enterprise Master Patient Index Software Toolkit for Private Record Linkage

    PubMed Central

    Toth, Csaba; Durham, Elizabeth; Kantarcioglu, Murat; Xue, Yuan; Malin, Bradley

    2014-01-01

    To mitigate bias in multi-institutional research studies, healthcare organizations need to integrate patient records. However, this process must be accomplished without disclosing the identities of the corresponding patients. Various private record linkage (PRL) techniques have been proposed, but there is a lack of translation into practice because no software suite supports the entire PRL lifecycle. This paper addresses this issue with the introduction of the Secure Open Enterprise Master Patient Index (SOEMPI). We show how SOEMPI covers the PRL lifecycle, illustrate the implementation of several PRL protocols, and provide a runtime analysis for the integration of two datasets consisting of 10,000 records. While the PRL process is slower than a non-secure setting, our analysis shows the majority of processes in a PRL protocol require several seconds or less and that SOEMPI completes the process in approximately two minutes, which is a practical amount of time for integration. PMID:25954421

  13. Secure Naming and Addressing Operations for Store, Carry and Forward Networks

    NASA Technical Reports Server (NTRS)

    Eddy, Wesley M.; Ivancic, William D.; Iannicca, Dennis C.; Ishac, Joseph; Hylton, Alan G.

    2014-01-01

    This paper describes concepts for secure naming and addressing directed at Store, Carry and Forward (SCF) distributed applications, where disconnection and intermittent connectivity between forwarding systems is the norm. The paper provides a brief overview of store, carry and forward distributed applications followed by an in depth discussion of how to securely: create a namespace; allocate names within the namespace; query for names known within a local processing system or connected subnetwork; validate ownership of a given name; authenticate data from a given name; and, encrypt data to a given name. Critical issues such as revocation of names, mobility and the ability to use various namespaces to secure operations or for Quality-of-Service are also presented. Although the concepts presented for naming and addressing have been developed for SCF, they are directly applicable to fully connected systems.

  14. 78 FR 22361 - Social Security Ruling, SSR 13-1p; Titles II and XVI: Agency Processes for Addressing Allegations...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-04-15

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Social Security Ruling, SSR 13-1p; Titles II and XVI: Agency Processes for Addressing Allegations of Unfairness, Prejudice, Partiality, Bias, Misconduct, or Discrimination by Administrative...

  15. 78 FR 9987 - Social Security Ruling, SSR 13-1p; Titles II and XVI: Agency Processes for Addressing Allegations...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-02-12

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Social Security Ruling, SSR 13-1p; Titles II and XVI: Agency Processes for Addressing Allegations of Unfairness, Prejudice, Partiality, Bias, Misconduct, or Discrimination by Administrative...

  16. 78 FR 8217 - Social Security Ruling, SSR 13-1p; Titles II and XVI: Agency Processes for Addressing Allegations...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-02-05

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Social Security Ruling, SSR 13-1p; Titles II and XVI: Agency Processes for Addressing Allegations of Unfairness, Prejudice, Partiality, Bias, Misconduct, or Discrimination by Administrative...

  17. Discrete Address Beacon System (DABS) Software System Reliability Modeling and Prediction.

    DTIC Science & Technology

    1981-06-01

    19004 DT-A.3.Tef e.0-OW8 , ... t 13. Tyeo Sat ~ n-v d e ed_ 12 Spon soring Agency Name and Address U.S. Department of Transportation Final / / [’’ -4...Model 36 12 Surveillance Module - Reliability Growth Model 39 B-1 DABS Trouble Report/Change Proposal 49 B-2 DABS Trouble Report/Change Proposal Update...Surveillance Module - Reliability Data Summary 38 12 Summary of Software Reliability Predictions 42 13 Summary of Module Critical Error Rates 43 iii I

  18. For telehealth to succeed, privacy and security risks must be identified and addressed.

    PubMed

    Hall, Joseph L; McGraw, Deven

    2014-02-01

    The success of telehealth could be undermined if serious privacy and security risks are not addressed. For example, sensors that are located in a patient's home or that interface with the patient's body to detect safety issues or medical emergencies may inadvertently transmit sensitive information about household activities. Similarly, routine data transmissions from an app or medical device, such as an insulin pump, may be shared with third-party advertisers. Without adequate security and privacy protections for underlying telehealth data and systems, providers and patients will lack trust in the use of telehealth solutions. Although some federal and state guidelines for telehealth security and privacy have been established, many gaps remain. No federal agency currently has authority to enact privacy and security requirements to cover the telehealth ecosystem. This article examines privacy risks and security threats to telehealth applications and summarizes the extent to which technical controls and federal law adequately address these risks. We argue for a comprehensive federal regulatory framework for telehealth, developed and enforced by a single federal entity, the Federal Trade Commission, to bolster trust and fully realize the benefits of telehealth.

  19. Secure Software Development Life Cycle Processes: A Technology Scouting Report

    DTIC Science & Technology

    2005-12-01

    through a CC evaluation: a Protection Profile ( PP ) and a Security Target (ST). Both documents must be created based on specific templates provided in the...implementation-dependent statement of security needs for a specific product. The PPs and the ST allow the following process for evaluation: 1. An organization...that wants to acquire or develop a particular type of security product defines their security needs using a PP . The organization then has the PP

  20. "It's Like Moving the Titanic:" Community Organizing to Address Food (In)Security.

    PubMed

    Okamoto, Kristen E

    2016-08-02

    Health communication scholars are uniquely positioned to examine the ways in which individuals organize to address current and future exigencies related to social ills. In particular, organizations are key sites in understanding our health decisions related to food choice. From a young age, children develop habits of eating that stay with them throughout their life. More specifically, food insecurity impacts childhood nutrition. Children from low-income homes experience disproportional negative health outcomes. Appalachian Ohio is an area within the United States that experiences severe poverty. In 2013, community members in a small public school district in Appalachian Ohio formed the Appalachian Nutrition Advisory Council to address the nutritional needs of students in schools. This project stories the ways in which community members creatively organized to supplement existing structures in place designed to address school nutrition and food security.

  1. Reducing software security risk through an integrated approach

    NASA Technical Reports Server (NTRS)

    Gilliam, D.; Powell, J.; Kelly, J.; Bishop, M.

    2001-01-01

    The fourth quarter delivery, FY'01 for this RTOP is a Property-Based Testing (PBT), 'Tester's Assistant' (TA). The TA tool is to be used to check compiled and pre-compiled code for potential security weaknesses that could be exploited by hackers. The TA Instrumenter, implemented mostly in C++ (with a small part in Java), parsels two types of files: Java and TASPEC. Security properties to be checked are written in TASPEC. The Instrumenter is used in conjunction with the Tester's Assistant Specification (TASpec)execution monitor to verify the security properties of a given program.

  2. Strategies to Address Identified Education Gaps in the Preparation of a National Security Workforce

    SciTech Connect

    2008-06-30

    This report will discuss strategies available to address identified gaps and weaknesses in education efforts aimed at the preparation of a skilled and properly trained national security workforce.The need to adequately train and educate a national security workforce is at a critical juncture. Even though there are an increasing number of college graduates in the appropriate fields, many of these graduates choose to work in the private sector because of more desirable salary and benefit packages. This is contributing to an inability to fill vacant positions at NNSA resulting from high personnel turnover from the large number of retirements. Further, many of the retirees are practically irreplaceable because they are Cold War scientists that have experience and expertise with nuclear weapons.

  3. Addressing security, collaboration, and usability with tactical edge mobile devices and strategic cloud-based systems

    NASA Astrophysics Data System (ADS)

    Graham, Christopher J.

    2012-05-01

    Success in the future battle space is increasingly dependent on rapid access to the right information. Faced with a shrinking budget, the Government has a mandate to improve intelligence productivity, quality, and reliability. To achieve increased ISR effectiveness, leverage of tactical edge mobile devices via integration with strategic cloud-based infrastructure is the single, most likely candidate area for dramatic near-term impact. This paper discusses security, collaboration, and usability components of this evolving space. These three paramount tenets outlined below, embody how mission information is exchanged securely, efficiently, with social media cooperativeness. Tenet 1: Complete security, privacy, and data integrity, must be ensured within the net-centric battle space. This paper discusses data security on a mobile device, data at rest on a cloud-based system, authorization and access control, and securing data transport between entities. Tenet 2: Lack of collaborative information sharing and content reliability jeopardizes mission objectives and limits the end user capability. This paper discusses cooperative pairing of mobile devices and cloud systems, enabling social media style interaction via tagging, meta-data refinement, and sharing of pertinent data. Tenet 3: Fielded mobile solutions must address usability and complexity. Simplicity is a powerful paradigm on mobile platforms, where complex applications are not utilized, and simple, yet powerful, applications flourish. This paper discusses strategies for ensuring mobile applications are streamlined and usable at the tactical edge through focused features sets, leveraging the power of the back-end cloud, minimization of differing HMI concepts, and directed end-user feedback.teInput=

  4. SecureCore Software Architecture: Trusted Path Application (TPA) Requirements

    DTIC Science & Technology

    2007-12-01

    Cynthia E. Irvine Timothy E. Levin Thuy D. Nguyen Timothy M. Vidas December 2007...Timothy M. Vidas Research Associate Reviewed by: Released by: ______________________________ _________________ Peter...Levin, Cynthia E. Irvine, and Thuy D. Nguyen, Timothy M. Vidas 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES

  5. SOCLe: Integrated Design of Software Applications and Security

    DTIC Science & Technology

    2005-06-01

    repercussions. Sad exam- ples abound: the Therac - 25 radiotherapy machine (3 dead and 3 severely wounded persons), the ARIANE 5 rocket ∗The Secure OCL...for IBM on how to integrate this technology into their tools Defence R&D Canada – Valcartier # 25 Frederic.Painchaud@drdc-rddc.gc.ca http://www.polymtl.ca/crac/socle

  6. Specification and Verification of Secure Concurrent and Distributed Software Systems

    DTIC Science & Technology

    1992-02-01

    Theorem Proving Support Systems ............... 95 5 Algebraic Specification and Verification of Concurrency in OBJ 97 5.1 Overview of the Approach...final algebra specifications: the methodology ................... 156 7.2.2 Structure of the generic SRM specification ........................ 158 7.2.3...basic support for algebraic specification * EEDM - wide-range of support for specification and verification including software engi. neerimg support

  7. Streamlining the Process of Acquiring Secure Open Architecture Software Systems

    DTIC Science & Technology

    2013-10-08

    on the case studies centering on military command and control systems , such as the future C2RPC models being considered by naval commands (Garcia...however, requires new guidance and ideally, automated tools, for explicitly modeling and analyzing the architecture of an OA system during its...secure open architecture command and control systems , where next-generation military command and control systems are expected to be developed from

  8. Secure DoD Software: Considerations for the Vulnerability Market

    DTIC Science & Technology

    2013-12-01

    2013 REAL-TIME INFORMATION ASSURANCE In the civilian sector, costs can be enumerated by the number of credit card numbers stolen, intellectual... hacking into some of the most popular computer applica- tions. During the 2013 Pwn2Own challenge, researchers were awarded $480,000 for cracking...security-ecosystem>. 7. Thomson, I. (2013, March 8). Pwn2Own: IE10, Firefox, Chrome, Reader, Java hacks land $500k. Retrieved March 13, 2013, from

  9. Software Assurance in Acquisition: Mitigating Risks to the Enterprise. A Reference Guide for Security-Enhanced Software Acquisition and Outsourcing

    DTIC Science & Technology

    2009-02-01

    Barger, Boeing Sean Barnum , Cigital, Inc. Redge Bartholomew, Rockwell Collins Nadya Bartol, Booz Allen Hamilton Joseph Bergmann, The Open Group Paul E...information infrastructure or system [adapted from CNSSI 4009]. Attack is the act of carrying out an exploit [ Barnum ]. availability...A problem that exists in the software’s code that may or may not represent a vulnerability [ Barnum ]. built-in security

  10. Reducing software security risk through an integrated approach research initiative model based verification of the Secure Socket Layer (SSL) Protocol

    NASA Technical Reports Server (NTRS)

    Powell, John D.

    2003-01-01

    This document discusses the verification of the Secure Socket Layer (SSL) communication protocol as a demonstration of the Model Based Verification (MBV) portion of the verification instrument set being developed under the Reducing Software Security Risk (RSSR) Trough an Integrated Approach research initiative. Code Q of the National Aeronautics and Space Administration (NASA) funds this project. The NASA Goddard Independent Verification and Validation (IV&V) facility manages this research program at the NASA agency level and the Assurance Technology Program Office (ATPO) manages the research locally at the Jet Propulsion Laboratory (California institute of Technology) where the research is being carried out.

  11. "Test Driving" CARS: Addressing the Issues in the Evaluation of Computer-Assisted Reading Software.

    ERIC Educational Resources Information Center

    Lewin, Cathy

    1997-01-01

    Examines contributions of computer-assisted reading software (CARS) to current teaching practice. Presented framework for evaluating the technical and pedagogic characteristics of CARS. Described case study using proposed framework to evaluate the use of talking books software in British schools. Cognitive and affective benefits are identified.…

  12. Addressing food security through public policy action in a community-based participatory research partnership.

    PubMed

    Vásquez, Victoria Breckwich; Lanza, Dana; Hennessey-Lavery, Susana; Facente, Shelley; Halpin, Helen Ann; Minkler, Meredith

    2007-10-01

    Community-based participatory research (CBPR) is an increasingly utilized research approach that involves the affected community identifying a health-related problem, developing a research agenda, and planning an appropriate intervention to address the problem. This report on a CBPR partnership in San Francisco's Bayview Hunters Point neighborhood documents the rise of a community food security policy in response to youth-involved research that found poor access to quality food in an economically disadvantaged area of the city. To analyze the impact of the research on public policy, a framework of specific steps in the policy-making process is used to organize and better understand the partnership's objectives, activities, strategies, and successes. This community-health department partnership has been able to achieve an innovative and sustainable public policy solution, the Good Neighbor Program, by working closely with policy makers and local businesses to expand community accessibility to healthy food.

  13. Addressing China's grand challenge of achieving food security while ensuring environmental sustainability.

    PubMed

    Lu, Yonglong; Jenkins, Alan; Ferrier, Robert C; Bailey, Mark; Gordon, Iain J; Song, Shuai; Huang, Jikun; Jia, Shaofeng; Zhang, Fusuo; Liu, Xuejun; Feng, Zhaozhong; Zhang, Zhibin

    2015-02-01

    China's increasingly urbanized and wealthy population is driving a growing and changing demand for food, which might not be met without significant increase in agricultural productivity and sustainable use of natural resources. Given the past relationship between lack of access to affordable food and political instability, food security has to be given a high priority on national political agendas in the context of globalization. The drive for increased food production has had a significant impact on the environment, and the deterioration in ecosystem quality due to historic and current levels of pollution will potentially compromise the food production system in China. We discuss the grand challenges of not only producing more food but also producing it sustainably and without environmental degradation. In addressing these challenges, food production should be considered as part of an environmental system (soil, air, water, and biodiversity) and not independent from it. It is imperative that new ways of meeting the demand for food are developed while safeguarding the natural resources upon which food production is based. We present a holistic approach to both science and policy to ensure future food security while embracing the ambition of achieving environmental sustainability in China. It is a unique opportunity for China to be a role model as a new global player, especially for other emerging economies.

  14. Addressing China’s grand challenge of achieving food security while ensuring environmental sustainability

    PubMed Central

    Lu, Yonglong; Jenkins, Alan; Ferrier, Robert C.; Bailey, Mark; Gordon, Iain J.; Song, Shuai; Huang, Jikun; Jia, Shaofeng; Zhang, Fusuo; Liu, Xuejun; Feng, Zhaozhong; Zhang, Zhibin

    2015-01-01

    China’s increasingly urbanized and wealthy population is driving a growing and changing demand for food, which might not be met without significant increase in agricultural productivity and sustainable use of natural resources. Given the past relationship between lack of access to affordable food and political instability, food security has to be given a high priority on national political agendas in the context of globalization. The drive for increased food production has had a significant impact on the environment, and the deterioration in ecosystem quality due to historic and current levels of pollution will potentially compromise the food production system in China. We discuss the grand challenges of not only producing more food but also producing it sustainably and without environmental degradation. In addressing these challenges, food production should be considered as part of an environmental system (soil, air, water, and biodiversity) and not independent from it. It is imperative that new ways of meeting the demand for food are developed while safeguarding the natural resources upon which food production is based. We present a holistic approach to both science and policy to ensure future food security while embracing the ambition of achieving environmental sustainability in China. It is a unique opportunity for China to be a role model as a new global player, especially for other emerging economies. PMID:26601127

  15. Spectral Graph Theory Analysis of Software-Defined Networks to Improve Performance and Security

    DTIC Science & Technology

    2015-09-01

    networks for transmission operations in smart grids,” in the Proc. IEEE PES Innovative Smart Grid Technologies (ISGT), Washington, DC, 2013. [34] D...GRAPH THEORY ANALYSIS OF SOFTWARE-DEFINED NETWORKS TO IMPROVE PERFORMANCE AND SECURITY by Thomas C. Parker September 2015 Dissertation Co...September 2015 3. REPORT TYPE AND DATES COVERED Dissertation 4. TITLE AND SUBTITLE SPECTRAL GRAPH THEORY ANALYSIS OF SOFTWARE-DEFINED NETWORKS

  16. A Proven Methodology for Developing Secure Software and Applying It to Ground Systems

    NASA Technical Reports Server (NTRS)

    Bailey, Brandon

    2016-01-01

    Part Two expands upon Part One in an attempt to translate the methodology for ground system personnel. The goal is to build upon the methodology presented in Part One by showing examples and details on how to implement the methodology. Section 1: Ground Systems Overview; Section 2: Secure Software Development; Section 3: Defense in Depth for Ground Systems; Section 4: What Now?

  17. Informatics in Radiology (infoRAD): personal computer security: part 2. Software Configuration and file protection.

    PubMed

    Caruso, Ronald D

    2004-01-01

    Proper configuration of software security settings and proper file management are necessary and important elements of safe computer use. Unfortunately, the configuration of software security options is often not user friendly. Safe file management requires the use of several utilities, most of which are already installed on the computer or available as freeware. Among these file operations are setting passwords, defragmentation, deletion, wiping, removal of personal information, and encryption. For example, Digital Imaging and Communications in Medicine medical images need to be anonymized, or "scrubbed," to remove patient identifying information in the header section prior to their use in a public educational or research environment. The choices made with respect to computer security may affect the convenience of the computing process. Ultimately, the degree of inconvenience accepted will depend on the sensitivity of the files and communications to be protected and the tolerance of the user.

  18. An Analysis of Security and Privacy Issues in Smart Grid Software Architectures on Clouds

    SciTech Connect

    Simmhan, Yogesh; Kumbhare, Alok; Cao, Baohua; Prasanna, Viktor K.

    2011-07-09

    Power utilities globally are increasingly upgrading to Smart Grids that use bi-directional communication with the consumer to enable an information-driven approach to distributed energy management. Clouds offer features well suited for Smart Grid software platforms and applications, such as elastic resources and shared services. However, the security and privacy concerns inherent in an information rich Smart Grid environment are further exacerbated by their deployment on Clouds. Here, we present an analysis of security and privacy issues in a Smart Grids software architecture operating on different Cloud environments, in the form of a taxonomy. We use the Los Angeles Smart Grid Project that is underway in the largest U.S. municipal utility to drive this analysis that will benefit both Cloud practitioners targeting Smart Grid applications, and Cloud researchers investigating security and privacy.

  19. Understanding How the "Open" of Open Source Software (OSS) Will Improve Global Health Security.

    PubMed

    Hahn, Erin; Blazes, David; Lewis, Sheri

    2016-01-01

    Improving global health security will require bold action in all corners of the world, particularly in developing settings, where poverty often contributes to an increase in emerging infectious diseases. In order to mitigate the impact of emerging pandemic threats, enhanced disease surveillance is needed to improve early detection and rapid response to outbreaks. However, the technology to facilitate this surveillance is often unattainable because of high costs, software and hardware maintenance needs, limited technical competence among public health officials, and internet connectivity challenges experienced in the field. One potential solution is to leverage open source software, a concept that is unfortunately often misunderstood. This article describes the principles and characteristics of open source software and how it may be applied to solve global health security challenges.

  20. Software Security Knowledge: CWE. Knowing What Could Make Software Vulnerable to Attack

    DTIC Science & Technology

    2011-05-01

    4 % 1% 2% Java "Breadth" Test Case Coverage Coverity 0 % 0 % Find Bugs 1% Five Tools Fortify 2% 7...on the long road to software assurance © 2011 MITRE CWE Top 25 for 2011 Started last month Utilizing the Common Weakness Scoring System (CWSS 0 4 ...vignette Line 212:: CWE- 9: 9 . g, Line 72: ICWE- :84: 7 ~ 9 Li·ne 23: CWE-109: Line 104: CWE~ 4 :8 .2: 3.1 Line 213: CWE- 754: 0 . 0 Step 1

  1. How can we exploit above–belowground interactions to assist in addressing the challenges of food security?

    PubMed Central

    Orrell, Peter; Bennett, Alison E.

    2013-01-01

    Can above–belowground interactions help address issues of food security? We address this question in this manuscript, and review the intersection of above–belowground interactions and food security. We propose that above–belowground interactions could address two strategies identified by Godfray etal. (2010): reducing the Yield Gap, and Increasing Production Limits. In particular, to minimize the difference between potential and realized production (The Yield Gap) above–belowground interactions could be manipulated to reduce losses to pests and increase crop growth (and therefore yields). To Increase Production Limits we propose two mechanisms: utilizing intercropping (which uses multiple aspects of above–belowground interactions) and breeding for traits that promote beneficial above–belowground interactions, as well as breeding mutualistic organisms to improve their provided benefit. As a result, if they are managed correctly, there is great potential for above–belowground interactions to contribute to food security. PMID:24198821

  2. A coverage and slicing dependencies analysis for seeking software security defects.

    PubMed

    He, Hui; Zhang, Dongyan; Liu, Min; Zhang, Weizhe; Gao, Dongmin

    2014-01-01

    Software security defects have a serious impact on the software quality and reliability. It is a major hidden danger for the operation of a system that a software system has some security flaws. When the scale of the software increases, its vulnerability has becoming much more difficult to find out. Once these vulnerabilities are exploited, it may lead to great loss. In this situation, the concept of Software Assurance is carried out by some experts. And the automated fault localization technique is a part of the research of Software Assurance. Currently, automated fault localization method includes coverage based fault localization (CBFL) and program slicing. Both of the methods have their own location advantages and defects. In this paper, we have put forward a new method, named Reverse Data Dependence Analysis Model, which integrates the two methods by analyzing the program structure. On this basis, we finally proposed a new automated fault localization method. This method not only is automation lossless but also changes the basic location unit into single sentence, which makes the location effect more accurate. Through several experiments, we proved that our method is more effective. Furthermore, we analyzed the effectiveness among these existing methods and different faults.

  3. A Coverage and Slicing Dependencies Analysis for Seeking Software Security Defects

    PubMed Central

    He, Hui; Zhang, Dongyan; Liu, Min; Zhang, Weizhe; Gao, Dongmin

    2014-01-01

    Software security defects have a serious impact on the software quality and reliability. It is a major hidden danger for the operation of a system that a software system has some security flaws. When the scale of the software increases, its vulnerability has becoming much more difficult to find out. Once these vulnerabilities are exploited, it may lead to great loss. In this situation, the concept of Software Assurance is carried out by some experts. And the automated fault localization technique is a part of the research of Software Assurance. Currently, automated fault localization method includes coverage based fault localization (CBFL) and program slicing. Both of the methods have their own location advantages and defects. In this paper, we have put forward a new method, named Reverse Data Dependence Analysis Model, which integrates the two methods by analyzing the program structure. On this basis, we finally proposed a new automated fault localization method. This method not only is automation lossless but also changes the basic location unit into single sentence, which makes the location effect more accurate. Through several experiments, we proved that our method is more effective. Furthermore, we analyzed the effectiveness among these existing methods and different faults. PMID:24982957

  4. HOMELAND SECURITY: Challenges and Strategies in Addressing Short- and Long-Term National Needs

    DTIC Science & Technology

    2007-11-02

    air travel has already prompted attention to chronic problems with airport security that we and others have been pointing to for years. Moreover, the...capital for certain areas such as intelligence, public health and airport security will also be necessary as well to foster and maintain the skill...Weaknesses in Airport Security and Options for Assigning Screening Responsibilities, (GAO-01-1165T, Sept. 21, 2001). Aviation Security: Terrorist Acts

  5. Aviation Security: Slow Progress in Addressing Long-Standing Screener Performance Problems

    DTIC Science & Technology

    2007-11-02

    aviation security , in particular airport screeners. Securing an air transportation system the size of this nation’s-with hundreds of airports, thousands of aircraft, and tens of thousands of flights daily carrying millions of passengers and pieces of baggage-is a difficult task. Events over the past decade have shown that the threat of terrorism against the United States is an ever-present danger. Aviation is an attractive target for terrorists, and because the air transportation system is critical to the nation’s well-being, protecting it is an important

  6. Exploring Operational Safeguards, Safety, and Security by Design to Address Real Time Threats in Nuclear Facilities

    SciTech Connect

    Schanfein, Mark J.; Mladineo, Stephen V.

    2015-07-07

    Over the last few years, significant attention has been paid to both encourage application and provide domestic and international guidance for designing in safeguards and security in new facilities.1,2,3 However, once a facility is operational, safeguards, security, and safety often operate as separate entities that support facility operations. This separation is potentially a serious weakness should insider or outsider threats become a reality.Situations may arise where safeguards detects a possible loss of material in a facility. Will they notify security so they can, for example, check perimeter doors for tampering? Not doing so might give the advantage to an insider who has already, or is about to, move nuclear material outside the facility building. If outsiders break into a facility, the availability of any information to coordinate the facility’s response through segregated alarm stations or a failure to include all available radiation sensors, such as safety’s criticality monitors can give the advantage to the adversary who might know to disable camera systems, but would most likely be unaware of other highly relevant sensors in a nuclear facility.This paper will briefly explore operational safeguards, safety, and security by design (3S) at a high level for domestic and State facilities, identify possible weaknesses, and propose future administrative and technical methods, to strengthen the facility system’s response to threats.

  7. The Need to Address Mobile Device Security in the Higher Education IT Curriculum

    ERIC Educational Resources Information Center

    Patten, Karen P.; Harris, Mark A.

    2013-01-01

    Mobile devices, including smartphones and tablets, enable users to access corporate data from anywhere. In 2013, people will purchase 1.2 billion mobile devices, surpassing personal computers as the most common method for accessing the Internet. However, security of these mobile devices is a major concern for organizations. The two leading…

  8. Status of Global Threat Reduction Initiative's Activities Underway to Address Major Domestic Radiological Security Challenges - 12105

    SciTech Connect

    Cuthbertson, Abigail; Jennison, Meaghan

    2012-07-01

    During their service lives, radioactive sealed sources are used for a wide variety of essential purposes. However, each year, thousands of radioactive sealed sources that pose a potential risk to national security, health, and safety become disused and unwanted in the United States. Due to their concentrated activity and portability, these sources could be used in radiological dispersal devices ('dirty bombs'). For more than a decade, the National Nuclear Security Administration and the U.S. Department of Energy, through the Global Threat Reduction Initiative Offsite Source Recovery Project (GTRI/OSRP), have facilitated the removal and disposition of thousands of disused/unwanted sources worldwide. However, the ability of GTRI/OSRP to continue its work is critically dependent on the ability to transport and appropriately dispose of these sources. On that front, GTRI/OSRP progress includes development of two prototype Type B transport containers and significant efforts toward certification, increased commercial disposal access for risk-significant sealed sources at commercial sites, and cooperation through the International Atomic Energy Agency to increase source repatriation. Disused sealed sources continue to pose a national security concern. The impact of a dirty bomb detonation could be costly both financially and to those exposed to the resulting radiation. However, significant progress has been made since 2008 on each of the challenges identified in the DHS Sealed Source Security Workshop. Not only will there be increased opportunity for commercial disposal of many sizes and types of sealed sources, but also stakeholders are studying front-end solutions to the problem of disused sealed sources, such as financial assurance and recycle. The lack of sealed source transport containers is also likely to be mitigated with the development and certification by NNSA of two new Type B models. Internationally, increased efforts at source repatriation will mitigate the

  9. A resilient and secure software platform and architecture for distributed spacecraft

    NASA Astrophysics Data System (ADS)

    Otte, William R.; Dubey, Abhishek; Karsai, Gabor

    2014-06-01

    A distributed spacecraft is a cluster of independent satellite modules flying in formation that communicate via ad-hoc wireless networks. This system in space is a cloud platform that facilitates sharing sensors and other computing and communication resources across multiple applications, potentially developed and maintained by different organizations. Effectively, such architecture can realize the functions of monolithic satellites at a reduced cost and with improved adaptivity and robustness. Openness of these architectures pose special challenges because the distributed software platform has to support applications from different security domains and organizations, and where information flows have to be carefully managed and compartmentalized. If the platform is used as a robust shared resource its management, configuration, and resilience becomes a challenge in itself. We have designed and prototyped a distributed software platform for such architectures. The core element of the platform is a new operating system whose services were designed to restrict access to the network and the file system, and to enforce resource management constraints for all non-privileged processes Mixed-criticality applications operating at different security labels are deployed and controlled by a privileged management process that is also pre-configuring all information flows. This paper describes the design and objective of this layer.

  10. REVIEW OF THE POTENTIAL OF NUCLEAR HYDROGEN FOR ADDRESSING ENERGY SECURITY AND CLIMATE CHANGE

    SciTech Connect

    James E. O'Brien

    2010-06-01

    Nuclear energy has the potential to exert a major positive impact on energy security and climate change by coupling it to the transportation sector, primarily through hydrogen production. In the short term, this coupling will provide carbon-free hydrogen for upgrading increasingly lower quality petroleum resources such as oil sands, offsetting carbon emissions associated with steam methane reforming. In the intermediate term, nuclear hydrogen will be needed for large-scale production of infrastructure-compatible synthetic liquid fuels. In the long term, there is great potential for the use of hydrogen as a direct vehicle fuel, most likely in the form of light-duty pluggable hybrid hydrogen fuel cell vehicles. This paper presents a review of the potential benefits of large-scale nuclear hydrogen production for energy security (i.e. displacing imported petroleum) and reduction of greenhouse gas emissions. Lifecycle benefits of nuclear energy in this context are presented, with reference to recent major publications on this topic. The status of US and international nuclear hydrogen research programs are discussed. Industry progress toward consumer-grade hydrogen fuel cell vehicles are also be examined.

  11. Security

    ERIC Educational Resources Information Center

    Technology & Learning, 2008

    2008-01-01

    Anytime, anywhere, learning provides opportunities to create digital learning environments for new teaching styles and personalized learning. As part of making sure the program is effective, the safety and security of students and assets are essential--and mandated by law. The Children's Internet Protection Act (CIPA) addresses Internet content…

  12. An evaluation of security measures implemented to address physical threats to water infrastructure in the state of Mississippi.

    PubMed

    Barrett, Jason R; French, P Edward

    2013-01-01

    The events of September 11, 2001, increased and intensified domestic preparedness efforts in the United States against terrorism and other threats. The heightened focus on protecting this nation's critical infrastructure included legislation requiring implementation of extensive new security measures to better defend water supply systems against physical, chemical/biological, and cyber attacks. In response, municipal officials have implemented numerous safeguards to reduce the vulnerability of these systems to purposeful intrusions including ongoing vulnerability assessments, extensive personnel training, and highly detailed emergency response and communication plans. This study evaluates fiscal year 2010 annual compliance assessments of public water systems with security measures that were implemented by Mississippi's Department of Health as a response to federal requirements to address these potential terrorist threats to water distribution systems. The results show that 20 percent of the water systems in this state had at least one security violation on their 2010 Capacity Development Assessment, and continued perseverance from local governments is needed to enhance the resiliency and robustness of these systems against physical threats.

  13. ASSESS (Analytic System and Software for Evaluating Safeguards and Security) update: Current status and future developments

    SciTech Connect

    Al-Ayat, R.A. ); Cousins, T.D. ); Hoover, E.R. )

    1990-07-15

    The Analytic System and Software for Evaluating Safeguards and Security (ASSESS) has been released for use by DOE field offices and their contractors. In October, 1989, we offered a prototype workshop to selected representatives of the DOE community. Based on the prototype results, we held the first training workshop at the Central Training Academy in January, 1990. Four additional workshops are scheduled for FY 1990. ASSESS is a state-of-the-art analytical tool for management to conduct integrated evaluation of safeguards systems at facilities handling facilities. Currently, ASSESS focuses on the threat of theft/diversion of special nuclear material by insiders, outsiders, and a special form of insider/outsider collusion. ASSESS also includes a neutralization module. Development of the tool is continuing. Plans are underway to expand the capabilities of ASSESS to evaluate against violent insiders, to validate the databases, to expand the neutralization module, and to assist in demonstrating compliance with DOE Material Control and Accountability (MC A) Order 5633.3. These new capabilities include the ability to: compute a weighted average for performance capability against a spectrum of insider adversaries; conduct defense-in-depth analyses; and analyze against protracted theft scenarios. As they become available, these capabilities will be incorporated in our training program. ASSESS is being developed jointly by Lawrence Livermore and Sandia National Laboratories under the sponsorship of the Department of Energy (DOE) Office of Safeguards and Security.

  14. Creating a Clinical Video-Conferencing Facility in a Security-Constrained Environment Using Open-Source AccessGrid Software and Consumer Hardware

    PubMed Central

    Terrazas, Enrique; Hamill, Timothy R.; Wang, Ye; Channing Rodgers, R. P.

    2007-01-01

    The Department of Laboratory Medicine at the University of California, San Francisco (UCSF) has been split into widely separated facilities, leading to much time being spent traveling between facilities for meetings. We installed an open-source AccessGrid multi-media-conferencing system using (largely) consumer-grade equipment, connecting 6 sites at 5 separate facilities. The system was accepted rapidly and enthusiastically, and was inexpensive compared to alternative approaches. Security was addressed by aspects of the AG software and by local network administrative practices. The chief obstacles to deployment arose from security restrictions imposed by multiple independent network administration regimes, requiring a drastically reduced list of network ports employed by AG components. PMID:18693930

  15. Creating a clinical video-conferencing facility in a security-constrained environment using open-source AccessGrid software and consumer hardware.

    PubMed

    Terrazas, Enrique; Hamill, Timothy R; Wang, Ye; Channing Rodgers, R P

    2007-10-11

    The Department of Laboratory Medicine at the University of California, San Francisco (UCSF) has been split into widely separated facilities, leading to much time being spent traveling between facilities for meetings. We installed an open-source AccessGrid multi-media-conferencing system using (largely) consumer-grade equipment, connecting 6 sites at 5 separate facilities. The system was accepted rapidly and enthusiastically, and was inexpensive compared to alternative approaches. Security was addressed by aspects of the AG software and by local network administrative practices. The chief obstacles to deployment arose from security restrictions imposed by multiple independent network administration regimes, requiring a drastically reduced list of network ports employed by AG components.

  16. Software.

    ERIC Educational Resources Information Center

    Journal of Chemical Education, 1989

    1989-01-01

    Presented are reviews of two computer software packages for Apple II computers; "Organic Spectroscopy," and "Videodisc Display Program" for use with "The Periodic Table Videodisc." A sample spectrograph from "Organic Spectroscopy" is included. (CW)

  17. Center for Strategic Leadership Issue Paper, August 2007, Volume 8-07. Military Education Workshop Addresses Threats to Stability and Security.

