The Case for Inclusion of Competitive Teams in Security Education

ERIC Educational Resources Information Center

Serapiglia, Anthony

2016-01-01

Through industry news as well as contemporary reporting, the topic of computer security has become omnipresent in our daily lives. Whether the news is about corporate data breaches, international cyber espionage, or personal data compromises and identity theft--EVERYONE has had to deal with digital security in some way. Because of this, one of the…

15 CFR 743.2 - High performance computers: Post shipment verification reporting.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 15 Commerce and Foreign Trade 2 2012-01-01 2012-01-01 false High performance computers: Post... Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS SPECIAL REPORTING § 743.2 High performance computers: Post shipment verification...

15 CFR 743.2 - High performance computers: Post shipment verification reporting.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 15 Commerce and Foreign Trade 2 2011-01-01 2011-01-01 false High performance computers: Post... Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS SPECIAL REPORTING § 743.2 High performance computers: Post shipment verification...

15 CFR 743.2 - High performance computers: Post shipment verification reporting.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false High performance computers: Post... Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS SPECIAL REPORTING § 743.2 High performance computers: Post shipment verification...

15 CFR 743.2 - High performance computers: Post shipment verification reporting.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 15 Commerce and Foreign Trade 2 2013-01-01 2013-01-01 false High performance computers: Post... Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS SPECIAL REPORTING § 743.2 High performance computers: Post shipment verification...

15 CFR 740.7 - Computers (APP).

Code of Federal Regulations, 2012 CFR

2012-01-01

... 15 Commerce and Foreign Trade 2 2012-01-01 2012-01-01 false Computers (APP). 740.7 Section 740.7... INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS LICENSE EXCEPTIONS § 740.7 Computers (APP). (a) Scope—(1) Commodities. License Exception APP authorizes exports and reexports of...

15 CFR 740.7 - Computers (APP).

Code of Federal Regulations, 2014 CFR

2014-01-01

... 15 Commerce and Foreign Trade 2 2014-01-01 2014-01-01 false Computers (APP). 740.7 Section 740.7... INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS LICENSE EXCEPTIONS § 740.7 Computers (APP). (a) Scope—(1) Commodities. License Exception APP authorizes exports and reexports of...

15 CFR 740.7 - Computers (APP).

Code of Federal Regulations, 2013 CFR

2013-01-01

... 15 Commerce and Foreign Trade 2 2013-01-01 2013-01-01 false Computers (APP). 740.7 Section 740.7... INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS LICENSE EXCEPTIONS § 740.7 Computers (APP). (a) Scope—(1) Commodities. License Exception APP authorizes exports and reexports of...

15 CFR 770.2 - Item interpretations.

Code of Federal Regulations, 2012 CFR

2012-01-01

... OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS INTERPRETATIONS.... “Numerical control” units include computers with add-on “motion control boards”. A computer with add-on “motion control boards” for machine tools may be controlled under ECCN 2B001.a even when the computer...

15 CFR 770.2 - Item interpretations.

Code of Federal Regulations, 2013 CFR

2013-01-01

... OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS INTERPRETATIONS.... “Numerical control” units include computers with add-on “motion control boards”. A computer with add-on “motion control boards” for machine tools may be controlled under ECCN 2B001.a even when the computer...

15 CFR 770.2 - Item interpretations.

Code of Federal Regulations, 2014 CFR

2014-01-01

... OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS INTERPRETATIONS.... “Numerical control” units include computers with add-on “motion control boards”. A computer with add-on “motion control boards” for machine tools may be controlled under ECCN 2B001.a even when the computer...

2011 Computation Directorate Annual Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Crawford, D L

2012-04-11

From its founding in 1952 until today, Lawrence Livermore National Laboratory (LLNL) has made significant strategic investments to develop high performance computing (HPC) and its application to national security and basic science. Now, 60 years later, the Computation Directorate and its myriad resources and capabilities have become a key enabler for LLNL programs and an integral part of the effort to support our nation's nuclear deterrent and, more broadly, national security. In addition, the technological innovation HPC makes possible is seen as vital to the nation's economic vitality. LLNL, along with other national laboratories, is working to make supercomputing capabilitiesmore » and expertise available to industry to boost the nation's global competitiveness. LLNL is on the brink of an exciting milestone with the 2012 deployment of Sequoia, the National Nuclear Security Administration's (NNSA's) 20-petaFLOP/s resource that will apply uncertainty quantification to weapons science. Sequoia will bring LLNL's total computing power to more than 23 petaFLOP/s-all brought to bear on basic science and national security needs. The computing systems at LLNL provide game-changing capabilities. Sequoia and other next-generation platforms will enable predictive simulation in the coming decade and leverage industry trends, such as massively parallel and multicore processors, to run petascale applications. Efficient petascale computing necessitates refining accuracy in materials property data, improving models for known physical processes, identifying and then modeling for missing physics, quantifying uncertainty, and enhancing the performance of complex models and algorithms in macroscale simulation codes. Nearly 15 years ago, NNSA's Accelerated Strategic Computing Initiative (ASCI), now called the Advanced Simulation and Computing (ASC) Program, was the critical element needed to shift from test-based confidence to science-based confidence. Specifically, ASCI/ASC accelerated the development of simulation capabilities necessary to ensure confidence in the nuclear stockpile-far exceeding what might have been achieved in the absence of a focused initiative. While stockpile stewardship research pushed LLNL scientists to develop new computer codes, better simulation methods, and improved visualization technologies, this work also stimulated the exploration of HPC applications beyond the standard sponsor base. As LLNL advances to a petascale platform and pursues exascale computing (1,000 times faster than Sequoia), ASC will be paramount to achieving predictive simulation and uncertainty quantification. Predictive simulation and quantifying the uncertainty of numerical predictions where little-to-no data exists demands exascale computing and represents an expanding area of scientific research important not only to nuclear weapons, but to nuclear attribution, nuclear reactor design, and understanding global climate issues, among other fields. Aside from these lofty goals and challenges, computing at LLNL is anything but 'business as usual.' International competition in supercomputing is nothing new, but the HPC community is now operating in an expanded, more aggressive climate of global competitiveness. More countries understand how science and technology research and development are inextricably linked to economic prosperity, and they are aggressively pursuing ways to integrate HPC technologies into their native industrial and consumer products. In the interest of the nation's economic security and the science and technology that underpins it, LLNL is expanding its portfolio and forging new collaborations. We must ensure that HPC remains an asymmetric engine of innovation for the Laboratory and for the U.S. and, in doing so, protect our research and development dynamism and the prosperity it makes possible. One untapped area of opportunity LLNL is pursuing is to help U.S. industry understand how supercomputing can benefit their business. Industrial investment in HPC applications has historically been limited by the prohibitive cost of entry, the inaccessibility of software to run the powerful systems, and the years it takes to grow the expertise to develop codes and run them in an optimal way. LLNL is helping industry better compete in the global market place by providing access to some of the world's most powerful computing systems, the tools to run them, and the experts who are adept at using them. Our scientists are collaborating side by side with industrial partners to develop solutions to some of industry's toughest problems. The goal of the Livermore Valley Open Campus High Performance Computing Innovation Center is to allow American industry the opportunity to harness the power of supercomputing by leveraging the scientific and computational expertise at LLNL in order to gain a competitive advantage in the global economy.« less

15 CFR 743.2 - High performance computers: Post shipment verification reporting.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 15 Commerce and Foreign Trade 2 2014-01-01 2014-01-01 false High performance computers: Post... Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS SPECIAL REPORTING AND NOTIFICATION § 743.2 High performance computers: Post shipment...

15 CFR Supplement No. 2 to Part 752 - Instructions for Completing Form BIS-748P-B, “Item Annex”

Code of Federal Regulations, 2010 CFR

2010-01-01

... to Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE... or reexport a computer or equipment that contains a computer. Instructions on calculating the APP are...

Jobs for Two Million Workers.

ERIC Educational Resources Information Center

VocEd, 1982

1982-01-01

The outlook for jobs in the computer industry is excellent for people with appropriate training. The shortage of computer personnel is expected to continue, resulting in higher wages, more job mobility, increasing job security and generally greater opportunities for two million Americans by 1990. (CT)

Guidelines for computer security in general practice.

PubMed

Schattner, Peter; Pleteshner, Catherine; Bhend, Heinz; Brouns, Johan

2007-01-01

As general practice becomes increasingly computerised, data security becomes increasingly important for both patient health and the efficient operation of the practice. To develop guidelines for computer security in general practice based on a literature review, an analysis of available information on current practice and a series of key stakeholder interviews. While the guideline was produced in the context of Australian general practice, we have developed a template that is also relevant for other countries. Current data on computer security measures was sought from Australian divisions of general practice. Semi-structured interviews were conducted with general practitioners (GPs), the medical software industry, senior managers within government responsible for health IT (information technology) initiatives, technical IT experts, divisions of general practice and a member of a health information consumer group. The respondents were asked to assess both the likelihood and the consequences of potential risks in computer security being breached. The study suggested that the most important computer security issues in general practice were: the need for a nominated IT security coordinator; having written IT policies, including a practice disaster recovery plan; controlling access to different levels of electronic data; doing and testing backups; protecting against viruses and other malicious codes; installing firewalls; undertaking routine maintenance of hardware and software; and securing electronic communication, for example via encryption. This information led to the production of computer security guidelines, including a one-page summary checklist, which were subsequently distributed to all GPs in Australia. This paper maps out a process for developing computer security guidelines for general practice. The specific content will vary in different countries according to their levels of adoption of IT, and cultural, technical and other health service factors. Making these guidelines relevant to local contexts should help maximise their uptake.

Spring 2006. Industry Study. Information Technology Industry

DTIC Science & Technology

2006-01-01

unclassified c . THIS PAGE unclassified Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18 i Information Technology 2006 ABSTRACT...integration of processors, coprocessors, memory, storage, etc. into a user-programmable final product. C . Software (Apple, Oracle): These firms...able to support the U.S. national security interests. C . Manufacturing: The personal computer manufacturing industry has also changed considerably

Security Risks of Cloud Computing and Its Emergence as 5th Utility Service

NASA Astrophysics Data System (ADS)

Ahmad, Mushtaq

Cloud Computing is being projected by the major cloud services provider IT companies such as IBM, Google, Yahoo, Amazon and others as fifth utility where clients will have access for processing those applications and or software projects which need very high processing speed for compute intensive and huge data capacity for scientific, engineering research problems and also e- business and data content network applications. These services for different types of clients are provided under DASM-Direct Access Service Management based on virtualization of hardware, software and very high bandwidth Internet (Web 2.0) communication. The paper reviews these developments for Cloud Computing and Hardware/Software configuration of the cloud paradigm. The paper also examines the vital aspects of security risks projected by IT Industry experts, cloud clients. The paper also highlights the cloud provider's response to cloud security risks.

15 CFR Supplement No. 1 to Part 746 - Examples of Luxury Goods

Code of Federal Regulations, 2010 CFR

2010-01-01

... (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS...) Personal digital assistants (PDAs) (3) Personal digital music players (4) Computer laptops (g...

Effects of New Technologies.

ERIC Educational Resources Information Center

Social and Labour Bulletin, 1980

1980-01-01

Transnational implications of technological change and innovation in telecommunications are discussed, including impact on jobs and industrial relations, computer security, access to information, and effects of technological innovation on international economic systems. (SK)

Implications of the Third Industrial Revolution on the Elements of National Power and Their Impact on National Security Strategy

DTIC Science & Technology

1992-03-16

34A Hidden U.S. Export: Higher Education ." The WashinQton Post, 16 February 1992, H1 and H4. Brandin , David H., and Michael A. Harrison. The...frequent significant technological change now occurs within the individual person’s working lifespan, life-long education is a necessity to remain...INDUSTRIAL REVOLUTION The phenomenal increase in speed and in raw power of computer processors, the shrinking size and cost of basic computing systems, the

Secured Communication for Business Process Outsourcing Using Optimized Arithmetic Cryptography Protocol Based on Virtual Parties

NASA Astrophysics Data System (ADS)

Pathak, Rohit; Joshi, Satyadhar

Within a span of over a decade, India has become one of the most favored destinations across the world for Business Process Outsourcing (BPO) operations. India has rapidly achieved the status of being the most preferred destination for BPO for companies located in the US and Europe. Security and privacy are the two major issues needed to be addressed by the Indian software industry to have an increased and long-term outsourcing contract from the US. Another important issue is about sharing employee’s information to ensure that data and vital information of an outsourcing company is secured and protected. To ensure that the confidentiality of a client’s information is maintained, BPOs need to implement some data security measures. In this paper, we propose a new protocol for specifically for BPO Secure Multi-Party Computation (SMC). As there are many computations and surveys which involve confidential data from many parties or organizations and the concerned data is property of the organization, preservation and security of this data is of prime importance for such type of computations. Although the computation requires data from all the parties, but none of the associated parties would want to reveal their data to the other parties. We have proposed a new efficient and scalable protocol to perform computation on encrypted information. The information is encrypted in a manner that it does not affect the result of the computation. It uses modifier tokens which are distributed among virtual parties, and finally used in the computation. The computation function uses the acquired data and modifier tokens to compute right result from the encrypted data. Thus without revealing the data, right result can be computed and privacy of the parties is maintained. We have given a probabilistic security analysis of hacking the protocol and shown how zero hacking security can be achieved. Also we have analyzed the specific case of Indian BPO.

Compliance with HIPAA security standards in U.S. Hospitals.

PubMed

Davis, Diane; Having, Karen

2006-01-01

With the widespread use of computer networks, the amount of information stored electronically has grown exponentially, resulting in increased concern for privacy and security of information. The healthcare industry has been put to the test with the federally mandated Health Insurance Portability and Accountability Act (HIPAA) of 1996. To assess the compliance status of HIPAA security standards, a random sample of 1,000 U.S. hospitals was surveyed in January 2004, yielding a return rate of 29 percent. One year later, a follow-up survey was sent to all previous respondents, with 50 percent replying. HIPAA officers'perceptions of security compliance in 2004 and 2005 are compared in this article. The security standards achieving the highest level of compliance in both 2004 and 2005 were obtaining required business associate agreements and physical safeguards to limit access to electronic information systems. Respondents indicated least compliance both years in performing periodic evaluation of security practices governed by the Security Rule. Roadblocks, threats, problems and solutions regarding HIPAA compliance are discussed. This information may be applied to current and future strategies toward maintaining security of information systems throughout the healthcare industry.

Virtualization in education: Information Security lab in your hands

NASA Astrophysics Data System (ADS)

Karlov, A. A.

2016-09-01

The growing demand for qualified specialists in advanced information technologies poses serious challenges to the education and training of young personnel for science, industry and social problems. Virtualization as a way to isolate the user from the physical characteristics of computing resources (processors, servers, operating systems, networks, applications, etc.), has, in particular, an enormous influence in the field of education, increasing its efficiency, reducing the cost, making it more widely and readily available. The study of Information Security of computer systems is considered as an example of use of virtualization in education.

Proceedings of the Seminar on the DoD Computer Security Initiative Program (3rd), National Bureau of Standards, Gaithersburg, Maryland, November 18-20, 1980.

DTIC Science & Technology

1980-01-01

TECHNIQUES IMPROVING RAPIDLY C-7 INDUSTRY THRUSTS IN 70s DRIVING FORCE : IMPROVE PRODUCT QUALITY * EASE MAINTENANCE, MODIFICATION IMPROVE PERFORMANCE...together a task force to make recommendations on what we should be doing about computer secur- ity. Other members of the task force came from both our...of the marketing task force mostly echoed and endorsed the user’s report. Both reports were issued in March of 1973. Notice that DoD 5200.28 had just

National research and education network

NASA Technical Reports Server (NTRS)

Villasenor, Tony

1991-01-01

Some goals of this network are as follows: Extend U.S. technological leadership in high performance computing and computer communications; Provide wide dissemination and application of the technologies both to the speed and the pace of innovation and to serve the national economy, national security, education, and the global environment; and Spur gains in the U.S. productivity and industrial competitiveness by making high performance computing and networking technologies an integral part of the design and production process. Strategies for achieving these goals are as follows: Support solutions to important scientific and technical challenges through a vigorous R and D effort; Reduce the uncertainties to industry for R and D and use of this technology through increased cooperation between government, industry, and universities and by the continued use of government and government funded facilities as a prototype user for early commercial HPCC products; and Support underlying research, network, and computational infrastructures on which U.S. high performance computing technology is based.

A Review Study on Cloud Computing Issues

NASA Astrophysics Data System (ADS)

Kanaan Kadhim, Qusay; Yusof, Robiah; Sadeq Mahdi, Hamid; Al-shami, Sayed Samer Ali; Rahayu Selamat, Siti

2018-05-01

Cloud computing is the most promising current implementation of utility computing in the business world, because it provides some key features over classic utility computing, such as elasticity to allow clients dynamically scale-up and scale-down the resources in execution time. Nevertheless, cloud computing is still in its premature stage and experiences lack of standardization. The security issues are the main challenges to cloud computing adoption. Thus, critical industries such as government organizations (ministries) are reluctant to trust cloud computing due to the fear of losing their sensitive data, as it resides on the cloud with no knowledge of data location and lack of transparency of Cloud Service Providers (CSPs) mechanisms used to secure their data and applications which have created a barrier against adopting this agile computing paradigm. This study aims to review and classify the issues that surround the implementation of cloud computing which a hot area that needs to be addressed by future research.

Qualitative Case Study Exploring Operational Barriers Impeding Small and Private, Nonprofit Higher Education Institutions from Implementing Information Security Controls

ERIC Educational Resources Information Center

Liesen, Joseph J.

2017-01-01

The higher education industry uses the very latest technologies to effectively prepare students for their careers, but these technologies often contain vulnerabilities that can be exploited via their connection to the Internet. The complex task of securing information and computing systems is made more difficult at institutions of higher education…

An Initial Look at Alternative Computing Technologies for the Intelligence Community

DTIC Science & Technology

2014-01-01

Recommendation (N-1): Guide hardware development with lessons from machine learning and neuroscience . Neuro-inspired computing suffers from a lack...not new to either the government or industry. We have described Google’s approach. The government—most notably The National Security Agency ( NSA ) and...increasing accumulation of knowledge in neuroscience and bio-molecular methods, new computational techniques may become available in the near future

Survey on Security Issues in Cloud Computing and Associated Mitigation Techniques

NASA Astrophysics Data System (ADS)

Bhadauria, Rohit; Sanyal, Sugata

2012-06-01

Cloud Computing holds the potential to eliminate the requirements for setting up of high-cost computing infrastructure for IT-based solutions and services that the industry uses. It promises to provide a flexible IT architecture, accessible through internet for lightweight portable devices. This would allow multi-fold increase in the capacity or capabilities of the existing and new software. In a cloud computing environment, the entire data reside over a set of networked resources, enabling the data to be accessed through virtual machines. Since these data-centers may lie in any corner of the world beyond the reach and control of users, there are multifarious security and privacy challenges that need to be understood and taken care of. Also, one can never deny the possibility of a server breakdown that has been witnessed, rather quite often in the recent times. There are various issues that need to be dealt with respect to security and privacy in a cloud computing scenario. This extensive survey paper aims to elaborate and analyze the numerous unresolved issues threatening the cloud computing adoption and diffusion affecting the various stake-holders linked to it.

Proceedings Second Annual Cyber Security and Information Infrastructure Research Workshop

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sheldon, Frederick T; Krings, Axel; Yoo, Seong-Moo

2006-01-01

The workshop theme is Cyber Security: Beyond the Maginot Line Recently the FBI reported that computer crime has skyrocketed costing over $67 billion in 2005 alone and affecting 2.8M+ businesses and organizations. Attack sophistication is unprecedented along with availability of open source concomitant tools. Private, academic, and public sectors invest significant resources in cyber security. Industry primarily performs cyber security research as an investment in future products and services. While the public sector also funds cyber security R&D, the majority of this activity focuses on the specific mission(s) of the funding agency. Thus, broad areas of cyber security remain neglectedmore » or underdeveloped. Consequently, this workshop endeavors to explore issues involving cyber security and related technologies toward strengthening such areas and enabling the development of new tools and methods for securing our information infrastructure critical assets. We aim to assemble new ideas and proposals about robust models on which we can build the architecture of a secure cyberspace including but not limited to: * Knowledge discovery and management * Critical infrastructure protection * De-obfuscating tools for the validation and verification of tamper-proofed software * Computer network defense technologies * Scalable information assurance strategies * Assessment-driven design for trust * Security metrics and testing methodologies * Validation of security and survivability properties * Threat assessment and risk analysis * Early accurate detection of the insider threat * Security hardened sensor networks and ubiquitous computing environments * Mobile software authentication protocols * A new "model" of the threat to replace the "Maginot Line" model and more . . .« less

Technology Requirements and Selection for Securely Partitioning OBSW

NASA Astrophysics Data System (ADS)

Mendham, Peter; Windsor, James; Eckstein, Knut

2010-08-01

The Securely Partitioning Spacecraft Computing Resources project is a current ESA TRP activity investigating the application of secure time and space partitioning (TSP) technologies to enable multi-use missions from a single platform. Secure TSP technologies are used in a number of application areas outside the space domain and an opportunity exists to 'spin-in' a suitable solution. The selection of a technology for use within space the European space industry relies on an understanding of the requirements for the application of secure TSP, of which this paper presents a summary. Further, the paper outlines the selection process taken by the project and highlights promising solutions for use today.

A Resource Service Model in the Industrial IoT System Based on Transparent Computing.

PubMed

Li, Weimin; Wang, Bin; Sheng, Jinfang; Dong, Ke; Li, Zitong; Hu, Yixiang

2018-03-26

The Internet of Things (IoT) has received a lot of attention, especially in industrial scenarios. One of the typical applications is the intelligent mine, which actually constructs the Six-Hedge underground systems with IoT platforms. Based on a case study of the Six Systems in the underground metal mine, this paper summarizes the main challenges of industrial IoT from the aspects of heterogeneity in devices and resources, security, reliability, deployment and maintenance costs. Then, a novel resource service model for the industrial IoT applications based on Transparent Computing (TC) is presented, which supports centralized management of all resources including operating system (OS), programs and data on the server-side for the IoT devices, thus offering an effective, reliable, secure and cross-OS IoT service and reducing the costs of IoT system deployment and maintenance. The model has five layers: sensing layer, aggregation layer, network layer, service and storage layer and interface and management layer. We also present a detailed analysis on the system architecture and key technologies of the model. Finally, the efficiency of the model is shown by an experiment prototype system.

A Resource Service Model in the Industrial IoT System Based on Transparent Computing

PubMed Central

Wang, Bin; Sheng, Jinfang; Dong, Ke; Li, Zitong; Hu, Yixiang

2018-01-01

The Internet of Things (IoT) has received a lot of attention, especially in industrial scenarios. One of the typical applications is the intelligent mine, which actually constructs the Six-Hedge underground systems with IoT platforms. Based on a case study of the Six Systems in the underground metal mine, this paper summarizes the main challenges of industrial IoT from the aspects of heterogeneity in devices and resources, security, reliability, deployment and maintenance costs. Then, a novel resource service model for the industrial IoT applications based on Transparent Computing (TC) is presented, which supports centralized management of all resources including operating system (OS), programs and data on the server-side for the IoT devices, thus offering an effective, reliable, secure and cross-OS IoT service and reducing the costs of IoT system deployment and maintenance. The model has five layers: sensing layer, aggregation layer, network layer, service and storage layer and interface and management layer. We also present a detailed analysis on the system architecture and key technologies of the model. Finally, the efficiency of the model is shown by an experiment prototype system. PMID:29587450

Security Awareness Bulletin. Number 2-91, September 1991

DTIC Science & Technology

1991-09-01

governments, competitors, In our rapidly changing workplace, computers and those having criminal intent, that uncontrolled access routinely communicate with...same as above; rental fee is slightly higher. Securily A wareness Bulletin 10 Number 2-91 New AIS Requirements in the Defense Industrial Security...original file copy. But remember, check the original for viruses 6. Files grow in size. Infamous to the Nvir, this before locking and relying upon it as a

TeleMed: Wide-area, secure, collaborative object computing with Java and CORBA for healthcare

DOE Office of Scientific and Technical Information (OSTI.GOV)

Forslund, D.W.; George, J.E.; Gavrilov, E.M.

1998-12-31

Distributed computing is becoming commonplace in a variety of industries with healthcare being a particularly important one for society. The authors describe the development and deployment of TeleMed in a few healthcare domains. TeleMed is a 100% Java distributed application build on CORBA and OMG standards enabling the collaboration on the treatment of chronically ill patients in a secure manner over the Internet. These standards enable other systems to work interoperably with TeleMed and provide transparent access to high performance distributed computing to the healthcare domain. The goal of wide scale integration of electronic medical records is a grand-challenge scalemore » problem of global proportions with far-reaching social benefits.« less

The High-Tech Surge. Focus on Careers.

ERIC Educational Resources Information Center

Vo, Chuong-Dai Hong

1996-01-01

The computer industry is growing at a phenomenal rate as technology advances and prices fall, stimulating unprecedented demand from business, government, and individuals. Higher levels of education will be the key to securing employment as organizations increasingly rely on sophisticated technology. (Author)

32 CFR 236.2 - Definitions.

Code of Federal Regulations, 2012 CFR

2012-07-01

... DEPARTMENT OF DEFENSE (DOD)-DEFENSE INDUSTRIAL BASE (DIB) VOLUNTARY CYBER SECURITY AND INFORMATION ASSURANCE... defense information. (e) Cyber incident means actions taken through the use of computer networks that... residing therein. (f) Cyber intrusion damage assessment means a managed, coordinated process to determine...

32 CFR 236.2 - Definitions.

Code of Federal Regulations, 2013 CFR

2013-07-01

... DEPARTMENT OF DEFENSE (DOD)-DEFENSE INDUSTRIAL BASE (DIB) VOLUNTARY CYBER SECURITY AND INFORMATION ASSURANCE... defense information. (e) Cyber incident means actions taken through the use of computer networks that... residing therein. (f) Cyber intrusion damage assessment means a managed, coordinated process to determine...

Charting a Security Landscape in the Clouds: Data Protection and Collaboration in Cloud Storage

DTIC Science & Technology

2016-07-01

cloud computing is perhaps the most revolutionary force in the information technology industry today. This field encompasses many different domains...characteristic shared by all cloud computing tasks is that they involve storing data in the cloud . In this report, we therefore aim to describe and rank the...CONCLUSION The advent of cloud computing has caused government organizations to rethink their IT architectures so that they can take advantage of the

Wireless Communications in Reverberant Environments

DTIC Science & Technology

2015-01-01

Secure Wireless Agent Testbed (SWAT), the Protocol Engineering Advanced Networking (PROTEAN) Research Group, the Data Fusion Laboratory (DFL), and the...constraints of their application. 81 Bibliography [1] V. Gungor and G. Hancke, “Industrial wireless sensor networks : Challenges, design principles, and...Bhattacharya, “Path loss estimation for a wireless sensor network for application in ship,” Int. J. of Comput. Sci. and Mobile Computing, vol. 2, no. 6, pp

Sandia National Laboratories: National Security Missions: Nuclear Weapons

Science.gov Websites

Technology Partnerships Business, Industry, & Non-Profits Government Universities Center for Development Agreement (CRADA) Strategic Partnership Projects, Non-Federal Entity (SPP/NFE) Agreements New , in which fundamental science, computer models, and unique experimental facilities come together so

32 CFR 236.2 - Definitions.

Code of Federal Regulations, 2014 CFR

2014-07-01

... DEPARTMENT OF DEFENSE (DoD)-DEFENSE INDUSTRIAL BASE (DIB) VOLUNTARY CYBER SECURITY AND INFORMATION ASSURANCE... information. (e) Cyber incident means actions taken through the use of computer networks that result in an...) Cyber intrusion damage assessment means a managed, coordinated process to determine the effect on...

Statistical process control based chart for information systems security

NASA Astrophysics Data System (ADS)

Khan, Mansoor S.; Cui, Lirong

2015-07-01

Intrusion detection systems have a highly significant role in securing computer networks and information systems. To assure the reliability and quality of computer networks and information systems, it is highly desirable to develop techniques that detect intrusions into information systems. We put forward the concept of statistical process control (SPC) in computer networks and information systems intrusions. In this article we propose exponentially weighted moving average (EWMA) type quality monitoring scheme. Our proposed scheme has only one parameter which differentiates it from the past versions. We construct the control limits for the proposed scheme and investigate their effectiveness. We provide an industrial example for the sake of clarity for practitioner. We give comparison of the proposed scheme with EWMA schemes and p chart; finally we provide some recommendations for the future work.

The myth of secure computing.

PubMed

Austin, Robert D; Darby, Christopher A

2003-06-01

Few senior executives pay a whole lot of attention to computer security. They either hand off responsibility to their technical people or bring in consultants. But given the stakes involved, an arm's-length approach is extremely unwise. According to industry estimates, security breaches affect 90% of all businesses every year and cost some $17 billion. Fortunately, the authors say, senior executives don't need to learn about the more arcane aspects of their company's IT systems in order to take a hands-on approach. Instead, they should focus on the familiar task of managing risk. Their role should be to assess the business value of their information assets, determine the likelihood that those assets will be compromised, and then tailor a set of risk abatement processes to their company's particular vulnerabilities. This approach, which views computer security as an operational rather than a technical challenge, is akin to a classic quality assurance program in that it attempts to avoid problems rather than fix them and involves all employees, not just IT staffers. The goal is not to make computer systems completely secure--that's impossible--but to reduce the business risk to an acceptable level. This article looks at the types of threats a company is apt to face. It also examines the processes a general manager should spearhead to lessen the likelihood of a successful attack. The authors recommend eight processes in all, ranging from deciding how much protection each digital asset deserves to insisting on secure software to rehearsing a response to a security breach. The important thing to realize, they emphasize, is that decisions about digital security are not much different from other cost-benefit decisions. The tools general managers bring to bear on other areas of the business are good models for what they need to do in this technical space.

Translations on Eastern Europe, Scientific Affairs, Number 563

DTIC Science & Technology

1977-12-11

Security Class (This Report) l"*ri:*.SSIFi5P 20. Security Class (This JNCLASSIFIED Pa« 21. No. of Pages 28 22. Price KORM NT1S- 35 (REV. 3...Information Science Association (at the request of the ZSM [Mini- computer System Works] MERA Research and Development Center). The software...the packaging industry will grow at an average rate of 12 percent/year and in Romania will continue to be significant ( 35 percent in 1975, 30.3

The future of scientific workflows

DOE Office of Scientific and Technical Information (OSTI.GOV)

Deelman, Ewa; Peterka, Tom; Altintas, Ilkay

Today’s computational, experimental, and observational sciences rely on computations that involve many related tasks. The success of a scientific mission often hinges on the computer automation of these workflows. In April 2015, the US Department of Energy (DOE) invited a diverse group of domain and computer scientists from national laboratories supported by the Office of Science, the National Nuclear Security Administration, from industry, and from academia to review the workflow requirements of DOE’s science and national security missions, to assess the current state of the art in science workflows, to understand the impact of emerging extreme-scale computing systems on thosemore » workflows, and to develop requirements for automated workflow management in future and existing environments. This article is a summary of the opinions of over 50 leading researchers attending this workshop. We highlight use cases, computing systems, workflow needs and conclude by summarizing the remaining challenges this community sees that inhibit large-scale scientific workflows from becoming a mainstream tool for extreme-scale science.« less

Secure software practices among Malaysian software practitioners: An exploratory study

NASA Astrophysics Data System (ADS)

Mohamed, Shafinah Farvin Packeer; Baharom, Fauziah; Deraman, Aziz; Yahya, Jamaiah; Mohd, Haslina

2016-08-01

Secure software practices is increasingly gaining much importance among software practitioners and researchers due to the rise of computer crimes in the software industry. It has become as one of the determinant factors for producing high quality software. Even though its importance has been revealed, its current practice in the software industry is still scarce, particularly in Malaysia. Thus, an exploratory study is conducted among software practitioners in Malaysia to study their experiences and practices in the real-world projects. This paper discusses the findings from the study, which involved 93 software practitioners. Structured questionnaire is utilized for data collection purpose whilst statistical methods such as frequency, mean, and cross tabulation are used for data analysis. Outcomes from this study reveal that software practitioners are becoming increasingly aware on the importance of secure software practices, however, they lack of appropriate implementation, which could affect the quality of produced software.

48 CFR 225.870-8 - Industrial security.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 3 2012-10-01 2012-10-01 false Industrial security. 225... Coordination 225.870-8 Industrial security. Industrial security for Canada shall be in accordance with the U.S.-Canada Industrial Security Agreement of March 31, 1952, as amended. ...

48 CFR 225.870-8 - Industrial security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 3 2011-10-01 2011-10-01 false Industrial security. 225... Coordination 225.870-8 Industrial security. Industrial security for Canada shall be in accordance with the U.S.-Canada Industrial Security Agreement of March 31, 1952, as amended. ...

48 CFR 225.870-8 - Industrial security.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 3 2014-10-01 2014-10-01 false Industrial security. 225... Coordination 225.870-8 Industrial security. Industrial security for Canada shall be in accordance with the U.S.-Canada Industrial Security Agreement of March 31, 1952, as amended. ...

48 CFR 225.870-8 - Industrial security.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 3 2010-10-01 2010-10-01 false Industrial security. 225... Coordination 225.870-8 Industrial security. Industrial security for Canada shall be in accordance with the U.S.-Canada Industrial Security Agreement of March 31, 1952, as amended. ...

48 CFR 225.870-8 - Industrial security.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 3 2013-10-01 2013-10-01 false Industrial security. 225... Coordination 225.870-8 Industrial security. Industrial security for Canada shall be in accordance with the U.S.-Canada Industrial Security Agreement of March 31, 1952, as amended. ...