    DTIC Science & Technology

    2007-08-01

    support of partner countries to address such destabilizing issues as competition for scare resources, forced migration, food security, changing weather...upcoming National Intelligence Estimate (NIE), the National Inteligence Council (NIC) has reached out to a broad group of U.S. government organizations and...resource competition and conflict; water and food security; health and disease, and the stability of governments. The Army should be prepared to adapt

  18. Model based verification of the Secure Socket Layer (SSL) Protocol for NASA systems

    NASA Technical Reports Server (NTRS)

    Powell, John D.; Gilliam, David

    2004-01-01

    The National Aeronautics and Space Administration (NASA) has tens of thousands of networked computer systems and applications. Software Security vulnerabilities present risks such as lost or corrupted data, information theft, and unavailability of critical systems. These risks represent potentially enormous costs to NASA. The NASA Code Q research initiative 'Reducing Software Security Risk (RSSR) Trough an Integrated Approach' offers formal verification of information technology (IT), through the creation of a Software Security Assessment Instrument (SSAI), to address software security risks.

  19. Security Assistance: DOD’s Ongoing Reforms Address Some Challenges, but Additional Information Is Needed to Further Enhance Program Management

    DTIC Science & Technology

    2012-11-01

    Abbreviations BPC building partner capacity DOD Department of Defense DSCA Defense Security Cooperation Agency EFTS Enhanced Freight Tracking System...SCOs are ready to receive a planned delivery. For both FMS and pseudo-FMS processes, DOD uses the Enhanced Freight Tracking System ( EFTS ), a secure...providing data for this system. The Security Assistance Management Manual recommends that SCOs use the EFTS to maintain awareness of incoming shipments

  20. Towards improving software security by using simulation to inform requirements and conceptual design

    DOE PAGES

    Nutaro, James J.; Allgood, Glenn O.; Kuruganti, Teja

    2015-06-17

    We illustrate the use of modeling and simulation early in the system life-cycle to improve security and reduce costs. The models that we develop for this illustration are inspired by problems in reliability analysis and supervisory control, for which similar models are used to quantify failure probabilities and rates. In the context of security, we propose that models of this general type can be used to understand trades between risk and cost while writing system requirements and during conceptual design, and thereby significantly reduce the need for expensive security corrections after a system enters operation

  1. The United States, Russia, Europe, and Security: How to Address the Unfinished Business of the Post-Cold War Era

    DTIC Science & Technology

    2012-04-01

    Security hostage to domestic politics in Russia—usually to a greater extent than in allied countries, where it is simply a matter of different political...have to be a broad framework to discuss European security issues, including conventional force nuclear matters , NATO enlargement, and zero-sum...from Afghanistan, and a trust fund established in support of helicopter maintenance. This has been punctual and limited to specific areas of

  2. SecureCore Software Architecture: Trusted Management Layer (TML) Kernel Extension Module Interface Specification

    DTIC Science & Technology

    2008-01-01

    Kernel Extension Module Interface Specification by David J. Shifflett Paul C. Clark Cynthia E. Irvine Thuy D. Nguyen Timothy M. Vidas ...Timothy M. Vidas Timothy E. Levin Research Associate Research Associate...Nguyen, Timothy M. Vidas , and Timothy E. Levin 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) Naval

  3. Engineering Safety- and Security-Related Requirements for Software-Intensive Systems

    DTIC Science & Technology

    2016-06-30

    malicious Agents ( humans , systems , and the environment) • Safety Risks are kept acceptably low • The preceding Problems are Prevented, Detected...consequence mitigated • Threats (i.e., Threatening Conditions) are eliminated or mitigated: — System Vulnerabilities — Malicious Agents ( humans , systems ...Agent (Security) Malware Non-malicious Human Agent User System Developer System Operator System Maintainer Foreign Government Cracker Disgruntled

  4. Software Quality and Security in Teachers' and Students' Codes When Learning a New Programming Language

    ERIC Educational Resources Information Center

    Boutnaru, Shlomi; Hershkovitz, Arnon

    2015-01-01

    In recent years, schools (as well as universities) have added cyber security to their computer science curricula. This topic is still new for most of the current teachers, who would normally have a standard computer science background. Therefore the teachers are trained and then teaching their students what they have just learned. In order to…

  5. Countering Overseas Threats: DOD and State Need to Address Gaps in Monitoring of Security Equipment Transferred to Lebanon

    DTIC Science & Technology

    2014-02-01

    2013 5 Figure 3: Photographs of Lebanese Armed Forces Equipment Prepared for End-Use Monitoring 14 Figure 4: U.S. Officials Conducting an Inventory...of U.S.-Provided Equipment at a Lebanese Armed Forces Facility 15 Figure 5: Photographs of U.S. Equipment Provided to Lebanon’s Internal Security...Assistance to Lebanon Figure 3: Photographs of Lebanese Armed Forces Equipment Prepared for End-Use Monitoring During our visit to Beirut in July

  6. Iraq and Afghanistan: Security, Economic, and Governance Challenges to Rebuilding Efforts Should Be Addressed in U.S. Strategies

    DTIC Science & Technology

    2009-03-25

    from Iraq and the Organization of Their Activities during Their Temporary Presence in Iraq, Nov. 17, 2008. The agreement took effect Jan . 1, 2009...Stability in Afghanistan (Washington, D.C.: Jan . 2009). Figure 1: Enemy-Initiated Attacks in Iraq and Afghanistan Per Month, May 2003...Forward ( Jan . 2007 – July 2008) • President Obama outlined a new U.S. strategy in Feb. 2009 • Security forces development plan • Integrated energy plan

  7. Engineering Safety- and Security-Related Requirements for Software-Intensive Systems

    DTIC Science & Technology

    2007-05-31

    touchdown sensor behavior • Therac – 25 Radiation Therapy Machine — Timing of unusual input sequence results in unexpected output • Patriot Missile...attack. 25 Engineering Safety- & Security-Related Requirements Donald Firesmith, 31 May 2007 © 2007 Carnegie Mellon University Use Case, Use Case Path...be no greater than 25 mm (1.0 in.) and the height of the vehicle floor shall be within plus/minus 12 mm (0.5 in.) of the platform height under all

  8. National Institute of Justice (NIJ): improving the effectiveness of law enforcement via homeland security technology improvements (Keynote Address)

    NASA Astrophysics Data System (ADS)

    Morgan, John S.

    2005-05-01

    Law enforcement agencies play a key role in protecting the nation from and responding to terrorist attacks. Preventing terrorism and promoting the nation"s security is the Department of Justice"s number one strategic priority. This is reflected in its technology development efforts, as well as its operational focus. The National Institute of Justice (NIJ) is the national focal point for the research, development, test and evaluation of technology for law enforcement. In addition to its responsibilities in supporting day-to-day criminal justice needs in areas such as less lethal weapons and forensic science, NIJ also provides critical support for counter-terrorism capacity improvements in state and local law enforcement in several areas. The most important of these areas are bomb response, concealed weapons detection, communications and information technology, which together offer the greatest potential benefit with respect to improving the ability to law enforcement agencies to respond to all types of crime including terrorist acts. NIJ coordinates its activities with several other key federal partners, including the Department of Homeland Security"s Science and Technology Directorate, the Technical Support Working Group, and the Department of Defense.

  9. Sixth Warren K. Sinclair keynote address: The role of a strong regulator in safe and secure nuclear energy.

    PubMed

    Lyons, Peter B

    2011-01-01

    The history of nuclear regulation is briefly reviewed to underscore the early recognition that independence of the regulator was essential in achieving and maintaining public credibility. The current licensing process is reviewed along with the status of applications. Challenges faced by both the NRC and the industry are reviewed, such as new construction techniques involving modular construction, digital controls replacing analog circuitry, globalization of the entire supply chain, and increased security requirements. The vital area of safety culture is discussed in some detail, and its importance is emphasized.

  10. Secure Design Patterns

    DTIC Science & Technology

    2009-10-01

    access to the parent (s) or children of its corresponding locked node. It only contains the data specific to the node itself, that is, the data that... adopted by software development or- ganizations. While there are a number of best practices available to address the issue of software security... parent − does not gain control of a process possessing elevated privileges, thereby limiting the damage that the adversary can inflict • Additional

  11. Keynote Address "Preserving the Past to Secure the Future": The Center for Indian Education--The Next 50 Years

    ERIC Educational Resources Information Center

    Roessel, Monty

    2011-01-01

    This article presents the keynote address given by Dr. Monty Roessel, Superintendent of the Rough Rock (Navajo) Community School, at the Center for Indian Education Relaunch Celebration held on the ASU Tempe campus May 6, 2011. Here, the author reflects on the legacy of the Center, co-founded by his father, Dr. Robert A. (Bob) Roessel, Jr., who…

  12. Improving Security in Software Acquisition and Runtime Integration With Data Retention Specifications

    DTIC Science & Technology

    2016-04-30

    confidentiality for mission data, and/or revelations about private data related to service members and their families . Solutions are needed to assist...world IT systems using imitation but statistically accurate synthetic data. Our language aims to address dynamically composable, multi-party systems

  13. Optimizing the Performance of Radionuclide Identification Software in the Hunt for Nuclear Security Threats

    SciTech Connect

    Fotion, Katherine A.

    2016-08-18

    The Radionuclide Analysis Kit (RNAK), my team’s most recent nuclide identification software, is entering the testing phase. A question arises: will removing rare nuclides from the software’s library improve its overall performance? An affirmative response indicates fundamental errors in the software’s framework, while a negative response confirms the effectiveness of the software’s key machine learning algorithms. After thorough testing, I found that the performance of RNAK cannot be improved with the library choice effect, thus verifying the effectiveness of RNAK’s algorithms—multiple linear regression, Bayesian network using the Viterbi algorithm, and branch and bound search.

  14. Space Station Software Issues

    NASA Technical Reports Server (NTRS)

    Voigt, S. (Editor); Beskenis, S. (Editor)

    1985-01-01

    Issues in the development of software for the Space Station are discussed. Software acquisition and management, software development environment, standards, information system support for software developers, and a future software advisory board are addressed.

  15. Final Environmental Assessment Addressing Construction, Operation, and Maintenance of a Security Forces Complex at Kirtland Air Force Base, New Mexico

    DTIC Science & Technology

    2010-07-01

    currently valid OMB control number. 1. REPORT DATE JUL 2010 2. REPORT TYPE 3. DATES COVERED 00-00-2010 to 00-00-2010 4. TITLE AND SUBTITLE...Regulations. Date cc: Attachment ROBERT L. MANESS, Colonel, USAF Commander FINAL ENVIRONMENTAL ASSESSMENT ADDRESSING CONSTRUCTION...effective date of the designation of that area for the 8-hour O3 NAAQS. The effective designation date for most areas was June 15, 2004. The USEPA

  16. Secure automated request processing software for DataGrid certification authorities

    NASA Astrophysics Data System (ADS)

    Shamardin, L.; Kruglov, N.; Martucci, P.

    2003-04-01

    Typical Public Key Infrastructure (Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework, IETF Network Working Group, RFC 2527, 1999) includes a Certification Authority (CA) and several Registration Authorities (RA). In this report we present our solution for building the CA. Our goal was to make it secure, robust and as automated as possible. In our solution the message exchange between CAs and RAs uses signed e-mail. Supported features include issuing and revocation of certificates, information services and certificate renewal. All operations requiring a private key of the CA are held on the separate offline signing host and are fully controlled by an operator, making the CA attack proof.

  17. Software Quality Tools

    DTIC Science & Technology

    1988-05-04

    data base name mate qa tool - tare and lcsc 1 * no. instruments * $ ftim * instrument name * sensor * system designator * 1 * no. nouns* ac signal...PROCUREMENT INSTRUMENT IDENTIFICATION NUMBER ORGANIZATION (if applicable) Fk ADDRESS (City, State, and ZIP Code) 10. SOURCE OF FUNDING NUMBERS PROGRAM...PROJECT TASK WORK UNIT ELEMENT NO. NO. NO ACCESSION NO. 11. TITLE (Include Security Classification) Software Quality Tools 12. PERSONAL AUTHOR(S

  18. Key Considerations of Community, Scalability, Supportability, Security, and Functionality in Selecting Open-Source Software in California Universities as Perceived by Technology Leaders

    ERIC Educational Resources Information Center

    Britton, Todd Alan

    2014-01-01

    Purpose: The purpose of this study was to examine the key considerations of community, scalability, supportability, security, and functionality for selecting open-source software in California universities as perceived by technology leaders. Methods: After a review of the cogent literature, the key conceptual framework categories were identified…

  19. Toward improved software security training using a cyber warfare opposing force (CW OPFOR): the knowledge base design

    NASA Astrophysics Data System (ADS)

    Stytz, Martin R.; Banks, Sheila B.

    2005-03-01

    "Train the way you will fight" has been a guiding principle for military training and has served the warfighter well as evidenced by numerous successful operations over the last decade. This need for realistic training for all combatants has been recognized and proven by the warfighter and continues to guide military training. However, to date, this key training principle has not been applied fully in the arena of cyberwarfare due to the lack of realistic, cost effective, reasonable, and formidable cyberwarfare opponents. Recent technological advances, improvements in the capability of computer-generated forces (CGFs) to emulate human behavior, and current results in research in information assurance and software protection, coupled with increasing dependence upon information superiority, indicate that the cyberbattlespace will be a key aspect of future conflict and that it is time to address the cyberwarfare training shortfall. To address the need for a cyberwarfare training and defensive testing capability, we propose research and development to yield a prototype computerized, semi-autonomous (SAF) red team capability. We term this capability the Cyber Warfare Opposing Force (CW OPFOR). There are several technologies that are now mature enough to enable, for the first time, the development of this powerful, effective, high fidelity CW OPFOR. These include improved knowledge about cyberwarfare attack and defense, improved techniques for assembling CGFs, improved techniques for capturing and expressing knowledge, software technologies that permit effective rapid prototyping to be effectively used on large projects, and the capability for effective hybrid reasoning systems. Our development approach for the CW OPFOR lays out several phases in order to address these requirements in an orderly manner and to enable us to test the capabilities of the CW OPFOR and exploit them as they are developed. We have completed the first phase of the research project, which

  20. Final Report "CoDeveloper: A Secure Web-Invocable Collaborative Software Development Tool"

    SciTech Connect

    Svetlana Shasharina

    2005-11-27

    Modern scientific simulations generate large datasets at remote sites with appropriate resources (supercomputers and clusters). Bringing these large datasets to the computers of all members of a distributed team of collaborators is often impractical or even impossible: there might not be enough bandwidth, storage capacity or appropriate data analysis and visualization tools locally available. To address the need to access remote data, avoid heavy Internet traffic and unnecessary data replication, Tech-X Corporation developed a tool, which allows running remote data visualization collaboratively and sharing the visualization objects as they get generated. The size of these objects is typically much smaller than the size of the original data. For marketing reasons, we renamed the product CoReViz. The detailed information on this product can be found at http://www.txcorp.com/products/CoReViz/. We installed and tested this tool at multiple machines at Tech-X and on seaborg at NERSC. In what follows, we give a detailed description of this tool.

  1. Quality and security - They work together

    NASA Technical Reports Server (NTRS)

    Carr, Richard; Tynan, Marie; Davis, Russell

    1991-01-01

    This paper describes the importance of considering computer security as part of software quality assurance practice. The intended audience is primarily those professionals involved in the design, development, and quality assurance of software. Many issues are raised which point to the need ultimately for integration of quality assurance and computer security disciplines. To address some of the issues raised, the NASA Automated Information Security program is presented as a model which may be used for improving interactions between the quality assurance and computer security community of professionals.

  2. Beyond engagement in working with children in eight Nairobi slums to address safety, security, and housing: Digital tools for policy and community dialogue.

    PubMed

    Mitchell, Claudia; Chege, Fatuma; Maina, Lucy; Rothman, Margot

    2016-01-01

    This article studies the ways in which researchers working in the area of health and social research and using participatory visual methods might extend the reach of participant-generated creations such as photos and drawings to engage community leaders and policy-makers. Framed as going 'beyond engagement', the article explores the idea of the production of researcher-led digital dialogue tools, focusing on one example, based on a series of visual arts-based workshops with children from eight slums in Nairobi addressing issues of safety, security, and well-being in relation to housing. The authors conclude that there is a need for researchers to embark upon the use of visual tools to expand the life and use of visual productions, and in particular to ensure meaningful participation of communities in social change.

  3. NASA's Approach to Software Assurance

    NASA Technical Reports Server (NTRS)

    Wetherholt, Martha

    2015-01-01

    NASA defines software assurance as: the planned and systematic set of activities that ensure conformance of software life cycle processes and products to requirements, standards, and procedures via quality, safety, reliability, and independent verification and validation. NASA's implementation of this approach to the quality, safety, reliability, security and verification and validation of software is brought together in one discipline, software assurance. Organizationally, NASA has software assurance at each NASA center, a Software Assurance Manager at NASA Headquarters, a Software Assurance Technical Fellow (currently the same person as the SA Manager), and an Independent Verification and Validation Organization with its own facility. An umbrella risk mitigation strategy for safety and mission success assurance of NASA's software, software assurance covers a wide area and is better structured to address the dynamic changes in how software is developed, used, and managed, as well as it's increasingly complex functionality. Being flexible, risk based, and prepared for challenges in software at NASA is essential, especially as much of our software is unique for each mission.

  4. Software Security Knowledge: Training

    DTIC Science & Technology

    2011-05-01

    t wUI prd:J- Otto.~’" tllt" mpuc IS ~":lhd. i!t.l) ~011tmuc rubc)()IUt chc-( dfc • cc"’~lt" (uiUR". IX"-."’klpt..’l" o n 1lo,o CWE--362: aJd I bvC’f

  5. Supporting Secure Software Operations

    DTIC Science & Technology

    2011-05-01

    May 2011, Salt Lake City, UT. Sponsored in part by the USAF. U.S. Government or Federal Rights License 14. ABSTRACT 15. SUBJECT TERMS 16... Government and Information Technology Su BJECT: Guidance on the Federal Desktop Core Configuration (FDCC) In March 2007. OMB Memorandum M~7- l l...understood that many managed e.~vironments lhroughout lhe Federal government implement service packs shortly after their release. \\\\’bile ne.u-tenn

  6. Addressing the impact of environmental uncertainty in plankton model calibration with a dedicated software system: the Marine Model Optimization Testbed (MarMOT)

    NASA Astrophysics Data System (ADS)

    Hemmings, J. C. P.; Challenor, P. G.

    2011-08-01

    A wide variety of different marine plankton system models have been coupled with ocean circulation models, with the aim of understanding and predicting aspects of environmental change. However, an ability to make reliable inferences about real-world processes from the model behaviour demands a quantitative understanding of model error that remains elusive. Assessment of coupled model output is inhibited by relatively limited observing system coverage of biogeochemical components. Any direct assessment of the plankton model is further inhibited by uncertainty in the physical state. Furthermore, comparative evaluation of plankton models on the basis of their design is inhibited by the sensitivity of their dynamics to many adjustable parameters. The Marine Model Optimization Testbed is a new software tool designed for rigorous analysis of plankton models in a multi-site 1-D framework, in particular to address uncertainty issues in model assessment. A flexible user interface ensures its suitability to more general inter-comparison, sensitivity and uncertainty analyses, including model comparison at the level of individual processes, and to state estimation for specific locations. The principal features of MarMOT are described and its application to model calibration is demonstrated by way of a set of twin experiments, in which synthetic observations are assimilated in an attempt to recover the true parameter values of a known system. The experimental aim is to investigate the effect of different misfit weighting schemes on parameter recovery in the presence of error in the plankton model's environmental input data. Simulated errors are derived from statistical characterizations of the mixed layer depth, the horizontal flux divergences of the biogeochemical tracers and the initial state. Plausible patterns of uncertainty in these data are shown to produce strong temporal and spatial variability in the expected simulation error over an annual cycle, indicating

  7. Addressing the impact of environmental uncertainty in plankton model calibration with a dedicated software system: the Marine Model Optimization Testbed (MarMOT 1.1 alpha)

    NASA Astrophysics Data System (ADS)

    Hemmings, J. C. P.; Challenor, P. G.

    2012-04-01

    A wide variety of different plankton system models have been coupled with ocean circulation models, with the aim of understanding and predicting aspects of environmental change. However, an ability to make reliable inferences about real-world processes from the model behaviour demands a quantitative understanding of model error that remains elusive. Assessment of coupled model output is inhibited by relatively limited observing system coverage of biogeochemical components. Any direct assessment of the plankton model is further inhibited by uncertainty in the physical state. Furthermore, comparative evaluation of plankton models on the basis of their design is inhibited by the sensitivity of their dynamics to many adjustable parameters. Parameter uncertainty has been widely addressed by calibrating models at data-rich ocean sites. However, relatively little attention has been given to quantifying uncertainty in the physical fields required by the plankton models at these sites, and tendencies in the biogeochemical properties due to the effects of horizontal processes are often neglected. Here we use model twin experiments, in which synthetic data are assimilated to estimate a system's known "true" parameters, to investigate the impact of error in a plankton model's environmental input data. The experiments are supported by a new software tool, the Marine Model Optimization Testbed, designed for rigorous analysis of plankton models in a multi-site 1-D framework. Simulated errors are derived from statistical characterizations of the mixed layer depth, the horizontal flux divergence tendencies of the biogeochemical tracers and the initial state. Plausible patterns of uncertainty in these data are shown to produce strong temporal and spatial variability in the expected simulation error variance over an annual cycle, indicating variation in the significance attributable to individual model-data differences. An inverse scheme using ensemble-based estimates of the

  8. Achieving Better Buying Power through Acquisition of Open Architecture Software Systems. Volume 2 Understanding Open Architecture Software Systems: Licensing and Security Research and Recommendations

    DTIC Science & Technology

    2016-01-06

    interface. Popular Web application systems like the  Firefox Web browser may be scripted to provide animated user interfaces coded in  languages  like...thousands (even tens of  thousands) source lines of code. However, custom intra­application software  languages   may also be designed to create domain­specific... languages  (e.g., XUL for Firefox Web  browser [Fel07]) for rapid construction of persistent or disposable software functions (or  macros), which

  9. A Single Case Design Evaluation of a Software and Tutor Intervention Addressing Emotion Recognition and Social Interaction in Four Boys with ASD

    ERIC Educational Resources Information Center

    Lacava, Paul G.; Rankin, Ana; Mahlios, Emily; Cook, Katie; Simpson, Richard L.

    2010-01-01

    Many students with Autism Spectrum Disorders (ASD) have delays learning to recognize emotions. Social behavior is also challenging, including initiating interactions, responding to others, developing peer relationships, and so forth. In this single case design study we investigated the relationship between use of computer software ("Mind Reading:…

  10. How agro-ecological research helps to address food security issues under new IPM and pesticide reduction policies for global crop production systems.

    PubMed

    E Birch, A Nicholas; Begg, Graham S; Squire, Geoffrey R

    2011-06-01

    Drivers behind food security and crop protection issues are discussed in relation to food losses caused by pests. Pests globally consume food estimated to feed an additional one billion people. Key drivers include rapid human population increase, climate change, loss of beneficial on-farm biodiversity, reduction in per capita cropped land, water shortages, and EU pesticide withdrawals under policies relating to 91/414 EEC. IPM (Integrated Pest Management) will be compulsory for all EU agriculture by 2014 and is also being widely adopted globally. IPM offers a 'toolbox' of complementary crop- and region-specific crop protection solutions to address these rising pressures. IPM aims for more sustainable solutions by using complementary technologies. The applied research challenge now is to reduce selection pressure on single solution strategies, by creating additive/synergistic interactions between IPM components. IPM is compatible with organic, conventional, and GM cropping systems and is flexible, allowing regional fine-tuning. It reduces pests below economic thresholds utilizing key 'ecological services', particularly biocontrol. A recent global review demonstrates that IPM can reduce pesticide use and increase yields of most of the major crops studied. Landscape scale 'ecological engineering', together with genetic improvement of new crop varieties, will enhance the durability of pest-resistant cultivars (conventional and GM). IPM will also promote compatibility with semiochemicals, biopesticides, precision pest monitoring tools, and rapid diagnostics. These combined strategies are urgently needed and are best achieved via multi-disciplinary research, including complex spatio-temporal modelling at farm and landscape scales. Integrative and synergistic use of existing and new IPM technologies will help meet future food production needs more sustainably in developed and developing countries, in an era of reduced pesticide availability. Current IPM research gaps are

  11. Idaho National Laboratory/Nuclear Power Industry Strategic Plan for Light Water Reactor Research and Development An Industry-Government Partnership to Address Climate Change and Energy Security

    SciTech Connect

    Electric Power Research

    2007-11-01

    The dual issues of energy security and climate change mitigation are driving a renewed debate over how to best provide safe, secure, reliable and environmentally responsible electricity to our nation. The combination of growing energy demand and aging electricity generation infrastructure suggests major new capacity additions will be required in the years ahead.

  12. Complexity, Systems, and Software

    DTIC Science & Technology

    2014-08-14

    2014 Carnegie Mellon University Complexity, Systems, and Software Software Engineering Institute Carnegie Mellon University Pittsburgh, PA...NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 8...for the operation of the Software Engineering Institute, a federally funded research and development center sponsored by the United States

  13. SecureQEMU: Emulation-Based Software Protection Providing Encrypted Code Execution and Page Granularity Code Signing

    DTIC Science & Technology

    2008-12-01

    2.1.4 Summary . . . . . . . . . . . . . . . . . . . . . 16 2.2 Introduction to Backdoors . . . . . . . . . . . . . . . . . 16 2.2.1 Backdoor Passwords... 16 2.2.2 Standalone Backdoors . . . . . . . . . . . . . . 18 2.2.3 Exploits vs. Backdoors . . . . . . . . . . . . . . 20...Randomization . . . . . . . . . . . 15 SAM Security Accounts Manager . . . . . . . . . . . . . . . . . 16 DB Database

  14. Content Addressable Memory Project

    DTIC Science & Technology

    1990-11-01

    The Content Addressable M1-emory Project consists of the development of several experimental software systems on an AMT Distributed Array Processor...searching (database) compiler algorithms memory management other systems software) Linear C is an unlovely hybrid language which imports the CAM...memory from AMT’s operating system for the DAP; how- ever, other than this limitation, the memory management routines work exactly as their C counterparts

  15. Los Alamos National Security, LLC Request for Information on how industry may partner with the Laboratory on KIVA software.

    SciTech Connect

    Mcdonald, Kathleen Herrera

    2016-02-29

    KIVA is a family of Fortran-based computational fluid dynamics software developed by LANL. The software predicts complex fuel and air flows as well as ignition, combustion, and pollutant-formation processes in engines. The KIVA models have been used to understand combustion chemistry processes, such as auto-ignition of fuels, and to optimize diesel engines for high efficiency and low emissions. Fuel economy is heavily dependent upon engine efficiency, which in turn depends to a large degree on how fuel is burned within the cylinders of the engine. Higher in-cylinder pressures and temperatures lead to increased fuel economy, but they also create more difficulty in controlling the combustion process. Poorly controlled and incomplete combustion can cause higher levels of emissions and lower engine efficiencies.

  16. Green Secure Processors: Towards Power-Efficient Secure Processor Design

    NASA Astrophysics Data System (ADS)

    Chhabra, Siddhartha; Solihin, Yan

    With the increasing wealth of digital information stored on computer systems today, security issues have become increasingly important. In addition to attacks targeting the software stack of a system, hardware attacks have become equally likely. Researchers have proposed Secure Processor Architectures which utilize hardware mechanisms for memory encryption and integrity verification to protect the confidentiality and integrity of data and computation, even from sophisticated hardware attacks. While there have been many works addressing performance and other system level issues in secure processor design, power issues have largely been ignored. In this paper, we first analyze the sources of power (energy) increase in different secure processor architectures. We then present a power analysis of various secure processor architectures in terms of their increase in power consumption over a base system with no protection and then provide recommendations for designs that offer the best balance between performance and power without compromising security. We extend our study to the embedded domain as well. We also outline the design of a novel hybrid cryptographic engine that can be used to minimize the power consumption for a secure processor. We believe that if secure processors are to be adopted in future systems (general purpose or embedded), it is critically important that power issues are considered in addition to performance and other system level issues. To the best of our knowledge, this is the first work to examine the power implications of providing hardware mechanisms for security.

  17. Strengthening Software Authentication with the ROSE Software Suite

    SciTech Connect

    White, G

    2006-06-15

    Many recent nonproliferation and arms control software projects include a software authentication regime. These include U.S. Government-sponsored projects both in the United States and in the Russian Federation (RF). This trend toward requiring software authentication is only accelerating. Demonstrating assurance that software performs as expected without hidden ''backdoors'' is crucial to a project's success. In this context, ''authentication'' is defined as determining that a software package performs only its intended purpose and performs said purpose correctly and reliably over the planned duration of an agreement. In addition to visual inspections by knowledgeable computer scientists, automated tools are needed to highlight suspicious code constructs, both to aid visual inspection and to guide program development. While many commercial tools are available for portions of the authentication task, they are proprietary and not extensible. An open-source, extensible tool can be customized to the unique needs of each project (projects can have both common and custom rules to detect flaws and security holes). Any such extensible tool has to be based on a complete language compiler. ROSE is precisely such a compiler infrastructure developed within the Department of Energy (DOE) and targeted at the optimization of scientific applications and user-defined libraries within large-scale applications (typically applications of a million lines of code). ROSE is a robust, source-to-source analysis and optimization infrastructure currently addressing large, million-line DOE applications in C and C++ (handling the full C, C99, C++ languages and with current collaborations to support Fortran90). We propose to extend ROSE to address a number of security-specific requirements, and apply it to software authentication for nonproliferation and arms control projects.

  18. Behavior Computation for Smart Grid Software Analysis

    SciTech Connect

    Linger, Richard C; Pleszkoch, Mark G; Prowell, Stacy J; Sayre, Kirk D

    2011-01-01

    Smart grid embedded software is subject to intrusion and compromise with potentially serious consequences. Current methods of cybersecurity analysis are increasingly challenged by the scope the problem. Oak Ridge National Laboratory (ORNL) is pioneering the new technology of software behavior computation to help address these risks. Software behavior computation and its instantiation in Function eXtraction (FX) systems apply mathematical foundations of denotational semantics to compute the behavior of software in all circumstances of use. Research has shown how to make the effects of recursion-theoretic limitations on this process arbitrarily small. Behavior computation operates on the functional semantics of programs, and is not subject to the limitations of syntactic recognition or testing. ORNL is applying FX technology to help evaluate cyber security properties in smart grid systems, with initial focus on vulnerabilities in embedded software that controls smart meters.

  19. Software Update.

    ERIC Educational Resources Information Center

    Currents, 2000

    2000-01-01

    A chart of 40 alumni-development database systems provides information on vendor/Web site, address, contact/phone, software name, price range, minimum suggested workstation/suggested server, standard reports/reporting tools, minimum/maximum record capacity, and number of installed sites/client type. (DB)

  20. Software Patents.

    ERIC Educational Resources Information Center

    Burke, Edmund B.

    1994-01-01

    Outlines basic patent law information that pertains to computer software programs. Topics addressed include protection in other countries; how to obtain patents; kinds of patents; duration; classes of patentable subject matter, including machines and processes; patentability searches; experimental use prior to obtaining a patent; and patent…

  1. Antiterrorist Software

    NASA Technical Reports Server (NTRS)

    Clark, David A.

    1998-01-01

    In light of the escalation of terrorism, the Department of Defense spearheaded the development of new antiterrorist software for all Government agencies by issuing a Broad Agency Announcement to solicit proposals. This Government-wide competition resulted in a team that includes NASA Lewis Research Center's Computer Services Division, who will develop the graphical user interface (GUI) and test it in their usability lab. The team launched a program entitled Joint Sphere of Security (JSOS), crafted a design architecture (see the following figure), and is testing the interface. This software system has a state-ofthe- art, object-oriented architecture, with a main kernel composed of the Dynamic Information Architecture System (DIAS) developed by Argonne National Laboratory. DIAS will be used as the software "breadboard" for assembling the components of explosions, such as blast and collapse simulations.

  2. Hybrid architecture for building secure sensor networks

    NASA Astrophysics Data System (ADS)

    Owens, Ken R., Jr.; Watkins, Steve E.

    2012-04-01

    Sensor networks have various communication and security architectural concerns. Three approaches are defined to address these concerns for sensor networks. The first area is the utilization of new computing architectures that leverage embedded virtualization software on the sensor. Deploying a small, embedded virtualization operating system on the sensor nodes that is designed to communicate to low-cost cloud computing infrastructure in the network is the foundation to delivering low-cost, secure sensor networks. The second area focuses on securing the sensor. Sensor security components include developing an identification scheme, and leveraging authentication algorithms and protocols that address security assurance within the physical, communication network, and application layers. This function will primarily be accomplished through encrypting the communication channel and integrating sensor network firewall and intrusion detection/prevention components to the sensor network architecture. Hence, sensor networks will be able to maintain high levels of security. The third area addresses the real-time and high priority nature of the data that sensor networks collect. This function requires that a quality-of-service (QoS) definition and algorithm be developed for delivering the right data at the right time. A hybrid architecture is proposed that combines software and hardware features to handle network traffic with diverse QoS requirements.

  3. Environmental Security: United Nations Doctrine for Managing Environmental Issues in Military Actions. Volume 2. Selected International Treaties, Conventions and Protocols that Address Environment-Related Issues. Selected International Organizations Relevant to Environmental Security

    DTIC Science & Technology

    2000-07-01

    including, but not be limited to: 1) The common seas; 2) Land-resources and land-based pollution; 3) Tropical rain forests ; 4) Air quality; and 5...ENVIRONMENTAL SECURITY THREATS 1. Ozone layer depletion 2. Global climate change (rising sea level, changing rain distribution) due to greenhouse gas...and earthquake-prone zones) and in ecologically sensitive zones (certain forest , desert, wetland and marine environments) 20. Human migration as

  4. Lemnos Interoperable Security Program

    SciTech Connect

    Stewart, John; Halbgewachs, Ron; Chavez, Adrian; Smith, Rhett; Teumim, David

    2012-01-31

    The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relating to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or tunnels , to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock

  5. Reusable Security Requirements

    DTIC Science & Technology

    2016-06-13

    terms of subfactor of security quality factor, asset, threat, attacker, and situation • Standard measures for security subfactors • Parameterized...2003 by Carnegie Mellon University page 5 Carnegie Mellon Software Engineering Institute Types of Security Requirements Use Quality Model of factors...subfactors, criteria, and measures. Small number of Security Quality Subfactors: • Access Control (Identification, Authentication, and Authorization

  6. Addressing healthcare.

    PubMed

    Daly, Rich

    2013-02-11

    Though President Barack Obama has rarely made healthcare references in his State of the Union addresses, health policy experts are hoping he changes that strategy this year. "The question is: Will he say anything? You would hope that he would, given that that was the major issue he started his presidency with," says Dr. James Weinstein, left, of the Dartmouth-Hitchcock health system.

  7. Software Configuration Management Guidebook

    NASA Technical Reports Server (NTRS)

    1995-01-01

    The growth in cost and importance of software to NASA has caused NASA to address the improvement of software development across the agency. One of the products of this program is a series of guidebooks that define a NASA concept of the assurance processes which are used in software development. The Software Assurance Guidebook, SMAP-GB-A201, issued in September, 1989, provides an overall picture of the concepts and practices of NASA in software assurance. Lower level guidebooks focus on specific activities that fall within the software assurance discipline, and provide more detailed information for the manager and/or practitioner. This is the Software Configuration Management Guidebook which describes software configuration management in a way that is compatible with practices in industry and at NASA Centers. Software configuration management is a key software development process, and is essential for doing software assurance.