77 FR 12635 - Self-Regulatory Organizations; Financial Industry Regulatory Authority, Inc.; Notice of Filing...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-01

.... Securities Offering. Series 86 Research Analyst--Analysis..... From $160 to $175. Series 87 Research Analyst... Order Processing Assistant Representatives, Research Analysts and Operations Professionals, respectively... examination.\\7\\ \\6\\ PROCTOR is a computer system that is specifically designed for the administration and...

Evaluation of power system security and development of transmission pricing method

NASA Astrophysics Data System (ADS)

Kim, Hyungchul

The electric power utility industry is presently undergoing a change towards the deregulated environment. This has resulted in unbundling of generation, transmission and distribution services. The introduction of competition into unbundled electricity services may lead system operation closer to its security boundaries resulting in smaller operating safety margins. The competitive environment is expected to lead to lower price rates for customers and higher efficiency for power suppliers in the long run. Under this deregulated environment, security assessment and pricing of transmission services have become important issues in power systems. This dissertation provides new methods for power system security assessment and transmission pricing. In power system security assessment, the following issues are discussed (1) The description of probabilistic methods for power system security assessment; (2) The computation time of simulation methods; (3) on-line security assessment for operation. A probabilistic method using Monte-Carlo simulation is proposed for power system security assessment. This method takes into account dynamic and static effects corresponding to contingencies. Two different Kohonen networks, Self-Organizing Maps and Learning Vector Quantization, are employed to speed up the probabilistic method. The combination of Kohonen networks and Monte-Carlo simulation can reduce computation time in comparison with straight Monte-Carlo simulation. A technique for security assessment employing Bayes classifier is also proposed. This method can be useful for system operators to make security decisions during on-line power system operation. This dissertation also suggests an approach for allocating transmission transaction costs based on reliability benefits in transmission services. The proposed method shows the transmission transaction cost of reliability benefits when transmission line capacities are considered. The ratio between allocation by transmission line capacity-use and allocation by reliability benefits is computed using the probability of system failure.

17 CFR 229.801 - Securities Act industry guides.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 2 2013-04-01 2013-04-01 false Securities Act industry guides. 229.801 Section 229.801 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION STANDARD... AND CONSERVATION ACT OF 1975-REGULATION S-K List of Industry Guides § 229.801 Securities Act industry...

17 CFR 229.801 - Securities Act industry guides.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 2 2011-04-01 2011-04-01 false Securities Act industry guides. 229.801 Section 229.801 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION STANDARD... AND CONSERVATION ACT OF 1975-REGULATION S-K List of Industry Guides § 229.801 Securities Act industry...

17 CFR 229.801 - Securities Act industry guides.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 2 2012-04-01 2012-04-01 false Securities Act industry guides. 229.801 Section 229.801 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION STANDARD... AND CONSERVATION ACT OF 1975-REGULATION S-K List of Industry Guides § 229.801 Securities Act industry...

17 CFR 229.801 - Securities Act industry guides.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 3 2014-04-01 2014-04-01 false Securities Act industry guides. 229.801 Section 229.801 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION STANDARD... AND CONSERVATION ACT OF 1975-REGULATION S-K List of Industry Guides § 229.801 Securities Act industry...

78 FR 52224 - Self-Regulatory Organizations; BOX Options Exchange LLC; Notice of Filing and Immediate...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-22

... Trader Continuing Education Program (S501) is a computer-based education program developed by many of the... Continuing Education Program, which is developed and maintained by the Securities Industry Regulatory Council... change will authorize the Exchange to administer different CE programs to differently registered...

75 FR 77934 - Small Business Information Security Task Force

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-14

... on them. The Task Force has until the end of 2013 to complete the report but it is hoped that the... computing technology industry itself. Mr. Aaron Berstein then volunteered to contact Microsoft to inquire into the possibility of Microsoft providing an online collaborative space software tool for use...

A Quantitative Analysis of the Relationship between Computer Self-Efficacy and Misuse Intention

ERIC Educational Resources Information Center

Desire, Jean Ronald

2017-01-01

Intention to misuse information systems (IS) is a growing problem where employees of organizations are contributors to successful IS security breaches. Misuse of IS resources in organizations in the healthcare and pharmaceutical industries can affect patient care. Researchers investigated factors that influence changes in behavior regarding…

Field Level Computer Exploitation Package

DTIC Science & Technology

2007-03-01

to take advantage of the data retrieved from the computer. Major Barge explained that if a tool could be designed that nearly anyone could use...the study of network forensics. This has become a necessity because of the constantly growing eCommerce industry and the stiff competition between...Security. One big advantage that Insert has is the fact that it is quite small compared to most bootable CDs. At only 60 megabytes it can be burned

Secure and robust cloud computing for high-throughput forensic microsatellite sequence analysis and databasing.

PubMed

Bailey, Sarah F; Scheible, Melissa K; Williams, Christopher; Silva, Deborah S B S; Hoggan, Marina; Eichman, Christopher; Faith, Seth A

2017-11-01

Next-generation Sequencing (NGS) is a rapidly evolving technology with demonstrated benefits for forensic genetic applications, and the strategies to analyze and manage the massive NGS datasets are currently in development. Here, the computing, data storage, connectivity, and security resources of the Cloud were evaluated as a model for forensic laboratory systems that produce NGS data. A complete front-to-end Cloud system was developed to upload, process, and interpret raw NGS data using a web browser dashboard. The system was extensible, demonstrating analysis capabilities of autosomal and Y-STRs from a variety of NGS instrumentation (Illumina MiniSeq and MiSeq, and Oxford Nanopore MinION). NGS data for STRs were concordant with standard reference materials previously characterized with capillary electrophoresis and Sanger sequencing. The computing power of the Cloud was implemented with on-demand auto-scaling to allow multiple file analysis in tandem. The system was designed to store resulting data in a relational database, amenable to downstream sample interpretations and databasing applications following the most recent guidelines in nomenclature for sequenced alleles. Lastly, a multi-layered Cloud security architecture was tested and showed that industry standards for securing data and computing resources were readily applied to the NGS system without disadvantageous effects for bioinformatic analysis, connectivity or data storage/retrieval. The results of this study demonstrate the feasibility of using Cloud-based systems for secured NGS data analysis, storage, databasing, and multi-user distributed connectivity. Copyright © 2017 Elsevier B.V. All rights reserved.

Joint Logistics Commanders Guide for the Management of Multinational Program,

DTIC Science & Technology

1981-07-01

purchase of the A-300 Airbus and the 1977 record-breaking export performance of the French and UK aerospace industries of around $5 billion and $2 billion...DIS. They are the Defense Industrial Security Clearance Office ( DISCO ), the Defense Industrial Security Institute (DISI), and the Office of Industrial...Security International (ISI). Defense Industrial Security Clearance Office ( DISCO ) The Defense Industrial Security Program (DISP) establishes pro

Bioinformatics and Microarray Data Analysis on the Cloud.

PubMed

Calabrese, Barbara; Cannataro, Mario

2016-01-01

High-throughput platforms such as microarray, mass spectrometry, and next-generation sequencing are producing an increasing volume of omics data that needs large data storage and computing power. Cloud computing offers massive scalable computing and storage, data sharing, on-demand anytime and anywhere access to resources and applications, and thus, it may represent the key technology for facing those issues. In fact, in the recent years it has been adopted for the deployment of different bioinformatics solutions and services both in academia and in the industry. Although this, cloud computing presents several issues regarding the security and privacy of data, that are particularly important when analyzing patients data, such as in personalized medicine. This chapter reviews main academic and industrial cloud-based bioinformatics solutions; with a special focus on microarray data analysis solutions and underlines main issues and problems related to the use of such platforms for the storage and analysis of patients data.

49 CFR 8.31 - Industrial security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 49 Transportation 1 2011-10-01 2011-10-01 false Industrial security. 8.31 Section 8.31.../ACCESS Access to Information § 8.31 Industrial security. (a) Background. The National Industrial Security... classified pursuant to Executive Order 12356 of April 2, 1982, National Security Information, or its...

49 CFR 8.31 - Industrial security.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 49 Transportation 1 2012-10-01 2012-10-01 false Industrial security. 8.31 Section 8.31.../ACCESS Access to Information § 8.31 Industrial security. (a) Background. The National Industrial Security... classified pursuant to Executive Order 12356 of April 2, 1982, National Security Information, or its...

Research on the information security system in electrical gis system in mobile application

NASA Astrophysics Data System (ADS)

Zhou, Chao; Feng, Renjun; Jiang, Haitao; Huang, Wei; Zhu, Daohua

2017-05-01

With the rapid development of social informatization process, the demands of government, enterprise, and individuals for spatial information becomes larger. In addition, the combination of wireless network technology and spatial information technology promotes the generation and development of mobile technologies. In today’s rapidly developed information technology field, network technology and mobile communication have become the two pillar industries by leaps and bounds. They almost absorbed and adopted all the latest information, communication, computer, electronics and so on new technologies. Concomitantly, the network coverage is more and more big, the transmission rate is faster and faster, the volume of user’s terminal is smaller and smaller. What’s more, from LAN to WAN, from wired network to wireless network, from wired access to mobile wireless access, people’s demand for communication technology is increasingly higher. As a result, mobile communication technology is facing unprecedented challenges as well as unprecedented opportunities. When combined with the existing mobile communication network, it led to the development of leaps and bounds. However, due to the inherent dependence of the system on the existing computer communication network, information security problems cannot be ignored. Today’s information security has penetrated into all aspects of life. Information system is a complex computer system, and it’s physical, operational and management vulnerabilities constitute the security vulnerability of the system. Firstly, this paper analyzes the composition of mobile enterprise network and information security threat. Secondly, this paper puts forward the security planning and measures, and constructs the information security structure.

78 FR 60005 - Self-Regulatory Organizations; the NASDAQ Stock Market LLC; Notice of Filing and Immediate...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-30

...-Regulatory Organizations; the NASDAQ Stock Market LLC; Notice of Filing and Immediate Effectiveness of a... 12, 2013, The NASDAQ Stock Market LLC (``NASDAQ'' or ``Exchange'') filed with the Securities and... compute the numerator in the calculation of percentage of total industry customer equity and ETF option...

Risk assessment for Industrial Control Systems quantifying availability using mean failure cost (MFC)

DOE PAGES

Chen, Qian; Abercrombie, Robert K; Sheldon, Frederick T.

2015-09-23

Industrial Control Systems (ICS) are commonly used in industries such as oil and natural gas, transportation, electric, water and wastewater, chemical, pharmaceutical, pulp and paper, food and beverage, as well as discrete manufacturing (e.g., automotive, aerospace, and durable goods.) SCADA systems are generally used to control dispersed assets using centralized data acquisition and supervisory control.Originally, ICS implementations were susceptible primarily to local threats because most of their components were located in physically secure areas (i.e., ICS components were not connected to IT networks or systems). The trend toward integrating ICS systems with IT networks (e.g., efficiency and the Internet ofmore » Things) provides significantly less isolation for ICS from the outside world thus creating greater risk due to external threats. Albeit, the availability of ICS/SCADA systems is critical to assuring safety, security and profitability. Such systems form the backbone of our national cyber-physical infrastructure.Herein, we extend the concept of mean failure cost (MFC) to address quantifying availability to harmonize well with ICS security risk assessment. This new measure is based on the classic formulation of Availability combined with Mean Failure Cost (MFC). Finally, the metric offers a computational basis to estimate the availability of a system in terms of the loss that each stakeholder stands to sustain as a result of security violations or breakdowns (e.g., deliberate malicious failures).« less

The insurance industry and public-private collaborations as a vector to develop and spread EO technologies and techniques in the domain of Food Security: The Swiss Re case.

NASA Astrophysics Data System (ADS)

Coutu, S.; Ragaz, M.; Mäder, D.; Hammer, P.; Andriesse, M.; Güttinger, U.; Feyen, H.

2017-12-01

The insurance industry has been contributing to the resilient development of agriculture in multiple regions of the globe since the beginning of the 19th Century. It also has from the very beginning of the development of EO Sciences, kept a very close eye on the development of technologies and techniques in this domain. Recent advances in this area such as increased satellite imagery resolution, faster computation time and Big Data management combined with the ground-based knowledge from the insurance industry have offered farmers not only tools permitting better crop management, but also reliable and live yield coverage. This study presents several of these applications at different scales (industrial farming and micro-farming) and in different climate regions, with an emphasis on the limit of current products. Some of these limits such as lack of access of to ground data, R&D efforts or understanding of ground needs could be quickly overcome through closer public-private or private-private collaborations. However, despite a clear benefit for the Food Security nexus and potential win-win situations, those collaborations are not always simple to develop. We present here successful but also disappointing collaboration cases based on the Swiss Re experience, as a global insurance leader. As a conclusion, we highlight how academia, NGOs, governmental organization, start-ups and the insurance industry can get together to foster the development of EO in the domain of Food Security, and bring cutting-edge science to game changing industrial applications.

15 CFR 700.72 - Compulsory process.

Code of Federal Regulations, 2010 CFR

2010-01-01

... OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS..., in the judgment of the Director of the Office of Strategic Industries and Economic Security, U.S. Department of Commerce, in consultation with the Chief Counsel for Industry and Security, U.S. Department of...

15 CFR 700.80 - Adjustments or exceptions.

Code of Federal Regulations, 2010 CFR

2010-01-01

...) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS... exceptions. (a) A person may submit a request to the Office of Strategic Industries and Economic Security, U... interim relief is granted in writing by the Office of Strategic Industries and Economic Security. (d) A...

Application of Multi-Frequency Modulation (MFM) for High-Speed Data Communications to a Voice Frequency Channel

DTIC Science & Technology

1990-06-01

reader is cautioned that computer programs developed in this research may not have been exercised for all cases of interest. While every effort has been...Source of Funding Numbers _. Program Element No Project No I Task No I Work Unit Accession No 11 Title (Include security classflcation) APPLICATION OF...formats. Previous applications of these encoding formats were on industry standard computers (PC) over a 16-20 klIz channel. This report discusses the

Security systems engineering overview

DOE Office of Scientific and Technical Information (OSTI.GOV)

Steele, B.J.

Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at $70 billion in direct costs and up to $300 billion in indirect costs. Health insurance fraud alone is estimated to cost American businesses $100 billion. Theft, warranty fraud, andmore » counterfeiting of computer hardware totaled $3 billion in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies (counterfeit currency, cellular phone billing, credit card fraud, health care fraud, passport, green cards, and questionable documents); industrial espionage detection and prevention (intellectual property, computer chips, etc.); and security barrier technology (creation of delay such as gates, vaults, etc.).« less

Cloud computing security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Shin, Dongwan; Claycomb, William R.; Urias, Vincent E.

Cloud computing is a paradigm rapidly being embraced by government and industry as a solution for cost-savings, scalability, and collaboration. While a multitude of applications and services are available commercially for cloud-based solutions, research in this area has yet to fully embrace the full spectrum of potential challenges facing cloud computing. This tutorial aims to provide researchers with a fundamental understanding of cloud computing, with the goals of identifying a broad range of potential research topics, and inspiring a new surge in research to address current issues. We will also discuss real implementations of research-oriented cloud computing systems for bothmore » academia and government, including configuration options, hardware issues, challenges, and solutions.« less

17 CFR 229.801 - Securities Act industry guides.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false Securities Act industry guides... AND CONSERVATION ACT OF 1975-REGULATION S-K List of Industry Guides § 229.801 Securities Act industry... claims and claim adjustment expenses of property-casualty insurance underwriters. (g) Guide 7...

48 CFR 225.872-7 - Industrial security for qualifying countries.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 3 2010-10-01 2010-10-01 false Industrial security for... Agreements and Coordination 225.872-7 Industrial security for qualifying countries. The required procedures... qualifying country sources are in the DoD Industrial Security Regulation DoD 5220.22-R (implemented for the...

Autonomic Intelligent Cyber Sensor to Support Industrial Control Network Awareness

DOE PAGES

Vollmer, Todd; Manic, Milos; Linda, Ondrej

2013-06-01

The proliferation of digital devices in a networked industrial ecosystem, along with an exponential growth in complexity and scope, has resulted in elevated security concerns and management complexity issues. This paper describes a novel architecture utilizing concepts of Autonomic computing and a SOAP based IF-MAP external communication layer to create a network security sensor. This approach simplifies integration of legacy software and supports a secure, scalable, self-managed framework. The contribution of this paper is two-fold: 1) A flexible two level communication layer based on Autonomic computing and Service Oriented Architecture is detailed and 2) Three complementary modules that dynamically reconfiguremore » in response to a changing environment are presented. One module utilizes clustering and fuzzy logic to monitor traffic for abnormal behavior. Another module passively monitors network traffic and deploys deceptive virtual network hosts. These components of the sensor system were implemented in C++ and PERL and utilize a common internal D-Bus communication mechanism. A proof of concept prototype was deployed on a mixed-use test network showing the possible real world applicability. In testing, 45 of the 46 network attached devices were recognized and 10 of the 12 emulated devices were created with specific Operating System and port configurations. Additionally the anomaly detection algorithm achieved a 99.9% recognition rate. All output from the modules were correctly distributed using the common communication structure.« less

Predicting Vulnerability Risks Using Software Characteristics

ERIC Educational Resources Information Center

Roumani, Yaman

2012-01-01

Software vulnerabilities have been regarded as one of the key reasons for computer security breaches that have resulted in billions of dollars in losses per year (Telang and Wattal 2005). With the growth of the software industry and the Internet, the number of vulnerability attacks and the ease with which an attack can be made have increased. From…

75 FR 10529 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-08

... Securities Law Practitioners, Securities Law Professors and Securities Industry Participants. The..., Securities Law Professors and Securities Industry Participants. The total estimated reporting burden of the...

77 FR 63893 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-17

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and Records... meeting to discuss National Industrial Security Program policy matters. DATES: The meeting will be held on...

78 FR 9431 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-08

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and Records... meeting to discuss National Industrial Security Program policy matters. DATES: The meeting will be held on...

Trustworthy data collection from implantable medical devices via high-speed security implementation based on IEEE 1363.

PubMed

Hu, Fei; Hao, Qi; Lukowiak, Marcin; Sun, Qingquan; Wilhelm, Kyle; Radziszowski, Stanisław; Wu, Yao

2010-11-01

Implantable medical devices (IMDs) have played an important role in many medical fields. Any failure in IMDs operations could cause serious consequences and it is important to protect the IMDs access from unauthenticated access. This study investigates secure IMD data collection within a telehealthcare [mobile health (m-health)] network. We use medical sensors carried by patients to securely access IMD data and perform secure sensor-to-sensor communications between patients to relay the IMD data to a remote doctor's server. To meet the requirements on low computational complexity, we choose N-th degree truncated polynomial ring (NTRU)-based encryption/decryption to secure IMD-sensor and sensor-sensor communications. An extended matryoshkas model is developed to estimate direct/indirect trust relationship among sensors. An NTRU hardware implementation in very large integrated circuit hardware description language is studied based on industry Standard IEEE 1363 to increase the speed of key generation. The performance analysis results demonstrate the security robustness of the proposed IMD data access trust model.

The Cyber Security Crisis

ScienceCinema

Spafford, Eugene

2018-05-11

Despite considerable activity and attention, the overall state of information security continues to get worse. Attacks are increasing, fraud and theft are rising, and losses may exceed $100 billion per year worldwide. Many factors contribute to this, including misplaced incentives for industry, a lack of attention by government, ineffective law enforcement, and an uninformed image of who the perpetrators really are. As a result, many of the intended attempts at solutions are of limited (if any) overall effectiveness. This presentation will illustrate some key aspects of the cyber security problem and its magnitude, as well as provide some insight into causes and enabling factors. The talk will conclude with some observations on how the computing community can help improve the situation, as well as some suggestions for 'cyber self-defense.'

Computer loss experience and predictions

NASA Astrophysics Data System (ADS)

Parker, Donn B.

1996-03-01

The types of losses organizations must anticipate have become more difficult to predict because of the eclectic nature of computers and the data communications and the decrease in news media reporting of computer-related losses as they become commonplace. Total business crime is conjectured to be decreasing in frequency and increasing in loss per case as a result of increasing computer use. Computer crimes are probably increasing, however, as their share of the decreasing business crime rate grows. Ultimately all business crime will involve computers in some way, and we could see a decline of both together. The important information security measures in high-loss business crime generally concern controls over authorized people engaged in unauthorized activities. Such controls include authentication of users, analysis of detailed audit records, unannounced audits, segregation of development and production systems and duties, shielding the viewing of screens, and security awareness and motivation controls in high-value transaction areas. Computer crimes that involve highly publicized intriguing computer misuse methods, such as privacy violations, radio frequency emanations eavesdropping, and computer viruses, have been reported in waves that periodically have saturated the news media during the past 20 years. We must be able to anticipate such highly publicized crimes and reduce the impact and embarrassment they cause. On the basis of our most recent experience, I propose nine new types of computer crime to be aware of: computer larceny (theft and burglary of small computers), automated hacking (use of computer programs to intrude), electronic data interchange fraud (business transaction fraud), Trojan bomb extortion and sabotage (code security inserted into others' systems that can be triggered to cause damage), LANarchy (unknown equipment in use), desktop forgery (computerized forgery and counterfeiting of documents), information anarchy (indiscriminate use of crypto without control), Internet abuse (antisocial use of data communications), and international industrial espionage (governments stealing business secrets). A wide variety of safeguards are necessary to deal with these new crimes. The most powerful controls include (1) carefully controlled use of cryptography and digital signatures with good key management and overriding business and government decryption capability and (2) use of tokens such as smart cards to increase the strength of secret passwords for authentication of computer users. Jewelry-type security for small computers--including registration of serial numbers and security inventorying of equipment, software, and connectivity--will be necessary. Other safeguards include automatic monitoring of computer use and detection of unusual activities, segmentation and filtering of networks, special paper and ink for documents, and reduction of paper documents. Finally, international cooperation of governments to create trusted environments for business is essential.

On the security of consumer wearable devices in the Internet of Things.

PubMed

Tahir, Hasan; Tahir, Ruhma; McDonald-Maier, Klaus

2018-01-01

Miniaturization of computer hardware and the demand for network capable devices has resulted in the emergence of a new class of technology called wearable computing. Wearable devices have many purposes like lifestyle support, health monitoring, fitness monitoring, entertainment, industrial uses, and gaming. Wearable devices are hurriedly being marketed in an attempt to capture an emerging market. Owing to this, some devices do not adequately address the need for security. To enable virtualization and connectivity wearable devices sense and transmit data, therefore it is essential that the device, its data and the user are protected. In this paper the use of novel Integrated Circuit Metric (ICMetric) technology for the provision of security in wearable devices has been suggested. ICMetric technology uses the features of a device to generate an identification which is then used for the provision of cryptographic services. This paper explores how a device ICMetric can be generated by using the accelerometer and gyroscope sensor. Since wearable devices often operate in a group setting the work also focuses on generating a group identification which is then used to deliver services like authentication, confidentiality, secure admission and symmetric key generation. Experiment and simulation results prove that the scheme offers high levels of security without compromising on resource demands.

On the security of consumer wearable devices in the Internet of Things

PubMed Central

Tahir, Hasan; Tahir, Ruhma; McDonald-Maier, Klaus

2018-01-01

Miniaturization of computer hardware and the demand for network capable devices has resulted in the emergence of a new class of technology called wearable computing. Wearable devices have many purposes like lifestyle support, health monitoring, fitness monitoring, entertainment, industrial uses, and gaming. Wearable devices are hurriedly being marketed in an attempt to capture an emerging market. Owing to this, some devices do not adequately address the need for security. To enable virtualization and connectivity wearable devices sense and transmit data, therefore it is essential that the device, its data and the user are protected. In this paper the use of novel Integrated Circuit Metric (ICMetric) technology for the provision of security in wearable devices has been suggested. ICMetric technology uses the features of a device to generate an identification which is then used for the provision of cryptographic services. This paper explores how a device ICMetric can be generated by using the accelerometer and gyroscope sensor. Since wearable devices often operate in a group setting the work also focuses on generating a group identification which is then used to deliver services like authentication, confidentiality, secure admission and symmetric key generation. Experiment and simulation results prove that the scheme offers high levels of security without compromising on resource demands. PMID:29668756

Cloud based emergency health care information service in India.

PubMed

Karthikeyan, N; Sukanesh, R

2012-12-01

A hospital is a health care organization providing patient treatment by expert physicians, surgeons and equipments. A report from a health care accreditation group says that miscommunication between patients and health care providers is the reason for the gap in providing emergency medical care to people in need. In developing countries, illiteracy is the major key root for deaths resulting from uncertain diseases constituting a serious public health problem. Mentally affected, differently abled and unconscious patients can't communicate about their medical history to the medical practitioners. Also, Medical practitioners can't edit or view DICOM images instantly. Our aim is to provide palm vein pattern recognition based medical record retrieval system, using cloud computing for the above mentioned people. Distributed computing technology is coming in the new forms as Grid computing and Cloud computing. These new forms are assured to bring Information Technology (IT) as a service. In this paper, we have described how these new forms of distributed computing will be helpful for modern health care industries. Cloud Computing is germinating its benefit to industrial sectors especially in medical scenarios. In Cloud Computing, IT-related capabilities and resources are provided as services, via the distributed computing on-demand. This paper is concerned with sprouting software as a service (SaaS) by means of Cloud computing with an aim to bring emergency health care sector in an umbrella with physical secured patient records. In framing the emergency healthcare treatment, the crucial thing considered necessary to decide about patients is their previous health conduct records. Thus a ubiquitous access to appropriate records is essential. Palm vein pattern recognition promises a secured patient record access. Likewise our paper reveals an efficient means to view, edit or transfer the DICOM images instantly which was a challenging task for medical practitioners in the past years. We have developed two services for health care. 1. Cloud based Palm vein recognition system 2. Distributed Medical image processing tools for medical practitioners.

A Strategy for Improved System Assurance

DTIC Science & Technology

2007-06-20

Quality (Measurements Life Cycle Safety, Security & Others) ISO /IEC 12207 * Software Life Cycle Processes ISO 9001 Quality Management System...14598 Software Product Evaluation Related ISO /IEC 90003 Guidelines for the Application of ISO 9001:2000 to Computer Software IEEE 12207 Industry...Implementation of International Standard ISO /IEC 12207 IEEE 1220 Standard for Application and Management of the System Engineering Process Use in

Cybersecurity in healthcare: A systematic review of modern threats and trends.

PubMed

Kruse, Clemens Scott; Frederick, Benjamin; Jacobson, Taylor; Monticone, D Kyle

2017-01-01

The adoption of healthcare technology is arduous, and it requires planning and implementation time. Healthcare organizations are vulnerable to modern trends and threats because it has not kept up with threats. The objective of this systematic review is to identify cybersecurity trends, including ransomware, and identify possible solutions by querying academic literature. The reviewers conducted three separate searches through the CINAHL and PubMed (MEDLINE) and the Nursing and Allied Health Source via ProQuest databases. Using key words with Boolean operators, database filters, and hand screening, we identified 31 articles that met the objective of the review. The analysis of 31 articles showed the healthcare industry lags behind in security. Like other industries, healthcare should clearly define cybersecurity duties, establish clear procedures for upgrading software and handling a data breach, use VLANs and deauthentication and cloud-based computing, and to train their users not to open suspicious code. The healthcare industry is a prime target for medical information theft as it lags behind other leading industries in securing vital data. It is imperative that time and funding is invested in maintaining and ensuring the protection of healthcare technology and the confidentially of patient information from unauthorized access.

15 CFR 705.10 - Report of an investigation and recommendation.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS EFFECT OF IMPORTED ARTICLES ON THE NATIONAL SECURITY § 705.10 Report of an..., will be available for public inspection and copying in the Bureau of Industry and Security Freedom of...

17 CFR 229.802 - Exchange Act industry guides.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false Exchange Act industry guides. 229.802 Section 229.802 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION STANDARD... AND CONSERVATION ACT OF 1975-REGULATION S-K List of Industry Guides § 229.802 Exchange Act industry...

17 CFR 229.802 - Exchange Act industry guides.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 2 2012-04-01 2012-04-01 false Exchange Act industry guides. 229.802 Section 229.802 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION STANDARD... AND CONSERVATION ACT OF 1975-REGULATION S-K List of Industry Guides § 229.802 Exchange Act industry...

17 CFR 229.802 - Exchange Act industry guides.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 3 2014-04-01 2014-04-01 false Exchange Act industry guides. 229.802 Section 229.802 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION STANDARD... AND CONSERVATION ACT OF 1975-REGULATION S-K List of Industry Guides § 229.802 Exchange Act industry...

17 CFR 229.802 - Exchange Act industry guides.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 2 2013-04-01 2013-04-01 false Exchange Act industry guides. 229.802 Section 229.802 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION STANDARD... AND CONSERVATION ACT OF 1975-REGULATION S-K List of Industry Guides § 229.802 Exchange Act industry...

17 CFR 229.802 - Exchange Act industry guides.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 2 2011-04-01 2011-04-01 false Exchange Act industry guides. 229.802 Section 229.802 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION STANDARD... AND CONSERVATION ACT OF 1975-REGULATION S-K List of Industry Guides § 229.802 Exchange Act industry...

33 CFR 106.270 - Security measures for delivery of stores and industrial supplies.

Code of Federal Regulations, 2010 CFR

2010-07-01

... stores and industrial supplies. (a) General. The OCS facility owner or operator must ensure that security...). These additional security measures may include: (1) Intensifying inspection of the stores or industrial... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Security measures for delivery of...

It Security and EO Systems

NASA Astrophysics Data System (ADS)

Burnett, M.

2010-12-01

One topic that is beginning to influence the systems that support these goals is that of Information Technology (IT) Security. Unsecure systems are vulnerable to increasing attacks and other negative consequences; sponsoring agencies are correspondingly responding with more refined policies and more stringent security requirements. These affect how EO systems can meet the goals of data and service interoperability and harmonization through open access, transformation and visualization services. Contemporary systems, including the vision of a system-of-systems (such as GEOSS, the Global Earth Observation System of Systems), utilize technologies that support a distributed, global, net-centric environment. These types of systems have a high reliance on the open systems, web services, shared infrastructure and data standards. The broader IT industry has developed and used these technologies in their business and mission critical systems for many years. Unfortunately, the IT industry, and their customers have learned the importance of protecting their assets and resources (computing and information) as they have been forced to respond to an ever increasing number and more complex illegitimate “attackers”. This presentation will offer an overview of work done by the CEOS WGISS organization in summarizing security threats, the challenges to responding to them and capturing the current state of the practice within the EO community.

15 CFR 701.1 - Purpose.

Code of Federal Regulations, 2010 CFR

2010-01-01

... AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS REPORTING OF... designated the Bureau of Industry and Security as the organization responsible for implementing this... offset transactions on the defense preparedness, industrial competitiveness, employment, and trade of the...

15 CFR 730.9 - Organization of the Bureau of Industry and Security.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 15 Commerce and Foreign Trade 2 2013-01-01 2013-01-01 false Organization of the Bureau of Industry... Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS GENERAL INFORMATION § 730.9 Organization of the Bureau of Industry and Security. The head of the...

15 CFR 730.9 - Organization of the Bureau of Industry and Security.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 15 Commerce and Foreign Trade 2 2014-01-01 2014-01-01 false Organization of the Bureau of Industry... Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS GENERAL INFORMATION § 730.9 Organization of the Bureau of Industry and Security. The head of the...

15 CFR 730.9 - Organization of the Bureau of Industry and Security.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 15 Commerce and Foreign Trade 2 2012-01-01 2012-01-01 false Organization of the Bureau of Industry... Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS GENERAL INFORMATION § 730.9 Organization of the Bureau of Industry and Security. The head of the...

A threat intelligence framework for access control security in the oil industry

NASA Astrophysics Data System (ADS)

Alaskandrani, Faisal T.

The research investigates the problem raised by the rapid development in the technology industry giving security concerns in facilities built by the energy industry containing diverse platforms. The difficulty of continuous updates to network security architecture and assessment gave rise to the need to use threat intelligence frameworks to better assess and address networks security issues. Focusing on access control security to the ICS and SCADA systems that is being utilized to carry out mission critical and life threatening operations. The research evaluates different threat intelligence frameworks that can be implemented in the industry seeking the most suitable and applicable one that address the issue and provide more security measures. The validity of the result is limited to the same environment that was researched as well as the technologies being utilized. The research concludes that it is possible to utilize a Threat Intelligence framework to prioritize security in Access Control Measures in the Oil Industry.

The Cyber Security Crisis

DOE Office of Scientific and Technical Information (OSTI.GOV)

Spafford, Eugene

2006-05-10

Despite considerable activity and attention, the overall state of information security continues to get worse. Attacks are increasing, fraud and theft are rising, and losses may exceed $100 billion per year worldwide. Many factors contribute to this, including misplaced incentives for industry, a lack of attention by government, ineffective law enforcement, and an uninformed image of who the perpetrators really are. As a result, many of the intended attempts at solutions are of limited (if any) overall effectiveness. This presentation will illustrate some key aspects of the cyber security problem and its magnitude, as well as provide some insight intomore » causes and enabling factors. The talk will conclude with some observations on how the computing community can help improve the situation, as well as some suggestions for 'cyber self-defense.'« less

A novel quantum scheme for secure two-party distance computation

NASA Astrophysics Data System (ADS)

Peng, Zhen-wan; Shi, Run-hua; Zhong, Hong; Cui, Jie; Zhang, Shun

2017-12-01

Secure multiparty computational geometry is an essential field of secure multiparty computation, which computes a computation geometric problem without revealing any private information of each party. Secure two-party distance computation is a primitive of secure multiparty computational geometry, which computes the distance between two points without revealing each point's location information (i.e., coordinate). Secure two-party distance computation has potential applications with high secure requirements in military, business, engineering and so on. In this paper, we present a quantum solution to secure two-party distance computation by subtly using quantum private query. Compared to the classical related protocols, our quantum protocol can ensure higher security and better privacy protection because of the physical principle of quantum mechanics.