  8. Inaugural address

    NASA Astrophysics Data System (ADS)

    Joshi, P. S.

    2014-03-01

    From jets to cosmos to cosmic censorship P S Joshi Tata Institute of Fundamental Research, Homi Bhabha Road, Colaba, Mumbai 400005, India E-mail: psj@tifr.res.in 1. Introduction At the outset, I should like to acknowledge that part of the title above, which tries to capture the main flavour of this meeting, and has been borrowed from one of the plenary talks at the conference. When we set out to make the programme for the conference, we thought of beginning with observations on the Universe, but then we certainly wanted to go further and address deeper questions, which were at the very foundations of our inquiry, and understanding on the nature and structure of the Universe. I believe, we succeeded to a good extent, and it is all here for you in the form of these Conference Proceedings, which have been aptly titled as 'Vishwa Mimansa', which could be possibly translated as 'Analysis of the Universe'! It is my great pleasure and privilege to welcome you all to the ICGC-2011 meeting at Goa. The International Conference on Gravitation and Cosmology (ICGC) series of meetings are being organized by the Indian Association for General Relativity and Gravitation (IAGRG), and the first such meeting was planned and conducted in Goa in 1987, with subsequent meetings taking place at a duration of about four years at various locations in India. So, it was thought appropriate to return to Goa to celebrate the 25 years of the ICGC meetings. The recollections from that first meeting have been recorded elsewhere here in these Proceedings. The research and teaching on gravitation and cosmology was initiated quite early in India, by V V Narlikar at the Banares Hindu University, and by N R Sen in Kolkata in the 1930s. In course of time, this activity grew and gained momentum, and in early 1969, at the felicitation held for the 60 years of V V Narlikar at a conference in Ahmedabad, P C Vaidya proposed the formation of the IAGRG society, with V V Narlikar being the first President. This

  9. Convocation address.

    PubMed

    Kakodkar, A

    1999-07-01

    This convocation addressed by Dr. Anil Kakodkar focuses on the challenges faced by graduating students. In his speech, he emphasized the high level of excellence achieved by the industrial sector; however, he noted that there has been a loss of initiative in maximizing value addition, which was worsened by an increasing population pressure. In facing a stiff competition in the external and domestic markets, it is imperative to maximize value addition within the country in a competitive manner and capture the highest possible market share. To achieve this, high-quality human resources are central. Likewise, family planning programs should become more effective and direct available resources toward national advantage. To boost the domestic market, he suggests the need to search for strengths to achieve leadership position in those areas. First, an insight into the relationship between the lifestyles and the needs of our people and the natural resource endowment must be gained. Second, remodeling of the education system must be undertaken to prepare the people for adding the necessary innovative content in our value addition activities. Lastly, Dr. Kakodkar emphasizes the significance of developing a strong bond between parents and children to provide a sound foundation and allow the education system to grow upon it.

  10. Opening Address

    NASA Astrophysics Data System (ADS)

    Yamada, T.

    2014-12-01

    Ladies and Gentlemen, it is my great honor and pleasure to present an opening address of the 3rd International Workshop on "State of the Art in Nuclear Cluster Physics"(SOTANCP3). On the behalf of the organizing committee, I certainly welcome all your visits to KGU Kannai Media Center belonging to Kanto Gakuin University, and stay in Yokohama. In particular, to whom come from abroad more than 17 countries, I would appreciate your participations after long long trips from your homeland to Yokohama. The first international workshop on "State of the Art in Nuclear Cluster Physics", called SOTANCP, was held in Strasbourg, France, in 2008, and the second one was held in Brussels, Belgium, in 2010. Then the third workshop is now held in Yokohama. In this period, we had the traditional 10th cluster conference in Debrecen, Hungary, in 2012. Thus we have the traditional cluster conference and SOTANCP, one after another, every two years. This obviously shows our field of nuclear cluster physics is very active and flourishing. It is for the first time in about 10 years to hold the international workshop on nuclear cluster physics in Japan, because the last cluster conference held in Japan was in Nara in 2003, about 10 years ago. The president in Nara conference was Prof. K. Ikeda, and the chairpersons were Prof. H. Horiuchi and Prof. I. Tanihata. I think, quite a lot of persons in this room had participated at the Nara conference. Since then, about ten years passed. So, this workshop has profound significance for our Japanese colleagues. The subjects of this workshop are to discuss "the state of the art in nuclear cluster physics" and also discuss the prospect of this field. In a couple of years, we saw significant progresses of this field both in theory and in experiment, which have brought better and new understandings on the clustering aspects in stable and unstable nuclei. I think, the concept of clustering has been more important than ever. This is true also in the

  11. Presidential address.

    PubMed

    Vohra, U

    1993-07-01

    The Secretary of India's Ministry of Health and Family Welfare serves as Chair of the Executive Council of the International Institute for Population Sciences in Bombay. She addressed its 35th convocation in 1993. Global population stands at 5.43 billion and increases by about 90 million people each year. 84 million of these new people are born in developing countries. India contributes 17 million new people annually. The annual population growth rate in India is about 2%. Its population size will probably surpass 1 billion by the 2000. High population growth rates are a leading obstacle to socioeconomic development in developing countries. Governments of many developing countries recognize this problem and have expanded their family planning programs to stabilize population growth. Asian countries that have done so and have completed the fertility transition include China, Japan, Singapore, South Korea, and Thailand. Burma, Malaysia, North Korea, Sri Lanka, and Vietnam have not yet completed the transition. Afghanistan, Bangladesh, Iran, Nepal, and Pakistan are half-way through the transition. High population growth rates put pressure on land by fragmenting finite land resources, increasing the number of landless laborers and unemployment, and by causing considerable rural-urban migration. All these factors bring about social stress and burden civic services. India has reduced its total fertility rate from 5.2 to 3.9 between 1971 and 1991. Some Indian states have already achieved replacement fertility. Considerable disparity in socioeconomic development exists among states and districts. For example, the states of Bihar, Madhya Pradesh, Rajasthan, and Uttar Pradesh have female literacy rates lower than 27%, while that for Kerala is 87%. Overall, infant mortality has fallen from 110 to 80 between 1981 and 1990. In Uttar Pradesh, it has fallen from 150 to 98, while it is at 17 in Kerala. India needs innovative approaches to increase contraceptive prevalence rates

  12. School Security Roundtable, 2000.

    ERIC Educational Resources Information Center

    Agron, Joe, Ed.; Anderson, Larry, Ed.

    A roundtable discussion is presented revealing what experts say about school security problems and how they are being addressed. Also included are trend data from the School Security 2000 survey revealing top security concerns, strategies, and security equipment preferences; how site surveys can be used to keep schools safe; and how creating a…

  13. Perspective on Software Reuse

    DTIC Science & Technology

    1988-09-01

    structured systems analysis [Gane & Sarson; McMenamin & Palmer] which tries to separate the "logical system" requirements from the "physical aspects...6. Lewis. T.G., Apple Macintosh Software, Software Reviews, IEEE Software, March 1985, pp. 89-92. 7. McMenamin S.M. and Palmer, J.F., Essential...lb. RESTRICTIVE MARKINGS NONE 2a. SECURITY CLASSIFICATION AUTHORITY N/A 2b. OECLASSIFICATION/OOWNGRAOING SCHEDULE 3. OlSTRIBUTION/AVAILABILITY

  14. Software assurance standard

    NASA Technical Reports Server (NTRS)

    1992-01-01

    This standard specifies the software assurance program for the provider of software. It also delineates the assurance activities for the provider and the assurance data that are to be furnished by the provider to the acquirer. In any software development effort, the provider is the entity or individual that actually designs, develops, and implements the software product, while the acquirer is the entity or individual who specifies the requirements and accepts the resulting products. This standard specifies at a high level an overall software assurance program for software developed for and by NASA. Assurance includes the disciplines of quality assurance, quality engineering, verification and validation, nonconformance reporting and corrective action, safety assurance, and security assurance. The application of these disciplines during a software development life cycle is called software assurance. Subsequent lower-level standards will specify the specific processes within these disciplines.

  15. Welcome Address

    NASA Astrophysics Data System (ADS)

    Kiku, H.

    2014-12-01

    Ladies and Gentlemen, It is an honor for me to present my welcome address in the 3rd International Workshop on "State of the Art in Nuclear Cluster Physics"(SOTANCP3), as the president of Kanto Gakuin University. Particularly to those from abroad more than 17 countries, I am very grateful for your participation after long long trips from your home to Yokohama. On the behalf of the Kanto Gakuin University, we certainly welcome your visit to our university and stay in Yokohama. First I would like to introduce Kanto Gakuin University briefly. Kanto Gakuin University, which is called KGU, traces its roots back to the Yokohama Baptist Seminary founded in 1884 in Yamate, Yokohama. The seminary's founder was Albert Arnold Bennett, alumnus of Brown University, who came to Japan from the United States to establish a theological seminary for cultivating and training Japanese missionaries. Now KGU is a major member of the Kanto Gakuin School Corporation, which is composed of two kindergartens, two primary schools, two junior high schools, two senior high schools as well as KGU. In this university, we have eight faculties with graduate school including Humanities, Economics, Law, Sciences and Engineering, Architecture and Environmental Design, Human and Environmental Studies, Nursing, and Law School. Over eleven thousands students are currently learning in our university. By the way, my major is the geotechnical engineering, and I belong to the faculty of Sciences and Engineering in my university. Prof. T. Yamada, here, is my colleague in the same faculty. I know that the nuclear physics is one of the most active academic fields in the world. In fact, about half of the participants, namely, more than 50 scientists, come from abroad in this conference. Moreover, I know that the nuclear physics is related to not only the other fundamental physics such as the elementary particle physics and astrophysics but also chemistry, medical sciences, medical cares, and radiation metrology

  16. Incidents of Security Concern

    SciTech Connect

    Atencio, Julian J.

    2014-05-01

    This presentation addresses incidents of security concern and an incident program for addressing them. It addresses the phases of an inquiry, and it divides incidents into categories based on severity and interest types based on whether security, management, or procedural interests are involved. A few scenarios are then analyzed according to these breakdowns.

  17. Addressing the Challenges of Campus Security.

    ERIC Educational Resources Information Center

    American Association of State Colleges and Universities, Washington, DC.

    Asserting that no campus, from those located in large urban settings to institutions nestled in small rural environments, is immune to being a potential target of domestic or international terrorism, this publication offers information and resources beneficial to presidents, chancellors, and their leadership teams as they review both prevention…

  18. Space Station Software Recommendations

    NASA Technical Reports Server (NTRS)

    Voigt, S. (Editor)

    1985-01-01

    Four panels of invited experts and NASA representatives focused on the following topics: software management, software development environment, languages, and software standards. Each panel deliberated in private, held two open sessions with audience participation, and developed recommendations for the NASA Space Station Program. The major thrusts of the recommendations were as follows: (1) The software management plan should establish policies, responsibilities, and decision points for software acquisition; (2) NASA should furnish a uniform modular software support environment and require its use for all space station software acquired (or developed); (3) The language Ada should be selected for space station software, and NASA should begin to address issues related to the effective use of Ada; and (4) The space station software standards should be selected (based upon existing standards where possible), and an organization should be identified to promulgate and enforce them. These and related recommendations are described in detail in the conference proceedings.

  19. Global Software Development with Cloud Platforms

    NASA Astrophysics Data System (ADS)

    Yara, Pavan; Ramachandran, Ramaseshan; Balasubramanian, Gayathri; Muthuswamy, Karthik; Chandrasekar, Divya

    Offshore and outsourced distributed software development models and processes are facing challenges, previously unknown, with respect to computing capacity, bandwidth, storage, security, complexity, reliability, and business uncertainty. Clouds promise to address these challenges by adopting recent advances in virtualization, parallel and distributed systems, utility computing, and software services. In this paper, we envision a cloud-based platform that addresses some of these core problems. We outline a generic cloud architecture, its design and our first implementation results for three cloud forms - a compute cloud, a storage cloud and a cloud-based software service- in the context of global distributed software development (GSD). Our ”compute cloud” provides computational services such as continuous code integration and a compile server farm, ”storage cloud” offers storage (block or file-based) services with an on-line virtual storage service, whereas the on-line virtual labs represent a useful cloud service. We note some of the use cases for clouds in GSD, the lessons learned with our prototypes and identify challenges that must be conquered before realizing the full business benefits. We believe that in the future, software practitioners will focus more on these cloud computing platforms and see clouds as a means to supporting a ecosystem of clients, developers and other key stakeholders.

  20. Investigative Data Mining Toolkit: A Software Prototype for Visualizing, Analyzing and Destabilizing Terrorist Networks

    DTIC Science & Technology

    2006-12-01

    Legind Larsen Software Intelligence Security Research Center Department of Computer Science and Engineering Aalborg University, Niels Bohrs Vej 8...Aalborg University, Niels Bohrs Vej 8 6700 Esbjerg, Denmark 8. PERFORMING ORGANIZATION REPORT NUMBER 9. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS

  1. Kaliningrad and Baltic Security

    DTIC Science & Technology

    2001-06-01

    impossible to solve. By shifting the paradigm toward regional development and regional cooperation to address common problems, the future security relationship of the Baltic littoral becomes more optimistic.

  2. Software Surrogate

    NASA Technical Reports Server (NTRS)

    1999-01-01

    In 1994, Blackboard Technology received a NASA Phase I SBIR award entitled "A Blackboard-Based Framework for Mixed-Initiative, Crewed- Space-System Applications." This research continued in Phase II at JSC, where a generic architecture was developed in which a software surrogate serves as the operator's representative in the fast-paced realm of nearly autonomous, intelligent systems. This SBIR research effort addressed the need to support human-operator monitoring and intervention with intelligent systems such as those being developed for NASA's crewed space program.

  3. Statistical Software Engineering

    DTIC Science & Technology

    2007-11-02

    engineers, scientists, and statisticians The most important findings are: What is needed to address the challenge of cost- effectively building huge...MOST IMPORTANT RESULTS What is needed to address the challenge of cost- effectively building huge high- quality software systems is productive...information across software engineering projects as a means of evaluating effects of technology, language, organization, and process. CONTENTS OF THIS REPORT

  4. Laser security systems

    NASA Astrophysics Data System (ADS)

    Kolev, Ivan S.; Stoeva, Ivelina S.

    2004-06-01

    This report presents the development of single-beam barrier laser security system. The system utilizes the near infrared (IR) range λ=(850-900)nm. The security system consists of several blocks: Transmitter; Receiver; Logical Unit; Indication; Power Supply. There are four individually software programmable security zones Z1 - Z4. The control logic is implemented on a PIC16F84 MCU. The infrared beam is a pulse pack, coded and modulated in the transmitter with frequency of 36 kHz. The receiver demodulates and decodes the beam. The software for the MCU is developed along with the electrical circuits of the security system.

  5. Predicting software reliability

    NASA Technical Reports Server (NTRS)

    Littlewood, B.

    1989-01-01

    A detailed look is given to software reliability techniques. A conceptual model of the failure process is examined, and some software reliability growth models are discussed. Problems for which no current solutions exist are addressed, emphasizing the very difficult problem of safety-critical systems for which the reliability requirements can be enormously demanding.

  6. Collected software engineering papers, volume 2

    NASA Technical Reports Server (NTRS)

    1983-01-01

    Topics addressed include: summaries of the software engineering laboratory (SEL) organization, operation, and research activities; results of specific research projects in the areas of resource models and software measures; and strategies for data collection for software engineering research.

  7. Foundations for Software Assurance

    DTIC Science & Technology

    2013-12-01

    Psychological acceptability: It is essential that the human interface be designed for ease of use, so that users routinely and automatically apply...industries such as banking, medicine and retail . Software assurance is the commonly used term to describe this broader context. The Committee on...Service points out that, ‘The pipeline of new talent [with the skills to ensure the security of software systems] is inadequate. . . . only 40 percent

  8. Applications for cyber security - System and application monitoring

    SciTech Connect

    Marron, J. E.

    2006-07-01

    Standard network security measures are adequate for defense against external attacks. However, many experts agree that the greater threat is from internal sources. Insiders with malicious intentions can change controller instructions, change alarm thresholds, and issue commands to equipment which can damage equipment and compromise control system integrity. In addition to strict physical security the state of the system must be continually monitored. System and application monitoring goes beyond the capabilities of network security appliances. It will include active processes, operating system services, files, network adapters and IP addresses. The generation of alarms is a crucial feature of system and application monitoring. The alarms should be integrated to avoid the burden on operators of checking multiple locations for security violations. Tools for system and application monitoring include commercial software, free software, and ad-hoc tools that can be easily created. System and application monitoring is part of a 'defense-in-depth' approach to a control network security plan. Layered security measures prevent an individual security measure failure from being exploited into a successful security breach. Alarming of individual failures is essential for rapid isolation and correction of single failures. System and application monitoring is the innermost layer of this defense strategy. (authors)

  9. Healthcare Software Assurance

    PubMed Central

    Cooper, Jason G.; Pauley, Keith A.

    2006-01-01

    Software assurance is a rigorous, lifecycle phase-independent set of activities which ensure completeness, safety, and reliability of software processes and products. This is accomplished by guaranteeing conformance to all requirements, standards, procedures, and regulations. These assurance processes are even more important when coupled with healthcare software systems, embedded software in medical instrumentation, and other healthcare-oriented life-critical systems. The current Food and Drug Administration (FDA) regulatory requirements and guidance documentation do not address certain aspects of complete software assurance activities. In addition, the FDA’s software oversight processes require enhancement to include increasingly complex healthcare systems such as Hospital Information Systems (HIS). The importance of complete software assurance is introduced, current regulatory requirements and guidance discussed, and the necessity for enhancements to the current processes shall be highlighted. PMID:17238324

  10. Proactive Security Testing and Fuzzing

    NASA Astrophysics Data System (ADS)

    Takanen, Ari

    Software is bound to have security critical flaws, and no testing or code auditing can ensure that software is flaw-less. But software security testing requirements have improved radically during the past years, largely due to criticism from security conscious consumers and Enterprise customers. Whereas in the past, security flaws were taken for granted (and patches were quietly and humbly installed), they now are probably one of the most common reasons why people switch vendors or software providers. The maintenance costs from security updates often add to become one of the biggest cost items to large Enterprise users. Fortunately test automation techniques have also improved. Techniques like model-based testing (MBT) enable efficient generation of security tests that reach good confidence levels in discovering zero-day mistakes in software. This technique is called fuzzing.

  11. Addressing the workforce pipeline challenge

    SciTech Connect

    Leonard Bond; Kevin Kostelnik; Richard Holman

    2006-11-01

    A secure and affordable energy supply is essential for achieving U.S. national security, in continuing U.S. prosperity and in laying the foundations to enable future economic growth. To meet this goal the next generation energy workforce in the U.S., in particular those needed to support instrumentation, controls and advanced operations and maintenance, is a critical element. The workforce is aging and a new workforce pipeline, to support both current generation and new build has yet to be established. The paper reviews the challenges and some actions being taken to address this need.

  12. Software and the future of programming languages.

    PubMed

    Aho, Alfred V

    2004-02-27

    Although software is the key enabler of the global information infrastructure, the amount and extent of software in use in the world today are not widely understood, nor are the programming languages and paradigms that have been used to create the software. The vast size of the embedded base of existing software and the increasing costs of software maintenance, poor security, and limited functionality are posing significant challenges for the software R&D community.

  13. Privacy and security of patient data in the pathology laboratory

    PubMed Central

    Cucoranu, Ioan C.; Parwani, Anil V.; West, Andrew J.; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B.; Balis, Ulysses J.; Tuthill, Mark J.; Pantanowitz, Liron

    2013-01-01

    Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States. PMID:23599904

  14. Privacy and security of patient data in the pathology laboratory.

    PubMed

    Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

    2013-01-01

    Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

  15. Security model for picture archiving and communication systems.

    PubMed

    Harding, D B; Gac, R J; Reynolds, C T; Romlein, J; Chacko, A K

    2000-05-01

    The modern information revolution has facilitated a metamorphosis of health care delivery wrought with the challenges of securing patient sensitive data. To accommodate this reality, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). While final guidance has not fully been resolved at this time, it is up to the health care community to develop and implement comprehensive security strategies founded on procedural, hardware and software solutions in preparation for future controls. The Virtual Radiology Environment (VRE) Project, a landmark US Army picture archiving and communications system (PACS) implemented across 10 geographically dispersed medical facilities, has addressed that challenge by planning for the secure transmission of medical images and reports over their local (LAN) and wide area network (WAN) infrastructure. Their model, which is transferable to general PACS implementations, encompasses a strategy of application risk and dataflow identification, data auditing, security policy definition, and procedural controls. When combined with hardware and software solutions that are both non-performance limiting and scalable, the comprehensive approach will not only sufficiently address the current security requirements, but also accommodate the natural evolution of the enterprise security model.

  16. Social Security and Undergraduates with Disabilities: An Analysis of the National Postsecondary Student Aid Survey. Addressing Trends in Development in Secondary Education and Transition. Information Brief. Vol. 3, Issue 4.

    ERIC Educational Resources Information Center

    Berry, Hugh; Conway, Megan A.; Change, Kelly B.T.

    2004-01-01

    The purpose of this brief is to describe the characteristics of undergraduate students receiving Social Security Disability Insurance (SSDI) and Social Security Administration (SSI) benefits as they relate to issues of participation in postsecondary education and employment. This brief describes results from the National Postsecondary Student Aid…

  17. Advanced fingerprint verification software

    NASA Astrophysics Data System (ADS)

    Baradarani, A.; Taylor, J. R. B.; Severin, F.; Maev, R. Gr.

    2016-05-01

    We have developed a fingerprint software package that can be used in a wide range of applications from law enforcement to public and private security systems, and to personal devices such as laptops, vehicles, and door- locks. The software and processing units are a unique implementation of new and sophisticated algorithms that compete with the current best systems in the world. Development of the software package has been in line with the third generation of our ultrasonic fingerprinting machine1. Solid and robust performance is achieved in the presence of misplaced and low quality fingerprints.

  18. Secure portal.

    SciTech Connect

    Nelson, Cynthia Lee

    2007-09-01

    There is a need in security systems to rapidly and accurately grant access of authorized personnel to a secure facility while denying access to unauthorized personnel. In many cases this role is filled by security personnel, which can be very costly. Systems that can perform this role autonomously without sacrificing accuracy or speed of throughput are very appealing. To address the issue of autonomous facility access through the use of technology, the idea of a ''secure portal'' is introduced. A secure portal is a defined zone where state-of-the-art technology can be implemented to grant secure area access or to allow special privileges for an individual. Biometric technologies are of interest because they are generally more difficult to defeat than technologies such as badge swipe and keypad entry. The biometric technologies selected for this concept were facial and gait recognition. They were chosen since they require less user cooperation than other biometrics such as fingerprint, iris, and hand geometry and because they have the most potential for flexibility in deployment. The secure portal concept could be implemented within the boundaries of an entry area to a facility. As a person is approaching a badge and/or PIN portal, face and gait information can be gathered and processed. The biometric information could be fused for verification against the information that is gathered from the badge. This paper discusses a facial recognition technology that was developed for the purposes of providing high verification probabilities with low false alarm rates, which would be required of an autonomous entry control system. In particular, a 3-D facial recognition approach using Fisher Linear Discriminant Analysis is described. Gait recognition technology, based on Hidden Markov Models has been explored, but those results are not included in this paper. Fusion approaches for combining the results of the biometrics would be the next step in realizing the secure portal

  19. Facial recognition software success rates for the identification of 3D surface reconstructed facial images: implications for patient privacy and security.

    PubMed

    Mazura, Jan C; Juluru, Krishna; Chen, Joseph J; Morgan, Tara A; John, Majnu; Siegel, Eliot L

    2012-06-01

    Image de-identification has focused on the removal of textual protected health information (PHI). Surface reconstructions of the face have the potential to reveal a subject's identity even when textual PHI is absent. This study assessed the ability of a computer application to match research subjects' 3D facial reconstructions with conventional photographs of their face. In a prospective study, 29 subjects underwent CT scans of the head and had frontal digital photographs of their face taken. Facial reconstructions of each CT dataset were generated on a 3D workstation. In phase 1, photographs of the 29 subjects undergoing CT scans were added to a digital directory and tested for recognition using facial recognition software. In phases 2-4, additional photographs were added in groups of 50 to increase the pool of possible matches and the test for recognition was repeated. As an internal control, photographs of all subjects were tested for recognition against an identical photograph. Of 3D reconstructions, 27.5% were matched correctly to corresponding photographs (95% upper CL, 40.1%). All study subject photographs were matched correctly to identical photographs (95% lower CL, 88.6%). Of 3D reconstructions, 96.6% were recognized simply as a face by the software (95% lower CL, 83.5%). Facial recognition software has the potential to recognize features on 3D CT surface reconstructions and match these with photographs, with implications for PHI.

  20. What's Where in Software 1997.

    ERIC Educational Resources Information Center

    Currents, 1997

    1997-01-01

    Provides a tabular listing of alumni-development software produced or sold by 56 companies. Each listing includes the vendor name, address, contact name, telephone number, electronic mail address, World Wide Web site, software name, price range, system requirements, standard reports, reporting tools, number of installed sites, and client type.…

  1. Designing Educational Software for Tomorrow.

    ERIC Educational Resources Information Center

    Harvey, Wayne

    Designed to address the management and use of computer software in education and training, this paper explores both good and poor software design, calling for improvements in the quality of educational software by attending to design considerations that are based on general principles of learning rather than specific educational objectives. This…

  2. Information Systems, Security, and Privacy.

    ERIC Educational Resources Information Center

    Ware, Willis H.

    1984-01-01

    Computer security and computer privacy issues are discussed. Among the areas addressed are technical and human security threats, security and privacy issues for information in electronic mail systems, the need for a national commission to examine these issues, and security/privacy issues relevant to colleges and universities. (JN)

  3. Addressing Failures in Exascale Computing

    SciTech Connect

    Snir, Marc; Wisniewski, Robert; Abraham, Jacob; Adve, Sarita; Bagchi, Saurabh; Balaji, Pavan; Belak, J.; Bose, Pradip; Cappello, Franck; Carlson, Bill; Chien, Andrew; Coteus, Paul; DeBardeleben, Nathan; Diniz, Pedro; Engelmann, Christian; Erez, Mattan; Fazzari, Saverio; Geist, Al; Gupta, Rinku; Johnson, Fred; Krishnamoorthy, Sriram; Leyffer, Sven; Liberty, Dean; Mitra, Subhasish; Munson, Todd; Schreiber, Rob; Stearley, Jon; Van Hensbergen, Eric

    2014-01-01

    We present here a report produced by a workshop on Addressing failures in exascale computing' held in Park City, Utah, 4-11 August 2012. The charter of this workshop was to establish a common taxonomy about resilience across all the levels in a computing system, discuss existing knowledge on resilience across the various hardware and software layers of an exascale system, and build on those results, examining potential solutions from both a hardware and software perspective and focusing on a combined approach. The workshop brought together participants with expertise in applications, system software, and hardware; they came from industry, government, and academia, and their interests ranged from theory to implementation. The combination allowed broad and comprehensive discussions and led to this document, which summarizes and builds on those discussions.

  4. Addressing failures in exascale computing

    SciTech Connect

    Snir, Marc; Wisniewski, Robert W.; Abraham, Jacob A.; Adve, Sarita; Bagchi, Saurabh; Balaji, Pavan; Belak, Jim; Bose, Pradip; Cappello, Franck; Carlson, William; Chien, Andrew A.; Coteus, Paul; Debardeleben, Nathan A.; Diniz, Pedro; Engelmann, Christian; Erez, Mattan; Saverio, Fazzari; Geist, Al; Gupta, Rinku; Johnson, Fred; Krishnamoorthy, Sriram; Leyffer, Sven; Liberty, Dean; Mitra, Subhasish; Munson, Todd; Schreiber, Robert; Stearly, Jon; Van Hensbergen, Eric

    2014-05-01

    We present here a report produced by a workshop on “Addressing Failures in Exascale Computing” held in Park City, Utah, August 4–11, 2012. The charter of this workshop was to establish a common taxonomy about resilience across all the levels in a computing system; discuss existing knowledge on resilience across the various hardware and software layers of an exascale system; and build on those results, examining potential solutions from both a hardware and software perspective and focusing on a combined approach. The workshop brought together participants with expertise in applications, system software, and hardware; they came from industry, government, and academia; and their interests ranged from theory to implementation. The combination allowed broad and comprehensive discussions and led to this document, which summarizes and builds on those discussions.

  5. Scientific Software Component Technology

    SciTech Connect

    Kohn, S.; Dykman, N.; Kumfert, G.; Smolinski, B.

    2000-02-16

    We are developing new software component technology for high-performance parallel scientific computing to address issues of complexity, re-use, and interoperability for laboratory software. Component technology enables cross-project code re-use, reduces software development costs, and provides additional simulation capabilities for massively parallel laboratory application codes. The success of our approach will be measured by its impact on DOE mathematical and scientific software efforts. Thus, we are collaborating closely with library developers and application scientists in the Common Component Architecture forum, the Equation Solver Interface forum, and other DOE mathematical software groups to gather requirements, write and adopt a variety of design specifications, and develop demonstration projects to validate our approach. Numerical simulation is essential to the science mission at the laboratory. However, it is becoming increasingly difficult to manage the complexity of modern simulation software. Computational scientists develop complex, three-dimensional, massively parallel, full-physics simulations that require the integration of diverse software packages written by outside development teams. Currently, the integration of a new software package, such as a new linear solver library, can require several months of effort. Current industry component technologies such as CORBA, JavaBeans, and COM have all been used successfully in the business domain to reduce software development costs and increase software quality. However, these existing industry component infrastructures will not scale to support massively parallel applications in science and engineering. In particular, they do not address issues related to high-performance parallel computing on ASCI-class machines, such as fast in-process connections between components, language interoperability for scientific languages such as Fortran, parallel data redistribution between components, and massively

  6. NASA Software Documentation Standard

    NASA Technical Reports Server (NTRS)

    1991-01-01

    The NASA Software Documentation Standard (hereinafter referred to as "Standard") is designed to support the documentation of all software developed for NASA; its goal is to provide a framework and model for recording the essential information needed throughout the development life cycle and maintenance of a software system. The NASA Software Documentation Standard can be applied to the documentation of all NASA software. The Standard is limited to documentation format and content requirements. It does not mandate specific management, engineering, or assurance standards or techniques. This Standard defines the format and content of documentation for software acquisition, development, and sustaining engineering. Format requirements address where information shall be recorded and content requirements address what information shall be recorded. This Standard provides a framework to allow consistency of documentation across NASA and visibility into the completeness of project documentation. The basic framework consists of four major sections (or volumes). The Management Plan contains all planning and business aspects of a software project, including engineering and assurance planning. The Product Specification contains all technical engineering information, including software requirements and design. The Assurance and Test Procedures contains all technical assurance information, including Test, Quality Assurance (QA), and Verification and Validation (V&V). The Management, Engineering, and Assurance Reports is the library and/or listing of all project reports.

  7. Resurrecting Letters of Marque and Reprisal to Address Modern Threats

    DTIC Science & Technology

    2013-03-01

    framework for resurrecting a letter of marque and reprisal system as a means of addressing contemporary security threats within an environment of...and reprisal system as a means of addressing contemporary security threats within an environment of constrained military budgets and rebalanced...proposes a conceptual framework for resurrecting a letter of marque and reprisal system as a means of addressing contemporary security threats within an

  8. Securing collaborative environments

    SciTech Connect

    Agarwal, Deborah; Jackson, Keith; Thompson, Mary

    2002-05-16

    The diverse set of organizations and software components involved in a typical collaboratory make providing a seamless security solution difficult. In addition, the users need support for a broad range of frequency and locations for access to the collaboratory. A collaboratory security solution needs to be robust enough to ensure that valid participants are not denied access because of its failure. There are many tools that can be applied to the task of securing collaborative environments and these include public key infrastructure, secure sockets layer, Kerberos, virtual and real private networks, grid security infrastructure, and username/password. A combination of these mechanisms can provide effective secure collaboration capabilities. In this paper, we discuss the requirements of typical collaboratories and some proposals for applying various security mechanisms to collaborative environments.

  9. Simulation of Attacks for Security in Wireless Sensor Network

    PubMed Central

    Diaz, Alvaro; Sanchez, Pablo

    2016-01-01

    The increasing complexity and low-power constraints of current Wireless Sensor Networks (WSN) require efficient methodologies for network simulation and embedded software performance analysis of nodes. In addition, security is also a very important feature that has to be addressed in most WSNs, since they may work with sensitive data and operate in hostile unattended environments. In this paper, a methodology for security analysis of Wireless Sensor Networks is presented. The methodology allows designing attack-aware embedded software/firmware or attack countermeasures to provide security in WSNs. The proposed methodology includes attacker modeling and attack simulation with performance analysis (node’s software execution time and power consumption estimation). After an analysis of different WSN attack types, an attacker model is proposed. This model defines three different types of attackers that can emulate most WSN attacks. In addition, this paper presents a virtual platform that is able to model the node hardware, embedded software and basic wireless channel features. This virtual simulation analyzes the embedded software behavior and node power consumption while it takes into account the network deployment and topology. Additionally, this simulator integrates the previously mentioned attacker model. Thus, the impact of attacks on power consumption and software behavior/execution-time can be analyzed. This provides developers with essential information about the effects that one or multiple attacks could have on the network, helping them to develop more secure WSN systems. This WSN attack simulator is an essential element of the attack-aware embedded software development methodology that is also introduced in this work. PMID:27869710

  10. Simulation of Attacks for Security in Wireless Sensor Network.

    PubMed

    Diaz, Alvaro; Sanchez, Pablo

    2016-11-18

    The increasing complexity and low-power constraints of current Wireless Sensor Networks (WSN) require efficient methodologies for network simulation and embedded software performance analysis of nodes. In addition, security is also a very important feature that has to be addressed in most WSNs, since they may work with sensitive data and operate in hostile unattended environments. In this paper, a methodology for security analysis of Wireless Sensor Networks is presented. The methodology allows designing attack-aware embedded software/firmware or attack countermeasures to provide security in WSNs. The proposed methodology includes attacker modeling and attack simulation with performance analysis (node's software execution time and power consumption estimation). After an analysis of different WSN attack types, an attacker model is proposed. This model defines three different types of attackers that can emulate most WSN attacks. In addition, this paper presents a virtual platform that is able to model the node hardware, embedded software and basic wireless channel features. This virtual simulation analyzes the embedded software behavior and node power consumption while it takes into account the network deployment and topology. Additionally, this simulator integrates the previously mentioned attacker model. Thus, the impact of attacks on power consumption and software behavior/execution-time can be analyzed. This provides developers with essential information about the effects that one or multiple attacks could have on the network, helping them to develop more secure WSN systems. This WSN attack simulator is an essential element of the attack-aware embedded software development methodology that is also introduced in this work.

  11. NASA software documentation standard software engineering program

    NASA Technical Reports Server (NTRS)

    1991-01-01

    The NASA Software Documentation Standard (hereinafter referred to as Standard) can be applied to the documentation of all NASA software. This Standard is limited to documentation format and content requirements. It does not mandate specific management, engineering, or assurance standards or techniques. This Standard defines the format and content of documentation for software acquisition, development, and sustaining engineering. Format requirements address where information shall be recorded and content requirements address what information shall be recorded. This Standard provides a framework to allow consistency of documentation across NASA and visibility into the completeness of project documentation. This basic framework consists of four major sections (or volumes). The Management Plan contains all planning and business aspects of a software project, including engineering and assurance planning. The Product Specification contains all technical engineering information, including software requirements and design. The Assurance and Test Procedures contains all technical assurance information, including Test, Quality Assurance (QA), and Verification and Validation (V&V). The Management, Engineering, and Assurance Reports is the library and/or listing of all project reports.