Failure Impact Analysis of Key Management in AMI Using Cybernomic Situational Assessment (CSA)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Sheldon, Frederick T; Hauser, Katie R

2013-01-01

In earlier work, we presented a computational framework for quantifying the security of a system in terms of the average loss a stakeholder stands to sustain as a result of threats to the system. We named this system, the Cyberspace Security Econometrics System (CSES). In this paper, we refine the framework and apply it to cryptographic key management within the Advanced Metering Infrastructure (AMI) as an example. The stakeholders, requirements, components, and threats are determined. We then populate the matrices with justified values by addressing the AMI at a higher level, rather than trying to consider every piece of hardwaremore » and software involved. We accomplish this task by leveraging the recently established NISTR 7628 guideline for smart grid security. This allowed us to choose the stakeholders, requirements, components, and threats realistically. We reviewed the literature and selected an industry technical working group to select three representative threats from a collection of 29 threats. From this subset, we populate the stakes, dependency, and impact matrices, and the threat vector with realistic numbers. Each Stakeholder s Mean Failure Cost is then computed.« less

Solution-Processed Carbon Nanotube True Random Number Generator.

PubMed

Gaviria Rojas, William A; McMorrow, Julian J; Geier, Michael L; Tang, Qianying; Kim, Chris H; Marks, Tobin J; Hersam, Mark C

2017-08-09

With the growing adoption of interconnected electronic devices in consumer and industrial applications, there is an increasing demand for robust security protocols when transmitting and receiving sensitive data. Toward this end, hardware true random number generators (TRNGs), commonly used to create encryption keys, offer significant advantages over software pseudorandom number generators. However, the vast network of devices and sensors envisioned for the "Internet of Things" will require small, low-cost, and mechanically flexible TRNGs with low computational complexity. These rigorous constraints position solution-processed semiconducting single-walled carbon nanotubes (SWCNTs) as leading candidates for next-generation security devices. Here, we demonstrate the first TRNG using static random access memory (SRAM) cells based on solution-processed SWCNTs that digitize thermal noise to generate random bits. This bit generation strategy can be readily implemented in hardware with minimal transistor and computational overhead, resulting in an output stream that passes standardized statistical tests for randomness. By using solution-processed semiconducting SWCNTs in a low-power, complementary architecture to achieve TRNG, we demonstrate a promising approach for improving the security of printable and flexible electronics.

Guidelines for development of NASA (National Aeronautics and Space Administration) computer security training programs

NASA Technical Reports Server (NTRS)

Tompkins, F. G.

1983-01-01

The report presents guidance for the NASA Computer Security Program Manager and the NASA Center Computer Security Officials as they develop training requirements and implement computer security training programs. NASA audiences are categorized based on the computer security knowledge required to accomplish identified job functions. Training requirements, in terms of training subject areas, are presented for both computer security program management personnel and computer resource providers and users. Sources of computer security training are identified.

75 FR 65526 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-25

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later than...

76 FR 6636 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-07

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later than...

76 FR 67484 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-01

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... must be submitted to the Information Security Oversight Office (ISOO) no later than Friday, November 11...

76 FR 28099 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-13

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... telephone number of individuals planning to attend must be submitted to the Information Security Oversight...

75 FR 39582 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-09

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... telephone number of individuals planning to attend must be submitted to the Information Security Oversight...

An innovative privacy preserving technique for incremental datasets on cloud computing.

PubMed

Aldeen, Yousra Abdul Alsahib S; Salleh, Mazleena; Aljeroudi, Yazan

2016-08-01

Cloud computing (CC) is a magnificent service-based delivery with gigantic computer processing power and data storage across connected communications channels. It imparted overwhelming technological impetus in the internet (web) mediated IT industry, where users can easily share private data for further analysis and mining. Furthermore, user affable CC services enable to deploy sundry applications economically. Meanwhile, simple data sharing impelled various phishing attacks and malware assisted security threats. Some privacy sensitive applications like health services on cloud that are built with several economic and operational benefits necessitate enhanced security. Thus, absolute cyberspace security and mitigation against phishing blitz became mandatory to protect overall data privacy. Typically, diverse applications datasets are anonymized with better privacy to owners without providing all secrecy requirements to the newly added records. Some proposed techniques emphasized this issue by re-anonymizing the datasets from the scratch. The utmost privacy protection over incremental datasets on CC is far from being achieved. Certainly, the distribution of huge datasets volume across multiple storage nodes limits the privacy preservation. In this view, we propose a new anonymization technique to attain better privacy protection with high data utility over distributed and incremental datasets on CC. The proficiency of data privacy preservation and improved confidentiality requirements is demonstrated through performance evaluation. Copyright © 2016 Elsevier Inc. All rights reserved.

75 FR 10507 - Information Security Oversight Office; National Industrial Security Program Policy Advisory...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-08

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office; National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and Records... individuals planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later...

A network-based distributed, media-rich computing and information environment

DOE Office of Scientific and Technical Information (OSTI.GOV)

Phillips, R.L.

1995-12-31

Sunrise is a Los Alamos National Laboratory (LANL) project started in October 1993. It is intended to be a prototype National Information Infrastructure development project. A main focus of Sunrise is to tie together enabling technologies (networking, object-oriented distributed computing, graphical interfaces, security, multi-media technologies, and data-mining technologies) with several specific applications. A diverse set of application areas was chosen to ensure that the solutions developed in the project are as generic as possible. Some of the application areas are materials modeling, medical records and image analysis, transportation simulations, and K-12 education. This paper provides a description of Sunrise andmore » a view of the architecture and objectives of this evolving project. The primary objectives of Sunrise are three-fold: (1) To develop common information-enabling tools for advanced scientific research and its applications to industry; (2) To enhance the capabilities of important research programs at the Laboratory; (3) To define a new way of collaboration between computer science and industrially-relevant research.« less

Technologies for Achieving Field Ubiquitous Computing

NASA Astrophysics Data System (ADS)

Nagashima, Akira

Although the term “ubiquitous” may sound like jargon used in information appliances, ubiquitous computing is an emerging concept in industrial automation. This paper presents the author's visions of field ubiquitous computing, which is based on the novel Internet Protocol IPv6. IPv6-based instrumentation will realize the next generation manufacturing excellence. This paper focuses on the following five key issues: 1. IPv6 standardization; 2. IPv6 interfaces embedded in field devices; 3. Compatibility with FOUNDATION fieldbus; 4. Network securities for field applications; and 5. Wireless technologies to complement IP instrumentation. Furthermore, the principles of digital plant operations and ubiquitous production to support the above key technologies to achieve field ubiquitous systems are discussed.

Avionics Collaborative Engineering Technology Delivery Order 0035: Secure Knowledge Management (SKM) Technology Research Roadmap - Technology Trends for Collaborative Information and Knowledge Management Research

DTIC Science & Technology

2004-06-01

such as that represented in the know-how of the master craftsman), and cognitive (know why, perceptions, values, beliefs, and mental models).4... cognitive engineering, educational technology, industrial/organizational psychology, sociology, cultural anthropology, and computational...such as human-human interaction, interface design and evaluation methodology, cognitive models and user models, health and ergonomic studies, empirical

15 CFR 705.7 - Conduct of an investigation.

Code of Federal Regulations, 2010 CFR

2010-01-01

...) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS... and copying in the Bureau of Industry and SecurityFreedom of Information Records Inspection Facility... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false Conduct of an investigation. 705.7...

75 FR 15440 - Guidance for Industry on Standards for Securing the Drug Supply Chain-Standardized Numerical...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-29

...] Guidance for Industry on Standards for Securing the Drug Supply Chain--Standardized Numerical... industry entitled ``Standards for Securing the Drug Supply Chain-Standardized Numerical Identification for... the Drug Supply Chain-Standardized Numerical Identification for Prescription Drug Packages.'' In the...

On Business-Driven IT Security Management and Mismatches between Security Requirements in Firms, Industry Standards and Research Work

NASA Astrophysics Data System (ADS)

Frühwirth, Christian

Industry managers have long recognized the vital importance of information security for their businesses, but at the same time they perceived security as a technology-driven rather then a business-driven field. Today, this notion is changing and security management is shifting from technology- to business-oriented approaches. Whereas there is evidence of this shift in the literature, this paper argues that security standards and academic work have not yet taken it fully into account. We examine whether this disconnect has lead to a misalignment of IT security requirements in businesses versus industry standards and academic research. We conducted 13 interviews with practitioners from 9 different firms to investigate this question. The results present evidence for a significant gap between security requirements in industry standards and actually reported security vulnerabilities. We further find mismatches between the prioritization of security factors in businesses, standards and real-world threats. We conclude that security in companies serves the business need of protecting information availability to keep the business running at all times.

Cyber security best practices for the nuclear industry

DOE Office of Scientific and Technical Information (OSTI.GOV)

Badr, I.

2012-07-01

When deploying software based systems, such as, digital instrumentation and controls for the nuclear industry, it is vital to include cyber security assessment as part of architecture and development process. When integrating and delivering software-intensive systems for the nuclear industry, engineering teams should make use of a secure, requirements driven, software development life cycle, ensuring security compliance and optimum return on investment. Reliability protections, data loss prevention, and privacy enforcement provide a strong case for installing strict cyber security policies. (authors)

A tainted trade? Moral ambivalence and legitimation work in the private security industry.

PubMed

Thumala, Angélica; Goold, Benjamin; Loader, Ian

2011-06-01

The private security industry is often represented - and typically represents itself - as an expanding business, confident of its place in the world and sure of its ability to meet a rising demand for security. But closer inspection of the ways in which industry players talk about its past, present and future suggests that this self-promotion is accompanied by unease about the industry's condition and legitimacy. In this paper, we analyse the self-understandings of those who sell security - as revealed in interviews conducted with key industry players and in a range of trade materials - in order to highlight and dissect the constitutive elements of this ambivalence. This analysis begins by describing the reputational problems that are currently thought to beset the industry and the underlying fears about its status and worth that these difficulties disclose. We then examine how security players seek to legitimate the industry using various narratives of professionalization. Four such narratives are identified - regulation, education, association and borrowing - each of which seeks to justify private security and enhance the industry's social worth. What is striking about these legitimation claims is that they tend not to justify the selling of security in market terms. In conclusion we ask why this is the case and argue that market justifications are 'closed-off' by a moral ambivalence that attaches to an industry trading in products which cannot guarantee to deliver the condition that its consumers crave. © London School of Economics and Political Science 2011.

75 FR 81152 - Export Control Modernization: Strategic Trade Authorization License Exception

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-27

... DEPARTMENT OF COMMERCE Bureau of Industry and Security 15 CFR Parts 732, 738, 740, 743, 758, and... Authorization License Exception AGENCY: Bureau of Industry and Security, Commerce. ACTION: Proposed rule..., Bureau of Industry and Security, Room 2705, U.S. Department of Commerce, Washington, DC 20230. Please...

77 FR 34411 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-11

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION National Industrial Security Program Policy Advisory... CFR 101-6, announcement is made for the following committee meeting. To discuss National Industrial Security Program policy matters. DATES: This meeting will be held on Wednesday, July 11, 2012 from 10:00 a...

78 FR 66788 - Joint Industry Plan; Order Approving Amendment No. 30 to the Joint Self-Regulatory Organization...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-06

... SECURITIES AND EXCHANGE COMMISSION [Release No. 34-70793; File No. S7-24-89] Joint Industry Plan..., Consolidation and Dissemination of Quotation and Transaction Information for Nasdaq-Listed Securities Traded on... Exchange, Inc., Financial Industry Regulatory Authority, Inc., International Securities Exchange LLC...

Lawrence Livermore National Laboratory`s Computer Security Short Subjects Videos: Hidden Password, The Incident, Dangerous Games and The Mess; Computer Security Awareness Guide

DOE Office of Scientific and Technical Information (OSTI.GOV)

NONE

A video on computer security is described. Lonnie Moore, the Computer Security Manager, CSSM/CPPM at Lawrence Livermore National Laboratory (LLNL) and Gale Warshawsky, the Coordinator for Computer Security Education and Awareness at LLNL, wanted to share topics such as computer ethics, software piracy, privacy issues, and protecting information in a format that would capture and hold an audience`s attention. Four Computer Security Short Subject videos were produced which ranged from 1--3 minutes each. These videos are very effective education and awareness tools that can be used to generate discussions about computer security concerns and good computing practices.

Security systems engineering overview

NASA Astrophysics Data System (ADS)

Steele, Basil J.

1997-01-01

Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at 70 billion dollars in direct costs and up to 300 billion dollars in indirect costs. Health insurance fraud alone is estimated to cost American businesses 100 billion dollars. Theft, warranty fraud, and counterfeiting of computer hardware totaled 3 billion dollars in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies; industrial espionage detection and prevention; security barrier technology.

The machine in the market: Computers and the infrastructure of price at the New York Stock Exchange, 1965-1975.

PubMed

Kennedy, Devin

2017-12-01

This article traces the development and expansion of early computer systems for managing and disseminating 'real-time' market data at the most influential stock market in the United States, the New York Stock Exchange (NYSE). It follows electronic media at the NYSE over a roughly ten-year period, from the time of the deployment of a computer called the Market Data System (MDS) through debates surrounding the National Market System and the passage of the 1975 Securities Acts Amendments. Building on research at the archives of the NYSE and the Securities and Exchange Commission (SEC), this history emphasizes the regulatory and managerial contexts in which market data became computerized. The SEC viewed market automation as both necessary for the viability of the securities industry and a mechanism for expanding regulatory oversight over the venues of stock trading. Moving from the MDS to later technical projects in the late 1960s and early 1970s, this article charts the changing meaning of electronic governance in a market increasingly conceptualized as a technical object. Adding to recent work in the social studies of finance and financial technologies, this history sites early NYSE computerization programs within managerial efforts to consolidate control over the clerical labor of financial markets, and in contests between regulatory and market institutions. It concludes by exploring the differing forms of electronic governance activated in these efforts to bring computers into the market.

A Portable Computer Security Workshop

ERIC Educational Resources Information Center

Wagner, Paul J.; Phillips, Andrew T.

2006-01-01

We have developed a computer security workshop designed to instruct post-secondary instructors who want to start a course or laboratory exercise sequence in computer security. This workshop has also been used to provide computer security education to IT professionals and students. It is effective in communicating basic computer security principles…

15 CFR 700.14 - Preferential scheduling.

Code of Federal Regulations, 2010 CFR

2010-01-01

...) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS DEFENSE PRIORITIES AND ALLOCATIONS SYSTEM Industrial Priorities § 700.14 Preferential scheduling. (a) A...

15 CFR 705.1 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-01-01

... INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS EFFECT OF IMPORTED ARTICLES ON THE NATIONAL SECURITY § 705.1 Definitions. As used in this part: Department means the...

78 FR 64024 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-25

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office [NARA-2014-001] National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and... submitted to the Information Security Oversight Office (ISOO) no later than Friday, November 8, 2013. ISOO...

U.S. Space Policy and Space Industry Strangulation

DTIC Science & Technology

2010-03-01

protecting U.S. national security, and creating an environment in which non-U.S. citizens can participate fully in the U.S. space industry. 14...still protecting U.S. national security, and creating an environment in which non-U.S. citizens can participate fully in the U.S. space industry...security, and creating and sustaining a globally competitive space industry. These realms are not mutually exclusive. If technologies are overly guarded

33 CFR 165.1121 - Security Zone: Fleet Supply Center Industrial Pier, San Diego, CA.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Center Industrial Pier, San Diego, CA. 165.1121 Section 165.1121 Navigation and Navigable Waters COAST... Guard District § 165.1121 Security Zone: Fleet Supply Center Industrial Pier, San Diego, CA. (a) Location. The following area is a security zone: the waters of San Diego Bay extending approximately 100...

75 FR 2435 - Addition to the List of Validated End-Users in the People's Republic of China (PRC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-15

... DEPARTMENT OF COMMERCE Bureau of Industry and Security 15 CFR Part 748 [Docket No. 0908111226... (PRC) AGENCY: Bureau of Industry and Security, Commerce. ACTION: Final rule. SUMMARY: In this final rule, the Bureau of Industry and Security (BIS) amends the Export Administration Regulations (EAR) to...

78 FR 38077 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-25

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office [NARA-13-0030] National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and... submitted to the Information Security Oversight Office (ISOO) no later than Friday, July 12, 2013. ISOO will...

15 CFR 705.3 - Commencing an investigation.

Code of Federal Regulations, 2010 CFR

2010-01-01

...) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS EFFECT OF IMPORTED ARTICLES ON THE NATIONAL SECURITY § 705.3 Commencing an investigation. (a) Upon... the effect on the national security of the imports of any article. (b) The Secretary shall immediately...

Do You Take Credit Cards? Security and Compliance for the Credit Card Payment Industry

ERIC Educational Resources Information Center

Willey, Lorrie; White, Barbara Jo

2013-01-01

Security is a significant concern in business and in information systems (IS) education from both a technological and a strategic standpoint. Students can benefit from the study of information systems security when security concepts are introduced in the context of real-world industry standards. The development of a data security standard for…

Evaluation and selection of security products for authentication of computer software

NASA Astrophysics Data System (ADS)

Roenigk, Mark W.