  12. Foreign Languages: Workforce Planning Could Help Address Staffing and Proficiency Shortfalls. Testimony before the Subcommittee on International Security, Proliferation, and Federal Services, Committee on Governmental Affairs, U.S. Senate.

    ERIC Educational Resources Information Center

    Westin, Susan S.

    This statement examines the nature and impact of foreign language proficiency and personnel shortages in the Army, State Department, Central Intelligence Agency, and Federal Bureau of Investigation (FBI), discussing strategies used to address these shortages and efforts made to address current and projected shortages. All four agencies reported…

  13. San Antonio I Software Workshop Proceedings. DoD Software for the 1990s, Held in San Antonio, Texas on 28 January - 1 February 1991

    DTIC Science & Technology

    1991-12-01

    Machine ( KVM ) PSOS Army Security Operating System (ASOS) Lines of Code (K) (LOCK) Digital Equipment Company (DEC) SKVAX Evaluated Products see "Products...JLC is to improve "military effectiveness by addressing and exploiting opportunities for joint service cooperative efforts. The JLC have been meeting...integrated into the program management process, have proven to be effective in supporting the successful development of MCCR software systems

  14. 78 FR 47015 - Software Requirement Specifications for Digital Computer Software Used in Safety Systems of...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-08-02

    ... COMMISSION Software Requirement Specifications for Digital Computer Software Used in Safety Systems of... 1 of RG 1.172, ``Software Requirement Specifications for Digital Computer Software used in Safety... well as the software elements of those systems. This RG is one of six RG revisions addressing...

  15. Software engineering methodologies and tools

    NASA Technical Reports Server (NTRS)

    Wilcox, Lawrence M.

    1993-01-01

    Over the years many engineering disciplines have developed, including chemical, electronic, etc. Common to all engineering disciplines is the use of rigor, models, metrics, and predefined methodologies. Recently, a new engineering discipline has appeared on the scene, called software engineering. For over thirty years computer software has been developed and the track record has not been good. Software development projects often miss schedules, are over budget, do not give the user what is wanted, and produce defects. One estimate is there are one to three defects per 1000 lines of deployed code. More and more systems are requiring larger and more complex software for support. As this requirement grows, the software development problems grow exponentially. It is believed that software quality can be improved by applying engineering principles. Another compelling reason to bring the engineering disciplines to software development is productivity. It has been estimated that productivity of producing software has only increased one to two percent a year in the last thirty years. Ironically, the computer and its software have contributed significantly to the industry-wide productivity, but computer professionals have done a poor job of using the computer to do their job. Engineering disciplines and methodologies are now emerging supported by software tools that address the problems of software development. This paper addresses some of the current software engineering methodologies as a backdrop for the general evaluation of computer assisted software engineering (CASE) tools from actual installation of and experimentation with some specific tools.

  16. Software Program: Software Management Guidebook

    NASA Technical Reports Server (NTRS)

    1996-01-01

    The purpose of this NASA Software Management Guidebook is twofold. First, this document defines the core products and activities required of NASA software projects. It defines life-cycle models and activity-related methods but acknowledges that no single life-cycle model is appropriate for all NASA software projects. It also acknowledges that the appropriate method for accomplishing a required activity depends on characteristics of the software project. Second, this guidebook provides specific guidance to software project managers and team leaders in selecting appropriate life cycles and methods to develop a tailored plan for a software engineering project.

  17. Proprietary software

    NASA Technical Reports Server (NTRS)

    Marnock, M. J.

    1971-01-01

    The protection of intellectual property by a patent, a copyright, or trade secrets is reviewed. The present and future use of computers and software are discussed, along with the governmental uses of software. The popularity of contractual agreements for sale or lease of computer programs and software services is also summarized.

  18. 6 CFR 37.41 - Security plan.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 6 Domestic Security 1 2010-01-01 2010-01-01 false Security plan. 37.41 Section 37.41 Domestic... Security plan. (a) In General. States must have a security plan that addresses the provisions in paragraph (b) of this section and must submit the security plan as part of its REAL ID certification under §...

  19. 6 CFR 37.41 - Security plan.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 6 Domestic Security 1 2014-01-01 2014-01-01 false Security plan. 37.41 Section 37.41 Domestic... Security plan. (a) In General. States must have a security plan that addresses the provisions in paragraph (b) of this section and must submit the security plan as part of its REAL ID certification under §...

  20. 6 CFR 37.41 - Security plan.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 6 Domestic Security 1 2013-01-01 2013-01-01 false Security plan. 37.41 Section 37.41 Domestic... Security plan. (a) In General. States must have a security plan that addresses the provisions in paragraph (b) of this section and must submit the security plan as part of its REAL ID certification under §...

  1. Operation Request Gatekeeper: a software system for remote access control of diagnostic instruments in fusion experiments.

    PubMed

    Abla, G; Fredian, T W; Schissel, D P; Stillerman, J A; Greenwald, M J; Stepanov, D N; Ciarlette, D J

    2010-10-01

    Tokamak diagnostic settings are repeatedly modified to meet the changing needs of each experiment. Enabling the remote diagnostic control has significant challenges due to security and efficiency requirements. The Operation Request Gatekeeper (ORG) is a software system that addresses the challenges of remotely but securely submitting modification requests. The ORG provides a framework for screening all the requests before they enter the secure machine zone and are executed by performing user authentication and authorization, grammar validation, and validity checks. A prototype ORG was developed for the ITER CODAC that satisfies their initial requirements for remote request submission and has been tested with remote control of the KSTAR Plasma Control System. This paper describes the software design principles and implementation of ORG as well as worldwide test results.

  2. School Security Technologies

    ERIC Educational Resources Information Center

    Schneider, Tod

    2010-01-01

    Over the past decade electronic security technology has evolved from an exotic possibility into an essential safety consideration. Before resorting to high-tech security solutions, school officials should think carefully about the potential for unintended consequences. Technological fixes may be mismatched to the problems being addressed. They can…

  3. Ten recommendations for software engineering in research.

    PubMed

    Hastings, Janna; Haug, Kenneth; Steinbeck, Christoph

    2014-01-01

    Research in the context of data-driven science requires a backbone of well-written software, but scientific researchers are typically not trained at length in software engineering, the principles for creating better software products. To address this gap, in particular for young researchers new to programming, we give ten recommendations to ensure the usability, sustainability and practicality of research software.

  4. The cost of software fault tolerance

    NASA Technical Reports Server (NTRS)

    Migneault, G. E.

    1982-01-01

    The proposed use of software fault tolerance techniques as a means of reducing software costs in avionics and as a means of addressing the issue of system unreliability due to faults in software is examined. A model is developed to provide a view of the relationships among cost, redundancy, and reliability which suggests strategies for software development and maintenance which are not conventional.

  5. Wildlife software: procedures for publication of computer software

    USGS Publications Warehouse

    Samuel, M.D.

    1990-01-01

    Computers and computer software have become an integral part of the practice of wildlife science. Computers now play an important role in teaching, research, and management applications. Because of the specialized nature of wildlife problems, specific computer software is usually required to address a given problem (e.g., home range analysis). This type of software is not usually available from commercial vendors and therefore must be developed by those wildlife professionals with particular skill in computer programming. Current journal publication practices generally prevent a detailed description of computer software associated with new techniques. In addition, peer review of journal articles does not usually include a review of associated computer software. Thus, many wildlife professionals are usually unaware of computer software that would meet their needs or of major improvements in software they commonly use. Indeed most users of wildlife software learn of new programs or important changes only by word of mouth.

  6. Alternative security

    SciTech Connect

    Weston, B.H. )

    1990-01-01

    This book contains the following chapters: The Military and Alternative Security: New Missions for Stable Conventional Security; Technology and Alternative Security: A Cherished Myth Expires; Law and Alternative Security: Toward a Just World Peace; Politics and Alternative Security: Toward a More Democratic, Therefore More Peaceful, World; Economics and Alternative Security: Toward a Peacekeeping International Economy; Psychology and Alternative Security: Needs, Perceptions, and Misperceptions; Religion and Alternative Security: A Prophetic Vision; and Toward Post-Nuclear Global Security: An Overview.

  7. High Assurance Software

    DTIC Science & Technology

    2013-10-22

    described a publication – Pocket guide for Software Assurance Workforce, Training and Education, Eds. Gandhi , R., Department of Homeland Security (DHS... Gandhi , R. A., Presentation at the SwA Working Group Sessions - MITRE-1, McLean, VA, Bridging to the Future – Emerging Trends in Cybersecurity... Gandhi , R. A., Presentation at the 24th FISSEA’s 24th Annual Conference: March 15 - 17, 2011, National Institute of Standards and Technology Gaithersburg

  8. Homeland Security

    EPA Pesticide Factsheets

    Provides an overview of EPA's homeland security roles and responsibilities, and links to specific homeland security issues: water security, research, emergency response, recovery, and waste management.

  9. Empirical Analysis and Automated Classification of Security Bug Reports

    NASA Technical Reports Server (NTRS)

    Tyo, Jacob P.

    2016-01-01

    With the ever expanding amount of sensitive data being placed into computer systems, the need for effective cybersecurity is of utmost importance. However, there is a shortage of detailed empirical studies of security vulnerabilities from which cybersecurity metrics and best practices could be determined. This thesis has two main research goals: (1) to explore the distribution and characteristics of security vulnerabilities based on the information provided in bug tracking systems and (2) to develop data analytics approaches for automatic classification of bug reports as security or non-security related. This work is based on using three NASA datasets as case studies. The empirical analysis showed that the majority of software vulnerabilities belong only to a small number of types. Addressing these types of vulnerabilities will consequently lead to cost efficient improvement of software security. Since this analysis requires labeling of each bug report in the bug tracking system, we explored using machine learning to automate the classification of each bug report as a security or non-security related (two-class classification), as well as each security related bug report as specific security type (multiclass classification). In addition to using supervised machine learning algorithms, a novel unsupervised machine learning approach is proposed. An ac- curacy of 92%, recall of 96%, precision of 92%, probability of false alarm of 4%, F-Score of 81% and G-Score of 90% were the best results achieved during two-class classification. Furthermore, an accuracy of 80%, recall of 80%, precision of 94%, and F-score of 85% were the best results achieved during multiclass classification.

  10. 17 CFR 12.3 - Business address; hours.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Business address; hours. 12.3 Section 12.3 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES RELATING TO REPARATIONS General Information and Preliminary Consideration of Pleadings § 12.3 Business address; hours....

  11. 17 CFR 171.3 - Business address; hours.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Business address; hours. 171.3 Section 171.3 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES RELATING TO... MEMBER RESPONSIBILITY ACTIONS General Provisions § 171.3 Business address; hours. The principal office...

  12. 17 CFR 10.4 - Business address; hours.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Business address; hours. 10.4 Section 10.4 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES OF PRACTICE General Provisions § 10.4 Business address; hours. The Office of Proceedings is located at Three...

  13. 17 CFR 12.3 - Business address; hours.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 1 2014-04-01 2014-04-01 false Business address; hours. 12.3 Section 12.3 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES RELATING TO REPARATIONS General Information and Preliminary Consideration of Pleadings § 12.3 Business address; hours....

  14. 17 CFR 12.3 - Business address; hours.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 17 Commodity and Securities Exchanges 1 2012-04-01 2012-04-01 false Business address; hours. 12.3 Section 12.3 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES RELATING TO REPARATIONS General Information and Preliminary Consideration of Pleadings § 12.3 Business address; hours....

  15. 17 CFR 10.4 - Business address; hours.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 1 2014-04-01 2014-04-01 false Business address; hours. 10.4 Section 10.4 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES OF PRACTICE General Provisions § 10.4 Business address; hours. The Office of Proceedings is located at Three...

  16. Capturing the impact of software

    NASA Astrophysics Data System (ADS)

    Piwowar, Heather

    2017-01-01

    Research software is undervalued in funding and tenure decisions because its impact is poorly evaluated within the traditional paper-based ecosystem. The talk presents the NSF-funded Depsy project (http://depsy.org) -- a proof-of-concept system designed to address this problem by tracking the impact of software in software-native ways. Depsy finds mentions of software itself in the literature, rather than just counting citations to a wrapper paper about the software. It discovers how software gets reused by other software, even when it's not cited at all. And finally Depsy attempts to represent the full complexity of software authorship, where one project can involve hundreds of contributors in multiple roles that don't map to traditional paper authorship.

  17. Software Quality Assurance Audits Guidebooks

    NASA Technical Reports Server (NTRS)

    1990-01-01

    The growth in cost and importance of software to NASA has caused NASA to address the improvement of software development across the agency. One of the products of this program is a series of guidebooks that define a NASA concept of the assurance processes that are used in software development. The Software Assurance Guidebook, NASA-GB-A201, issued in September, 1989, provides an overall picture of the NASA concepts and practices in software assurance. Second level guidebooks focus on specific activities that fall within the software assurance discipline, and provide more detailed information for the manager and/or practitioner. This is the second level Software Quality Assurance Audits Guidebook that describes software quality assurance audits in a way that is compatible with practices at NASA Centers.

  18. 78 FR 47011 - Software Unit Testing for Digital Computer Software Used in Safety Systems of Nuclear Power Plants

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-08-02

    ... COMMISSION Software Unit Testing for Digital Computer Software Used in Safety Systems of Nuclear Power Plants..., ``Software Unit Testing for Digital Computer Software Used in Safety Systems of Nuclear Power Plants.'' This... software elements if those systems include software. This RG is one of six RG revisions addressing...

  19. Secure Sensor Platform

    SciTech Connect

    Troy Ross, Barry Schoeneman

    2010-08-25

    The Secure Sensor Platform (SSP) software provides a framework of functionality to support the development of low-power autonomous sensors for nuclear safeguards. This framework provides four primary functional blocks of capabilities required to implement autonomous sensors. The capabilities are: communications, security, power management, and cryptography. Utilizing this framework establishes a common set of functional capabilities for seamless interoperability of any sensor based upon the SSP concept.

  20. Statistical security for Social Security.

    PubMed

    Soneji, Samir; King, Gary

    2012-08-01

    The financial viability of Social Security, the single largest U.S. government program, depends on accurate forecasts of the solvency of its intergenerational trust fund. We begin by detailing information necessary for replicating the Social Security Administration's (SSA's) forecasting procedures, which until now has been unavailable in the public domain. We then offer a way to improve the quality of these procedures via age- and sex-specific mortality forecasts. The most recent SSA mortality forecasts were based on the best available technology at the time, which was a combination of linear extrapolation and qualitative judgments. Unfortunately, linear extrapolation excludes known risk factors and is inconsistent with long-standing demographic patterns, such as the smoothness of age profiles. Modern statistical methods typically outperform even the best qualitative judgments in these contexts. We show how to use such methods, enabling researchers to forecast using far more information, such as the known risk factors of smoking and obesity and known demographic patterns. Including this extra information makes a substantial difference. For example, by improving only mortality forecasting methods, we predict three fewer years of net surplus, $730 billion less in Social Security Trust Funds, and program costs that are 0.66% greater for projected taxable payroll by 2031 compared with SSA projections. More important than specific numerical estimates are the advantages of transparency, replicability, reduction of uncertainty, and what may be the resulting lower vulnerability to the politicization of program forecasts. In addition, by offering with this article software and detailed replication information, we hope to marshal the efforts of the research community to include ever more informative inputs and to continue to reduce uncertainties in Social Security forecasts.

  1. Automating risk analysis of software design models.

    PubMed

    Frydman, Maxime; Ruiz, Guifré; Heymann, Elisa; César, Eduardo; Miller, Barton P

    2014-01-01

    The growth of the internet and networked systems has exposed software to an increased amount of security threats. One of the responses from software developers to these threats is the introduction of security activities in the software development lifecycle. This paper describes an approach to reduce the need for costly human expertise to perform risk analysis in software, which is common in secure development methodologies, by automating threat modeling. Reducing the dependency on security experts aims at reducing the cost of secure development by allowing non-security-aware developers to apply secure development with little to no additional cost, making secure development more accessible. To automate threat modeling two data structures are introduced, identification trees and mitigation trees, to identify threats in software designs and advise mitigation techniques, while taking into account specification requirements and cost concerns. These are the components of our model for automated threat modeling, AutSEC. We validated AutSEC by implementing it in a tool based on data flow diagrams, from the Microsoft security development methodology, and applying it to VOMS, a grid middleware component, to evaluate our model's performance.

  2. Software safety

    NASA Technical Reports Server (NTRS)

    Leveson, Nancy

    1987-01-01

    Software safety and its relationship to other qualities are discussed. It is shown that standard reliability and fault tolerance techniques will not solve the safety problem for the present. A new attitude requires: looking at what you do NOT want software to do along with what you want it to do; and assuming things will go wrong. New procedures and changes to entire software development process are necessary: special software safety analysis techniques are needed; and design techniques, especially eliminating complexity, can be very helpful.

  3. NASA PC software evaluation project

    NASA Technical Reports Server (NTRS)

    Dominick, Wayne D. (Editor); Kuan, Julie C.

    1986-01-01

    The USL NASA PC software evaluation project is intended to provide a structured framework for facilitating the development of quality NASA PC software products. The project will assist NASA PC development staff to understand the characteristics and functions of NASA PC software products. Based on the results of the project teams' evaluations and recommendations, users can judge the reliability, usability, acceptability, maintainability and customizability of all the PC software products. The objective here is to provide initial, high-level specifications and guidelines for NASA PC software evaluation. The primary tasks to be addressed in this project are as follows: to gain a strong understanding of what software evaluation entails and how to organize a structured software evaluation process; to define a structured methodology for conducting the software evaluation process; to develop a set of PC software evaluation criteria and evaluation rating scales; and to conduct PC software evaluations in accordance with the identified methodology. Communication Packages, Network System Software, Graphics Support Software, Environment Management Software, General Utilities. This report represents one of the 72 attachment reports to the University of Southwestern Louisiana's Final Report on NASA Grant NGT-19-010-900. Accordingly, appropriate care should be taken in using this report out of context of the full Final Report.

  4. NASA's Software Safety Standard

    NASA Technical Reports Server (NTRS)

    Ramsay, Christopher M.

    2007-01-01

    requirements. This allows the projects leeway to meet these requirements in many forms that best suit a particular project's needs and safety risk. In other words, it tells the project what to do, not how to do it. This update also incorporated advances in the state of the practice of software safety from academia and private industry. It addresses some of the more common issues now facing software developers in the NASA environment such as the use of Commercial-Off-the-Shelf Software (COTS), Modified OTS (MOTS), Government OTS (GOTS), and reused software. A team from across NASA developed the update and it has had both NASA-wide internal reviews by software engineering, quality, safety, and project management. It has also had expert external review. This presentation and paper will discuss the new NASA Software Safety Standard, its organization, and key features. It will start with a brief discussion of some NASA mission failures and incidents that had software as one of their root causes. It will then give a brief overview of the NASA Software Safety Process. This will include an overview of the key personnel responsibilities and functions that must be performed for safety-critical software.

  5. Introduction: Cybersecurity and Software Assurance Minitrack

    SciTech Connect

    Burns, Luanne; George, Richard; Linger, Richard C

    2015-01-01

    Modern society is dependent on software systems of remarkable scope and complexity. Yet methods for assuring their security and functionality have not kept pace. The result is persistent compromises and failures despite best efforts. Cybersecurity methods must work together for situational awareness, attack prevention and detection, threat attribution, minimization of consequences, and attack recovery. Because defective software cannot be secure, assurance technologies must play a central role in cybersecurity approaches. There is increasing recognition of the need for rigorous methods for cybersecurity and software assurance. The goal of this minitrack is to develop science foundations, technologies, and practices that can improve the security and dependability of complex systems.

  6. Software Bridge

    NASA Technical Reports Server (NTRS)

    1995-01-01

    I-Bridge is a commercial version of software developed by I-Kinetics under a NASA Small Business Innovation Research (SBIR) contract. The software allows users of Windows applications to gain quick, easy access to databases, programs and files on UNIX services. Information goes directly onto spreadsheets and other applications; users need not manually locate, transfer and convert data.

  7. Software Reviews.

    ERIC Educational Resources Information Center

    Wulfson, Stephen

    1988-01-01

    Presents reviews of six computer software programs for teaching science. Provides the publisher, grade level, cost, and descriptions of software, including: (1) "Recycling Logic"; (2) "Introduction to Biochemistry"; (3) "Food for Thought"; (4) "Watts in a Home"; (5) "Geology in Action"; and (6)…

  8. Software Reviews.

    ERIC Educational Resources Information Center

    Science and Children, 1988

    1988-01-01

    Reviews six software packages for the Apple II family. Programs reviewed include "Science Courseware: Earth Science Series"; "Heat and Light"; "In Search of Space: Introduction to Model Rocketry"; "Drug Education Series: Drugs--Their Effects on You'"; "Uncertainties and Measurement"; and "Software Films: Learning about Science Series," which…

  9. Software Reviews.

    ERIC Educational Resources Information Center

    Miller, Anne, Ed.; Radziemski, Cathy, Ed.

    1988-01-01

    Reviews two software packages for the Macintosh series. "Course Builder 2.0," a courseware authoring system, allows the user to create programs which stand alone and may be used independently in the classroom. "World Builder," an artificial intelligence software package, allows creative thinking, problem-solving, and…

  10. Detection of Total Knee Arthroplasties at Airport Security Checkpoints: How Do Updated Security Measures Affect Patients?

    PubMed

    Issa, Kimona; Pierce, Todd P; Gwam, Chukwuweieke; Goljan, Peter; Festa, Anthony; Scillia, Anthony J; Mont, Michael A

    2016-10-24

    Airport security measures continue to be updated with the incorporation of the new body scanners and automatic target recognition software. The purpose of this study was analyze the incidence of: (1) triggering the security alarm; (2) extra security searches; (3) perceived inconvenience; and (4) presence of other surgical hardware in those who underwent total knee arthroplasty (TKA) and passed through airport security. A questionnaire was given to 125 consecutive patients with a TKA. Those who passed through airport security after January 2014 were considered for inclusion. A questionnaire was administered that addressed the number of encounters with airport security, metal detector activation, additional screening procedures, and perceived inconvenience. Out of the 125 patients, 53 met inclusion criteria. Out of the 53 patients, 20 (38%) reported that their prosthesis triggered a metal detector. Out of the 20 patients, 8 (40%) who reported triggering of metal detectors also reported the presence of surgical hardware elsewhere in the body. Eighteen of the 53 patients (34%) believed having a TKA was inconvenient for airplane travel. Compared with the historical cohort, alarms were triggered in 70 of 97 patients (p = 0.0001) and 50 of 97 reported inconvenience when traveling (n = 50 of 97 patients; p = 0.04). The incidences of those who underwent TKA triggering alarms and perceiving inconvenience when passing through airport security have decreased from previously published studies. This is most likely due to the recent updates and modifications to screening. As these security measures are modified and implant designs continue to evolve, this is an area of investigation that should continue.

  11. Securing mobile code.

    SciTech Connect

    Link, Hamilton E.; Schroeppel, Richard Crabtree; Neumann, William Douglas; Campbell, Philip LaRoche; Beaver, Cheryl Lynn; Pierson, Lyndon George; Anderson, William Erik

    2004-10-01

    If software is designed so that the software can issue functions that will move that software from one computing platform to another, then the software is said to be 'mobile'. There are two general areas of security problems associated with mobile code. The 'secure host' problem involves protecting the host from malicious mobile code. The 'secure mobile code' problem, on the other hand, involves protecting the code from malicious hosts. This report focuses on the latter problem. We have found three distinct camps of opinions regarding how to secure mobile code. There are those who believe special distributed hardware is necessary, those who believe special distributed software is necessary, and those who believe neither is necessary. We examine all three camps, with a focus on the third. In the distributed software camp we examine some commonly proposed techniques including Java, D'Agents and Flask. For the specialized hardware camp, we propose a cryptographic technique for 'tamper-proofing' code over a large portion of the software/hardware life cycle by careful modification of current architectures. This method culminates by decrypting/authenticating each instruction within a physically protected CPU, thereby protecting against subversion by malicious code. Our main focus is on the camp that believes that neither specialized software nor hardware is necessary. We concentrate on methods of code obfuscation to render an entire program or a data segment on which a program depends incomprehensible. The hope is to prevent or at least slow down reverse engineering efforts and to prevent goal-oriented attacks on the software and execution. The field of obfuscation is still in a state of development with the central problem being the lack of a basis for evaluating the protection schemes. We give a brief introduction to some of the main ideas in the field, followed by an in depth analysis of a technique called 'white-boxing'. We put forth some new attacks and improvements

  12. Network systems security analysis

    NASA Astrophysics Data System (ADS)

    Yilmaz, Ä.°smail

    2015-05-01

    Network Systems Security Analysis has utmost importance in today's world. Many companies, like banks which give priority to data management, test their own data security systems with "Penetration Tests" by time to time. In this context, companies must also test their own network/server systems and take precautions, as the data security draws attention. Based on this idea, the study cyber-attacks are researched throughoutly and Penetration Test technics are examined. With these information on, classification is made for the cyber-attacks and later network systems' security is tested systematically. After the testing period, all data is reported and filed for future reference. Consequently, it is found out that human beings are the weakest circle of the chain and simple mistakes may unintentionally cause huge problems. Thus, it is clear that some precautions must be taken to avoid such threats like updating the security software.

  13. Technical Reference Suite Addressing Challenges of Providing Assurance for Fault Management Architectural Design

    NASA Technical Reports Server (NTRS)

    Fitz, Rhonda; Whitman, Gerek

    2016-01-01

    Research into complexities of software systems Fault Management (FM) and how architectural design decisions affect safety, preservation of assets, and maintenance of desired system functionality has coalesced into a technical reference (TR) suite that advances the provision of safety and mission assurance. The NASA Independent Verification and Validation (IV&V) Program, with Software Assurance Research Program support, extracted FM architectures across the IV&V portfolio to evaluate robustness, assess visibility for validation and test, and define software assurance methods applied to the architectures and designs. This investigation spanned IV&V projects with seven different primary developers, a wide range of sizes and complexities, and encompassed Deep Space Robotic, Human Spaceflight, and Earth Orbiter mission FM architectures. The initiative continues with an expansion of the TR suite to include Launch Vehicles, adding the benefit of investigating differences intrinsic to model-based FM architectures and insight into complexities of FM within an Agile software development environment, in order to improve awareness of how nontraditional processes affect FM architectural design and system health management. The identification of particular FM architectures, visibility, and associated IV&V techniques provides a TR suite that enables greater assurance that critical software systems will adequately protect against faults and respond to adverse conditions. Additionally, the role FM has with regard to strengthened security requirements, with potential to advance overall asset protection of flight software systems, is being addressed with the development of an adverse conditions database encompassing flight software vulnerabilities. Capitalizing on the established framework, this TR suite provides assurance capability for a variety of FM architectures and varied development approaches. Research results are being disseminated across NASA, other agencies, and the

  14. Climate Change and National Security

    DTIC Science & Technology

    2013-02-01

    does not display a currently valid OMB control number. PLEASE DO NOT RETURN YOUR FORM TO THE ABOVE ADDRESS. a. REPORT Climate Change and National...Security 14. ABSTRACT 16. SECURITY CLASSIFICATION OF: Does climate change constitute a national security threat to the United States? What is climate ...resources for an in-depth discussion on national security and climate change . 1. REPORT DATE (DD-MM-YYYY) 4. TITLE AND SUBTITLE 13. SUPPLEMENTARY NOTES

  15. Web Application Software for Ground Operations Planning Database (GOPDb) Management

    NASA Technical Reports Server (NTRS)

    Lanham, Clifton; Kallner, Shawn; Gernand, Jeffrey

    2013-01-01

    A Web application facilitates collaborative development of the ground operations planning document. This will reduce costs and development time for new programs by incorporating the data governance, access control, and revision tracking of the ground operations planning data. Ground Operations Planning requires the creation and maintenance of detailed timelines and documentation. The GOPDb Web application was created using state-of-the-art Web 2.0 technologies, and was deployed as SaaS (Software as a Service), with an emphasis on data governance and security needs. Application access is managed using two-factor authentication, with data write permissions tied to user roles and responsibilities. Multiple instances of the application can be deployed on a Web server to meet the robust needs for multiple, future programs with minimal additional cost. This innovation features high availability and scalability, with no additional software that needs to be bought or installed. For data governance and security (data quality, management, business process management, and risk management for data handling), the software uses NAMS. No local copy/cloning of data is permitted. Data change log/tracking is addressed, as well as collaboration, work flow, and process standardization. The software provides on-line documentation and detailed Web-based help. There are multiple ways that this software can be deployed on a Web server to meet ground operations planning needs for future programs. The software could be used to support commercial crew ground operations planning, as well as commercial payload/satellite ground operations planning. The application source code and database schema are owned by NASA.

  16. Governing for Enterprise Security (GES) Implementation Guide

    DTIC Science & Technology

    2007-08-01

    Security (GES) 1 1.1 Governing for Enterprise Security Definitions 3 1.2 Eleven Characteristics of Effective Security Governance 5 1.3 Effective versus...and technical considerations. SOFTWARE ENGINEERING INSTITUTE | 5 This shift in perspective elevates security from a standalone, technical...Officer (CSO), 5 Chief Risk Officer (CRO), and Chief Privacy Officer (CPO). Security roles and responsibilities for business leaders are denoted by

  17. Cyber security best practices for the nuclear industry

    SciTech Connect

    Badr, I.

    2012-07-01

    When deploying software based systems, such as, digital instrumentation and controls for the nuclear industry, it is vital to include cyber security assessment as part of architecture and development process. When integrating and delivering software-intensive systems for the nuclear industry, engineering teams should make use of a secure, requirements driven, software development life cycle, ensuring security compliance and optimum return on investment. Reliability protections, data loss prevention, and privacy enforcement provide a strong case for installing strict cyber security policies. (authors)

  18. Thalmann Algorithm Decompression Table Generation Software Design Document

    DTIC Science & Technology

    2010-09-01

    Decompression Table Generation Software Design Document Navy Experimental Diving Unit Author...TITLE (Include Security Classification) (U) THALMANN ALGORITHM DECOMPRESSION TABLE GENERATION SOFTWARE DESIGN DOCUMENT 12. PERSONAL AUTHOR(S...1 2. Decompression Table Generator (TBLP7R

  19. New Aspects of Test Security.

    ERIC Educational Resources Information Center

    Lambert, Joyce C.; Lousteau, Carolyn L.; Mochetta, Page T.

    2001-01-01

    Discusses the security of computerized test files based on a survey of collegiate educators and offers recommendations to make tests more secure. Highlights include passwords; firewalls; keeping test files offline rather than on a hard drive; encryption; and using software to write over files rather than just deleting them. (LRW)

  20. 17 CFR 230.154 - Delivery of prospectuses to investors at the same address.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... investors at the same address. 230.154 Section 230.154 Commodity and Securities Exchanges SECURITIES AND... prospectuses to investors at the same address. (a) Delivery of a single prospectus. If you must deliver a... prospectus to investors who share an address if: (1) You deliver a prospectus to the shared address; (2)...

  1. 17 CFR 230.154 - Delivery of prospectuses to investors at the same address.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... investors at the same address. 230.154 Section 230.154 Commodity and Securities Exchanges SECURITIES AND... prospectuses to investors at the same address. (a) Delivery of a single prospectus. If you must deliver a... prospectus to investors who share an address if: (1) You deliver a prospectus to the shared address; (2)...

  2. 17 CFR 230.154 - Delivery of prospectuses to investors at the same address.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... investors at the same address. 230.154 Section 230.154 Commodity and Securities Exchanges SECURITIES AND... prospectuses to investors at the same address. (a) Delivery of a single prospectus. If you must deliver a... prospectus to investors who share an address if: (1) You deliver a prospectus to the shared address; (2)...

  3. Public eye security system

    NASA Astrophysics Data System (ADS)

    Aviv, David G.

    1999-01-01

    The recently patented system is a software engine that is connected to a television camera that is used for security applications. It will detect in near real time any physical criminal acts occurring within the field of view of the camera. It then instantaneously transmits an alarm to law enforcement and turns on a VCR and other crime deterrent systems, without human involvement.

  4. Application Security Automation

    ERIC Educational Resources Information Center

    Malaika, Majid A.

    2011-01-01

    With today's high demand for online applications and services running on the Internet, software has become a vital component in our lives. With every revolutionary technology comes challenges unique to its characteristics; for online applications, security is one huge concern and challenge. Currently, there are several schemes that address…

  5. Using Dynamic Software to Address Common College Calculus Stumbling Blocks

    ERIC Educational Resources Information Center

    Seneres, Alice W.; Kerrigan, John A.

    2014-01-01

    There are specific topics in college calculus that can be major stumbling blocks for students. Having taught college calculus for four years to over a thousand students, we observed that even the students who have already taken pre-calculus or calculus during their high school careers had common misunderstandings. Students may remember a technique…

  6. Software Smarts

    NASA Technical Reports Server (NTRS)

    1998-01-01

    Under an SBIR (Small Business Innovative Research) contract with Johnson Space Center, Knowledge Based Systems Inc. (KBSI) developed an intelligent software environment for modeling and analyzing mission planning activities, simulating behavior, and, using a unique constraint propagation mechanism, updating plans with each change in mission planning activities. KBSI developed this technology into a commercial product, PROJECTLINK, a two-way bridge between PROSIm, KBSI's process modeling and simulation software and leading project management software like Microsoft Project and Primavera's SureTrak Project Manager.

  7. Secure Control Systems for the Energy Sector

    SciTech Connect

    Smith, Rhett; Campbell, Jack; Hadley, Mark

    2012-03-31

    Schweitzer Engineering Laboratories (SEL) will conduct the Hallmark Project to address the need to reduce the risk of energy disruptions because of cyber incidents on control systems. The goals is to develop solutions that can be both applied to existing control systems and designed into new control systems to add the security measures needed to mitigate energy network vulnerabilities. The scope of the Hallmark Project contains four primary elements: 1. Technology transfer of the Secure Supervisory Control and Data Acquisition (SCADA) Communications Protocol (SSCP) from Pacific Northwest National Laboratories (PNNL) to Schweitzer Engineering Laboratories (SEL). The project shall use this technology to develop a Federal Information Processing Standard (FIPS) 140-2 compliant original equipment manufacturer (OEM) module to be called a Cryptographic Daughter Card (CDC) with the ability to directly connect to any PC enabling that computer to securely communicate across serial to field devices. Validate the OEM capabilities with another vendor. 2. Development of a Link Authenticator Module (LAM) using the FIPS 140-2 validated Secure SCADA Communications Protocol (SSCP) CDC module with a central management software kit. 3. Validation of the CDC and Link Authenticator modules via laboratory and field tests. 4. Creation of documents that record the impact of the Link Authenticator to the operators of control systems and on the control system itself. The information in the documents can assist others with technology deployment and maintenance.

  8. Secure steganography designed for mobile platforms

    NASA Astrophysics Data System (ADS)

    Agaian, Sos S.; Cherukuri, Ravindranath; Sifuentes, Ronnie R.