2000-04-01

Software Piracy is estimated to cost software companies over eleven billion dollars per year in lost revenue worldwide. Over fifty three percent of all intellectual property in the form of software is pirated on a global basis. Software piracy has a dramatic effect on the employment figures for the information industry as well. In the US alone, over 130,000 jobs are lost annually as a result of software piracy.

Omnidirectional Learning - A New Paradigm for Learning to Predict Any Set of Variables from Any Other Set

DTIC Science & Technology

2016-05-06

ABSTRACT Awards: Best Paper Honorable Mention Award at the SIAM (Society for Industrial and Applied Mathematics Conference on Data Mining (SDM...magnitude in computation time over the state of the art. 15. SUBJECT TERMS Data Mining 16. SECURITY CLASSIFICATION OF: 17...International Conference on Data Mining and received Best Paper Honorable mention. To ensure broad use and uptake of the outcomes of this research

Evaluating Information Assurance Control Effectiveness on an Air Force Supervisory Control and Data Acquisition (SCADA) System

DTIC Science & Technology

2011-03-01

Byres, E. J., Lowe, J. (2004). The Myths and facts behind cyber security risks for industrial control systems . Berlin, Germany: VDE 2004 Congress...ACQUISITION (SCADA) SYSTEM THESIS Jason R. Nielsen, Major, USAF AFIT/GCO/ENG/11-10 DEPARTMENT OF THE AIR FORCE AIR UNIVERSITY AIR FORCE...DATA ACQUISITION (SCADA) SYSTEM THESIS Presented to the Faculty Department of Electrical and Computer Engineering Graduate School of

Protecting Location Privacy for Outsourced Spatial Data in Cloud Storage

PubMed Central

Gui, Xiaolin; An, Jian; Zhao, Jianqiang; Zhang, Xuejun

2014-01-01

As cloud computing services and location-aware devices are fully developed, a large amount of spatial data needs to be outsourced to the cloud storage provider, so the research on privacy protection for outsourced spatial data gets increasing attention from academia and industry. As a kind of spatial transformation method, Hilbert curve is widely used to protect the location privacy for spatial data. But sufficient security analysis for standard Hilbert curve (SHC) is seldom proceeded. In this paper, we propose an index modification method for SHC (SHC∗) and a density-based space filling curve (DSC) to improve the security of SHC; they can partially violate the distance-preserving property of SHC, so as to achieve better security. We formally define the indistinguishability and attack model for measuring the privacy disclosure risk of spatial transformation methods. The evaluation results indicate that SHC∗ and DSC are more secure than SHC, and DSC achieves the best index generation performance. PMID:25097865

Protecting location privacy for outsourced spatial data in cloud storage.

PubMed

Tian, Feng; Gui, Xiaolin; An, Jian; Yang, Pan; Zhao, Jianqiang; Zhang, Xuejun

2014-01-01

As cloud computing services and location-aware devices are fully developed, a large amount of spatial data needs to be outsourced to the cloud storage provider, so the research on privacy protection for outsourced spatial data gets increasing attention from academia and industry. As a kind of spatial transformation method, Hilbert curve is widely used to protect the location privacy for spatial data. But sufficient security analysis for standard Hilbert curve (SHC) is seldom proceeded. In this paper, we propose an index modification method for SHC (SHC(∗)) and a density-based space filling curve (DSC) to improve the security of SHC; they can partially violate the distance-preserving property of SHC, so as to achieve better security. We formally define the indistinguishability and attack model for measuring the privacy disclosure risk of spatial transformation methods. The evaluation results indicate that SHC(∗) and DSC are more secure than SHC, and DSC achieves the best index generation performance.

15 CFR 700.17 - Use of rated orders.

Code of Federal Regulations, 2010 CFR

2010-01-01

...) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS DEFENSE PRIORITIES AND ALLOCATIONS SYSTEM Industrial Priorities § 700.17 Use of rated orders. (a) A person...

15 CFR 700.10 - Delegation of authority.

Code of Federal Regulations, 2010 CFR

2010-01-01

...) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS DEFENSE PRIORITIES AND ALLOCATIONS SYSTEM Industrial Priorities § 700.10 Delegation of authority. (a) The... respect to industrial resources have been delegated to the Secretary of Commerce under Executive Order...

15 CFR 705.11 - Determination by the President and adjustment of imports.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS EFFECT OF IMPORTED ARTICLES ON THE NATIONAL SECURITY § 705.11 Determination by... national security, the President is required by Section 232(c) of the Trade Expansion Act of 1962, as...

Implementation and evaluation of an efficient secure computation system using ‘R’ for healthcare statistics

PubMed Central

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-01-01

Background and objective While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Materials and methods Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software ‘R’ by effectively combining secret-sharing-based secure computation with original computation. Results Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50 000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. Discussion If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using ‘R’ that works interactively while secure computation protocols generally require a significant amount of processing time. Conclusions We propose a secure statistical analysis system using ‘R’ for medical data that effectively integrates secret-sharing-based secure computation and original computation. PMID:24763677

Implementation and evaluation of an efficient secure computation system using 'R' for healthcare statistics.

PubMed

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-10-01

While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software 'R' by effectively combining secret-sharing-based secure computation with original computation. Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50,000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using 'R' that works interactively while secure computation protocols generally require a significant amount of processing time. We propose a secure statistical analysis system using 'R' for medical data that effectively integrates secret-sharing-based secure computation and original computation. Published by the BMJ Publishing Group Limited. For permission to use (where not already granted under a licence) please go to http://group.bmj.com/group/rights-licensing/permissions.

15 CFR 700.20 - Use of priority ratings.

Code of Federal Regulations, 2010 CFR

2010-01-01

...) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS DEFENSE PRIORITIES AND ALLOCATIONS SYSTEM Industrial Priorities for Energy Programs § 700.20 Use of... maintenance of energy facilities. ...

15 CFR 700.16 - Changes or cancellations of priority ratings and rated orders.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS DEFENSE PRIORITIES AND ALLOCATIONS SYSTEM Industrial Priorities § 700...

Advanced information society(7)

NASA Astrophysics Data System (ADS)

Chiba, Toshihiro

Various threats are hiding in advanced informationalized society. As we see car accident problems in motorization society light aspects necessarily accompy shady ones. Under the changing circumstances of advanced informationalization added values of information has become much higher. It causes computer crime, hacker, computer virus to come to the surface. In addition it can be said that infringement of intellectual property and privacy are threats brought by advanced information. Against these threats legal, institutional and insurance measures have been progressed, and newly security industry has been established. However, they are not adequate individually or totally. The future vision should be clarified, and countermeasures according to the visions have to be considered.

Analysis of Alternatives (AoA) of Open Colllaboration and Research Capabilities Collaboratipon in Research and Engineering in Advanced Technology and Education and High-Performance Computing Innovation Center (HPCIC) on the LVOC.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Vrieling, P. Douglas

2016-01-01

The Livermore Valley Open Campus (LVOC), a joint initiative of the National Nuclear Security Administration (NNSA), Lawrence Livermore National Laboratory (LLNL), and Sandia National Laboratories (SNL), enhances the national security missions of NNSA by promoting greater collaboration between world-class scientists at the national security laboratories, and their partners in industry and academia. Strengthening the science, technology, and engineering (ST&E) base of our nation is one of the NNSA’s top goals. By conducting coordinated and collaborative programs, LVOC enhances both the NNSA and the broader national science and technology base, and helps to ensure the health of core capabilities at LLNLmore » and SNL. These capabilities must remain strong to enable the laboratories to execute their primary mission for NNSA.« less

A secure EHR system based on hybrid clouds.

PubMed

Chen, Yu-Yi; Lu, Jun-Chao; Jan, Jinn-Ke

2012-10-01

Consequently, application services rendering remote medical services and electronic health record (EHR) have become a hot topic and stimulating increased interest in studying this subject in recent years. Information and communication technologies have been applied to the medical services and healthcare area for a number of years to resolve problems in medical management. Sharing EHR information can provide professional medical programs with consultancy, evaluation, and tracing services can certainly improve accessibility to the public receiving medical services or medical information at remote sites. With the widespread use of EHR, building a secure EHR sharing environment has attracted a lot of attention in both healthcare industry and academic community. Cloud computing paradigm is one of the popular healthIT infrastructures for facilitating EHR sharing and EHR integration. In this paper, we propose an EHR sharing and integration system in healthcare clouds and analyze the arising security and privacy issues in access and management of EHRs.

Securing the Internet frontier.

PubMed

Morrissey, J

1996-10-21

Just as in the Wild West, security strategies are being mobilized for the untamed Internet frontier. Technology developed by settlers from the banking and merchandising industries is being retooled for healthcare, where security-conscious industries see a big market opportunity.

An Efficient Wireless Sensor Network for Industrial Monitoring and Control.

PubMed

Aponte-Luis, Juan; Gómez-Galán, Juan Antonio; Gómez-Bravo, Fernando; Sánchez-Raya, Manuel; Alcina-Espigado, Javier; Teixido-Rovira, Pedro Miguel

2018-01-10

This paper presents the design of a wireless sensor network particularly designed for remote monitoring and control of industrial parameters. The article describes the network components, protocol and sensor deployment, aimed to accomplish industrial constraint and to assure reliability and low power consumption. A particular case of study is presented. The system consists of a base station, gas sensing nodes, a tree-based routing scheme for the wireless sensor nodes and a real-time monitoring application that operates from a remote computer and a mobile phone. The system assures that the industrial safety quality and the measurement and monitoring system achieves an efficient industrial monitoring operations. The robustness of the developed system and the security in the communications have been guaranteed both in hardware and software level. The system is flexible and can be adapted to different environments. The testing of the system confirms the feasibility of the proposed implementation and validates the functional requirements of the developed devices, the networking solution and the power consumption management.

An Efficient Wireless Sensor Network for Industrial Monitoring and Control

PubMed Central

Aponte-Luis, Juan; Gómez-Bravo, Fernando; Sánchez-Raya, Manuel; Alcina-Espigado, Javier; Teixido-Rovira, Pedro Miguel

2018-01-01

This paper presents the design of a wireless sensor network particularly designed for remote monitoring and control of industrial parameters. The article describes the network components, protocol and sensor deployment, aimed to accomplish industrial constraint and to assure reliability and low power consumption. A particular case of study is presented. The system consists of a base station, gas sensing nodes, a tree-based routing scheme for the wireless sensor nodes and a real-time monitoring application that operates from a remote computer and a mobile phone. The system assures that the industrial safety quality and the measurement and monitoring system achieves an efficient industrial monitoring operations. The robustness of the developed system and the security in the communications have been guaranteed both in hardware and software level. The system is flexible and can be adapted to different environments. The testing of the system confirms the feasibility of the proposed implementation and validates the functional requirements of the developed devices, the networking solution and the power consumption management. PMID:29320466

Exploring Factors That Affect Adoption of Computer Security Practices among College Students

ERIC Educational Resources Information Center

Alqarni, Amani

2017-01-01

Cyber-attacks threaten the security of computer users' information, networks, machines, and privacy. Studies of computer security education, awareness, and training among ordinary computer users, college students, non-IT-oriented user groups, and non-technically trained citizens are limited. Most research has focused on computer security standards…

Snore related signals processing in a private cloud computing system.

PubMed

Qian, Kun; Guo, Jian; Xu, Huijie; Zhu, Zhaomeng; Zhang, Gongxuan

2014-09-01

Snore related signals (SRS) have been demonstrated to carry important information about the obstruction site and degree in the upper airway of Obstructive Sleep Apnea-Hypopnea Syndrome (OSAHS) patients in recent years. To make this acoustic signal analysis method more accurate and robust, big SRS data processing is inevitable. As an emerging concept and technology, cloud computing has motivated numerous researchers and engineers to exploit applications both in academic and industry field, which could have an ability to implement a huge blue print in biomedical engineering. Considering the security and transferring requirement of biomedical data, we designed a system based on private cloud computing to process SRS. Then we set the comparable experiments of processing a 5-hour audio recording of an OSAHS patient by a personal computer, a server and a private cloud computing system to demonstrate the efficiency of the infrastructure we proposed.

HPC Annual Report 2017

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dennig, Yasmin

Sandia National Laboratories has a long history of significant contributions to the high performance community and industry. Our innovative computer architectures allowed the United States to become the first to break the teraFLOP barrier—propelling us to the international spotlight. Our advanced simulation and modeling capabilities have been integral in high consequence US operations such as Operation Burnt Frost. Strong partnerships with industry leaders, such as Cray, Inc. and Goodyear, have enabled them to leverage our high performance computing (HPC) capabilities to gain a tremendous competitive edge in the marketplace. As part of our continuing commitment to providing modern computing infrastructuremore » and systems in support of Sandia missions, we made a major investment in expanding Building 725 to serve as the new home of HPC systems at Sandia. Work is expected to be completed in 2018 and will result in a modern facility of approximately 15,000 square feet of computer center space. The facility will be ready to house the newest National Nuclear Security Administration/Advanced Simulation and Computing (NNSA/ASC) Prototype platform being acquired by Sandia, with delivery in late 2019 or early 2020. This new system will enable continuing advances by Sandia science and engineering staff in the areas of operating system R&D, operation cost effectiveness (power and innovative cooling technologies), user environment and application code performance.« less

Saving Water at Los Alamos National Laboratory

DOE Office of Scientific and Technical Information (OSTI.GOV)

Erickson, Andy

Los Alamos National Laboratory decreased its water usage by 26 percent in 2014, with about one-third of the reduction attributable to using reclaimed water to cool a supercomputing center. The Laboratory's goal during 2014 was to use only re-purposed water to support the mission at the Strategic Computing Complex. Using reclaimed water from the Sanitary Effluent Reclamation Facility, or SERF, substantially decreased water usage and supported the overall mission. SERF collects industrial wastewater and treats it for reuse. The reclamation facility contributed more than 27 million gallons of re-purposed water to the Laboratory's computing center, a secured supercomputing facility thatmore » supports the Laboratory’s national security mission and is one of the institution’s larger water users. In addition to the strategic water reuse program at SERF, the Laboratory reduced water use in 2014 by focusing conservation efforts on areas that use the most water, upgrading to water-conserving fixtures, and repairing leaks identified in a biennial survey.« less

Saving Water at Los Alamos National Laboratory

ScienceCinema

Erickson, Andy

2018-01-16

Los Alamos National Laboratory decreased its water usage by 26 percent in 2014, with about one-third of the reduction attributable to using reclaimed water to cool a supercomputing center. The Laboratory's goal during 2014 was to use only re-purposed water to support the mission at the Strategic Computing Complex. Using reclaimed water from the Sanitary Effluent Reclamation Facility, or SERF, substantially decreased water usage and supported the overall mission. SERF collects industrial wastewater and treats it for reuse. The reclamation facility contributed more than 27 million gallons of re-purposed water to the Laboratory's computing center, a secured supercomputing facility that supports the Laboratory’s national security mission and is one of the institution’s larger water users. In addition to the strategic water reuse program at SERF, the Laboratory reduced water use in 2014 by focusing conservation efforts on areas that use the most water, upgrading to water-conserving fixtures, and repairing leaks identified in a biennial survey.

Consolidation and development roadmap of the EMI middleware

NASA Astrophysics Data System (ADS)

Kónya, B.; Aiftimiei, C.; Cecchi, M.; Field, L.; Fuhrmann, P.; Nilsen, J. K.; White, J.

2012-12-01

Scientific research communities have benefited recently from the increasing availability of computing and data infrastructures with unprecedented capabilities for large scale distributed initiatives. These infrastructures are largely defined and enabled by the middleware they deploy. One of the major issues in the current usage of research infrastructures is the need to use similar but often incompatible middleware solutions. The European Middleware Initiative (EMI) is a collaboration of the major European middleware providers ARC, dCache, gLite and UNICORE. EMI aims to: deliver a consolidated set of middleware components for deployment in EGI, PRACE and other Distributed Computing Infrastructures; extend the interoperability between grids and other computing infrastructures; strengthen the reliability of the services; establish a sustainable model to maintain and evolve the middleware; fulfil the requirements of the user communities. This paper presents the consolidation and development objectives of the EMI software stack covering the last two years. The EMI development roadmap is introduced along the four technical areas of compute, data, security and infrastructure. The compute area plan focuses on consolidation of standards and agreements through a unified interface for job submission and management, a common format for accounting, the wide adoption of GLUE schema version 2.0 and the provision of a common framework for the execution of parallel jobs. The security area is working towards a unified security model and lowering the barriers to Grid usage by allowing users to gain access with their own credentials. The data area is focusing on implementing standards to ensure interoperability with other grids and industry components and to reuse already existing clients in operating systems and open source distributions. One of the highlights of the infrastructure area is the consolidation of the information system services via the creation of a common information backbone.

Protecting clinical data in PACS, teleradiology systems, and research environments

NASA Astrophysics Data System (ADS)

Meissner, Marion C.; Collmann, Jeff R.; Tohme, Walid G.; Mun, Seong K.