    2006-05-01

    Adaptive steganography, an intelligent approach to message hiding, integrated with matrix encoding and pn-sequences serves as a promising resolution to recent security assurance concerns. Incorporating the above data hiding concepts with established cryptographic protocols in wireless communication would greatly increase the security and privacy of transmitting sensitive information. We present an algorithm which will address the following problems: 1) low embedding capacity in mobile devices due to fixed image dimensions and memory constraints, 2) compatibility between mobile and land based desktop computers, and 3) detection of stego images by widely available steganalysis software [1-3]. Consistent with the smaller available memory, processor capabilities, and limited resolution associated with mobile devices, we propose a more magnified approach to steganography by focusing adaptive efforts at the pixel level. This deeper method, in comparison to the block processing techniques commonly found in existing adaptive methods, allows an increase in capacity while still offering a desired level of security. Based on computer simulations using high resolution, natural imagery and mobile device captured images, comparisons show that the proposed method securely allows an increased amount of embedding capacity but still avoids detection by varying steganalysis techniques.

  9. Software Diversity for Future Systems Security

    DTIC Science & Technology

    2011-09-01

    Conference on Dependable Systems and Network (DSN 2009). 29. Gao, Debin; Reiter, Michael K.; and Song, Dawn Xiaodong (2006), Behavioral Distance for Intrusion...2005), Springer, pp. 63–81. 30. Gao, Debin; Reiter, Michael K.; and Song, Dawn Xiaodong (2006), Behavioral Distance Measurement Using Hidden Markov

  10. Foundations for Security Aware Software Development Education

    DTIC Science & Technology

    2005-11-22

    Davis Highway, Suite 1204, Arlington, VA 22202-4302, and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188), Washinaton. DC...errors and truncation [11]. Code that the life of the programmer easier (you don’t have to performs numeric computations by nature has the manage the...practices for -fault string. Instead, the programmer should manage and tolerance were not encouraged. verify string sizes for themselves. Curriculums must

  11. Development methodology for scientific software

    SciTech Connect

    Cort, G.; Goldstone, J.A.; Nelson, R.O.; Poore, R.V.; Miller, L.; Barrus, D.M.

    1985-01-01

    We present the details of a software development methodology that addresses all phases of the software life cycle, yet is well suited for application by small projects with limited resources. The methodology has been developed at the Los Alamos Weapons Neutron Research (WNR) Facility and was utilized during the recent development of the WNR Data Acquisition Command Language. The methodology emphasizes the development and maintenance of comprehensive documentation for all software components. The impact of the methodology upon software quality and programmer productivity is assessed.

  12. Software Assurance Curriculum Project Volume 2: Undergraduate Course Outlines

    DTIC Science & Technology

    2010-08-01

    Software Assurance Curriculum Project Volume II: Undergraduate Course Outlines Nancy R . Mead, Software Engineering Institute Thomas B...this document. Dick Fairley Dan Shoemaker, University of Detroit Mercy Carol Sledge, Software Engineering Institute We also acknowledge the...Mead, Nancy R . Software Security Engineering: A Guide for Project Managers [Allen 2008]. 12 | CMU/SEI-2010-TR-019 Bishop, Matt. Computer

  13. Security Evolution.

    ERIC Educational Resources Information Center

    De Patta, Joe

    2003-01-01

    Examines how to evaluate school security, begin making schools safe, secure schools without turning them into fortresses, and secure schools easily and affordably; the evolution of security systems into information technology systems; using schools' high-speed network lines; how one specific security system was developed; pros and cons of the…

  14. Software Reviews.

    ERIC Educational Resources Information Center

    McGrath, Diane

    1990-01-01

    Reviews two programs: (1) "The Weather Machine" on understanding weather and weather forecasting and (2) "The Mystery of the Hotel Victoria" on problem solving in mathematics. Presents the descriptions, advantages, and weaknesses of the software. (YP)

  15. Software Reviews.

    ERIC Educational Resources Information Center

    Wulfson, Stephen, Ed.

    1987-01-01

    Reviews seven computer software programs that can be used in science education programs. Describes courseware which deals with muscles and bones, terminology, classifying animals without backbones, molecular structures, drugs, genetics, and shaping the earth's surface. (TW)

  16. Software Reviews.

    ERIC Educational Resources Information Center

    Mathematics and Computer Education, 1988

    1988-01-01

    Presents reviews of six software packages. Includes (1) "Plain Vanilla Statistics"; (2) "MathCAD 2.0"; (3) "GrFx"; (4) "Trigonometry"; (5) "Algebra II"; (6) "Algebra Drill and Practice I, II, and III." (PK)

  17. Software Reviews.

    ERIC Educational Resources Information Center

    Wulfson, Stephen, Ed.

    1987-01-01

    Provides a review of four science software programs. Includes topics such as plate tectonics, laboratory experiment simulations, the human body, and light and temperature. Contains information on ordering and reviewers' comments. (ML)

  18. Software Reviews.

    ERIC Educational Resources Information Center

    Wulfson, Stephen, Ed.

    1990-01-01

    Reviewed are six computer software packages including "Lunar Greenhouse,""Dyno-Quest,""How Weather Works,""Animal Trackers,""Personal Science Laboratory," and "The Skeletal and Muscular Systems." Availability, functional, and hardware requirements are discussed. (CW)

  19. Software Reviews.

    ERIC Educational Resources Information Center

    Classroom Computer Learning, 1990

    1990-01-01

    Reviewed are three computer software packages including "Martin Luther King, Jr.: Instant Replay of History,""Weeds to Trees," and "The New Print Shop, School Edition." Discussed are hardware requirements, costs, grade levels, availability, emphasis, strengths, and weaknesses. (CW)

  20. Software Reviews.

    ERIC Educational Resources Information Center

    Wulfson, Eugene T., Ed.

    1988-01-01

    Presents reviews by classroom teachers of software for teaching science. Includes material on the work of geologists, genetics, earth science, classification of living things, astronomy, endangered species, skeleton, drugs, and heartbeat. Provides information on availability and equipment needed. (RT)

  1. Software Reviews.

    ERIC Educational Resources Information Center

    Dwyer, Donna; And Others

    1989-01-01

    Reviewed are seven software packages for Apple and IBM computers. Included are: "Toxicology"; "Science Corner: Space Probe"; "Alcohol and Pregnancy"; "Science Tool Kit Plus"; Computer Investigations: Plant Growth"; "Climatrolls"; and "Animal Watch: Whales." (CW)

  2. Addressing Employer Services.

    ERIC Educational Resources Information Center

    Perspective: Essays and Reviews of Issues in Employment Security and Employment and Training Programs, 1986

    1986-01-01

    This volume of an annual journal contains 21 articles focusing on the many services that state Employment Security (ES) agencies are providing to improve outreach to employers who pay for the programs through the dedicated revenues of the Federal Unemployment Tax Act and state benefit taxes and to improve their own staff ability to deliver…

  3. Unified Engineering Software System

    NASA Technical Reports Server (NTRS)

    Purves, L. R.; Gordon, S.; Peltzman, A.; Dube, M.

    1989-01-01

    Collection of computer programs performs diverse functions in prototype engineering. NEXUS, NASA Engineering Extendible Unified Software system, is research set of computer programs designed to support full sequence of activities encountered in NASA engineering projects. Sequence spans preliminary design, design analysis, detailed design, manufacturing, assembly, and testing. Primarily addresses process of prototype engineering, task of getting single or small number of copies of product to work. Written in FORTRAN 77 and PROLOG.

  4. What's Where In Software: An Update.

    ERIC Educational Resources Information Center

    Currents, 1995

    1995-01-01

    A directory lists computer software vendors offering software useful in administering college alumni and development programs. Listings include client/server system vendors and minicomputer and mainframe system vendors. Each listing contains the vendor name and address, contact person, software title(s), cost, hardware requirements, and client…

  5. The development process for the space shuttle primary avionics software system

    NASA Technical Reports Server (NTRS)

    Keller, T. W.

    1987-01-01

    Primary avionics software system; software development approach; user support and problem diagnosis; software releases and configuration; quality/productivity programs; and software development/production facilities are addressed. Also examined are the external evaluations of the IBM process.

  6. Defense and security of a wireless tactical network

    NASA Astrophysics Data System (ADS)

    Younger, Michael; Young, Stuart H.

    2001-08-01

    Recall the adage `a chain is as strong as its weakest link'- -a phrase that could serve as the official mantra of computer security. Operating Systems are difficult system to administer because it is not only complex and cantankerous but also hard to secure. They are enormous configurability, the fact that vendors don't ship secure systems, and that it requires significant amounts of time, resources, and expertise to safeguard a host are only some of the reasons that so many systems are insecure any type of network commercial or tactical. To compound the problem, like all modern operating systems it not only becomes less secure as time goes on (simply due to usage), but with the rapidly changing security field, it also requires considerably effort to stay abreast of the latest information. Army Research Labs is trying to address the security of the operating system in a tactical wireless environment. Through the use of public domain and/or commercial mans. ARL is evaluating monitoring, deployment, and auditing techniques to the wire commercial domain. By evaluating the wire domain ARL will determine what works and how they work in the tactical area. There are numerous ways to protect the wire/wireless network via public domain or commercial software.

  7. Remotely Monitored Sealing Array Software

    SciTech Connect

    2012-09-12

    The Remotely Monitored Sealing Array (RMSA) utilizes the Secure Sensor Platform (SSP) framework to establish the fundamental operating capabilities for communication, security, power management, and cryptography. In addition to the SSP framework the RMSA software has unique capabilities to support monitoring a fiber optic seal. Fiber monitoring includes open and closed as well as parametric monitoring to detect tampering attacks. The fiber monitoring techniques, using the SSP power management processes, allow the seals to last for years while maintaining the security requirements of the monitoring application. The seal is enclosed in a tamper resistant housing with software to support active tamper monitoring. New features include LED notification of fiber closure, the ability to retrieve the entire fiber optic history via translator command, separate memory storage for fiber optic events, and a more robust method for tracking and resending failed messages.

  8. Addressing Ozone Layer Depletion

    EPA Pesticide Factsheets

    Access information on EPA's efforts to address ozone layer depletion through regulations, collaborations with stakeholders, international treaties, partnerships with the private sector, and enforcement actions under Title VI of the Clean Air Act.

  9. Common Criteria Based Security Scenario Verification

    NASA Astrophysics Data System (ADS)

    Ohnishi, Atsushi

    Software is required to comply with the laws and standards of software security. However, stakeholders with less concern regarding security can neither describe the behaviour of the system with regard to security nor validate the system’s behaviour when the security function conflicts with usability. Scenarios or use-case specifications are common in requirements elicitation and are useful to analyze the usability of the system from a behavioural point of view. In this paper, the authors propose both (1) a scenario language based on a simple case grammar and (2) a method to verify a scenario with rules based on security evaluation criteria.

  10. Software reengineering

    NASA Technical Reports Server (NTRS)

    Fridge, Ernest M., III

    1991-01-01

    Today's software systems generally use obsolete technology, are not integrated properly with other software systems, and are difficult and costly to maintain. The discipline of reverse engineering is becoming prominent as organizations try to move their systems up to more modern and maintainable technology in a cost effective manner. JSC created a significant set of tools to develop and maintain FORTRAN and C code during development of the Space Shuttle. This tool set forms the basis for an integrated environment to re-engineer existing code into modern software engineering structures which are then easier and less costly to maintain and which allow a fairly straightforward translation into other target languages. The environment will support these structures and practices even in areas where the language definition and compilers do not enforce good software engineering. The knowledge and data captured using the reverse engineering tools is passed to standard forward engineering tools to redesign or perform major upgrades to software systems in a much more cost effective manner than using older technologies. A beta vision of the environment was released in Mar. 1991. The commercial potential for such re-engineering tools is very great. CASE TRENDS magazine reported it to be the primary concern of over four hundred of the top MIS executives.

  11. Software engineering

    NASA Technical Reports Server (NTRS)

    Fridge, Ernest M., III; Hiott, Jim; Golej, Jim; Plumb, Allan

    1993-01-01

    Today's software systems generally use obsolete technology, are not integrated properly with other software systems, and are difficult and costly to maintain. The discipline of reverse engineering is becoming prominent as organizations try to move their systems up to more modern and maintainable technology in a cost effective manner. The Johnson Space Center (JSC) created a significant set of tools to develop and maintain FORTRAN and C code during development of the space shuttle. This tool set forms the basis for an integrated environment to reengineer existing code into modern software engineering structures which are then easier and less costly to maintain and which allow a fairly straightforward translation into other target languages. The environment will support these structures and practices even in areas where the language definition and compilers do not enforce good software engineering. The knowledge and data captured using the reverse engineering tools is passed to standard forward engineering tools to redesign or perform major upgrades to software systems in a much more cost effective manner than using older technologies. The latest release of the environment was in Feb. 1992.

  12. Framework for Flexible Security in Group Communications

    NASA Technical Reports Server (NTRS)

    McDaniel, Patrick; Prakash, Atul

    2006-01-01

    The Antigone software system defines a framework for the flexible definition and implementation of security policies in group communication systems. Antigone does not dictate the available security policies, but provides high-level mechanisms for implementing them. A central element of the Antigone architecture is a suite of such mechanisms comprising micro-protocols that provide the basic services needed by secure groups.

  13. Physical security of cut-and-cover underground facilities

    SciTech Connect

    Morse, W.D.

    1998-08-01

    To aid designers, generic physical security objectives and design concepts for cut-and-cover underground facilities are presented. Specific aspects addressing overburdens, entryways, security doors, facility services, emergency egress, security response force, and human elements are discussed.

  14. Wireless physical layer security

    NASA Astrophysics Data System (ADS)

    Poor, H. Vincent; Schaefer, Rafael F.

    2017-01-01

    Security in wireless networks has traditionally been considered to be an issue to be addressed separately from the physical radio transmission aspects of wireless systems. However, with the emergence of new networking architectures that are not amenable to traditional methods of secure communication such as data encryption, there has been an increase in interest in the potential of the physical properties of the radio channel itself to provide communications security. Information theory provides a natural framework for the study of this issue, and there has been considerable recent research devoted to using this framework to develop a greater understanding of the fundamental ability of the so-called physical layer to provide security in wireless networks. Moreover, this approach is also suggestive in many cases of coding techniques that can approach fundamental limits in practice and of techniques for other security tasks such as authentication. This paper provides an overview of these developments.

  15. Wireless physical layer security

    PubMed Central

    Schaefer, Rafael F.

    2017-01-01

    Security in wireless networks has traditionally been considered to be an issue to be addressed separately from the physical radio transmission aspects of wireless systems. However, with the emergence of new networking architectures that are not amenable to traditional methods of secure communication such as data encryption, there has been an increase in interest in the potential of the physical properties of the radio channel itself to provide communications security. Information theory provides a natural framework for the study of this issue, and there has been considerable recent research devoted to using this framework to develop a greater understanding of the fundamental ability of the so-called physical layer to provide security in wireless networks. Moreover, this approach is also suggestive in many cases of coding techniques that can approach fundamental limits in practice and of techniques for other security tasks such as authentication. This paper provides an overview of these developments. PMID:28028211

  16. Wireless physical layer security.

    PubMed

    Poor, H Vincent; Schaefer, Rafael F

    2017-01-03

    Security in wireless networks has traditionally been considered to be an issue to be addressed separately from the physical radio transmission aspects of wireless systems. However, with the emergence of new networking architectures that are not amenable to traditional methods of secure communication such as data encryption, there has been an increase in interest in the potential of the physical properties of the radio channel itself to provide communications security. Information theory provides a natural framework for the study of this issue, and there has been considerable recent research devoted to using this framework to develop a greater understanding of the fundamental ability of the so-called physical layer to provide security in wireless networks. Moreover, this approach is also suggestive in many cases of coding techniques that can approach fundamental limits in practice and of techniques for other security tasks such as authentication. This paper provides an overview of these developments.

  17. Control Software

    NASA Technical Reports Server (NTRS)

    1997-01-01

    Real-Time Innovations, Inc. (RTI) collaborated with Ames Research Center, the Jet Propulsion Laboratory and Stanford University to leverage NASA research to produce ControlShell software. RTI is the first "graduate" of Ames Research Center's Technology Commercialization Center. The ControlShell system was used extensively on a cooperative project to enhance the capabilities of a Russian-built Marsokhod rover being evaluated for eventual flight to Mars. RTI's ControlShell is complex, real-time command and control software, capable of processing information and controlling mechanical devices. One ControlShell tool is StethoScope. As a real-time data collection and display tool, StethoScope allows a user to see how a program is running without changing its execution. RTI has successfully applied its software savvy in other arenas, such as telecommunications, networking, video editing, semiconductor manufacturing, automobile systems, and medical imaging.

  18. Novel Duplicate Address Detection with Hash Function

    PubMed Central

    Song, GuangJia; Ji, ZhenZhou

    2016-01-01

    Duplicate address detection (DAD) is an important component of the address resolution protocol (ARP) and the neighbor discovery protocol (NDP). DAD determines whether an IP address is in conflict with other nodes. In traditional DAD, the target address to be detected is broadcast through the network, which provides convenience for malicious nodes to attack. A malicious node can send a spoofing reply to prevent the address configuration of a normal node, and thus, a denial-of-service attack is launched. This study proposes a hash method to hide the target address in DAD, which prevents an attack node from launching destination attacks. If the address of a normal node is identical to the detection address, then its hash value should be the same as the “Hash_64” field in the neighboring solicitation message. Consequently, DAD can be successfully completed. This process is called DAD-h. Simulation results indicate that address configuration using DAD-h has a considerably higher success rate when under attack compared with traditional DAD. Comparative analysis shows that DAD-h does not require third-party devices and considerable computing resources; it also provides a lightweight security resolution. PMID:26991901

  19. Intelligent Sensors Security

    PubMed Central

    Bialas, Andrzej

    2010-01-01

    The paper is focused on the security issues of sensors provided with processors and software and used for high-risk applications. Common IT related threats may cause serious consequences for sensor system users. To improve their robustness, sensor systems should be developed in a restricted way that would provide them with assurance. One assurance creation methodology is Common Criteria (ISO/IEC 15408) used for IT products and systems. The paper begins with a primer on the Common Criteria, and then a general security model of the intelligent sensor as an IT product is discussed. The paper presents how the security problem of the intelligent sensor is defined and solved. The contribution of the paper is to provide Common Criteria (CC) related security design patterns and to improve the effectiveness of the sensor development process. PMID:22315571

  20. Predicting Vulnerability Risks Using Software Characteristics

    ERIC Educational Resources Information Center

    Roumani, Yaman

    2012-01-01

    Software vulnerabilities have been regarded as one of the key reasons for computer security breaches that have resulted in billions of dollars in losses per year (Telang and Wattal 2005). With the growth of the software industry and the Internet, the number of vulnerability attacks and the ease with which an attack can be made have increased. From…

  1. Performance evaluation of secured DICOM image communication with next generation internet protocol IPv6

    NASA Astrophysics Data System (ADS)

    Yu, Fenghai; Zhang, Jianguo; Chen, Xiaomeng; Huang, H. K.

    2005-04-01

    Next Generation Internet (NGI) technology with new communication protocol IPv6 emerges as a potential solution for low-cost and high-speed networks for image data transmission. IPv6 is designed to solve many of the problems of the current version of IP (known as IPv4) with regard to address depletion, security, autoconfiguration, extensibility, and more. We choose CTN (Central Test Node) DICOM software developed by The Mallinckrodt Institute of Radiology to implement IPv6/IPv4 enabled DICOM communication software on different operating systems (Windows/Linux), and used this DICOM software to evaluate the performance of the IPv6/IPv4 enabled DICOM image communication with different security setting and environments. We compared the security communications of IPsec with SSL/TLS on different TCP/IP protocols (IPv6/IPv4), and find that there are some trade-offs to choose security solution between IPsec and SSL/TLS in the security implementation of IPv6/IPv4 communication networks.

  2. [Software version and medical device software supervision].

    PubMed

    Peng, Liang; Liu, Xiaoyan

    2015-01-01

    The importance of software version in the medical device software supervision does not cause enough attention at present. First of all, the effect of software version in the medical device software supervision is discussed, and then the necessity of software version in the medical device software supervision is analyzed based on the discussion of the misunderstanding of software version. Finally the concrete suggestions on software version naming rules, software version supervision for the software in medical devices, and software version supervision scheme are proposed.

  3. Safety and security issues in developing and operating in intelligent transportation systems

    SciTech Connect

    Lawrence, J.D.

    1995-04-01

    The purpose of this panel is to introduce the safety and security issues related to the development and operation of Intelligent Transportation Systems (ITS) to Compass participants. Many of these issues need to be addressed by the system safety and computer security communities prior to the development and deployment of ITS. For example, how can information technology be applied in the context of a fully automated highway system (AHS) such that the safety, security, and performance of the system are not compromised? At present, the US and other countries are funding academia and industry to build prototype automated highway systems in which vehicles are controlled via drive-by-wire technology, with vehicles traveling at high speeds (in excess of 30 m/s) at close spacing (1 to 4 m). The potential impact of software errors or hardware errors on system safety and security are great.

  4. Final report for the Integrated and Robust Security Infrastructure (IRSI) laboratory directed research and development project

    SciTech Connect

    Hutchinson, R.L.; Hamilton, V.A.; Istrail, G.G.; Espinoza, J.; Murphy, M.D.

    1997-11-01

    This report describes the results of a Sandia-funded laboratory-directed research and development project titled {open_quotes}Integrated and Robust Security Infrastructure{close_quotes} (IRSI). IRSI was to provide a broad range of commercial-grade security services to any software application. IRSI has two primary goals: application transparency and manageable public key infrastructure. IRSI must provide its security services to any application without the need to modify the application to invoke the security services. Public key mechanisms are well suited for a network with many end users and systems. There are many issues that make it difficult to deploy and manage a public key infrastructure. IRSI addressed some of these issues to create a more manageable public key infrastructure.

  5. SPAN security policies and guidelines

    NASA Technical Reports Server (NTRS)

    Sisson, Patricia L.; Green, James L.

    1989-01-01

    A guide is provided to system security with emphasis on requirements and guidelines that are necessary to maintain an acceptable level of security on the network. To have security for the network, each node on the network must be secure. Therefore, each system manager, must strictly adhere to the requirements and must consider implementing the guidelines discussed. There are areas of vulnerability within the operating system that may not be addressed. However, when a requirement or guideline is discussed, implementation techniques are included. Information related to computer and data security is discussed to provide information on implementation options. The information is presented as it relates to a VAX computer environment.

  6. Telemedicine Security: A Systematic Review

    PubMed Central

    Garg, Vaibhav; Brewer, Jeffrey

    2011-01-01

    Telemedicine is a technology-based alternative to traditional health care delivery. However, poor security measures in telemedicine services can have an adverse impact on the quality of care provided, regardless of the chronic condition being studied. We undertook a systematic review of 58 journal articles pertaining to telemedicine security. These articles were selected based on a keyword search on 14 relevant journals. The articles were coded to evaluate the methodology and to identify the key areas of research in security that are being reviewed. Seventy-six percent of the articles defined the security problem they were addressing, and only 47% formulated a research question pertaining to security. Sixty-one percent proposed a solution, and 20% of these tested the security solutions that they proposed. Prior research indicates inadequate reporting of methodology in telemedicine research. We found that to be true for security research as well. We also identified other issues such as using outdated security standards. PMID:21722592

  7. Telemedicine security: a systematic review.

    PubMed

    Garg, Vaibhav; Brewer, Jeffrey

    2011-05-01

    Telemedicine is a technology-based alternative to traditional health care delivery. However, poor security measures in telemedicine services can have an adverse impact on the quality of care provided, regardless of the chronic condition being studied. We undertook a systematic review of 58 journal articles pertaining to telemedicine security. These articles were selected based on a keyword search on 14 relevant journals. The articles were coded to evaluate the methodology and to identify the key areas of research in security that are being reviewed. Seventy-six percent of the articles defined the security problem they were addressing, and only 47% formulated a research question pertaining to security. Sixty-one percent proposed a solution, and 20% of these tested the security solutions that they proposed. Prior research indicates inadequate reporting of methodology in telemedicine research. We found that to be true for security research as well. We also identified other issues such as using outdated security standards.

  8. Educational Software.

    ERIC Educational Resources Information Center

    Northwest Regional Educational Lab., Portland, OR.

    The third session of IT@EDU98 consisted of five papers on educational software and was chaired by Tran Van Hao (University of Education, Ho Chi Minh City, Vietnam). "Courseware Engineering" (Nguyen Thanh Son, Ngo Ngoc Bao Tran, Quan Thanh Tho, Nguyen Hong Lam) briefly describes the use of courseware. "Machine Discovery Theorems in Geometry: A…

  9. Software Reviews.

    ERIC Educational Resources Information Center

    Sidwell, Joseph C.; And Others

    1988-01-01

    Gives a review of four software packages including "Science Toolkit: Module 3--Body Lab" for measuring heart rate, lung capacity, and response time; "Project Zoo: Adventures with Charts and Graphs" for developing process skills; "The Body Electric" for explaining electrical activity in the body; and "M-ss-ng…

  10. Software Reviews.

    ERIC Educational Resources Information Center

    Classroom Computer Learning, 1990

    1990-01-01

    Reviewed are computer software packages: "Where in Time Is Carmen Sandiego,""The Bio Sci Videodisc," and "Bio Sci Stacks." Included are hardware requirements, costs, emphasis, grade level, and availability. Functions of the packages are discussed including strengths and weaknesses and teaching suggestions. (CW)

  11. Software Reviews.

    ERIC Educational Resources Information Center

    History Microcomputer Review, 1988

    1988-01-01

    Reviews seven educational computer software packages covering such topics as presidential elections, the American Revolution, the Vietnam War, the construction of historical time lines, and general U.S. history. Also reviews a program designed to help tailor data entry files. Provides ordering information, price, and computer compatibility…

  12. Reviews: Software.

    ERIC Educational Resources Information Center

    Mackenzie, Norma N.; And Others

    1988-01-01

    Reviews four computer software packages including: "The Physical Science Series: Sound" which demonstrates making waves, speed of sound, doppler effect, and human hearing; "Andromeda" depicting celestial motions in any direction; "Biology Quiz: Humans" covering chemistry, cells, viruses, and human biology; and…

  13. Software Reviews.

    ERIC Educational Resources Information Center

    McGrath, Diane, Ed.

    1990-01-01

    Reviews two computer software programs: (1) "Conquering Ratios and Proportions" using a medieval theme for guided practice in identifying and forming ratios for grades 5-8, and (2) "Percent Word Problems" providing problems for finding a percentage of a number and a number from a percentage. (YP)

  14. Software Reviews.

    ERIC Educational Resources Information Center

    Classroom Computer Learning, 1990

    1990-01-01

    Reviewed are two computer software packages: "Super Solvers Midnight Rescue!" a problem-solving program for IBM PCs; and "Interactive Physics," a simulation program for the Macintosh computer. The functions of the package are discussed including strengths and weaknesses and teaching suggestions. (CW)

  15. Software Reviews.

    ERIC Educational Resources Information Center

    Bitter, Gary G., Ed.

    1989-01-01

    Describes three software packages: (1) "MacMendeleev"--database/graphic display for chemistry, grades 10-12, Macintosh; (2) "Geometry One: Foundations"--geometry tutorial, grades 7-12, IBM; (3) "Mathematics Exploration Toolkit"--algebra and calculus tutorial, grades 8-12, IBM. (MVL)

  16. Software Reviews.

    ERIC Educational Resources Information Center

    Classroom Computer Learning, 1988

    1988-01-01

    Reviewed three computer software packages for Apple II series computers. Includes "The Right Job," a career counseling program; "Zoyon Patrol," a problem-solving program; and "Adventures with Charts and Graphs: Project Zoo," a graphing, mathematics, and science skills program. Each review includes strengths, weaknesses, and suggestions for use.…

  17. Reviews, Software.

    ERIC Educational Resources Information Center

    Science Teacher, 1988

    1988-01-01

    Reviews two software programs for Apple series computers. Includes "Orbital Mech," a basic planetary orbital simulation for the Macintosh, and "START: Stimulus and Response Tools for Experiments in Memory, Learning, Cognition, and Perception," a program that demonstrates basic psychological principles and experiments. (CW)

  18. Software Reviews.

    ERIC Educational Resources Information Center

    Kinnaman, Daniel E.; And Others

    1988-01-01

    Reviews four educational software packages for Apple, IBM, and Tandy computers. Includes "How the West was One + Three x Four,""Mavis Beacon Teaches Typing,""Math and Me," and "Write On." Reviews list hardware requirements, emphasis, levels, publisher, purchase agreements, and price. Discusses the strengths…

  19. Software Reviews.

    ERIC Educational Resources Information Center

    McGrath, Diane, Ed.

    1989-01-01

    Reviewed are two computer software programs for Apple II computers on weather for upper elementary and middle school grades. "Weather" introduces the major factors (temperature, humidity, wind, and air pressure) affecting weather. "How Weather Works" uses simulation and auto-tutorial formats on sun, wind, fronts, clouds, and…

  20. Star Software.

    ERIC Educational Resources Information Center

    Kloza, Brad

    2000-01-01

    Presents a collection of computer software programs designed to spark learning enthusiasm at every grade level and across the curriculum. They include Reader Rabbit's Learn to Read, Spelling Power, Mind Twister Math, Community Construction Kit, Breaking the Code, Encarta Africana 2000, Virtual Serengeti, Operation: Frog (Deluxe), and My First…

  1. Software Reviews.

    ERIC Educational Resources Information Center

    Smith, Richard L., Ed.

    1988-01-01

    Reviews three computer software programs: (1) "Discovery! Experiences with Scientific Reasoning"--problem solving for grades 4-12 (Apple II); (2) "Organic Stereochemistry"--a tutorial for organic chemistry for advanced secondary/college level (Apple II); and (3) "SHOW PARTNER (2.01)"--a graphics utility tool for…

  2. Software Reviews.

    ERIC Educational Resources Information Center

    Mackenzie, Norma N.; And Others

    1988-01-01

    Describes computer software for use with various age groups. Topics include activities involving temperature, simulations, earth science, the circulatory system, human body, reading in science, and ecology. Provides information on equipment needed, availability, package contents, and price. Comments of reviews are presented by classroom teachers.…

  3. Software Reviews.

    ERIC Educational Resources Information Center

    Smith, Richard L., Ed.

    1988-01-01

    Contains evaluations of two computer software packages, "Simulation Experiments 45-48 in Epstein's Laboratory Manual for Chemistry" and "Maps and Legends--the Cartographer (Ver 3.0)." Includes a brief description, applications, and the perceived strengths and weaknesses for each package. (CW)

  4. Statistical Software.

    ERIC Educational Resources Information Center

    Callamaras, Peter

    1983-01-01

    This buyer's guide to seven major types of statistics software packages for microcomputers reviews Edu-Ware Statistics 3.0; Financial Planning; Speed Stat; Statistics with DAISY; Human Systems Dynamics package of Stats Plus, ANOVA II, and REGRESS II; Maxistat; and Moore-Barnes' MBC Test Construction and MBC Correlation. (MBR)

  5. Software Reviews.

    ERIC Educational Resources Information Center

    Wulfson, Stephen, Ed.

    1990-01-01

    Reviewed are seven computer software packages including "Frog Dissection Lab Report,""Backyard Birds,""LEGO TC Logo,""Alcohol--Four Interactive Programs,""Windows on Science--Life Science,""Climate and Weather/Our Town Database," and "Weeds to Trees." Discussed are availability, features, strengths, and weaknesses. (CW)

  6. Software Reviews.

    ERIC Educational Resources Information Center

    Teles, Elizabeth, Ed.; And Others

    1990-01-01

    Reviewed are two computer software packages for Macintosh microcomputers including "Phase Portraits," an exploratory graphics tool for studying first-order planar systems; and "MacMath," a set of programs for exploring differential equations, linear algebra, and other mathematical topics. Features, ease of use, cost, availability, and hardware…

  7. Software Reviews.

    ERIC Educational Resources Information Center

    Science and Children, 1989

    1989-01-01

    Reviews of seven software packages are presented including "The Environment I: Habitats and EcoSystems; II Cycles and Interactions"; "Super Sign Maker"; "The Great Knowledge Race: Substance Abuse"; "Exploring Science: Temperature"; "Fast Food Calculator and RD Aide"; "The Human Body:…

  8. Software Reviews.

    ERIC Educational Resources Information Center

    Science and Children, 1990

    1990-01-01

    Reviewed are seven computer software packages for IBM and/or Apple Computers. Included are "Windows on Science: Volume 1--Physical Science"; "Science Probe--Physical Science"; "Wildlife Adventures--Grizzly Bears"; "Science Skills--Development Programs"; "The Clean Machine"; "Rock Doctor";…

  9. Software Review.

    ERIC Educational Resources Information Center

    McGrath, Diane, Ed.

    1989-01-01

    Reviewed is a computer software package entitled "Audubon Wildlife Adventures: Grizzly Bears" for Apple II and IBM microcomputers. Included are availability, hardware requirements, cost, and a description of the program. The murder-mystery flavor of the program is stressed in this program that focuses on illegal hunting and game…

  10. Software Reviews.

    ERIC Educational Resources Information Center

    Wulfson, Stephen, Ed.

    1990-01-01

    Reviewed are six software packages for Apple and/or IBM computers. Included are "Autograph,""The New Game Show,""Science Probe-Earth Science,""Pollution Patrol,""Investigating Plant Growth," and "AIDS: The Investigation." Discussed are the grade level, function, availability, cost, and hardware requirements of each. (CW)

  11. Software Reviews.

    ERIC Educational Resources Information Center

    Science and Children, 1988

    1988-01-01

    Reviews five software packages for use with school age children. Includes "Science Toolkit Module 2: Earthquake Lab"; "Adaptations and Identification"; "Geoworld"; "Body Systems II Series: The Blood System: A Liquid of Life," all for Apple II, and "Science Courseware: Life Science/Biology" for…

  12. Software Reviews.

    ERIC Educational Resources Information Center

    Mathematics and Computer Education, 1987

    1987-01-01

    Presented are reviews of several microcomputer software programs. Included are reviews of: (1) Microstat (Zenith); (2) MathCAD (MathSoft); (3) Discrete Mathematics (True Basic); (4) CALCULUS (True Basic); (5) Linear-Kit (John Wiley); and (6) Geometry Sensei (Broderbund). (RH)

  13. Software Reviews.

    ERIC Educational Resources Information Center

    Bitter, Gary G., Ed.

    1990-01-01

    Reviews three computer software: (1) "Elastic Lines: The Electronic Geoboard" on elementary geometry; (2) "Wildlife Adventures: Whales" on environmental science; and (3) "What Do You Do with a Broken Calculator?" on computation and problem solving. Summarizes the descriptions, strengths and weaknesses, and…

  14. A Systematic Comprehensive Computational Model for Stake Estimation in Mission Assurance: Applying Cyber Security Econometrics System (CSES) to Mission Assurance Analysis Protocol (MAAP)

    SciTech Connect

    Abercrombie, Robert K; Sheldon, Frederick T; Grimaila, Michael R

    2010-01-01

    In earlier works, we presented a computational infrastructure that allows an analyst to estimate the security of a system in terms of the loss that each stakeholder stands to sustain as a result of security breakdowns. In this paper, we discuss how this infrastructure can be used in the subject domain of mission assurance as defined as the full life-cycle engineering process to identify and mitigate design, production, test, and field support deficiencies of mission success. We address the opportunity to apply the Cyberspace Security Econometrics System (CSES) to Carnegie Mellon University and Software Engineering Institute s Mission Assurance Analysis Protocol (MAAP) in this context.

  15. Infusing Reliability Techniques into Software Safety Analysis

    NASA Technical Reports Server (NTRS)

    Shi, Ying

    2015-01-01

    Software safety analysis for a large software intensive system is always a challenge. Software safety practitioners need to ensure that software related hazards are completely identified, controlled, and tracked. This paper discusses in detail how to incorporate the traditional reliability techniques into the entire software safety analysis process. In addition, this paper addresses how information can be effectively shared between the various practitioners involved in the software safety analyses. The author has successfully applied the approach to several aerospace applications. Examples are provided to illustrate the key steps of the proposed approach.

  16. Making the Business Case for Software Assurance

    DTIC Science & Technology

    2009-04-01

    identified secure software best practices. That is the exact purpose ofthe ISO/ lEe 21827 52 ICMUISEI-2009-SR-001 standard, which will be discussed...be assumed to be at the highest level of reliability. 6.5 Adapting the ISO/ lEe 21287 Standard Approach to Secure Software Assurance In its general form...Better Software Organization," Quest Publishing House, Ann Ar- bor, 1998. [DiCarlo 2003] DiCarlo, Lisa. "Best Countries for Outsourcing." Forbes.com

  17. Addressing Social Issues.

    ERIC Educational Resources Information Center

    Schoebel, Susan

    1991-01-01

    Maintains that advertising can help people become more aware of social responsibilities. Describes a successful nationwide newspaper advertising competition for college students in which ads address social issues such as literacy, drugs, teen suicide, and teen pregnancy. Notes how the ads have helped grassroots programs throughout the United…

  18. Invitational Addresses, 1965.

    ERIC Educational Resources Information Center

    Gates, Arthur I.; And Others

    The full texts of invitational addresses given at the 1965 International Reading Association (IRA) Convention in Detroit, Michigan, by six recipients of IRA citation awards are presented. Gates suggests steps IRA should take to revive and redirect reading research. McCallister discusses the implications of the changing and expanding vocabulary of…

  19. States Address Achievement Gaps.

    ERIC Educational Resources Information Center

    Christie, Kathy

    2002-01-01

    Summarizes 2 state initiatives to address the achievement gap: North Carolina's report by the Advisory Commission on Raising Achievement and Closing Gaps, containing an 11-point strategy, and Kentucky's legislation putting in place 10 specific processes. The North Carolina report is available at www.dpi.state.nc.us.closingthegap; Kentucky's…

  20. Addressing Sexual Harassment

    ERIC Educational Resources Information Center

    Young, Ellie L.; Ashbaker, Betty Y.

    2008-01-01

    This article discusses ways on how to address the problem of sexual harassment in schools. Sexual harassment--simply defined as any unwanted and unwelcome sexual behavior--is a sensitive topic. Merely providing students, parents, and staff members with information about the school's sexual harassment policy is insufficient; schools must take…

  1. Cyber Security Evaluation Tool

    SciTech Connect

    2009-08-03

    CSET is a desktop software tool that guides users through a step-by-step process to assess their control system network security practices against recognized industry standards. The output from CSET is a prioritized list of recommendations for improving the cyber security posture of your organization’s ICS or enterprise network. CSET derives the recommendations from a database of cybersecurity standards, guidelines, and practices. Each recommendation is linked to a set of actions that can be applied to enhance cybersecurity controls.

  2. Social Security and Supplemental Security Income Benefits for Children with Disabilities. The Arc Q & A Series.

    ERIC Educational Resources Information Center

    Arc, Arlington, TX.

    Basic information about Social Security and Supplementary Security Income benefits for children with disabilities is presented in a question-and-answer format. The following questions are addressed: "How can a child get benefits from Social Security or Supplemental Security Income (SSI)?"; "How is eligibility determined?";…

  3. Mining Program Source Code for Improving Software Quality

    DTIC Science & Technology

    2013-01-01

    REPORT Mining Program Source Code for Improving Software Quality 14. ABSTRACT 16. SECURITY CLASSIFICATION OF: While the last decade has witnessed great...Z39.18 - 7-Sep-2012 Mining Program Source Code for Improving Software Quality Report Title ABSTRACT While the last decade has witnessed great...businesses, governments, and societies, improving software productivity and quality is an important goal of software engineering. Mining software

  4. Mapping virtual addresses to different physical addresses for value disambiguation for thread memory access requests

    DOEpatents

    Gala, Alan; Ohmacht, Martin

    2014-09-02

    A multiprocessor system includes nodes. Each node includes a data path that includes a core, a TLB, and a first level cache implementing disambiguation. The system also includes at least one second level cache and a main memory. For thread memory access requests, the core uses an address associated with an instruction format of the core. The first level cache uses an address format related to the size of the main memory plus an offset corresponding to hardware thread meta data. The second level cache uses a physical main memory address plus software thread meta data to store the memory access request. The second level cache accesses the main memory using the physical address with neither the offset nor the thread meta data after resolving speculation. In short, this system includes mapping of a virtual address to a different physical addresses for value disambiguation for different threads.

  5. Lawrence Livermore National Laboratory safeguards and security quarterly progress report to the U.S. Department of Energy. Quarter ending September 30, 1996

    SciTech Connect

    Davis, G.; Johnson, D.; Mansur, D.L.; Ruhter, W.D.; Strait, R.S.

    1996-10-01

    The paper describes tasks undertaken in each of the following areas: Safeguards technology program (STP); Safeguards and material accountability (SMA); Computer security, distributed systems; Complex-wide access control system (CWAC); and Standardization of security systems (SSS). The STP develops advanced, nondestructive analysis technology for measurement of special nuclear materials. Work focuses on R and D relating to X- and gamma-ray spectrometry and to development of computer codes for interpreting the spectral data obtained by these techniques. The SMA is concerned with four areas: insider protection; material accountability; planning and evaluation; and information security. The Computer Security Technology Center provides expertise and solutions to the many information security problems present in today`s computer systems and networks. Incidents of intrusions, computer viruses, the purposeful replacement of legitimate software for illegal purposes, and similar acts are being addressed by the creation of security software, the delivery of incident response expertise, and research and development into secure systems. The purpose of the CWAC is to develop an approach that will allow visitors to use their DOE standard badge in access control systems throughout the DOE complex. The purpose of the SSS project is to support the standardization of security systems to meet DOE orders and requirements, and to support the DOE in offering relevant security technology and capabilities to Federal standardization efforts.

  6. Software Epistemology

    DTIC Science & Technology

    2016-03-01

    corpuses at scale using deep neural networks, i.e., Deep Machine Learning, on high quality features computed from canonical representations of...the application of Deep Learning on software features to support automated vulnerability identification and repair. 1.2 Overview Draper’s...referenced in Table 2. Several web -based tools were maintained to show cluster processing status. Figure 10 shows a snapshot of the build inventory

  7. Security and Policy for Group Collaboration

    SciTech Connect

    Ian Foster; Carl Kesselman

    2006-07-31

    Security and Policy for Group Collaboration” was a Collaboratory Middleware research project aimed at providing the fundamental security and policy infrastructure required to support the creation and operation of distributed, computationally enabled collaborations. The project developed infrastructure that exploits innovative new techniques to address challenging issues of scale, dynamics, distribution, and role. To reduce greatly the cost of adding new members to a collaboration, we developed and evaluated new techniques for creating and managing credentials based on public key certificates, including support for online certificate generation, online certificate repositories, and support for multiple certificate authorities. To facilitate the integration of new resources into a collaboration, we improved significantly the integration of local security environments. To make it easy to create and change the role and associated privileges of both resources and participants of collaboration, we developed community wide authorization services that provide distributed, scalable means for specifying policy. These services make it possible for the delegation of capability from the community to a specific user, class of user or resource. Finally, we instantiated our research results into a framework that makes it useable to a wide range of collaborative tools. The resulting mechanisms and software have been widely adopted within DOE projects and in many other scientific projects. The widespread adoption of our Globus Toolkit technology has provided, and continues to provide, a natural dissemination and technology transfer vehicle for our results.

  8. Data security in occupational health.

    PubMed

    Damrongsak, Mantana; Brown, Kathleen C

    2008-10-01

    Occupational health nurses are increasingly using computer systems in the delivery of efficient, high-quality occupational health services. However, potential breaches in data security are posing more risks to these data systems. The purpose of this article is to address concerns related to data security in occupational health nursing. Occupational health nurses must protect the personal health information of employees by proactively developing methods to ensure data security.

  9. Managing information technology security risk

    NASA Technical Reports Server (NTRS)

    Gilliam, David

    2003-01-01

    Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

  10. Know Your Software Options.

    ERIC Educational Resources Information Center

    Moxley, Doug

    1986-01-01

    Advice on how to find the best software for institutional needs is presented. Purchasing prewritten software, acquiring custom-written software, and improving ready-made software are discussed. Questions to ask before buying software are provided. (MLW)

  11. The ALMA software architecture

    NASA Astrophysics Data System (ADS)

    Schwarz, Joseph; Farris, Allen; Sommer, Heiko

    2004-09-01

    The software for the Atacama Large Millimeter Array (ALMA) is being developed by many institutes on two continents. The software itself will function in a distributed environment, from the 0.5-14 kmbaselines that separate antennas to the larger distances that separate the array site at the Llano de Chajnantor in Chile from the operations and user support facilities in Chile, North America and Europe. Distributed development demands 1) interfaces that allow separated groups to work with minimal dependence on their counterparts at other locations; and 2) a common architecture to minimize duplication and ensure that developers can always perform similar tasks in a similar way. The Container/Component model provides a blueprint for the separation of functional from technical concerns: application developers concentrate on implementing functionality in Components, which depend on Containers to provide them with services such as access to remote resources, transparent serialization of entity objects to XML, logging, error handling and security. Early system integrations have verified that this architecture is sound and that developers can successfully exploit its features. The Containers and their services are provided by a system-orienteddevelopment team as part of the ALMA Common Software (ACS), middleware that is based on CORBA.

  12. The Effect of Software Features on Software Adoption and Training in the Audit Profession

    ERIC Educational Resources Information Center

    Kim, Hyo-Jeong

    2012-01-01

    Although software has been studied with technology adoption and training research, the study of specific software features for professional groups has been limited. To address this gap, I researched the impact of software features of varying complexity on internal audit (IA) professionals. Two studies along with the development of training…

  13. Software engineering and the role of Ada: Executive seminar

    NASA Technical Reports Server (NTRS)

    Freedman, Glenn B.

    1987-01-01

    The objective was to introduce the basic terminology and concepts of software engineering and Ada. The life cycle model is reviewed. The application of the goals and principles of software engineering is applied. An introductory understanding of the features of the Ada language is gained. Topics addressed include: the software crises; the mandate of the Space Station Program; software life cycle model; software engineering; and Ada under the software engineering umbrella.

  14. Secured Advanced Federated Environment (SAFE): A NASA Solution for Secure Cross-Organization Collaboration

    NASA Technical Reports Server (NTRS)

    Chow, Edward; Spence, Matthew Chew; Pell, Barney; Stewart, Helen; Korsmeyer, David; Liu, Joseph; Chang, Hsin-Ping; Viernes, Conan; Gogorth, Andre

    2003-01-01

    This paper discusses the challenges and security issues inherent in building complex cross-organizational collaborative projects and software systems within NASA. By applying the design principles of compartmentalization, organizational hierarchy and inter-organizational federation, the Secured Advanced Federated Environment (SAFE) is laying the foundation for a collaborative virtual infrastructure for the NASA community. A key element of SAFE is the Micro Security Domain (MSD) concept, which balances the need to collaborate and the need to enforce enterprise and local security rules. With the SAFE approach, security is an integral component of enterprise software and network design, not an afterthought.

  15. Software error detection

    NASA Technical Reports Server (NTRS)

    Buechler, W.; Tucker, A. G.

    1981-01-01

    Several methods were employed to detect both the occurrence and source of errors in the operational software of the AN/SLQ-32. A large embedded real time electronic warfare command and control system for the ROLM 1606 computer are presented. The ROLM computer provides information about invalid addressing, improper use of privileged instructions, stack overflows, and unimplemented instructions. Additionally, software techniques were developed to detect invalid jumps, indices out of range, infinte loops, stack underflows, and field size errors. Finally, data are saved to provide information about the status of the system when an error is detected. This information includes I/O buffers, interrupt counts, stack contents, and recently passed locations. The various errors detected, techniques to assist in debugging problems, and segment simulation on a nontarget computer are discussed. These error detection techniques were a major factor in the success of finding the primary cause of error in 98% of over 500 system dumps.

  16. SEISES: A Process Framework for Safe and Secure Aerospace Systems

    NASA Astrophysics Data System (ADS)

    Bieber, Pierre; Blanquart, Jean-Paul; Descargues, Gilles; Sarouille, Gabrielle; Dulucq, Michael; Fourastier, Yannick; Hazane, Eric; Julien, Mathias; Leonardon, Laurent

    2012-08-01

    Recent trends in the design of avionics platform make it credible that accidental or intentional misuse of aircraft or spacecraft information occur. New platforms have increased the interconnectivity of equipment both within the aircraft or spacecraft and with on-ground systems. Such a platform is made of a very wide range of software and hardware items and the avionics platform could be the target of security attacks that try to impact safety.In particular, airworthiness has to be ensured in the presence of aircraft information misuse. In the past ten years, aircraft industry, certification authorities and research organizations have been working to deal with this important matter. New functions were designed to protect avionics platforms, regulations addressing security were issued and joint working groups were established to build applicable standards. In particular, EUROCAE WG72 has published in October 2010 a document [1] that defines a security process for airworthiness.In that context, partners of the SEISES project have investigated, from October 2008 to December 2011, assurance aspects of the development of secure and safe embedded aerospace systems. This paper details two outcomes of the project: a joint framework that groups and organizes security and safety assurance activities and the lessons learnt by applying this framework on three industrial demonstrators.

  17. Software to Manage the Unmanageable

    NASA Technical Reports Server (NTRS)

    2005-01-01

    In 1995, NASA s Jet Propulsion Laboratory (JPL) contracted Redmond, Washington-based Lucidoc Corporation, to design a technology infrastructure to automate the intersection between policy management and operations management with advanced software that automates document workflow, document status, and uniformity of document layout. JPL had very specific parameters for the software. It expected to store and catalog over 8,000 technical and procedural documents integrated with hundreds of processes. The project ended in 2000, but NASA still uses the resulting highly secure document management system, and Lucidoc has managed to help other organizations, large and small, with integrating document flow and operations management to ensure a compliance-ready culture.

  18. Secure Reliable Processing Systems

    DTIC Science & Technology

    1984-02-21

    specification successfully executed by application processes, technique draws from both the techniques of abstract data 121 Communications February 1980 of...J. and Farber. David A. "A \\lod’l for Verification of Data Security in Operating Systems." Communications of the ACM. Vol.21. No.9. September 1978. pp...the data being communicated exists in dleanext form as it is passed from one encrypted link to the next by the switch. Therefore the software in the

  19. Secure Design Patterns

    DTIC Science & Technology

    2009-03-01

    to the parent (s) or children of its corresponding locked node. It only contains the data specific to the node itself, that is, the data that the user...to reduce the cost of system main- tenance and the risk of security vulnerabilities need to be adopted by software development or- ganizations. While...child • is confined in its protection domain and does not gain control over the parent • does not gain control of a process possessing elevated

  20. Systems Security Engineering

    DTIC Science & Technology

    2010-08-22

    Metrics that would be useful in judging the security level of such a solution would therefore also include the number of operating system platforms ...components required for mission assurance could hop across platforms without impact to system operations. Next Steps Identification of a framework...software in a lab environment where recompilation, redesign of communication interfaces, and multiple platforms that could feasibly be made available in

  1. Security extensions to DICOM

    NASA Astrophysics Data System (ADS)

    Thiel, Andreas; Bernarding, Johannes; Schaaf, Thorsten; Bellaire, Gunter; Tolxdorff, Thomas

    1999-07-01

    To ensure the acceptance of telemedical applications several obstacles must be overcome: the transfer of huge amounts of data over heterogeneous hard- and software platforms must be optimized; extended data post-processing is often required; and data security must be taken into consideration; post- processing based on secured data exchange must retain the relationship between original and post-processed images. To analyze and solve these problems, applications of distributed medical services were integrated. Data transfer and management was based on the Digital Imaging and Communications (DICOM) standard. To account for platform- independence of remote users, a novel DICOM server and viewer as implemented in JAVA. Different DICOM-conform data security concepts were analyzed. Encryption of the complete data stream using secure socket layers as well as a partial encryption concepts were tested. The best result was attained by a DICOM-conform encryption of patient-relevant data. The implementation medical services, which used newly develop techniques of magnetic resonance imaging, allowed a much earlier diagnosis of the human brain infarct. The integrated data security enabled remote segmentation within the unsecured internet, followed by storing the data back into the secured network.

  2. Patching the Wetware: Addressing the Human Factor in Information Security

    DTIC Science & Technology

    2011-06-01

    was done to obtain an untainted set of beliefs that are not argued over often such as “It’s a good idea to brush your teeth ”, “Mental illness is not...this vulnerability. Some psychologists theorize that humans have evolved with some of the same fixed- action patterns as our counterparts in the animal

  3. 33 CFR 179.19 - Address of the Commandant.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Address of the Commandant. 179.19 Section 179.19 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) BOATING SAFETY DEFECT NOTIFICATION § 179.19 Address of the Commandant. (a) Each report and...

  4. 33 CFR 179.19 - Address of the Commandant.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... 33 Navigation and Navigable Waters 2 2011-07-01 2011-07-01 false Address of the Commandant. 179.19 Section 179.19 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) BOATING SAFETY DEFECT NOTIFICATION § 179.19 Address of the Commandant. (a) Each report and...

  5. 46 CFR 14.103 - Addresses of Coast Guard.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 46 Shipping 1 2011-10-01 2011-10-01 false Addresses of Coast Guard. 14.103 Section 14.103 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN SHIPMENT AND DISCHARGE OF MERCHANT MARINERS General § 14.103 Addresses of Coast Guard. (a) U.S. postal mail: U.S....

  6. 46 CFR 14.103 - Addresses of Coast Guard.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 46 Shipping 1 2014-10-01 2014-10-01 false Addresses of Coast Guard. 14.103 Section 14.103 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN SHIPMENT AND DISCHARGE OF MERCHANT MARINERS General § 14.103 Addresses of Coast Guard. (a) U.S. postal mail: U.S....

  7. 46 CFR 14.103 - Addresses of Coast Guard.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 46 Shipping 1 2012-10-01 2012-10-01 false Addresses of Coast Guard. 14.103 Section 14.103 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN SHIPMENT AND DISCHARGE OF MERCHANT MARINERS General § 14.103 Addresses of Coast Guard. (a) U.S. postal mail: U.S....

  8. 46 CFR 14.103 - Addresses of Coast Guard.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 46 Shipping 1 2013-10-01 2013-10-01 false Addresses of Coast Guard. 14.103 Section 14.103 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN SHIPMENT AND DISCHARGE OF MERCHANT MARINERS General § 14.103 Addresses of Coast Guard. (a) U.S. postal mail: U.S....

  9. 46 CFR 107.117 - Coast Guard addresses.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 46 Shipping 4 2011-10-01 2011-10-01 false Coast Guard addresses. 107.117 Section 107.117 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS INSPECTION AND CERTIFICATION General § 107.117 Coast Guard addresses. When approval of the Commandant is required under...

  10. 46 CFR 107.117 - Coast Guard addresses.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 46 Shipping 4 2013-10-01 2013-10-01 false Coast Guard addresses. 107.117 Section 107.117 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS INSPECTION AND CERTIFICATION General § 107.117 Coast Guard addresses. When approval of the Commandant is required under...

  11. 46 CFR 107.117 - Coast Guard addresses.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 46 Shipping 4 2014-10-01 2014-10-01 false Coast Guard addresses. 107.117 Section 107.117 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS INSPECTION AND CERTIFICATION General § 107.117 Coast Guard addresses. When approval of the Commandant is required under...

  12. 46 CFR 14.103 - Addresses of Coast Guard.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 46 Shipping 1 2010-10-01 2010-10-01 false Addresses of Coast Guard. 14.103 Section 14.103 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN SHIPMENT AND DISCHARGE OF MERCHANT MARINERS General § 14.103 Addresses of Coast Guard. (a) U.S. postal mail: U.S....

  13. 46 CFR 107.117 - Coast Guard addresses.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 46 Shipping 4 2010-10-01 2010-10-01 false Coast Guard addresses. 107.117 Section 107.117 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS INSPECTION AND CERTIFICATION General § 107.117 Coast Guard addresses. When approval of the Commandant is required under...

  14. Software Prototyping

    PubMed Central

    Del Fiol, Guilherme; Hanseler, Haley; Crouch, Barbara Insley; Cummins, Mollie R.

    2016-01-01

    Summary Background Health information exchange (HIE) between Poison Control Centers (PCCs) and Emergency Departments (EDs) could improve care of poisoned patients. However, PCC information systems are not designed to facilitate HIE with EDs; therefore, we are developing specialized software to support HIE within the normal workflow of the PCC using user-centered design and rapid prototyping. Objective To describe the design of an HIE dashboard and the refinement of user requirements through rapid prototyping. Methods Using previously elicited user requirements, we designed low-fidelity sketches of designs on paper with iterative refinement. Next, we designed an interactive high-fidelity prototype and conducted scenario-based usability tests with end users. Users were asked to think aloud while accomplishing tasks related to a case vignette. After testing, the users provided feedback and evaluated the prototype using the System Usability Scale (SUS). Results Survey results from three users provided useful feedback that was then incorporated into the design. After achieving a stable design, we used the prototype itself as the specification for development of the actual software. Benefits of prototyping included having 1) subject-matter experts heavily involved with the design; 2) flexibility to make rapid changes, 3) the ability to minimize software development efforts early in the design stage; 4) rapid finalization of requirements; 5) early visualization of designs; 6) and a powerful vehicle for communication of the design to the programmers. Challenges included 1) time and effort to develop the prototypes and case scenarios; 2) no simulation of system performance; 3) not having all proposed functionality available in the final product; and 4) missing needed data elements in the PCC information system. PMID:27081404

  15. Analysis Software

    NASA Technical Reports Server (NTRS)

    1994-01-01

    General Purpose Boundary Element Solution Technology (GPBEST) software employs the boundary element method of mechanical engineering analysis, as opposed to finite element. It is, according to one of its developers, 10 times faster in data preparation and more accurate than other methods. Its use results in less expensive products because the time between design and manufacturing is shortened. A commercial derivative of a NASA-developed computer code, it is marketed by Best Corporation to solve problems in stress analysis, heat transfer, fluid analysis and yielding and cracking of solids. Other applications include designing tractor and auto parts, household appliances and acoustic analysis.

  16. Simulation Software

    NASA Technical Reports Server (NTRS)

    1996-01-01

    Various NASA Small Business Innovation Research grants from Marshall Space Flight Center, Langley Research Center and Ames Research Center were used to develop the 'kernel' of COMCO's modeling and simulation software, the PHLEX finite element code. NASA needed it to model designs of flight vehicles; one of many customized commercial applications is UNISIM, a PHLEX-based code for analyzing underground flows in oil reservoirs for Texaco, Inc. COMCO's products simulate a computational mechanics problem, estimate the solution's error and produce the optimal hp-adapted mesh for the accuracy the user chooses. The system is also used as a research or training tool in universities and in mechanical design in industrial corporations.

  17. Trainers and Software Designers: The Case for Togetherness.

    ERIC Educational Resources Information Center

    Lippincott, Jenifer

    1998-01-01

    Offers three strategies that will make the job of training employees to use new software easier: (1) understand the business need that the software is addressing; (2) synchronize the development of training and support materials with the software development cycle; and (3) choose the appropriate training approach for the software application.…

  18. The ALMA Software System

    NASA Astrophysics Data System (ADS)

    Schwarz, J.; Sommer, H.; Farris, A.

    2004-07-01

    Prospective users, instrumentation and location of the Atacama Large Millimeter Array (ALMA) all present its software developers with major challenges. The development of this software will be distributed among many institutes on two continents, mimicking the software itself, which will have to function in a distributed environment, spanning the 0.5-10 km baselines between antennas, as well as the much larger distances that will separate the array site at the 5000m-high Llano de Chajnantor, the Operations Support Facility in San Pedro de Atacama, the Santiago Central Office, and the ALMA Regional Centers in North America and Europe. To make distributed development successful, we have defined interfaces that allow separated groups to work independently of their counterparts at other locations as much as possible. We have defined a common architecture and infrastructure, so that work done at one location is not unnecessarily duplicated at another, and that similar tasks are done in a similar way throughout the project. A single, integrated Archive attends to the needs of all subsystems for persistent storage, and hides details of the underlying database technology. The separation of functional from technical concerns is built into the system architecture through the use of the Container-Component model: application developers can concentrate on implementing functionality in runtime-deployable components, which in turn depend on Containers to provide them with services such as access to remote resources, transparent serialization of value objects to XML, logging, error-handling and security. The resulting middleware, which forms part of the ALMA Common Software (ACS), is based on CORBA and XML.

  19. Bioreactors Addressing Diabetes Mellitus

    PubMed Central

    Minteer, Danielle M.; Gerlach, Jorg C.

    2014-01-01

    The concept of bioreactors in biochemical engineering is a well-established process; however, the idea of applying bioreactor technology to biomedical and tissue engineering issues is relatively novel and has been rapidly accepted as a culture model. Tissue engineers have developed and adapted various types of bioreactors in which to culture many different cell types and therapies addressing several diseases, including diabetes mellitus types 1 and 2. With a rising world of bioreactor development and an ever increasing diagnosis rate of diabetes, this review aims to highlight bioreactor history and emerging bioreactor technologies used for diabetes-related cell culture and therapies. PMID:25160666

  20. Bioreactors addressing diabetes mellitus.

    PubMed

    Minteer, Danielle M; Gerlach, Jorg C; Marra, Kacey G

    2014-11-01

    The concept of bioreactors in biochemical engineering is a well-established process; however, the idea of applying bioreactor technology to biomedical and tissue engineering issues is relatively novel and has been rapidly accepted as a culture model. Tissue engineers have developed and adapted various types of bioreactors in which to culture many different cell types and therapies addressing several diseases, including diabetes mellitus types 1 and 2. With a rising world of bioreactor development and an ever increasing diagnosis rate of diabetes, this review aims to highlight bioreactor history and emerging bioreactor technologies used for diabetes-related cell culture and therapies.

  1. Content addressable memory project

    NASA Technical Reports Server (NTRS)

    Hall, J. Storrs; Levy, Saul; Smith, Donald E.; Miyake, Keith M.

    1992-01-01

    A parameterized version of the tree processor was designed and tested (by simulation). The leaf processor design is 90 percent complete. We expect to complete and test a combination of tree and leaf cell designs in the next period. Work is proceeding on algorithms for the computer aided manufacturing (CAM), and once the design is complete we will begin simulating algorithms for large problems. The following topics are covered: (1) the practical implementation of content addressable memory; (2) design of a LEAF cell for the Rutgers CAM architecture; (3) a circuit design tool user's manual; and (4) design and analysis of efficient hierarchical interconnection networks.

  2. ICCE Policy Statement on Network and Multiple Machine Software.

    ERIC Educational Resources Information Center

    Computing Teacher, 1983

    1983-01-01

    Issued to provide guidance for the resolution of problems inherent in providing and securing good educational software, this statement outlines responsibilities of educators, hardware vendors, and software developers/vendors. Sample policy statements for school districts and community colleges, suggested format for software licenses, and technical…

  3. Security Locks

    ERIC Educational Resources Information Center

    Hart, Kevin

    2010-01-01

    According to a 2008 "Year in Review" report by Educational Security Incidents, an online repository that collects data on higher education security issues, the total number of security incidents reported at universities and colleges worldwide rose to 173 in 2008, a 24.5 percent increase over 2007. The number of institutions…

  4. Addressing Environmental Health Inequalities

    PubMed Central

    Gouveia, Nelson

    2016-01-01

    Environmental health inequalities refer to health hazards disproportionately or unfairly distributed among the most vulnerable social groups, which are generally the most discriminated, poor populations and minorities affected by environmental risks. Although it has been known for a long time that health and disease are socially determined, only recently has this idea been incorporated into the conceptual and practical framework for the formulation of policies and strategies regarding health. In this Special Issue of the International Journal of Environmental Research and Public Health (IJERPH), “Addressing Environmental Health Inequalities—Proceedings from the ISEE Conference 2015”, we incorporate nine papers that were presented at the 27th Conference of the International Society for Environmental Epidemiology (ISEE), held in Sao Paulo, Brazil, in 2015. This small collection of articles provides a brief overview of the different aspects of this topic. Addressing environmental health inequalities is important for the transformation of our reality and for changing the actual development model towards more just, democratic, and sustainable societies driven by another form of relationship between nature, economy, science, and politics. PMID:27618906

  5. Software system safety

    NASA Technical Reports Server (NTRS)

    Uber, James G.

    1988-01-01

    Software itself is not hazardous, but since software and hardware share common interfaces there is an opportunity for software to create hazards. Further, these software systems are complex, and proven methods for the design, analysis, and measurement of software safety are not yet available. Some past software failures, future NASA software trends, software engineering methods, and tools and techniques for various software safety analyses are reviewed. Recommendations to NASA are made based on this review.

  6. Survivability Using Controlled Security Services

    DTIC Science & Technology

    2005-06-01

    Internet newsgroups. It includes, among other things , project goals, problem statement, quad charts as well as other documents and publications...unreliable public networks, such as the global Internet . Communication security is based upon availability of timely, efficient and effective security...today’s deployed software. The intent is to deploy both IBE and mRSA/SAS on the global Internet . To this end, a “secure” web site is being built to

  7. Addressing the insider threat

    SciTech Connect

    Hochberg, J.G.; Jackson, K.A.; McClary, J.F.; Simmonds, D.D.

    1993-05-01

    Computers have come to play a major role in the processing of information vital to our national security. As we grow more dependent on computers, we also become more vulnerable to their misuse. Misuse may be accidental, or may occur deliberately for purposes of personal gain, espionage, terrorism, or revenge. While it is difficult to obtain exact statistics on computer misuse, clearly it is growing. It is also clear that insiders -- authorized system users -- are responsible for most of this increase. Unfortunately, their insider status gives them a greater potential for harm This paper takes an asset-based approach to the insider threat. We begin by characterizing the insider and the threat posed by variously motivated insiders. Next, we characterize the asset of concern: computerized information of strategic or economic value. We discuss four general ways in which computerized information is vulnerable to adversary action by the insider: disclosure, violation of integrity, denial of service, and unauthorized use of resources. We then look at three general remedies for these vulnerabilities. The first is formality of operations, such as training, personnel screening, and configuration management. The second is the institution of automated safeguards, such as single-use passwords, encryption, and biometric devices. The third is the development of automated systems that collect and analyze system and user data to look for signs of misuse.

  8. Addressing the insider threat

    SciTech Connect

    Hochberg, J.G.; Jackson, K.A.; McClary, J.F.; Simmonds, D.D.

    1993-01-01

    Computers have come to play a major role in the processing of information vital to our national security. As we grow more dependent on computers, we also become more vulnerable to their misuse. Misuse may be accidental, or may occur deliberately for purposes of personal gain, espionage, terrorism, or revenge. While it is difficult to obtain exact statistics on computer misuse, clearly it is growing. It is also clear that insiders -- authorized system users -- are responsible for most of this increase. Unfortunately, their insider status gives them a greater potential for harm This paper takes an asset-based approach to the insider threat. We begin by characterizing the insider and the threat posed by variously motivated insiders. Next, we characterize the asset of concern: computerized information of strategic or economic value. We discuss four general ways in which computerized information is vulnerable to adversary action by the insider: disclosure, violation of integrity, denial of service, and unauthorized use of resources. We then look at three general remedies for these vulnerabilities. The first is formality of operations, such as training, personnel screening, and configuration management. The second is the institution of automated safeguards, such as single-use passwords, encryption, and biometric devices. The third is the development of automated systems that collect and analyze system and user data to look for signs of misuse.

  9. Space station: The role of software

    NASA Technical Reports Server (NTRS)

    Hall, D.

    1985-01-01

    Software will play a critical role throughout the Space Station Program. This presentation sets the stage and prompts participant interaction at the Software Issues Forum. The presentation is structured into three major topics: (1) an overview of the concept and status of the Space Station Program; (2) several charts designed to lay out the scope and role of software; and (3) information addressing the four specific areas selected for focus at the forum, specifically: software management, the software development environment, languages, and standards. NASA's current thinking is highlighted and some of the relevant critical issues are raised.

  10. A Multidimensional Software Engineering Course

    ERIC Educational Resources Information Center

    Barzilay, O.; Hazzan, O.; Yehudai, A.

    2009-01-01

    Software engineering (SE) is a multidimensional field that involves activities in various areas and disciplines, such as computer science, project management, and system engineering. Though modern SE curricula include designated courses that address these various subjects, an advanced summary course that synthesizes them is still missing. Such a…

  11. Content addressable memory project

    NASA Technical Reports Server (NTRS)

    Hall, Josh; Levy, Saul; Smith, D.; Wei, S.; Miyake, K.; Murdocca, M.

    1991-01-01

    The progress on the Rutgers CAM (Content Addressable Memory) Project is described. The overall design of the system is completed at the architectural level and described. The machine is composed of two kinds of cells: (1) the CAM cells which include both memory and processor, and support local processing within each cell; and (2) the tree cells, which have smaller instruction set, and provide global processing over the CAM cells. A parameterized design of the basic CAM cell is completed. Progress was made on the final specification of the CPS. The machine architecture was driven by the design of algorithms whose requirements are reflected in the resulted instruction set(s). A few of these algorithms are described.

  12. PCASSO: a design for secure communication of personal health information via the internet.

    PubMed

    Baker, D B; Masys, D R

    1999-05-01

    The Internet holds both promise and peril for the communications of person-identifiable health information. Because of technical features designed to promote accessibility and interoperability rather than security, Internet addressing conventions and transport protocols are vulnerable to compromise by malicious persons and programs. In addition, most commonly used personal computer (PC) operating systems currently lack the hardware-based system software protection and process isolation that are essential for ensuring the integrity of trusted applications. Security approaches designed for electronic commerce, that trade known security weaknesses for limited financial liability, are not sufficient for personal health data, where the personal damage caused by unintentional disclosure may be far more serious. To overcome these obstacles, we are developing and evaluating an Internet-based communications system called PCASSO (Patient-centered access to secure systems online) that applies state of the art security to health information. PCASSO includes role-based access control, multi-level security, strong device and user authentication, session-specific encryption and audit trails. Unlike Internet-based electronic commerce 'solutions,' PCASSO secures data end-to-end: in the server; in the data repository; across the network; and on the client. PCASSO is designed to give patients as well as providers access to personal health records via the Internet.

  13. Information risk and security modeling

    NASA Astrophysics Data System (ADS)

    Zivic, Predrag

    2005-03-01

    This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

  14. Open source IPSEC software in manned and unmanned space missions

    NASA Astrophysics Data System (ADS)

    Edwards, Jacob

    Network security is a major topic of research because cyber attackers pose a threat to national security. Securing ground-space communications for NASA missions is important because attackers could endanger mission success and human lives. This thesis describes how an open source IPsec software package was used to create a secure and reliable channel for ground-space communications. A cost efficient, reproducible hardware testbed was also created to simulate ground-space communications. The testbed enables simulation of low-bandwidth and high latency communications links to experiment how the open source IPsec software reacts to these network constraints. Test cases were built that allowed for validation of the testbed and the open source IPsec software. The test cases also simulate using an IPsec connection from mission control ground routers to points of interest in outer space. Tested open source IPsec software did not meet all the requirements. Software changes were suggested to meet requirements.