1997-05-01

As clinical data is more widely stored in electronic patient record management systems and transmitted over the Internet and telephone lines, it becomes more accessible and therefore more useful, but also more vulnerable. Computer systems such as PACS, telemedicine applications, and medical research networks must protect against accidental or deliberate modification, disclosure, and violation of patient confidentiality in order to be viable. Conventional wisdom in the medical field and among lawmakers legislating the use of electronic medical records suggests that, although it may improve access to information, an electronic medical record cannot be as secure as a traditional paper record. This is not the case. Information security is a well-developed field in the computer and communications industry. If medical information systems, such as PACS, telemedicine applications, and research networks, properly apply information security techniques, they can ensure the accuracy and confidentiality of their patient information and even improve the security of their data over a traditional paper record. This paper will elaborate on some of these techniques and discuss how they can be applied to medical information systems. The following systems will be used as examples for the analysis: a research laboratory at Georgetown University Medical Center, the Deployable Radiology system installed to support the US Army's peace- keeping operation in Bosnia, a kidney dialysis telemedicine system in Washington, D.C., and various experiences with implementing and integrating PACS.

Critical Infrastructure Protection II, The International Federation for Information Processing, Volume 290.

NASA Astrophysics Data System (ADS)

Papa, Mauricio; Shenoi, Sujeet

The information infrastructure -- comprising computers, embedded devices, networks and software systems -- is vital to day-to-day operations in every sector: information and telecommunications, banking and finance, energy, chemicals and hazardous materials, agriculture, food, water, public health, emergency services, transportation, postal and shipping, government and defense. Global business and industry, governments, indeed society itself, cannot function effectively if major components of the critical information infrastructure are degraded, disabled or destroyed. Critical Infrastructure Protection II describes original research results and innovative applications in the interdisciplinary field of critical infrastructure protection. Also, it highlights the importance of weaving science, technology and policy in crafting sophisticated, yet practical, solutions that will help secure information, computer and network assets in the various critical infrastructure sectors. Areas of coverage include: - Themes and Issues - Infrastructure Security - Control Systems Security - Security Strategies - Infrastructure Interdependencies - Infrastructure Modeling and Simulation This book is the second volume in the annual series produced by the International Federation for Information Processing (IFIP) Working Group 11.10 on Critical Infrastructure Protection, an international community of scientists, engineers, practitioners and policy makers dedicated to advancing research, development and implementation efforts focused on infrastructure protection. The book contains a selection of twenty edited papers from the Second Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection held at George Mason University, Arlington, Virginia, USA in the spring of 2008.

Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

PubMed

Kraemer, Sara; Carayon, Pascale

2007-03-01

This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

Optimizing the Long-Term Capacity Expansion and Protection of Iraqi Oil Infrastructure

DTIC Science & Technology

2005-09-01

remotely using only a computer and a high-speed internet connection. I only wish that the Navy as a whole were as receptive to telecommuting as you...INTRODUCTION Formula for success: Rise early, work hard , strike oil. Jean Paul Getty (1892-1976), American Industrialist and Founder of the Getty...In truth , Iraq has neglected its lifeblood industry for far too long and requires a capital expansion and security plan - as well as the financial

The strategic measures for the industrial security of small and medium business.

PubMed

Lee, Chang-Moo

2014-01-01

The competitiveness of companies increasingly depends upon whether they possess the cutting-edge or core technology. The technology should be protected from industrial espionage or leakage. A special attention needs to be given to SMB (small and medium business), furthermore, because SMB occupies most of the companies but has serious problems in terms of industrial security. The technology leakages of SMB would account for more than 2/3 of total leakages during last five years. The purpose of this study is, therefore, to analyze the problems of SMB in terms of industrial security and suggest the strategic solutions for SMB in South Korea. The low security awareness and financial difficulties, however, make it difficult for SMB to build the effective security management system which would protect the company from industrial espionage and leakage of its technology. The growing dependence of SMB on network such as internet, in addition, puts the SMB at risk of leaking its technology through hacking or similar ways. It requires new measures to confront and control such a risk. Online security control services and technology deposit system are suggested for such measures.

15 CFR 758.7 - Authority of the Office of Export Enforcement, the Bureau of Industry and Security, Customs...

Code of Federal Regulations, 2010 CFR

2010-01-01

... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false Authority of the Office of Export Enforcement, the Bureau of Industry and Security, Customs offices and Postmasters in clearing shipments 758.7 Section 758.7 Commerce and Foreign Trade Regulations Relating to Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY,...

American Security and the International Energy Situation. Volume 4. Collected Papers

DTIC Science & Technology

1975-04-15

piograms as jet engine sales Wheat shipments may permit the Soviets to keep chemical industries onenled l.siim.«,, ,1 Pi.l.vs.., I...security and economic interde- pendence among Western advanced industrialized countries. Periodic con- flicts have been replaced by a "security... industrialized countries, creating an "interpenetration of econ- omies." Each development affects the dimensions of the access-to- resources

A novel quantum solution to secure two-party distance computation

NASA Astrophysics Data System (ADS)

Peng, Zhen-wan; Shi, Run-hua; Wang, Pan-hong; Zhang, Shun

2018-06-01

Secure Two-Party Distance Computation is an important primitive of Secure Multiparty Computational Geometry that it involves two parties, where each party has a private point, and the two parties want to jointly compute the distance between their points without revealing anything about their respective private information. Secure Two-Party Distance Computation has very important and potential applications in settings of high secure requirements, such as privacy-preserving Determination of Spatial Location-Relation, Determination of Polygons Similarity, and so on. In this paper, we present a quantum protocol for Secure Two-Party Distance Computation by using QKD-based Quantum Private Query. The security of the protocol is based on the physical principles of quantum mechanics, instead of difficulty assumptions, and therefore, it can ensure higher security than the classical related protocols.

Multinational corporate penetration, industrialism, region, and social security expenditures: a cross-national analysis.

PubMed

Clark, R; Filinson, R

1991-01-01

This study examines the determinants of spending on social security programs. We draw predictions from industrialism and dependency theories for the explanation of social security programs. The explanations are tested with data on seventy-five nations, representative of core, semipheripheral and peripheral nations. Industrialization variables such as the percentage of older adults and economic productivity have strong effects in models involving all nations, as does multinational corporate (MNC) penetration in extraction, particularly when region is controlled; such penetration is negatively associated with spending on social security. We then look at industrialism and dependency effects for peripheral and non-core nations alone. The effects of all industrialization variables, except economic productivity, appear insignificant for peripheral nations, while the effects of region and multinational corporate penetration in extractive and agricultural industries appears significant. Models involving all non-core nations (peripheral and semi-peripheral) look more like models for all nations than for peripheral nations alone.

10 CFR 25.5 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-01-01

... establish an industrial security program for the purpose of safeguarding classified information under the... Agent for the National Industrial Security Program. Commission means the Nuclear Regulatory Commission... designated by the Executive Director for Operations, is eligible for a security clearance for access to...

48 CFR 504.402 - General.

Code of Federal Regulations, 2010 CFR

2010-10-01

...) Implements the requirements of the Department of Defense's Industrial Security Regulation (ISR) and Industrial Security Manual for Safeguarding Classified Information (ISM). By agreement, the Department of Defense (DOD) will act for, and on behalf of, GSA in rendering security services required for safeguarding...

Secure Multiparty Quantum Computation for Summation and Multiplication.

PubMed

Shi, Run-hua; Mu, Yi; Zhong, Hong; Cui, Jie; Zhang, Shun

2016-01-21

As a fundamental primitive, Secure Multiparty Summation and Multiplication can be used to build complex secure protocols for other multiparty computations, specially, numerical computations. However, there is still lack of systematical and efficient quantum methods to compute Secure Multiparty Summation and Multiplication. In this paper, we present a novel and efficient quantum approach to securely compute the summation and multiplication of multiparty private inputs, respectively. Compared to classical solutions, our proposed approach can ensure the unconditional security and the perfect privacy protection based on the physical principle of quantum mechanics.

Secure Multiparty Quantum Computation for Summation and Multiplication

PubMed Central

Shi, Run-hua; Mu, Yi; Zhong, Hong; Cui, Jie; Zhang, Shun

2016-01-01

As a fundamental primitive, Secure Multiparty Summation and Multiplication can be used to build complex secure protocols for other multiparty computations, specially, numerical computations. However, there is still lack of systematical and efficient quantum methods to compute Secure Multiparty Summation and Multiplication. In this paper, we present a novel and efficient quantum approach to securely compute the summation and multiplication of multiparty private inputs, respectively. Compared to classical solutions, our proposed approach can ensure the unconditional security and the perfect privacy protection based on the physical principle of quantum mechanics. PMID:26792197

20 CFR 404.1402 - When are railroad industry services by a non-vested worker covered under Social Security?

Code of Federal Regulations, 2010 CFR

2010-04-01

...-vested worker covered under Social Security? 404.1402 Section 404.1402 Employees' Benefits SOCIAL... When are railroad industry services by a non-vested worker covered under Social Security? If you are a non-vested worker, we (the Social Security Administration) will consider your services in the railroad...

76 FR 1521 - Security Zone: Fleet Industrial Supply Center Pier, San Diego, CA

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-11

... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 165 [Docket No. USCG-2010-0423] RIN 1625-AA87 Security Zone: Fleet Industrial Supply Center Pier, San Diego, CA AGENCY: Coast Guard, DHS. ACTION: Final rule. SUMMARY: The Coast Guard is removing a security zone on the navigable waters of San Diego...

20 CFR 404.1402 - When are railroad industry services by a non-vested worker covered under Social Security?

Code of Federal Regulations, 2014 CFR

2014-04-01

...-vested worker covered under Social Security? 404.1402 Section 404.1402 Employees' Benefits SOCIAL... When are railroad industry services by a non-vested worker covered under Social Security? If you are a non-vested worker, we (the Social Security Administration) will consider your services in the railroad...

20 CFR 404.1402 - When are railroad industry services by a non-vested worker covered under Social Security?

Code of Federal Regulations, 2012 CFR

2012-04-01

...-vested worker covered under Social Security? 404.1402 Section 404.1402 Employees' Benefits SOCIAL... When are railroad industry services by a non-vested worker covered under Social Security? If you are a non-vested worker, we (the Social Security Administration) will consider your services in the railroad...

A Computer Security Course in the Undergraduate Computer Science Curriculum.

ERIC Educational Resources Information Center

Spillman, Richard

1992-01-01

Discusses the importance of computer security and considers criminal, national security, and personal privacy threats posed by security breakdown. Several examples are given, including incidents involving computer viruses. Objectives, content, instructional strategies, resources, and a sample examination for an experimental undergraduate computer…

Information Security: Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing

DTIC Science & Technology

2010-07-01

Cloud computing , an emerging form of computing in which users have access to scalable, on-demand capabilities that are provided through Internet... cloud computing , (2) the information security implications of using cloud computing services in the Federal Government, and (3) federal guidance and...efforts to address information security when using cloud computing . The complete report is titled Information Security: Federal Guidance Needed to

76 FR 7818 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-11

... will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100..., --Presentation on Science of Security relating to computer security research, --Presentation on Access of..., --A panel of Inspector Generals regarding privacy and security, and --Update on NIST Computer Security...

SEED: A Suite of Instructional Laboratories for Computer Security Education

ERIC Educational Resources Information Center

Du, Wenliang; Wang, Ronghua

2008-01-01

The security and assurance of our computing infrastructure has become a national priority. To address this priority, higher education has gradually incorporated the principles of computer and information security into the mainstream undergraduate and graduate computer science curricula. To achieve effective education, learning security principles…

76 FR 69303 - Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-08

...: [email protected] ; and (ii) Thomas Bayer, Director/Chief Information Officer, Securities and... assistance of truly independent legal counsel. \\5\\ See Role of Independent Directors of Investment Companies... reports prepared by the Securities Industry and Financial Markets Association. See Securities Industry and...

76 FR 47527 - Retrospective Regulatory Review Under E.O. 13563

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-05

... DEPARTMENT OF COMMERCE Bureau of Industry and Security 15 CFR Chapter VII [Docket No. 110711380... Security, Commerce. ACTION: Notice of inquiry. SUMMARY: The Bureau of Industry and Security (BIS... of portions of the Export Administration Regulations, Chemical Weapons Convention Regulations...

An efficient and secure partial image encryption for wireless multimedia sensor networks using discrete wavelet transform, chaotic maps and substitution box

NASA Astrophysics Data System (ADS)

Khan, Muazzam A.; Ahmad, Jawad; Javaid, Qaisar; Saqib, Nazar A.

2017-03-01

Wireless Sensor Networks (WSN) is widely deployed in monitoring of some physical activity and/or environmental conditions. Data gathered from WSN is transmitted via network to a central location for further processing. Numerous applications of WSN can be found in smart homes, intelligent buildings, health care, energy efficient smart grids and industrial control systems. In recent years, computer scientists has focused towards findings more applications of WSN in multimedia technologies, i.e. audio, video and digital images. Due to bulky nature of multimedia data, WSN process a large volume of multimedia data which significantly increases computational complexity and hence reduces battery time. With respect to battery life constraints, image compression in addition with secure transmission over a wide ranged sensor network is an emerging and challenging task in Wireless Multimedia Sensor Networks. Due to the open nature of the Internet, transmission of data must be secure through a process known as encryption. As a result, there is an intensive demand for such schemes that is energy efficient as well as highly secure since decades. In this paper, discrete wavelet-based partial image encryption scheme using hashing algorithm, chaotic maps and Hussain's S-Box is reported. The plaintext image is compressed via discrete wavelet transform and then the image is shuffled column-wise and row wise-wise via Piece-wise Linear Chaotic Map (PWLCM) and Nonlinear Chaotic Algorithm, respectively. To get higher security, initial conditions for PWLCM are made dependent on hash function. The permuted image is bitwise XORed with random matrix generated from Intertwining Logistic map. To enhance the security further, final ciphertext is obtained after substituting all elements with Hussain's substitution box. Experimental and statistical results confirm the strength of the anticipated scheme.

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 5 2012-10-01 2012-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 5 2013-10-01 2013-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 5 2011-10-01 2011-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 5 2014-10-01 2014-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

Privacy-preserving public auditing for data integrity in cloud

NASA Astrophysics Data System (ADS)

Shaik Saleem, M.; Murali, M.

2018-04-01

Cloud computing which has collected extent concentration from communities of research and with industry research development, a large pool of computing resources using virtualized sharing method like storage, processing power, applications and services. The users of cloud are vend with on demand resources as they want in the cloud computing. Outsourced file of the cloud user can easily tampered as it is stored at the third party service providers databases, so there is no integrity of cloud users data as it has no control on their data, therefore providing security assurance to the users data has become one of the primary concern for the cloud service providers. Cloud servers are not responsible for any data loss as it doesn’t provide the security assurance to the cloud user data. Remote data integrity checking (RDIC) licenses an information to data storage server, to determine that it is really storing an owners data truthfully. RDIC is composed of security model and ID-based RDIC where it is responsible for the security of every server and make sure the data privacy of cloud user against the third party verifier. Generally, by running a two-party Remote data integrity checking (RDIC) protocol the clients would themselves be able to check the information trustworthiness of their cloud. Within the two party scenario the verifying result is given either from the information holder or the cloud server may be considered as one-sided. Public verifiability feature of RDIC gives the privilege to all its users to verify whether the original data is modified or not. To ensure the transparency of the publicly verifiable RDIC protocols, Let’s figure out there exists a TPA who is having knowledge and efficiency to verify the work to provide the condition clearly by publicly verifiable RDIC protocols.

2017 Joint Annual NDIA/AIA Industrial Security Committee Fall Conference

DTIC Science & Technology

2017-11-15

beyond credit data to offer the insights that government professionals need to make informed decisions and ensure citizen safety, manage compliance...business that provides information technology and professional services. We specialize in managing business processes and systems integration for both... Information Security System ISFD Industrial Security Facilities Database OBMS ODAA Business Management System STEPP Security, Training, Education and

Efficient Server-Aided Secure Two-Party Function Evaluation with Applications to Genomic Computation

DTIC Science & Technology

2016-07-14

of the important properties of secure computation . In particular, it is known that full fairness cannot be achieved in the case of two-party com...Jakobsen, J. Nielsen, and C. Orlandi. A framework for outsourcing of secure computation . In ACM Workshop on Cloud Computing Security (CCSW), pages...Function Evaluation with Applications to Genomic Computation Abstract: Computation based on genomic data is becoming increasingly popular today, be it

15 CFR 700.18 - Limitations on placing rated orders.

Code of Federal Regulations, 2012 CFR

2012-01-01

... transportation (Department of Transportation); (v) Water resources (Department of Defense/U.S. Army Corps of... (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS DEFENSE PRIORITIES AND ALLOCATIONS SYSTEM Industrial Priorities § 700.18 Limitations on placing...