  15. Evidence of Absence software

    USGS Publications Warehouse

    Dalthorp, Daniel; Huso, Manuela M. P.; Dail, David; Kenyon, Jessica

    2014-01-01

    Evidence of Absence software (EoA) is a user-friendly application used for estimating bird and bat fatalities at wind farms and designing search protocols. The software is particularly useful in addressing whether the number of fatalities has exceeded a given threshold and what search parameters are needed to give assurance that thresholds were not exceeded. The software is applicable even when zero carcasses have been found in searches. Depending on the effectiveness of the searches, such an absence of evidence of mortality may or may not be strong evidence that few fatalities occurred. Under a search protocol in which carcasses are detected with nearly 100 percent certainty, finding zero carcasses would be convincing evidence that overall mortality rate was near zero. By contrast, with a less effective search protocol with low probability of detecting a carcass, finding zero carcasses does not rule out the possibility that large numbers of animals were killed but not detected in the searches. EoA uses information about the search process and scavenging rates to estimate detection probabilities to determine a maximum credible number of fatalities, even when zero or few carcasses are observed.

  16. Security control methods for CEDR

    SciTech Connect

    Rotem, D.

    1990-09-01

    The purpose of this document is to summarize the findings of recent studies on the security problem in statistical databases and examine their applicability to the specific needs of CEDR. The document is organized as follows: In Section 2 we describe some general control methods which are available on most commercial database software. In Section 3 we provide a classification of statistical security methods. In Section 4 we analyze the type of users of CEDR and the security control methods which may be applied to each type. In Section 5 we summarize the findings of this study and recommend possible solutions.

  17. [Keynote address: Climate change

    SciTech Connect

    Forrister, D.

    1994-12-31

    Broadly speaking, the climate issue is moving from talk to action both in the United States and internationally. While few nations have adopted strict controls or stiff new taxes, a number of them are developing action plans that are making clear their intention to ramp up activity between now and the year 2000... and beyond. There are sensible, economically efficient strategies to be undertaken in the near term that offer the possibility, in many countries, to avoid more draconian measures. These strategies are by-and-large the same measures that the National Academy of Sciences recommended in a 1991 report called, Policy Implications of Greenhouse Warming. The author thinks the Academy`s most important policy contribution was how it recommended the nations act in the face of uncertain science and high risks--that cost effective measures are adopted as cheap insurance... just as nations insure against other high risk, low certainty possibilities, like catastrophic health insurance, auto insurance, and fire insurance. This insurance theme is still right. First, the author addresses how the international climate change negotiations are beginning to produce insurance measures. Next, the author will discuss some of the key issues to watch in those negotiations that relate to longer-term insurance. And finally, the author will report on progress in the United States on the climate insurance plan--The President`s Climate Action Plan.

  18. Sandia software guidelines: Software quality planning

    SciTech Connect

    Not Available

    1987-08-01

    This volume is one in a series of Sandia Software Guidelines intended for use in producing quality software within Sandia National Laboratories. In consonance with the IEEE Standard for Software Quality Assurance Plans, this volume identifies procedures to follow in producing a Software Quality Assurance Plan for an organization or a project, and provides an example project SQA plan. 2 figs., 4 tabs.

  19. Security systems engineering overview

    SciTech Connect

    Steele, B.J.

    1996-12-31

    Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at $70 billion in direct costs and up to $300 billion in indirect costs. Health insurance fraud alone is estimated to cost American businesses $100 billion. Theft, warranty fraud, and counterfeiting of computer hardware totaled $3 billion in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies (counterfeit currency, cellular phone billing, credit card fraud, health care fraud, passport, green cards, and questionable documents); industrial espionage detection and prevention (intellectual property, computer chips, etc.); and security barrier technology (creation of delay such as gates, vaults, etc.).

  20. Security systems engineering overview

    NASA Astrophysics Data System (ADS)

    Steele, Basil J.

    1997-01-01

    Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at 70 billion dollars in direct costs and up to 300 billion dollars in indirect costs. Health insurance fraud alone is estimated to cost American businesses 100 billion dollars. Theft, warranty fraud, and counterfeiting of computer hardware totaled 3 billion dollars in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies; industrial espionage detection and prevention; security barrier technology.

  1. Automated software engineering planning with SASEA

    SciTech Connect

    Lawlis, P.K.; Hoffman, C.L.

    1998-07-01

    Planning for effective software engineering is not easy, and software project managers would usually welcome assistance in this area. Very effective assistance could be provided by automated tools that are decision aids. However, a comprehensive suite of such tools does not yet exist. One area that has been addressed is the selection of a programming language. This paper discusses in detail a decision tool that has been developed for language selection. It also addresses the areas in which other such tools are required.

  2. VALIDATION OF ANSYS FINITE ELEMENT ANALYSIS SOFTWARE

    SciTech Connect

    TEWKSBURY, D.A.

    2004-06-10

    This document provides a record of the verification and Validation of the ANSYS Version 8.0 software that is installed on selected CH2M HILL computers. The issues addressed include: Software verification, installation, validation, configuration management and error reporting.

  3. VALIDATION OF ANSYS FINITE ELEMENT ANALYSIS SOFTWARE

    SciTech Connect

    TEWKSBURY, D.A.

    2004-08-05

    This document provides a record of the verification and Validation of the ANSYS Version 8.0 software that is installed on selected CH2M HILL computers. The issues addressed include: Software verification, installation, validation, configuration management and error reporting.

  4. Critical Considerations for WORM Software Development.

    ERIC Educational Resources Information Center

    Berg, Brian A.

    1987-01-01

    Addresses advantages and disadvantages of write-once read-many (WORM) optical disks and other software considerations resulting from the write-once nature of WORM media to provide guidelines for determining whether this technology is appropriate for an application. Three brief case studies describe WORM software development efforts. (MES)

  5. Database Handling Software and Scientific Applications.

    ERIC Educational Resources Information Center

    Gabaldon, Diana J.

    1984-01-01

    Discusses the general characteristics of database management systems and file systems. Also gives a basic framework for evaluating such software and suggests characteristics that should be considered when buying software for specific scientific applications. A list of vendor addresses for popular database management systems is included. (JN)

  6. Designing Flexible Software for the "Electronic Board."

    ERIC Educational Resources Information Center

    Hativa, Nira

    1984-01-01

    Argues that software for electronic boards should address a variety of teaching styles, student abilities and ages, class textbooks, teaching objectives, and learning environments for flexibility of use. The software features that contribute to flexibility include frequent stops, options for going backwards, inter- and intra-unit jumps, and…

  7. Software engineering as an engineering discipline

    NASA Technical Reports Server (NTRS)

    Freedman, Glenn B.

    1988-01-01

    The purpose of this panel is to explore the emerging field of software engineering from a variety of perspectives: university programs; industry training and definition; government development; and technology transfer. In doing this, the panel will address the issues of distinctions among software engineering, computer science, and computer hardware engineering as they relate to the challenges of large, complex systems.

  8. Loran-C flight test software

    NASA Technical Reports Server (NTRS)

    Nickum, J. D.

    1978-01-01

    The software package developed for the KIM-1 Micro-System and the Mini-L PLL receiver to simplify taking flight test data is described along with the address and data bus buffers used in the KIM-1 Micro-system. The interface hardware and timing are also presented to describe completely the software programs.

  9. Software for Middle School Physical Science.

    ERIC Educational Resources Information Center

    Podany, Zita

    This final report in the MicroSIFT series reviews 10 software packages that deal mainly with the areas of electricity, magnetism, and heat energy. Software titles appearing in this report were selected because they were judged to be exemplary according to various criteria in the MicroSIFT Evaluator's Guide, with some additions to address science…

  10. Software Piracy: A Look at Legal Issues.

    ERIC Educational Resources Information Center

    Carlson, David

    1986-01-01

    Addresses several differences between computer software and books that affect copyright-related issues. Discussion covers durability of the physical medium, dilemma of backup copies, software licensing agreements, integrity of honest customers, and policy suggestions for libraries that have or are considering microcomputer labs and are concerned…

  11. Security Issues in E-learning Systems

    NASA Astrophysics Data System (ADS)

    Tsiantis, L. E.; Stergiou, E.; Margariti, S. V.

    2007-12-01

    With increasing threats to e-software, security will become a high priority in the systems of the future. What is debatable, however, is how that security will be approached. Current security methods manage potential risks with restrictive, autocratic mechanisms that ignore users, their tasks and the organisational setting. The result is a dramatic decrease in the usability of online programs. Another approach, proposed by this paper, is to develop security and its mechanisms for and with its users. Whichever approach is taken, security is set to be the burning issue of the future as users trust the global online world less and the threats from unauthorised access increase.

  12. [Application of password manager software in health care].

    PubMed

    Ködmön, József

    2016-12-01

    When using multiple IT systems, handling of passwords in a secure manner means a potential source of problem. The most frequent issues are choosing the appropriate length and complexity, and then remembering the strong passwords. Password manager software provides a good solution for this problem, while greatly increasing the security of sensitive medical data. This article introduces a password manager software and provides basic information of the application. It also discusses how to select a really secure password manager software and suggests a practical application to efficient, safe and comfortable use for health care. Orv. Hetil., 2016, 157(52), 2066-2073.

  13. Office Computer Software: A Comprehensive Review of Software Programs.

    ERIC Educational Resources Information Center

    Secretary, 1992

    1992-01-01

    Describes types of software including system software, application software, spreadsheets, accounting software, graphics packages, desktop publishing software, database, desktop and personal information management software, project and records management software, groupware, and shareware. (JOW)

  14. A secure data outsourcing scheme based on Asmuth-Bloom secret sharing

    NASA Astrophysics Data System (ADS)

    Idris Muhammad, Yusuf; Kaiiali, Mustafa; Habbal, Adib; Wazan, A. S.; Sani Ilyasu, Auwal

    2016-11-01

    Data outsourcing is an emerging paradigm for data management in which a database is provided as a service by third-party service providers. One of the major benefits of offering database as a service is to provide organisations, which are unable to purchase expensive hardware and software to host their databases, with efficient data storage accessible online at a cheap rate. Despite that, several issues of data confidentiality, integrity, availability and efficient indexing of users' queries at the server side have to be addressed in the data outsourcing paradigm. Service providers have to guarantee that their clients' data are secured against internal (insider) and external attacks. This paper briefly analyses the existing indexing schemes in data outsourcing and highlights their advantages and disadvantages. Then, this paper proposes a secure data outsourcing scheme based on Asmuth-Bloom secret sharing which tries to address the issues in data outsourcing such as data confidentiality, availability and order preservation for efficient indexing.

  15. Security Requirements Reusability and the SQUARE Methodology

    DTIC Science & Technology

    2010-09-01

    Security Requirements Reusability and the SQUARE Methodology Travis Christian Faculty Advisor Nancy Mead September 2010 TECHNICAL NOTE...i Table of Contents Executive Summary vii Abstract ix 1 Introduction 1 2 Security Requirements in Current Practice 2 3 The SQUARE Methodology ...the technical staff at the Software Engineering Institute and principal investigator for the SQUARE methodology . Her expertise and guidance made this

  16. Data security in medical computer systems.

    PubMed

    White, R

    1986-10-01

    A computer is secure if it works reliably and if problems that do arise can be corrected easily. The steps that can be taken to ensure hardware, software, procedural, physical, and legal security are outlined. Most computer systems are vulnerable because their operators do not have sufficient procedural safeguards in place.

  17. High Assurance Models for Secure Systems

    ERIC Educational Resources Information Center

    Almohri, Hussain M. J.

    2013-01-01

    Despite the recent advances in systems and network security, attacks on large enterprise networks consistently impose serious challenges to maintaining data privacy and software service integrity. We identify two main problems that contribute to increasing the security risk in a networked environment: (i) vulnerable servers, workstations, and…

  18. Locking Down the Software Development Environment

    DTIC Science & Technology

    2014-12-01

    the design of a component [3] and this is critical to looking at where the threats exist and oppor- tunities for threat exposure in the in the software...focus on building functionality, not managing the change [8]. Software CM ( SCM ) is the traditional technique for controlling the content of...deliverable components and is an essential element of a robust security policy [9]. Figure 1 illustrates a traditional unit-level development process

  19. Software And Systems Engineering Risk Management

    DTIC Science & Technology

    2010-04-01

    Management System ISO 9000 Quality Management Vocabulary Environment ISO TC 207 ISO 14001 Environmental Management System IT Security JTC1/SC22 IS 27005...Software & Systems Engineering Standards Committee, IEEE Computer Society US TAG to ISO TMB Risk Management Working Group Systems and Software...guidelines • Risk management — Vocabulary • Risk management — Risk Assessment 4 Changed Risk definition Published RSKM Vocabulary, ISO Guide 73 2002

  20. Staying Secure for School Safety

    ERIC Educational Resources Information Center

    Youngkin, Minu

    2012-01-01

    Proper planning and preventive maintenance can increase school security and return on investment. Preventive maintenance begins with planning. Through careful planning, education institutions can determine what is working and if any equipment, hardware or software needs to be replaced or upgraded. When reviewing a school's safety and security…

  1. Bundle Security Protocol for ION

    NASA Technical Reports Server (NTRS)

    Burleigh, Scott C.; Birrane, Edward J.; Krupiarz, Christopher

    2011-01-01

    This software implements bundle authentication, conforming to the Delay-Tolerant Networking (DTN) Internet Draft on Bundle Security Protocol (BSP), for the Interplanetary Overlay Network (ION) implementation of DTN. This is the only implementation of BSP that is integrated with ION.

  2. Lock It Up! Computer Security.

    ERIC Educational Resources Information Center

    Wodarz, Nan

    1997-01-01

    The data contained on desktop computer systems and networks pose security issues for virtually every district. Sensitive information can be protected by educating users, altering the physical layout, using password protection, designating access levels, backing up data, reformatting floppy disks, using antivirus software, and installing encryption…

  3. Research on security vulnerability of chip

    NASA Astrophysics Data System (ADS)

    Chen, Zhifeng; Li, Qingbao; Li, Zhou

    2013-03-01

    The 21st century is the information era. IC (Integrated Circuit) is the basis of the modern information industry. The security vulnerability or back door of IC is directly related to the entire information system security. From the perspective of information security, security vulnerability of chip is led out through the practical examples and then the importance of security vulnerability of chip is emphasized. By comparing the security vulnerability of chip with the software virus, the characteristics of the chip vulnerabilities are summed up. Moreover, this paper describes the security vulnerability models of different control logic chips, combinational and sequential logic chips models. Finally it puts forward two kinds of detecting methods of security vulnerability of chip against the two models.

  4. Medical network security and viruses.

    PubMed

    Fernandez Del Val, C

    1991-01-01

    Medical network as connecting Hospital Information Systems are needed in order to exchange, compare and make accessible data. The use of OSI standard communication protocols (open-network environment) will allow to interconnect multiple vendor systems and to accommodate a wide range of underlaying of communication technologies. The security of information on a given host may become dependent of the security measures employed by the network and by other hosts. Computer viruses modifies the executable code and thrive in network environment filled with personal computers and third-party software. Most networks and computers, permit users to share files; this, let the viruses to bypass the security mechanisms of almost every commercial operating system. However, computer viruses axes not the only threat to the information in a network environment. Other as deliberate (passive attacks -wire-tapping-) and accidental threat (unauthorized access to the information) are potential risks to the security information. Cryptographic techniques that now are widely used can resolve the external security problems of the network and improve the internal security ones. This paper begins describing the threats to security that arise in an open-network environment, and goes to establish the security requirements of medical communication networks. This is followed by a description of security services as: confidentiality, integrity, authentication, access control, etc., that will be provided to include security mechanisms in such network. The integration of these security mechanisms into the communication protocols allows to implement secure communication systems that not only must provide the adequate security, but also must minimize the impact of security on other features as for example the efficiency. The remainder of the paper describes how the security mechanisms are formed using current cryptographic facilities as algorithms, one-way functions, cryptographic systems (symmetric

  5. 17 CFR 248.202 - Duties of card issuers regarding changes of address.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Duties of card issuers regarding changes of address. 248.202 Section 248.202 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) REGULATIONS S-P, S-AM, AND S-ID Regulation S-ID: Identity Theft Red...

  6. TacNet Tracker Software

    SciTech Connect

    WISEMAN, JAMES; & STEVENS, JAMES

    2008-08-04

    The TacNet Tracker will be used for the monitoring and real-time tracking of personnel and assets in an unlimited number of specific applications. The TacNet Tracker software is a VxWorks Operating System based programming package that controls the functionality for the wearable Tracker. One main use of the TacNet Tracker is in Blue Force Tracking, the ability to track the good guys in an adversarial situation or in a force-on-force or real battle conditions. The purpose of blue force tracking is to provide situational awareness to the battlefield commanders and personnel. There are practical military applications with the TacNet Tracker.The mesh network is a wireless IP communications network that moves data packets from source IP addresses to specific destination IP addresses. Addresses on the TacNet infrastructure utilize an 8-bit network mask (255.0.0.0). In other words, valid TacNet addresses range from 10.0.0.1 to 10.254.254.254. The TacNet software design uses uni-cast transmission techniques because earlier mesh network software releases did not provide for the ability to utilize multi-cast data movement. The TacNet design employs a list of addresses to move information within the TacNet infrastructure. For example, a convoy text file containing the IP addresses of all valid receivers of TacNet information could be used for transmitting the information and for limiting transmission to addresses on the list.

  7. Software Model Of Software-Development Process

    NASA Technical Reports Server (NTRS)

    Lin, Chi Y.; Synott, Debra J.; Levary, Reuven R.

    1990-01-01

    Collection of computer programs constitutes software tool for simulation of medium- to large-scale software-development projects. Necessary to include easily identifiable and more-readily quantifiable characteristics like costs, times, and numbers of errors. Mathematical model incorporating these and other factors of dynamics of software-development process implemented in the Software Life Cycle Simulator (SLICS) computer program. Simulates dynamics of software-development process. In combination with input and output expert software systems and knowledge-based management software system, develops information for use in managing large software-development project. Intended to aid managers in planning, managing, and controlling software-development processes by reducing uncertainties in budgets, required personnel, and schedules.

  8. Physical Security

    SciTech Connect

    2008-01-01

    The future of physical security at government facilities and national laboratories is rapidly progressing beyond the cliché of gates, guns and guards, and is quickly being replaced by radars, sensors and cameras. Learn more about INL's security research at http://www.facebook.com/idahonationallaboratory.

  9. Social Security.

    ERIC Educational Resources Information Center

    Social and Labour Bulletin, 1983

    1983-01-01

    This group of articles discusses a variety of studies related to social security and retirement benefits. These studies are related to both developing and developed nations and are also concerned with studying work conditions and government role in administering a democratic social security system. (SSH)

  10. School Security.

    ERIC Educational Resources Information Center

    Bete, Tim, Ed.

    1998-01-01

    Presents the opinions of four security experts on the issue of guns in schools. The experts respond to the following questions: will schools ever be free of weapons; will card access systems become common in public schools; will metal detectors solve school security problems; and will students ever be issued bullet-proof vests along with…

  11. 17 CFR 230.154 - Delivery of prospectuses to investors at the same address.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ..., if the notice is delivered separately from other communications to investors, this statement may... investors at the same address. 230.154 Section 230.154 Commodity and Securities Exchanges SECURITIES AND... prospectuses to investors at the same address. (a) Delivery of a single prospectus. If you must deliver...

  12. Decision support software technology demonstration plan

    SciTech Connect

    SULLIVAN,T.; ARMSTRONG,A.

    1998-09-01

    The performance evaluation of innovative and alternative environmental technologies is an integral part of the US Environmental Protection Agency's (EPA) mission. Early efforts focused on evaluating technologies that supported the implementation of the Clean Air and Clean Water Acts. In 1986 the Agency began to demonstrate and evaluate the cost and performance of remediation and monitoring technologies under the Superfund Innovative Technology Evaluation (SITE) program (in response to the mandate in the Superfund Amendments and Reauthorization Act of 1986 (SARA)). In 1990, the US Technology Policy was announced. This policy placed a renewed emphasis on making the best use of technology in achieving the national goals of improved quality of life for all Americans, continued economic growth, and national security. In the spirit of the technology policy, the Agency began to direct a portion of its resources toward the promotion, recognition, acceptance, and use of US-developed innovative environmental technologies both domestically and abroad. Decision Support Software (DSS) packages integrate environmental data and simulation models into a framework for making site characterization, monitoring, and cleanup decisions. To limit the scope which will be addressed in this demonstration, three endpoints have been selected for evaluation: Visualization; Sample Optimization; and Cost/Benefit Analysis. Five topics are covered in this report: the objectives of the demonstration; the elements of the demonstration plan; an overview of the Site Characterization and Monitoring Technology Pilot; an overview of the technology verification process; and the purpose of this demonstration plan.

  13. School Security: For Whom and with What Results?

    ERIC Educational Resources Information Center

    Servoss, Timothy J.; Finn, Jeremy D.

    2014-01-01

    This study utilized school-level data from several combined national databases to address two questions regarding school security policy: (1) What are the school characteristics related to levels of security? (2) How does security relate to school suspension, dropout, and college attendance rates? Among the predictors of school security, having a…

  14. Computer Network Security: Best Practices for Alberta School Jurisdictions.

    ERIC Educational Resources Information Center

    Alberta Dept. of Education, Edmonton.

    This paper provides a snapshot of the computer network security industry and addresses specific issues related to network security in public education. The following topics are covered: (1) security policy, including reasons for establishing a policy, risk assessment, areas to consider, audit tools; (2) workstations, including physical security,…

  15. The U.S./IAEA Workshop on Software Sustainability for Safeguards Instrumentation: Report to the NNSA DOE Office of International Nuclear Safeguards (NA-241)

    SciTech Connect

    Pepper, Susan E.; Pickett, Chris A.; Queirolo, Al; Bachner, Katherine M.; Worrall, Louise G.

    2015-04-07

    The U.S Department of Energy (DOE) National Nuclear Security Administration (NNSA) Next Generation Safeguards Initiative (NGSI) and the International Atomic Energy Agency (IAEA) convened a workshop on Software Sustainability for Safeguards Instrumentation in Vienna, Austria, May 6-8, 2014. Safeguards instrumentation software must be sustained in a changing environment to ensure existing instruments can continue to perform as designed, with improved security. The approaches to the development and maintenance of instrument software used in the past may not be the best model for the future and, therefore, the organizers’ goal was to investigate these past approaches and to determine an optimal path forward. The purpose of this report is to provide input for the DOE NNSA Office of International Nuclear Safeguards (NA-241) and other stakeholders that can be utilized when making decisions related to the development and maintenance of software used in the implementation of international nuclear safeguards. For example, this guidance can be used when determining whether to fund the development, upgrade, or replacement of a particular software product. The report identifies the challenges related to sustaining software, and makes recommendations for addressing these challenges, supported by summaries and detailed notes from the workshop discussions. In addition the authors provide a set of recommendations for institutionalizing software sustainability practices in the safeguards community. The term “software sustainability” was defined for this workshop as ensuring that safeguards instrument software and algorithm functionality can be maintained efficiently throughout the instrument lifecycle, without interruption and providing the ability to continue to improve that software as needs arise.

  16. NASA Software Engineering Benchmarking Study

    NASA Technical Reports Server (NTRS)

    Rarick, Heather L.; Godfrey, Sara H.; Kelly, John C.; Crumbley, Robert T.; Wifl, Joel M.

    2013-01-01

    was its software assurance practices, which seemed to rate well in comparison to the other organizational groups and also seemed to include a larger scope of activities. An unexpected benefit of the software benchmarking study was the identification of many opportunities for collaboration in areas including metrics, training, sharing of CMMI experiences and resources such as instructors and CMMI Lead Appraisers, and even sharing of assets such as documented processes. A further unexpected benefit of the study was the feedback on NASA practices that was received from some of the organizations interviewed. From that feedback, other potential areas where NASA could improve were highlighted, such as accuracy of software cost estimation and budgetary practices. The detailed report contains discussion of the practices noted in each of the topic areas, as well as a summary of observations and recommendations from each of the topic areas. The resulting 24 recommendations from the topic areas were then consolidated to eliminate duplication and culled into a set of 14 suggested actionable recommendations. This final set of actionable recommendations, listed below, are items that can be implemented to improve NASA's software engineering practices and to help address many of the items that were listed in the NASA top software engineering issues. 1. Develop and implement standard contract language for software procurements. 2. Advance accurate and trusted software cost estimates for both procured and in-house software and improve the capture of actual cost data to facilitate further improvements. 3. Establish a consistent set of objectives and expectations, specifically types of metrics at the Agency level, so key trends and models can be identified and used to continuously improve software processes and each software development effort. 4. Maintain the CMMI Maturity Level requirement for critical NASA projects and use CMMI to measure organizations developing software for NASA. 5

  17. Secure Objectives for School Security

    ERIC Educational Resources Information Center

    Dalton-Noblitt, April

    2012-01-01

    In a study conducted among more than 980 American four-year and two-year colleges and universities, including institutions such as the University of Michigan, MIT, UCLA and Columbia, security staff and other administrators identified the five leading goals for their security systems: (1) Preventing unauthorized people from entering their…

  18. The NASA Software Management and Assurance Program

    NASA Technical Reports Server (NTRS)

    Hall, D. L.; Wilson, W. M.

    1983-01-01

    A committee of experienced managers representing each major NASA organization guides a major development effort which seeks to ensure the acquisition of economical and reliable software for more complex future programs. The primary, near-term development objectives of the NASA Software Management and Assurance Program are: (1) to provide the best management and technical guidance available; (2) to facilitate the use of proven tools, techniques, and information; and (3) to maintain a pool of highly qualified software personnel. The software development tasks addressed involve such problems as satellite end-to-end architecture and advanced aircraft guidance and control systems.

  19. Book and Software Review.

    ERIC Educational Resources Information Center

    Wissick, Cheryl

    2000-01-01

    This introductory column on books and software concerned with special education technology presents an article by JuHye Yook on the software design process. It discusses the rationale for developing new software for students with reading disabilities, the design and development process, and analysis of the software design. Software use by two…

  20. Other People's Software

    NASA Astrophysics Data System (ADS)

    Mandel, E.; Murray, S. S.

    Why do we continually re-invent the astronomical software wheel? Why is it so difficult to use ``other people's software''? Leaving aside issues such as money, power, and control, we need to investigate practically how we can remove barriers to software sharing. This paper will offer a starting point for software cooperation, centered on the concept of ``minimal software buy-in''.

  1. Information Security and Integrity Systems

    NASA Technical Reports Server (NTRS)

    1990-01-01

    Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

  2. The Reach Address Database (RAD)

    EPA Pesticide Factsheets

    The Reach Address Database (RAD) stores reach address information for each Water Program feature that has been linked to the underlying surface water features (streams, lakes, etc) in the National Hydrology Database (NHD) Plus dataset.

  3. Software attribute visualization for high integrity software

    SciTech Connect

    Pollock, G.M.

    1998-03-01

    This report documents a prototype tool developed to investigate the use of visualization and virtual reality technologies for improving software surety confidence. The tool is utilized within the execution phase of the software life cycle. It provides a capability to monitor an executing program against prespecified requirements constraints provided in a program written in the requirements specification language SAGE. The resulting Software Attribute Visual Analysis Tool (SAVAnT) also provides a technique to assess the completeness of a software specification.

  4. High-performance, distributed computing software libraries and services

    SciTech Connect

    Foster, Ian; Kesselman, Carl; Tuecke, Steven

    2002-01-24

    The Globus toolkit provides basic Grid software infrastructure (i.e. middleware), to facilitate the development of applications which securely integrate geographically separated resources, including computers, storage systems, instruments, immersive environments, etc.

  5. The purchase of specialized radiologic software: estimation of investment. Part II.

    PubMed

    Strange, D; Baron, M

    1990-12-01

    For the most part, specialized radiologic software addresses narrow vertical markets that are not large enough to attract the larger software firms. This can work to the benefit of the user, for smaller companies tend to be more flexible and are better able to respond to the user's needs and to tailor their product to meet specific requirements. However, because the companies are small and often relatively young, some do not have the stability associated with larger, well-established firms. As a result, it may be more risky to commit to one of their programs. Nevertheless, with appropriate cautions regarding the company and its product, with proper training of departmental personnel and with adequate safeguards to protect data, these programs can represent a secure and prudent investment.

  6. Application of the AHP method in modeling the trust and reputation of software agents

    NASA Astrophysics Data System (ADS)

    Zytniewski, Mariusz; Klementa, Marek; Skorupka, Dariusz; Stanek, Stanislaw; Duchaczek, Artur

    2016-06-01

    Given the unique characteristics of cyberspace and, in particular, the number of inherent security threats, communication between software agents becomes a highly complex issue and a major challenge that, on the one hand, needs to be continuously monitored and, on the other, awaits new solutions addressing its vulnerabilities. An approach that has recently come into view mimics mechanisms typical of social systems and is based on trust and reputation that assist agents in deciding which other agents to interact with. The paper offers an enhancement to existing trust and reputation models, involving the application of the AHP method that is widely used for decision support in social systems, notably for risks analysis. To this end, it is proposed to expand the underlying conceptual basis by including such notions as self-trust and social trust, and to apply these to software agents. The discussion is concluded with an account of an experiment aimed at testing the effectiveness of the proposed solution.

  7. Secure PVM

    SciTech Connect

    Dunigan, T.H.; Venugopal, N.

    1996-09-01

    This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user`s PVM application, or, optionally, security can be provided on a message-by message basis. Diffe-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.

  8. Additional Security Considerations for Grid Management

    NASA Technical Reports Server (NTRS)

    Eidson, Thomas M.

    2003-01-01

    The use of Grid computing environments is growing in popularity. A Grid computing environment is primarily a wide area network that encompasses multiple local area networks, where some of the local area networks are managed by different organizations. A Grid computing environment also includes common interfaces for distributed computing software so that the heterogeneous set of machines that make up the Grid can be used more easily. The other key feature of a Grid is that the distributed computing software includes appropriate security technology. The focus of most Grid software is on the security involved with application execution, file transfers, and other remote computing procedures. However, there are other important security issues related to the management of a Grid and the users who use that Grid. This note discusses these additional security issues and makes several suggestions as how they can be managed.

  9. 20 CFR 422.103 - Social security numbers.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... concerning social security numbers may be found in Internal Revenue Service, Department of the Treasury... sponsoring agency of a refugee, if no personal mailing address is available). (d) Social security...

  10. 20 CFR 422.103 - Social security numbers.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... concerning social security numbers may be found in Internal Revenue Service, Department of the Treasury... sponsoring agency of a refugee, if no personal mailing address is available). (d) Social security...

  11. 20 CFR 422.103 - Social security numbers.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... concerning social security numbers may be found in Internal Revenue Service, Department of the Treasury... sponsoring agency of a refugee, if no personal mailing address is available). (d) Social security...

  12. 20 CFR 422.103 - Social security numbers.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... concerning social security numbers may be found in Internal Revenue Service, Department of the Treasury... sponsoring agency of a refugee, if no personal mailing address is available). (d) Social security...

  13. 20 CFR 422.103 - Social security numbers.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... concerning social security numbers may be found in Internal Revenue Service, Department of the Treasury... sponsoring agency of a refugee, if no personal mailing address is available). (d) Social security...

  14. 78 FR 73819 - Information Collection; Financial Information Security Request Form

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-12-09

    ... Forest Service Information Collection; Financial Information Security Request Form AGENCY: Forest Service... extension with revision of a currently approved information collection, Financial Information Security...: Comments concerning this notice should be addressed to Financial Policy, Mail Stop 1149, USDA,...

  15. Software Vulnerability Taxonomy Consolidation

    SciTech Connect

    Polepeddi, Sriram S.

    2004-12-07

    In today's environment, computers and networks are increasing exposed to a number of software vulnerabilities. Information about these vulnerabilities is collected and disseminated via various large publicly available databases such as BugTraq, OSVDB and ICAT. Each of these databases, individually, do not cover all aspects of a vulnerability and lack a standard format among them, making it difficult for end-users to easily compare various vulnerabilities. A central database of vulnerabilities has not been available until today for a number of reasons, such as the non-uniform methods by which current vulnerability database providers receive information, disagreement over which features of a particular vulnerability are important and how best to present them, and the non-utility of the information presented in many databases. The goal of this software vulnerability taxonomy consolidation project is to address the need for a universally accepted vulnerability taxonomy that classifies vulnerabilities in an unambiguous manner. A consolidated vulnerability database (CVDB) was implemented that coalesces and organizes vulnerability data from disparate data sources. Based on the work done in this paper, there is strong evidence that a consolidated taxonomy encompassing and organizing all relevant data can be achieved. However, three primary obstacles remain: lack of referencing a common ''primary key'', un-structured and free-form descriptions of necessary vulnerability data, and lack of data on all aspects of a vulnerability. This work has only considered data that can be unambiguously extracted from various data sources by straightforward parsers. It is felt that even with the use of more advanced, information mining tools, which can wade through the sea of unstructured vulnerability data, this current integration methodology would still provide repeatable, unambiguous, and exhaustive results. Though the goal of coalescing all available data, which would be of use to

  16. Space Flight Software Development Software for Intelligent System Health Management

    NASA Technical Reports Server (NTRS)

    Trevino, Luis C.; Crumbley, Tim

    2004-01-01

    The slide presentation examines the Marshall Space Flight Center Flight Software Branch, including software development projects, mission critical space flight software development, software technical insight, advanced software development technologies, and continuous improvement in the software development processes and methods.

  17. A Matrix Approach to Software Process Definition

    NASA Technical Reports Server (NTRS)

    Schultz, David; Bachman, Judith; Landis, Linda; Stark, Mike; Godfrey, Sally; Morisio, Maurizio; Powers, Edward I. (Technical Monitor)

    2000-01-01

    The Software Engineering Laboratory (SEL) is currently engaged in a Methodology and Metrics program for the Information Systems Center (ISC) at Goddard Space Flight Center (GSFC). This paper addresses the Methodology portion of the program. The purpose of the Methodology effort is to assist a software team lead in selecting and tailoring a software development or maintenance process for a specific GSFC project. It is intended that this process will also be compliant with both ISO 9001 and the Software Engineering Institute's Capability Maturity Model (CMM). Under the Methodology program, we have defined four standard ISO-compliant software processes for the ISC, and three tailoring criteria that team leads can use to categorize their projects. The team lead would select a process and appropriate tailoring factors, from which a software process tailored to the specific project could be generated. Our objective in the Methodology program is to present software process information in a structured fashion, to make it easy for a team lead to characterize the type of software engineering to be performed, and to apply tailoring parameters to search for an appropriate software process description. This will enable the team lead to follow a proven, effective software process and also satisfy NASA's requirement for compliance with ISO 9001 and the anticipated requirement for CMM assessment. This work is also intended to support the deployment of sound software processes across the ISC.

  18. Software Assurance Curriculum Project Volume 4: Community College Education

    DTIC Science & Technology

    2011-09-01

    Interim Revision of CS 2001.” Computing Curriculum Series. [ACM 2008] Allen, Julia H.; Barnum , Sean; Ellison, Robert J.; McGraw, Gary; & Mead, Nancy R...Allen, Julia H.; Barnum , Sean; Ellison, Robert J.; McGraw, Gary; & Mead, Nancy R. Software Security Engineering: A Guide for Project Managers [Allen...Computing Curriculum Series. [ACM 2008] Allen, Julia H.; Barnum , Sean; Ellison, Robert J.; McGraw, Gary; & Mead, Nancy R. Software Security

  19. Controlling Software Piracy.

    ERIC Educational Resources Information Center

    King, Albert S.

    1992-01-01

    Explains what software manufacturers are doing to combat software piracy, recommends how managers should deal with this problem, and provides a role-playing exercise to help students understand the issues in software piracy. (SR)

  20. Report: Scientific Software.

    ERIC Educational Resources Information Center

    Borman, Stuart A.

    1985-01-01

    Discusses various aspects of scientific software, including evaluation and selection of commercial software products; program exchanges, catalogs, and other information sources; major data analysis packages; statistics and chemometrics software; and artificial intelligence. (JN)

  1. Software-defined anything challenges status quo

    SciTech Connect

    Simpson, Wayne; Borders, Tammie

    2015-01-01

    INL successfully developed a proof of concept for "Software Defined Anything" by emulating the laboratory's business applications that run on Virtual Machines. The work INL conducted demonstrates to industry on how this methodology can be used to improve security, automate and repeat processes, and improve consistency.

  2. Distributed Trust Management and Rogue AV Software

    DTIC Science & Technology

    2010-06-10

    Software Secured Order 0 WIN PC® Defender 6 Months License SubsaiJtjon indudes ~ version updates, definition updates, standart rustomer support... standart customer support for 1 year. Only today limited ollerwith special discount~ $69.99. Q Lifetime UNUMITED LlceMt, Best Cholet ! WIN PC

  3. Security Detail.

    ERIC Educational Resources Information Center

    Epstein, Marc A.

    2003-01-01

    Describes problems of maintaining discipline and security at Jamaica High School in Queens, New York. Argues that court decisions and school regulations have allowed minority of aggressive and disruptive students to destabilize the learning environment. (PKP)

  4. USSOCOM’s Role in Addressing Human Trafficking

    DTIC Science & Technology

    2010-12-02

    modern slavery . Its size, global scope, and potential to threaten national security warrants appropriate Department of Defense attention. However, the...manifests itself in slavery – indefensible abuse of the vulnerable by the more powerful. Addressing this issue will require a systemic and sustained... slavery today rivals that of the eighteenth and nineteenth centuries, that naïveté cannot prevent purposeful action to address the modern form of

  5. Software Engineering Guidebook

    NASA Technical Reports Server (NTRS)

    Connell, John; Wenneson, Greg

    1993-01-01

    The Software Engineering Guidebook describes SEPG (Software Engineering Process Group) supported processes and techniques for engineering quality software in NASA environments. Three process models are supported: structured, object-oriented, and evolutionary rapid-prototyping. The guidebook covers software life-cycles, engineering, assurance, and configuration management. The guidebook is written for managers and engineers who manage, develop, enhance, and/or maintain software under the Computer Software Services Contract.

  6. Computer Security and the Data Encryption Standard. Proceedings of the Conference on Computer Security and the Data Encryption Standard.

    ERIC Educational Resources Information Center

    Branstad, Dennis K., Ed.

    The 15 papers and summaries of presentations in this collection provide technical information and guidance offered by representatives from federal agencies and private industry. Topics discussed include physical security, risk assessment, software security, computer network security, and applications and implementation of the Data Encryption…

  7. Security in Full-Force

    NASA Technical Reports Server (NTRS)

    2002-01-01

    When fully developed for NASA, Vanguard Enforcer(TM) software-which emulates the activities of highly technical security system programmers, auditors, and administrators-was among the first intrusion detection programs to restrict human errors from affecting security, and to ensure the integrity of a computer's operating systems, as well as the protection of mission critical resources. Vanguard Enforcer was delivered in 1991 to Johnson Space Center and has been protecting systems and critical data there ever since. In August of 1999, NASA granted Vanguard exclusive rights to commercialize the Enforcer system for the private sector. In return, Vanguard continues to supply NASA with ongoing research, development, and support of Enforcer. The Vanguard Enforcer 4.2 is one of several surveillance technologies that make up the Vanguard Security Solutions line of products. Using a mainframe environment, Enforcer 4.2 achieves previously unattainable levels of automated security management.

  8. Usability and Children's Software: A User-Centered Design Methodology.

    ERIC Educational Resources Information Center

    Robertson, Jenifer Wals

    1994-01-01

    Addresses usability issues pertaining to the purpose of educational software, followed by suggestions for ways in which educational software can meet the language, physical, social, and cognitive needs of children. Guidelines and recommendations are provided for adapting usability engineering and testing procedures to educational software to…

  9. Proceedings, Conference on the Computing Environment for Mathematical Software

    NASA Technical Reports Server (NTRS)

    1981-01-01

    Recent advances in software and hardware technology which make it economical to create computing environments appropriate for specialized applications are addressed. Topics included software tools, FORTRAN standards activity, and features of languages, operating systems, and hardware that are important for the development, testing, and maintenance of mathematical software.

  10. ClassCompass: A Software Design Mentoring System

    ERIC Educational Resources Information Center

    Coelho, Wesley; Murphy, Gail

    2007-01-01

    Becoming a quality software developer requires practice under the guidance of an expert mentor. Unfortunately, in most academic environments, there are not enough experts to provide any significant design mentoring for software engineering students. To address this problem, we present a collaborative software design tool intended to maximize an…

  11. The Development, Use, and Dissemination of Academic Software.

    ERIC Educational Resources Information Center

    Weissman, Ronald F. E.; And Others

    1987-01-01

    This special theme issue is dedicated to topics related to courseware in higher education. Aspects addressed include faculty development of software; new technologies and their effects on knowledge; microcomputer-based software; courseware publishing; information sharing and software distribution; and future teaching and research projects. (LRW)

  12. Birds of a Feather: Supporting Secure Systems

    SciTech Connect

    Braswell III, H V

    2006-04-24

    Over the past few years Lawrence Livermore National Laboratory has begun the process of moving to a diskless environment in the Secure Computer Support realm. This movement has included many moving targets and increasing support complexity. We would like to set up a forum for Security and Support professionals to get together from across the Complex and discuss current deployments, lessons learned, and next steps. This would include what hardware, software, and hard copy based solutions are being used to manage Secure Computing. The topics to be discussed include but are not limited to: Diskless computing, port locking and management, PC, Mac, and Linux/UNIX support and setup, system imaging, security setup documentation and templates, security documentation and management, customer tracking, ticket tracking, software download and management, log management, backup/disaster recovery, and mixed media environments.

  13. Insights into software development in Japan

    NASA Technical Reports Server (NTRS)

    Duvall, Lorraine M.

    1992-01-01

    The interdependence of the U.S.-Japanese economies makes it imperative that we in the United States understand how business and technology developments take place in Japan. We can gain insight into these developments in software engineering by studying the context in which Japanese software is developed, the practices that are used, the problems encountered, the setting surrounding these problems, and the resolution of these problems. Context includes the technological and sociological characteristics of the software development environment, the software processes applied, personnel involved in the development process, and the corporate and social culture surrounding the development. Presented in this paper is a summary of results of a study that addresses these issues. Data for this study was collected during a three month visit to Japan where the author interviewed 20 software managers representing nine companies involved in developing software in Japan. These data are compared to similar data from the United States in which 12 managers from five companies were interviewed.

  14. Security Equipment and Systems Certification Program (SESCP)

    SciTech Connect

    Steele, B.J.; Papier, I.I.

    1996-06-20

    Sandia National Laboratories (SNL) and Underwriters Laboratories, Inc., (UL) have jointly established the Security Equipment and Systems Certification Program (SESCP). The goal of this program is to enhance industrial and national security by providing a nationally recognized method for making informed selection and use decisions when buying security equipment and systems. The SESCP will provide a coordinated structure for private and governmental security standardization review. Members will participate in meetings to identify security problems, develop ad-hoc subcommittees (as needed) to address these identified problems, and to maintain a communications network that encourages a meaningful exchange of ideas. This program will enhance national security by providing improved security equipment and security systems based on consistent, reliable standards and certification programs.

  15. GridOPTICS Software System

    SciTech Connect

    Akyol, Bora A; Ciraci, PNNL Selim; Gibson, PNNL Tara; Rice, PNNL Mark; Sharma, PNNL Poorva; Yin, PNNL Jian; Allwardt, PNNL Craig; PNNL,

    2014-02-24

    GridOPTICS Software System (GOSS) is a middleware that facilitates creation of new, modular and flexible operational and planning platforms that can meet the challenges of the next generation power grid. GOSS enables Department of Energy, power system utilities, and vendors to build better tools faster. GOSS makes it possible to integrate Future Power Grid Initiative software products/prototypes into existing power grid software systems, including the PNNL PowerNet and EIOC environments. GOSS is designed to allow power grid applications developed for different underlying software platforms installed in different utilities to communicate with ease. This can be done in compliance with existing security and data sharing policies between the utilities. GOSS not only supports one-to-one data transfer between applications, but also publisher/subscriber scheme. To support interoperability requirements of future EMS, GOSS is designed for CIM compliance. In addition to this, it supports authentication and authorization capabilities to protect the system from cyber threats. In summary, the contributions of the GOSS middleware are as follows: • A platform to support future EMS development. • A middleware that promotes interoperability between power grid applications. • A distributed architecture that separates data sources from power grid applications. • Support for data exchange with either one-to-one or publisher/subscriber interfaces. • An authentication and authorization scheme for limiting the access to data between utilities.

  16. Use of a secure Internet Web site for collaborative medical research.

    PubMed

    Marshall, W W; Haley, R W

    2000-10-11

    Researchers who collaborate on clinical research studies from diffuse locations need a convenient, inexpensive, secure way to record and manage data. The Internet, with its World Wide Web, provides a vast network that enables researchers with diverse types of computers and operating systems anywhere in the world to log data through a common interface. Development of a Web site for scientific data collection can be organized into 10 steps, including planning the scientific database, choosing a database management software system, setting up database tables for each collaborator's variables, developing the Web site's screen layout, choosing a middleware software system to tie the database software to the Web site interface, embedding data editing and calculation routines, setting up the database on the central server computer, obtaining a unique Internet address and name for the Web site, applying security measures to the site, and training staff who enter data. Ensuring the security of an Internet database requires limiting the number of people who have access to the server, setting up the server on a stand-alone computer, requiring user-name and password authentication for server and Web site access, installing a firewall computer to prevent break-ins and block bogus information from reaching the server, verifying the identity of the server and client computers with certification from a certificate authority, encrypting information sent between server and client computers to avoid eavesdropping, establishing audit trails to record all accesses into the Web site, and educating Web site users about security techniques. When these measures are carefully undertaken, in our experience, information for scientific studies can be collected and maintained on Internet databases more efficiently and securely than through conventional systems of paper records protected by filing cabinets and locked doors. JAMA. 2000;284:1843-1849.

  17. 46 CFR 184.610 - Public address systems.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 46 Shipping 7 2012-10-01 2012-10-01 false Public address systems. 184.610 Section 184.610 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) SMALL PASSENGER VESSELS (UNDER 100 GROSS TONS) VESSEL CONTROL AND MISCELLANEOUS SYSTEMS AND EQUIPMENT Control and Internal Communications Systems §...

  18. Argonne Director Eric Isaacs addresses the National Press Club

    SciTech Connect

    Eric Isaccs

    2009-09-17

    Argonne Director Eric Isaacs addresses the National Press Club on 9/15/2009. To build a national economy based on sustainable energy, the nation must first "reignite its innovation ecology," he said. Issacs makes the case for investing in science to secure America's future.

  19. Argonne Director Eric Isaacs addresses the National Press Club

    ScienceCinema

    Eric Isaccs

    2016-07-12

    Argonne Director Eric Isaacs addresses the National Press Club on 9/15/2009. To build a national economy based on sustainable energy, the nation must first "reignite its innovation ecology," he said. Issacs makes the case for investing in science to secure America's future.

  20. 33 CFR 67.35-15 - To whom addressed.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... 33 Navigation and Navigable Waters 1 2014-07-01 2014-07-01 false To whom addressed. 67.35-15 Section 67.35-15 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY AIDS TO NAVIGATION AIDS TO NAVIGATION ON ARTIFICIAL ISLANDS AND FIXED STRUCTURES Applications § 67.35-15 To...

  1. 33 CFR 67.35-15 - To whom addressed.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... 33 Navigation and Navigable Waters 1 2013-07-01 2013-07-01 false To whom addressed. 67.35-15 Section 67.35-15 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY AIDS TO NAVIGATION AIDS TO NAVIGATION ON ARTIFICIAL ISLANDS AND FIXED STRUCTURES Applications § 67.35-15 To...

  2. 33 CFR 67.35-15 - To whom addressed.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false To whom addressed. 67.35-15 Section 67.35-15 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY AIDS TO NAVIGATION AIDS TO NAVIGATION ON ARTIFICIAL ISLANDS AND FIXED STRUCTURES Applications § 67.35-15 To...

  3. 33 CFR 67.35-15 - To whom addressed.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... 33 Navigation and Navigable Waters 1 2011-07-01 2011-07-01 false To whom addressed. 67.35-15 Section 67.35-15 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY AIDS TO NAVIGATION AIDS TO NAVIGATION ON ARTIFICIAL ISLANDS AND FIXED STRUCTURES Applications § 67.35-15 To...

  4. 33 CFR 67.35-15 - To whom addressed.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... 33 Navigation and Navigable Waters 1 2012-07-01 2012-07-01 false To whom addressed. 67.35-15 Section 67.35-15 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY AIDS TO NAVIGATION AIDS TO NAVIGATION ON ARTIFICIAL ISLANDS AND FIXED STRUCTURES Applications § 67.35-15 To...

  5. 33 CFR 174.125 - Coast Guard address.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Coast Guard address. 174.125 Section 174.125 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) BOATING SAFETY STATE NUMBERING AND CASUALTY REPORTING SYSTEMS State Reports § 174.125 Coast Guard...

  6. 33 CFR 174.125 - Coast Guard address.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... 33 Navigation and Navigable Waters 2 2014-07-01 2014-07-01 false Coast Guard address. 174.125 Section 174.125 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) BOATING SAFETY STATE NUMBERING AND CASUALTY REPORTING SYSTEMS State Reports § 174.125 Coast Guard...

  7. 33 CFR 174.125 - Coast Guard address.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... 33 Navigation and Navigable Waters 2 2011-07-01 2011-07-01 false Coast Guard address. 174.125 Section 174.125 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) BOATING SAFETY STATE NUMBERING AND CASUALTY REPORTING SYSTEMS State Reports § 174.125 Coast Guard...

  8. 33 CFR 174.125 - Coast Guard address.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... 33 Navigation and Navigable Waters 2 2012-07-01 2012-07-01 false Coast Guard address. 174.125 Section 174.125 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) BOATING SAFETY STATE NUMBERING AND CASUALTY REPORTING SYSTEMS State Reports § 174.125 Coast Guard...

  9. 33 CFR 174.125 - Coast Guard address.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... 33 Navigation and Navigable Waters 2 2013-07-01 2013-07-01 false Coast Guard address. 174.125 Section 174.125 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) BOATING SAFETY STATE NUMBERING AND CASUALTY REPORTING SYSTEMS State Reports § 174.125 Coast Guard...

  10. Predicting Software Suitability Using a Bayesian Belief Network

    NASA Technical Reports Server (NTRS)

    Beaver, Justin M.; Schiavone, Guy A.; Berrios, Joseph S.

    2005-01-01

    The ability to reliably predict the end quality of software under development presents a significant advantage for a development team. It provides an opportunity to address high risk components earlier in the development life cycle, when their impact is minimized. This research proposes a model that captures the evolution of the quality of a software product, and provides reliable forecasts of the end quality of the software being developed in terms of product suitability. Development team skill, software process maturity, and software problem complexity are hypothesized as driving factors of software product quality. The cause-effect relationships between these factors and the elements of software suitability are modeled using Bayesian Belief Networks, a machine learning method. This research presents a Bayesian Network for software quality, and the techniques used to quantify the factors that influence and represent software quality. The developed model is found to be effective in predicting the end product quality of small-scale software development efforts.

  11. CONTENT-ADDRESSABLE MEMORY SYSTEMS,

    DTIC Science & Technology

    The utility of content -addressable memories (CAM’s) within a general purpose computing system is investigated. Word cells within CAM may be...addressed by the character of all or a part of cell contents . Multimembered sets of word cells may be addressed simultaneously. The distributed logical...package is developed which allows simulation of CAM commands within job programs run on the IBM 7090 and derives tallies of execution times corresponding to a particular realization of a CAM system . (Author)

  12. 75 FR 10439 - Cognitive Radio Technologies and Software Defined Radios

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-03-08

    ... COMMISSION 47 CFR Part 2 Cognitive Radio Technologies and Software Defined Radios AGENCY: Federal... implement security features in software defined radios (SDRs). While, the Commission dismisses this petition... Order 1. On March 17, 2005, the Commission adopted the Cognitive Radio Report and Order, 70 FR...

  13. Image Processing Software

    NASA Astrophysics Data System (ADS)

    Bosio, M. A.

    1990-11-01

    ABSTRACT: A brief description of astronomical image software is presented. This software was developed in a Digital Micro Vax II Computer System. : St presenta una somera descripci6n del software para procesamiento de imagenes. Este software fue desarrollado en un equipo Digital Micro Vax II. : DATA ANALYSIS - IMAGE PROCESSING

  14. Decentralized Software Evolution

    DTIC Science & Technology

    2003-09-01

    Institute for Software Research University of California, Irvine www.isr.uci.edu/tech-reports.html Peyman Oreizy University of California, Irvine... Peyman Oreizy and Richard N. Taylor Institute for Software Research University of California, Irvine Irvine, CA 92697-3425 USA {peymano, taylor...mechanisms that enforce cooperation among Decentralized Software Evolution Peyman Oreizy and Richard N. Taylor Institute for Software Research

  15. Agile Software Development

    ERIC Educational Resources Information Center

    Biju, Soly Mathew

    2008-01-01

    Many software development firms are now adopting the agile software development method. This method involves the customer at every level of software development, thus reducing the impact of change in the requirement at a later stage. In this article, the principles of the agile method for software development are explored and there is a focus on…

  16. Finding Helpful Software Reviews.

    ERIC Educational Resources Information Center

    Kruse, Ted, Comp.

    1987-01-01

    Provides a list of evaluation services currently producing critical reviews of educational software. Includes information about The Apple K-12 Curriculum Software Reference, The Educational Software Preview, The Educational Software Selector, MicroSIFT, and Only The Best: The Discriminating Guide for Preschool-Grade 12. (TW)

  17. Software distribution using xnetlib

    SciTech Connect

    Dongarra, J.J. |; Rowan, T.H.; Wade, R.C.

    1993-06-01

    Xnetlib is a new tool for software distribution. Whereas its predecessor netlib uses e-mail as the user interface to its large collection of public-domain mathematical software, xnetlib uses an X Window interface and socket-based communication. Xnetlib makes it easy to search through a large distributed collection of software and to retrieve requested software in seconds.

  18. Securing smart grid technology

    NASA Astrophysics Data System (ADS)

    Chaitanya Krishna, E.; Kosaleswara Reddy, T.; Reddy, M. YogaTeja; Reddy G. M., Sreerama; Madhusudhan, E.; AlMuhteb, Sulaiman

    2013-03-01

    In the developing countries electrical energy is very important for its all-round improvement by saving thousands of dollars and investing them in other sector for development. For Growing needs of power existing hierarchical, centrally controlled grid of the 20th Century is not sufficient. To produce and utilize effective power supply for industries or people we should have Smarter Electrical grids that address the challenges of the existing power grid. The Smart grid can be considered as a modern electric power grid infrastructure for enhanced efficiency and reliability through automated control, high-power converters, modern communications infrastructure along with modern IT services, sensing and metering technologies, and modern energy management techniques based on the optimization of demand, energy and network availability and so on. The main objective of this paper is to provide a contemporary look at the current state of the art in smart grid communications as well as critical issues on smart grid technologies primarily in terms of information and communication technology (ICT) issues like security, efficiency to communications layer field. In this paper we propose new model for security in Smart Grid Technology that contains Security Module(SM) along with DEM which will enhance security in Grid. It is expected that this paper will provide a better understanding of the technologies, potential advantages and research challenges of the smart grid and provoke interest among the research community to further explore this promising research area.

  19. Software productivity improvement through software engineering technology

    NASA Technical Reports Server (NTRS)

    Mcgarry, F. E.

    1985-01-01

    It has been estimated that NASA expends anywhere from 6 to 10 percent of its annual budget on the acquisition, implementation and maintenance of computer software. Although researchers have produced numerous software engineering approaches over the past 5-10 years; each claiming to be more effective than the other, there is very limited quantitative information verifying the measurable impact htat any of these technologies may have in a production environment. At NASA/GSFC, an extended research effort aimed at identifying and measuring software techniques that favorably impact productivity of software development, has been active over the past 8 years. Specific, measurable, software development technologies have been applied and measured in a production environment. Resulting software development approaches have been shown to be effective in both improving quality as well as productivity in this one environment.

  20. Software Formal Inspections Standard

    NASA Technical Reports Server (NTRS)

    1993-01-01

    This Software Formal Inspections Standard (hereinafter referred to as Standard) is applicable to NASA software. This Standard defines the requirements that shall be fulfilled by the software formal inspections process whenever this process is specified for NASA software. The objective of this Standard is to define the requirements for a process that inspects software products to detect and eliminate defects as early as possible in the software life cycle. The process also provides for the collection and analysis of inspection data to improve the inspection process as well as the quality of the software.

  1. Data security.

    PubMed

    2016-09-01

    A government-commissioned review of data security across health and care has led to the proposal of new standards for security and options for a consent/opt-out model. Standards include that all staff complete appropriate annual data security training and pass a mandatory test provided through the revised Information Governance Toolkit, that personal confidential data is only accessible to staff who need it for their current role, and that access is removed as soon as it is no longer required. The consent/opt-out model is outlined under 8 statements, and includes certain circumstances where it will not apply, for example, where there is an overriding public interest, or mandatory legal requirement.

  2. Secure electronic commerce communication system based on CA

    NASA Astrophysics Data System (ADS)

    Chen, Deyun; Zhang, Junfeng; Pei, Shujun

    2001-07-01

    In this paper, we introduce the situation of electronic commercial security, then we analyze the working process and security for SSL protocol. At last, we propose a secure electronic commerce communication system based on CA. The system provide secure services such as encryption, integer, peer authentication and non-repudiation for application layer communication software of browser clients' and web server. The system can implement automatic allocation and united management of key through setting up the CA in the network.

  3. WPSS: watching people security services

    NASA Astrophysics Data System (ADS)

    Bouma, Henri; Baan, Jan; Borsboom, Sander; van Zon, Kasper; Luo, Xinghan; Loke, Ben; Stoeller, Bram; van Kuilenburg, Hans; Dijk, Judith

    2013-10-01

    To improve security, the number of surveillance cameras is rapidly increasing. However, the number of human operators remains limited and only a selection of the video streams are observed. Intelligent software services can help to find people quickly, evaluate their behavior and show the most relevant and deviant patterns. We present a software platform that contributes to the retrieval and observation of humans and to the analysis of their behavior. The platform consists of mono- and stereo-camera tracking, re-identification, behavioral feature computation, track analysis, behavior interpretation and visualization. This system is demonstrated in a busy shopping mall with multiple cameras and different lighting conditions.

  4. Toward a Reform of the Defense Department Software Acquisition Policy.

    DTIC Science & Technology

    1986-04-01

    Software Licensing Project ________"__,___n _.... Software Engineering Institute Carnegie-Mellon University I__ Pittsburgh, PA 15213 Dt Aval aic/or Approved...The Need for More Precise Definitions 24 1.4 Issues Not Addressed In the DoD Regulations 27 1.5 Shrink Wrap and Other Standard Licenses 29 1.6 Issues...Modifications 54 2.6 Other Software Maintenance/Enhancement Licensing 57 Problems 3. The Need for Better Training about Software, Data Rights, 59 and

  5. Software component quality evaluation

    NASA Technical Reports Server (NTRS)

    Clough, A. J.

    1991-01-01

    The paper describes a software inspection process that can be used to evaluate the quality of software components. Quality criteria, process application, independent testing of the process and proposed associated tool support are covered. Early results indicate that this technique is well suited for assessing software component quality in a standardized fashion. With automated machine assistance to facilitate both the evaluation and selection of software components, such a technique should promote effective reuse of software components.

  6. Responsbility for unreliable software

    SciTech Connect

    Wahl, N.J.

    1994-12-31

    Unreliable software exposes software developers and distributors to legal risks. Under certain circumstances, the developer and distributor of unreliable software can be sued. To avoid lawsuits, software developers should do the following: determine what the risks am, understand the extent of the risks, and identify ways of avoiding the risks and lessening the consequences of the risks. Liability issues associated with unreliable software are explored in this article.

  7. Library and Archival Security: Policies and Procedures To Protect Holdings from Theft and Damage.

    ERIC Educational Resources Information Center

    Trinkaus-Randall, Gregor

    1998-01-01

    Firm policies and procedures that address the environment, patron/staff behavior, general attitude, and care and handling of materials need to be at the core of the library/archival security program. Discussion includes evaluating a repository's security needs, collections security, security in non-public areas, security in the reading room,…

  8. Safety Software Guide Perspectives for the Design of New Nuclear Facilities (U)

    SciTech Connect

    VINCENT, Andrew

    2005-07-14

    In June of this year, the Department of Energy (DOE) issued directives DOE O 414.1C and DOE G 414.1-4 to improve quality assurance programs, processes, and procedures among its safety contractors. Specifically, guidance entitled, ''Safety Software Guide for use with 10 CFR 830 Subpart A, Quality Assurance Requirements, and DOE O 414.1C, Quality Assurance, DOE G 414.1-4'', provides information and acceptable methods to comply with safety software quality assurance (SQA) requirements. The guidance provides a roadmap for meeting DOE O 414.1C, ''Quality Assurance'', and the quality assurance program (QAP) requirements of Title 10 Code of Federal Regulations (CFR) 830, Subpart A, Quality Assurance, for DOE nuclear facilities and software application activities. [1, 2] The order and guide are part of a comprehensive implementation plan that addresses issues and concerns documented in Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 2002-1. [3] Safety SQA requirements for DOE as well as National Nuclear Security Administration contractors are necessary to implement effective quality assurance (QA) processes and achieve safe nuclear facility operations. DOE G 414.1-4 was developed to provide guidance on establishing and implementing effective QA processes tied specifically to nuclear facility safety software applications. The Guide includes software application practices covered by appropriate national and international consensus standards and various processes currently in use at DOE facilities. While the safety software guidance is considered to be of sufficient rigor and depth to ensure acceptable reliability of safety software at all DOE nuclear facilities, new nuclear facilities are well suited to take advantage of the guide to ensure compliant programs and processes are implemented. Attributes such as the facility life-cycle stage and the hazardous nature of each facility operations are considered, along with the category and level of importance of the

  9. Non-developmental item computer systems and the malicious software threat

    NASA Technical Reports Server (NTRS)

    Bown, Rodney L.

    1991-01-01

    The following subject areas are covered: a DOD development system - the Army Secure Operating System; non-development commercial computer systems; security, integrity, and assurance of service (SI and A); post delivery SI and A and malicious software; computer system unique attributes; positive feedback to commercial computer systems vendors; and NDI (Non-Development Item) computers and software safety.

  10. Security Services Discovery by ATM Endsystems

    SciTech Connect

    Sholander, Peter; Tarman, Thomas

    1999-07-15

    This contribution proposes strawman techniques for Security Service Discovery by ATM endsystems in ATM networks. Candidate techniques include ILMI extensions, ANS extensions and new ATM anycast addresses. Another option is a new protocol based on an IETF service discovery protocol, such as Service Location Protocol (SLP). Finally, this contribution provides strawman requirements for Security-Based Routing in ATM networks.

  11. What's Ahead for Campus Security?

    ERIC Educational Resources Information Center

    Queeno, Cam

    2000-01-01

    Identifies five trends in security technology and what they mean for colleges and universities in the near future. Trends addressed are: less emphasis on complete system integration; increased prevalence of open networking protocol systems; rising use of proximity and smart cards; increased use of digital technology and remote video surveillance;…

  12. Securing Funds through Grant Writing

    ERIC Educational Resources Information Center

    Bowers, Fredalene

    2006-01-01

    This article addresses two aspects to securing funds through grant writing: (1) how to apply for grants; and (2) where to apply. Grant writing is not as difficult as many people believe. Although there are courses on grant writing, very few people start their career with the goal of "becoming a grant writer." In this article, the author presents…

  13. Dynamic security assessment processing system

    NASA Astrophysics Data System (ADS)

    Tang, Lei

    The architecture of dynamic security assessment processing system (DSAPS) is proposed to address online dynamic security assessment (DSA) with focus of the dissertation on low-probability, high-consequence events. DSAPS upgrades current online DSA functions and adds new functions to fit into the modern power grid. Trajectory sensitivity analysis is introduced and its applications in power system are reviewed. An index is presented to assess transient voltage dips quantitatively using trajectory sensitivities. Then the framework of anticipatory computing system (ACS) for cascading defense is presented as an important function of DSAPS. ACS addresses various security problems and the uncertainties in cascading outages. Corrective control design is automated to mitigate the system stress in cascading progressions. The corrective controls introduced in the dissertation include corrective security constrained optimal power flow, a two-stage load control for severe under-frequency conditions, and transient stability constrained optimal power flow for cascading outages. With state-of-the-art computing facilities to perform high-speed extended-term time-domain simulation and optimization for large-scale systems, DSAPS/ACS efficiently addresses online DSA for low-probability, high-consequence events, which are not addressed by today's industrial practice. Human interference is reduced in the computationally burdensome analysis.

  14. Software Quality Assurance Metrics

    NASA Technical Reports Server (NTRS)

    McRae, Kalindra A.

    2004-01-01

    Software Quality Assurance (SQA) is a planned and systematic set of activities that ensures conformance of software life cycle processes and products conform to requirements, standards and procedures. In software development, software quality means meeting requirements and a degree of excellence and refinement of a project or product. Software Quality is a set of attributes of a software product by which its quality is described and evaluated. The set of attributes includes functionality, reliability, usability, efficiency, maintainability, and portability. Software Metrics help us understand the technical process that is used to develop a product. The process is measured to improve it and the product is measured to increase quality throughout the life cycle of software. Software Metrics are measurements of the quality of software. Software is measured to indicate the quality of the product, to assess the productivity of the people who produce the product, to assess the benefits derived from new software engineering methods and tools, to form a baseline for estimation, and to help justify requests for new tools or additional training. Any part of the software development can be measured. If Software Metrics are implemented in software development, it can save time, money, and allow the organization to identify the caused of defects which have the greatest effect on software development. The summer of 2004, I worked with Cynthia Calhoun and Frank Robinson in the Software Assurance/Risk Management department. My task was to research and collect, compile, and analyze SQA Metrics that have been used in other projects that are not currently being used by the SA team and report them to the Software Assurance team to see if any metrics can be implemented in their software assurance life cycle process.

  15. Applying evolutionary biology to address global challenges.

    PubMed

    Carroll, Scott P; Jørgensen, Peter Søgaard; Kinnison, Michael T; Bergstrom, Carl T; Denison, R Ford; Gluckman, Peter; Smith, Thomas B; Strauss, Sharon Y; Tabashnik, Bruce E

    2014-10-17

    Two categories of evolutionary challenges result from escalating human impacts on the planet. The first arises from cancers, pathogens, and pests that evolve too quickly and the second, from the inability of many valued species to adapt quickly enough. Applied evolutionary biology provides a suite of strategies to address these global challenges that threaten human health, food security, and biodiversity. This Review highlights both progress and gaps in genetic, developmental, and environmental manipulations across the life sciences that either target the rate and direction of evolution or reduce the mismatch between organisms and human-altered environments. Increased development and application of these underused tools will be vital in meeting current and future targets for sustainable development.

  16. Applying evolutionary biology to address global challenges

    PubMed Central

    Carroll, Scott P.; Jørgensen, Peter Søgaard; Kinnison, Michael T.; Bergstrom, Carl T.; Denison, R. Ford; Gluckman, Peter; Smith, Thomas B.; Strauss, Sharon Y.; Tabashnik, Bruce E.

    2014-01-01

    Two categories of evolutionary challenges result from escalating human impacts on the planet. The first arises from cancers, pathogens and pests that evolve too quickly, and the second from the inability of many valued species to adapt quickly enough. Applied evolutionary biology provides a suite of strategies to address these global challenges that threaten human health, food security, and biodiversity. This review highlights both progress and gaps in genetic, developmental and environmental manipulations across the life sciences that either target the rate and direction of evolution, or reduce the mismatch between organisms and human-altered environments. Increased development and application of these underused tools will be vital in meeting current and future targets for sustainable development. PMID:25213376

  17. Software Defined Radio with Parallelized Software Architecture

    NASA Technical Reports Server (NTRS)

    Heckler, Greg

    2013-01-01

    This software implements software-defined radio procession over multi-core, multi-CPU systems in a way that maximizes the use of CPU resources in the system. The software treats each processing step in either a communications or navigation modulator or demodulator system as an independent, threaded block. Each threaded block is defined with a programmable number of input or output buffers; these buffers are implemented using POSIX pipes. In addition, each threaded block is assigned a unique thread upon block installation. A modulator or demodulator system is built by assembly of the threaded blocks into a flow graph, which assembles the processing blocks to accomplish the desired signal processing. This software architecture allows the software to scale effortlessly between single CPU/single-core computers or multi-CPU/multi-core computers without recompilation. NASA spaceflight and ground communications systems currently rely exclusively on ASICs or FPGAs. This software allows low- and medium-bandwidth (100 bps to .50 Mbps) software defined radios to be designed and implemented solely in C/C++ software, while lowering development costs and facilitating reuse and extensibility.

  18. Software Defined Radio with Parallelized Software Architecture

    NASA Technical Reports Server (NTRS)

    Heckler, Greg

    2013-01-01

    This software implements software-defined radio procession over multicore, multi-CPU systems in a way that maximizes the use of CPU resources in the system. The software treats each processing step in either a communications or navigation modulator or demodulator system as an independent, threaded block. Each threaded block is defined with a programmable number of input or output buffers; these buffers are implemented using POSIX pipes. In addition, each threaded block is assigned a unique thread upon block installation. A modulator or demodulator system is built by assembly of the threaded blocks into a flow graph, which assembles the processing blocks to accomplish the desired signal processing. This software architecture allows the software to scale effortlessly between single CPU/single-core computers or multi-CPU/multi-core computers without recompilation. NASA spaceflight and ground communications systems currently rely exclusively on ASICs or FPGAs. This software allows low- and medium-bandwidth (100 bps to approx.50 Mbps) software defined radios to be designed and implemented solely in C/C++ software, while lowering development costs and facilitating reuse and extensibility.

  19. Payload software technology: Software technology development plan

    NASA Technical Reports Server (NTRS)

    1977-01-01

    Programmatic requirements for the advancement of software technology are identified for meeting the space flight requirements in the 1980 to 1990 time period. The development items are described, and software technology item derivation worksheets are presented along with the cost/time/priority assessments.

  20. Software Engineering Program: Software Process Improvement Guidebook

    NASA Technical Reports Server (NTRS)

    1996-01-01

    The purpose of this document is to provide experience-based guidance in implementing a software process improvement program in any NASA software development or maintenance community. This guidebook details how to define, operate, and implement a working software process improvement program. It describes the concept of the software process improvement program and its basic organizational components. It then describes the structure, organization, and operation of the software process improvement program, illustrating all these concepts with specific NASA examples. The information presented in the document is derived from the experiences of several NASA software organizations, including the SEL, the SEAL, and the SORCE. Their experiences reflect many of the elements of software process improvement within NASA. This guidebook presents lessons learned in a form usable by anyone considering establishing a software process improvement program within his or her own environment. This guidebook attempts to balance general and detailed information. It provides material general enough to be usable by NASA organizations whose characteristics do not directly match those of the sources of the information and models presented herein. It also keeps the ideas sufficiently close to the sources of the practical experiences that have generated the models and information.