15 CFR 700.18 - Limitations on placing rated orders.

Code of Federal Regulations, 2014 CFR

2014-01-01

... transportation (Department of Transportation); (v) Water resources (Department of Defense/U.S. Army Corps of... (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS DEFENSE PRIORITIES AND ALLOCATIONS SYSTEM Industrial Priorities § 700.18 Limitations on placing...

15 CFR 700.18 - Limitations on placing rated orders.

Code of Federal Regulations, 2013 CFR

2013-01-01

... transportation (Department of Transportation); (v) Water resources (Department of Defense/U.S. Army Corps of... (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS DEFENSE PRIORITIES AND ALLOCATIONS SYSTEM Industrial Priorities § 700.18 Limitations on placing...

15 CFR 705.5 - Request or application for an investigation.

Code of Federal Regulations, 2010 CFR

2010-01-01

... industry affected, including pertinent information regarding companies and their plants, locations... (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE... shall be filed with the Director, Office of Technology Evaluation, Room H-1093, U.S. Department of...

Method for transferring data from an unsecured computer to a secured computer

DOEpatents

Nilsen, Curt A.

1997-01-01

A method is described for transferring data from an unsecured computer to a secured computer. The method includes transmitting the data and then receiving the data. Next, the data is retransmitted and rereceived. Then, it is determined if errors were introduced when the data was transmitted by the unsecured computer or received by the secured computer. Similarly, it is determined if errors were introduced when the data was retransmitted by the unsecured computer or rereceived by the secured computer. A warning signal is emitted from a warning device coupled to the secured computer if (i) an error was introduced when the data was transmitted or received, and (ii) an error was introduced when the data was retransmitted or rereceived.

Participant’s Manual to Accompany the Yugoslav Dilemma (A Computer Simulation)

DTIC Science & Technology

1984-02-01

INOV 65IS OBSOLETE UCASFE S/W 0102.0P.01461101 UCASFE SECURITY CLASSIFICATION OF THIS PAGE (Vh.n Do#& 800ae.) % % P . . ... J4 , . .. . S. FOREWORD... Poland caused Europeans to think carefully about the tendency to rely heavily on the benefits of detente as a basis for foreign policy. The Soviet...contracts were signed with Hungary and Poland for the supply of industrial plants. A Defense Cooperation Agreement was signed with the United States. It

Sscience & technology review; Science Technology Review

DOE Office of Scientific and Technical Information (OSTI.GOV)

NONE

1996-07-01

This review is published ten times a year to communicate, to a broad audience, Lawrence Livermore National Laboratory`s scientific and technological accomplishments, particularly in the Laboratory`s core mission areas - global security, energy and the environment, and bioscience and biotechnology. This review for the month of July 1996 discusses: Frontiers of research in advanced computations, The multibeam Fabry-Perot velocimeter: Efficient measurement of high velocities, High-tech tools for the American textile industry, and Rock mechanics: can the Tuff take the stress.

Computer Security Models

DTIC Science & Technology

1984-09-01

Verification Technique for a Class of Security Kernels," International Symposium on Programming , Lecture Notes in Computer Science 137, Springer-Verlag, New York...September 1984 MTR9S31 " J. K. Millen Computer Security C. M. Cerniglia Models * 0 Ne c - ¢- C. S• ~CONTRACT SPONSOR OUSDRE/C31 & ESO/ALEE...ABSTRACT The purpose of this report is to provide a basis for evaluating security models in the context of secure computer system development

Home Computer and Internet User Security

DTIC Science & Technology

2005-01-01

Information Security Model © 2005 Carnegie Mellon University (Lawrence R. Rogers, Author) Home Computer and Internet User Security...Carnegie Mellon University (Lawrence R. Rogers, Author) Home Computer and Internet User Security Version 1.0.4 – slide 50 Contact Information Lawrence R. Rogers • Email: cert@cert.org CERT website: http://www.cert.org/ ...U.S. Patent and Trademark Office Home Computer and Internet User Security Report Documentation Page Form ApprovedOMB

The Strategic Measures for the Industrial Security of Small and Medium Business

PubMed Central

Lee, Chang-Moo

2014-01-01

The competitiveness of companies increasingly depends upon whether they possess the cutting-edge or core technology. The technology should be protected from industrial espionage or leakage. A special attention needs to be given to SMB (small and medium business), furthermore, because SMB occupies most of the companies but has serious problems in terms of industrial security. The technology leakages of SMB would account for more than 2/3 of total leakages during last five years. The purpose of this study is, therefore, to analyze the problems of SMB in terms of industrial security and suggest the strategic solutions for SMB in South Korea. The low security awareness and financial difficulties, however, make it difficult for SMB to build the effective security management system which would protect the company from industrial espionage and leakage of its technology. The growing dependence of SMB on network such as internet, in addition, puts the SMB at risk of leaking its technology through hacking or similar ways. It requires new measures to confront and control such a risk. Online security control services and technology deposit system are suggested for such measures. PMID:24955414

Public offerings of securities by petroleum industry: methods and costs of raising capital

DOE Office of Scientific and Technical Information (OSTI.GOV)

Siemon, D.

1978-01-01

This study examines public securities offerings by the petroleum industry and the flotation costs associated with raising capital through offerings to the public. Descriptive material is presented on an aggregate basis for the industry and also by selected company characteristics. Data were obtained from the Securities and Exchange Commission's records of registration statements for public offerings and include all public offerings registered with the SEC during the period January 1970 through October 1975. The petroleum industry issued 101 debt offerings and 1058 equity offerings during the time period. The total number of offerings for all industries was estimated to bemore » 20,000, so the petroleum industry accounted for roughly 5% of the total volume.« less

The Sunrise project: An R&D project for a national information infrastructure prototype

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lee, Juhnyoung

1995-02-01

Sunrise is a Los Alamos National Laboratory (LANL) project started in October 1993. It is intended to a prototype National Information Infrastructure (NII) development project. A main focus of Sunrise is to tie together enabling technologies (networking, object-oriented distributed computing, graphical interfaces, security, multimedia technologies, and data mining technologies) with several specific applications. A diverse set of application areas was chosen to ensure that the solutions developed in the project are as generic as possible. Some of the application areas are materials modeling, medical records and image analysis, transportation simulations, and education. This paper provides a description of Sunrise andmore » a view of the architecture and objectives of this evolving project. The primary objectives of Sunrise are three-fold: (1) To develop common information-enabling tools for advanced scientific research and its applications to industry; (2) To enhance the capabilities of important research programs at the Laboratory; and (3) To define a new way of collaboration between computer science and industrially relevant research.« less

Creation of security engineering programs by the Southwest Surety Institute

NASA Astrophysics Data System (ADS)

Romero, Van D.; Rogers, Bradley; Winfree, Tim; Walsh, Dan; Garcia, Mary Lynn

1998-12-01

The Southwest Surety Institute includes Arizona State University (ASU), Louisiana State University (LSU), New Mexico Institute of Mining and Technology (NM Tech), New Mexico State University (NMSU), and Sandia National Laboratories (SNL). The universities currently offer a full spectrum of post-secondary programs in security system design and evaluation, including an undergraduate minor, a graduate program, and continuing education programs. The programs are based on the methodology developed at Sandia National Laboratories over the past 25 years to protect critical nuclear assets. The programs combine basic concepts and principles from business, criminal justice, and technology to create an integrated performance-based approach to security system design and analysis. Existing university capabilities in criminal justice (NMSU), explosives testing and technology (NM Tech and LSU), and engineering technology (ASU) are leveraged to provide unique science-based programs that will emphasize the use of performance measures and computer analysis tools to prove the effectiveness of proposed systems in the design phase. Facility managers may then balance increased protection against the cost of implementation and risk mitigation, thereby enabling effective business decisions. Applications expected to benefit from these programs include corrections, law enforcement, counter-terrorism, critical infrastructure protection, financial and medical care fraud, industrial security, and border security.

The impact of internet-connected control systems on the oil and gas industry

NASA Astrophysics Data System (ADS)

Martel, Ruth T.

In industry and infrastructure today, communication is a way of life. In the oil and gas industry, the use of devices that communicate with the network at large is both commonplace and expected. Unfortunately, security on these devices is not always best. Many industrial control devices originate from legacy devices not originally configured with security in mind. All infrastructure and industry today has seen an increase in attacks on their networks and in some cases, a very dramatic increase, which should be a cause for alarm and action. The purpose of this research was to highlight the threat that Internet-connected devices present to an organization's network in the oil and gas industry and ultimately, to the business and possibly even human life. Although there are several previous studies that highlight the problem of these Internet-connected devices, there remains evidence that security response has not been adequate. The analysis conducted on only one easily discovered device serves as an example of the ongoing issue of the security mindset in the oil and gas industry. The ability to connect to a network through an Internet-connected device gives a hacker an anonymous backdoor to do great damage in that network. The hope is that the approach to security in infrastructure and especially the oil and gas industry, changes before a major catastrophe occurs involving human life.

A comprehensive overview of the applications of artificial life.

PubMed

Kim, Kyung-Joong; Cho, Sung-Bae

2006-01-01

We review the applications of artificial life (ALife), the creation of synthetic life on computers to study, simulate, and understand living systems. The definition and features of ALife are shown by application studies. ALife application fields treated include robot control, robot manufacturing, practical robots, computer graphics, natural phenomenon modeling, entertainment, games, music, economics, Internet, information processing, industrial design, simulation software, electronics, security, data mining, and telecommunications. In order to show the status of ALife application research, this review primarily features a survey of about 180 ALife application articles rather than a selected representation of a few articles. Evolutionary computation is the most popular method for designing such applications, but recently swarm intelligence, artificial immune network, and agent-based modeling have also produced results. Applications were initially restricted to the robotics and computer graphics, but presently, many different applications in engineering areas are of interest.

76 FR 58466 - Models To Advance Voluntary Corporate Notification to Consumers Regarding the Illicit Use of...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-21

...The U.S. Department of Commerce and U.S. Department of Homeland Security are requesting information on the requirements of, and possible approaches to creating, a voluntary industry code of conduct to address the detection, notification and mitigation of botnets.\\1\\ Over the past several years, botnets have increasingly put computer owners at risk. A botnet infection can lead to the monitoring of a consumer's personal information and communication, and exploitation of that consumer's computing power and Internet access. Networks of these compromised computers are often used to disseminate spam, to store and transfer illegal content, and to attack the servers of government and private entities with massive, distributed denial of service attacks. The Departments seek public comment from all Internet stakeholders, including the commercial, academic, and civil society sectors, on potential models for detection, notification, prevention, and mitigation of botnets' illicit use of computer equipment. ---------------------------------------------------------------------------

Power Efficient Hardware Architecture of SHA-1 Algorithm for Trusted Mobile Computing

NASA Astrophysics Data System (ADS)

Kim, Mooseop; Ryou, Jaecheol

The Trusted Mobile Platform (TMP) is developed and promoted by the Trusted Computing Group (TCG), which is an industry standard body to enhance the security of the mobile computing environment. The built-in SHA-1 engine in TMP is one of the most important circuit blocks and contributes the performance of the whole platform because it is used as key primitives supporting platform integrity and command authentication. Mobile platforms have very stringent limitations with respect to available power, physical circuit area, and cost. Therefore special architecture and design methods for low power SHA-1 circuit are required. In this paper, we present a novel and efficient hardware architecture of low power SHA-1 design for TMP. Our low power SHA-1 hardware can compute 512-bit data block using less than 7,000 gates and has a power consumption about 1.1 mA on a 0.25μm CMOS process.

Object and Facial Recognition in Augmented and Virtual Reality: Investigation into Software, Hardware and Potential Uses

NASA Technical Reports Server (NTRS)

Schulte, Erin

2017-01-01

As augmented and virtual reality grows in popularity, and more researchers focus on its development, other fields of technology have grown in the hopes of integrating with the up-and-coming hardware currently on the market. Namely, there has been a focus on how to make an intuitive, hands-free human-computer interaction (HCI) utilizing AR and VR that allows users to control their technology with little to no physical interaction with hardware. Computer vision, which is utilized in devices such as the Microsoft Kinect, webcams and other similar hardware has shown potential in assisting with the development of a HCI system that requires next to no human interaction with computing hardware and software. Object and facial recognition are two subsets of computer vision, both of which can be applied to HCI systems in the fields of medicine, security, industrial development and other similar areas.

A national-scale authentication infrastructure.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Butler, R.; Engert, D.; Foster, I.

2000-12-01

Today, individuals and institutions in science and industry are increasingly forming virtual organizations to pool resources and tackle a common goal. Participants in virtual organizations commonly need to share resources such as data archives, computer cycles, and networks - resources usually available only with restrictions based on the requested resource's nature and the user's identity. Thus, any sharing mechanism must have the ability to authenticate the user's identity and determine if the user is authorized to request the resource. Virtual organizations tend to be fluid, however, so authentication mechanisms must be flexible and lightweight, allowing administrators to quickly establish andmore » change resource-sharing arrangements. However, because virtual organizations complement rather than replace existing institutions, sharing mechanisms cannot change local policies and must allow individual institutions to maintain control over their own resources. Our group has created and deployed an authentication and authorization infrastructure that meets these requirements: the Grid Security Infrastructure. GSI offers secure single sign-ons and preserves site control over access policies and local security. It provides its own versions of common applications, such as FTP and remote login, and a programming interface for creating secure applications.« less

Securing resource constraints embedded devices using elliptic curve cryptography

NASA Astrophysics Data System (ADS)

Tam, Tony; Alfasi, Mohamed; Mozumdar, Mohammad

2014-06-01

The use of smart embedded device has been growing rapidly in recent time because of miniaturization of sensors and platforms. Securing data from these embedded devices is now become one of the core challenges both in industry and research community. Being embedded, these devices have tight constraints on resources such as power, computation, memory, etc. Hence it is very difficult to implement traditional Public Key Cryptography (PKC) into these resource constrained embedded devices. Moreover, most of the public key security protocols requires both public and private key to be generated together. In contrast with this, Identity Based Encryption (IBE), a public key cryptography protocol, allows a public key to be generated from an arbitrary string and the corresponding private key to be generated later on demand. While IBE has been actively studied and widely applied in cryptography research, conventional IBE primitives are also computationally demanding and cannot be efficiently implemented on embedded system. Simplified version of the identity based encryption has proven its competence in being robust and also satisfies tight budget of the embedded platform. In this paper, we describe the choice of several parameters for implementing lightweight IBE in resource constrained embedded sensor nodes. Our implementation of IBE is built using elliptic curve cryptography (ECC).

78 FR 32303 - Departmental Offices; Renewal of the Treasury Borrowing Advisory Committee of the Securities...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-29

... Committee of the Securities Industry and Financial Markets Association ACTION: Notice of renewal. SUMMARY... the Treasury Borrowing Advisory Committee of the Securities Industry and Financial Markets Association... Management (202) 622-1876. SUPPLEMENTARY INFORMATION: The purpose of the Committee is to provide informed...

Data security101: avoiding the list.

PubMed

Perna, Gabriel

2012-01-01

Thanks to the rampant digitization of healthcare data, breaches have become commonplace in an industry that lacks advanced security practices. In this industry-wide report, those who have dealt with breaches implore others to shore up internal security practices and be transparent. As one CIO keenly notes, "we're all in this together."

77 FR 31643 - Siltronic Corporation FAB1 Plant Including On-Site Leased Workers From Express Temporaries...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-29

... Secure Solutions USA, SBM Management Services, LP, ALSCO Portland Industrial, VWR International, Inc... G4S Secure Solutions USA, SBM Management Services, LP, Alsco Portland Industrial, VWR International... workers from Express Temporaries, Aerotek Commercial Staffing, G4S Secure Solutions USA, SBM Management...

78 FR 79716 - Self-Regulatory Organizations; Financial Industry Regulatory Authority, Inc; Order Instituting...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-31

.... The commenter states that such securities are likely to become more important to banks as new... SECURITIES AND EXCHANGE COMMISSION [Release No. 34-71180; File No. SR-FINRA-2013-039] Self... Securities to FINRA December 24, 2013. I. Introduction On September 16, 2013, the Financial Industry...

75 FR 23316 - Self-Regulatory Organizations; Financial Industry Regulatory Authority, Inc.; Order Approving...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-03

... SECURITIES AND EXCHANGE COMMISSION [Release No. 34-61979; File No. SR-FINRA-2010-003] Self..., as Modified by Amendment Nos. 1 and 2, Relating to Trade Reporting of OTC Equity Securities and Restricted Equity Securities April 23, 2010. I. Introduction On January 15, 2010, Financial Industry...

Information Security: Computer Hacker Information Available on the Internet

DTIC Science & Technology

1996-06-05

INFORMATION SECURITY Computer Hacker Information Available on the Internet Statement for the Record of...Report Type N/A Dates Covered (from... to) - Title and Subtitle INFORMATION SECURITY Computer Hacker Information Available on the Internet Contract...1996 4. TITLE AND SUBTITLE Information Security: Computer Hacker Information Available on the Internet 5. FUNDING NUMBERS 6. AUTHOR(S) Jack L.

Indirection and computer security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Berg, Michael J.

2011-09-01

The discipline of computer science is built on indirection. David Wheeler famously said, 'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. We propose that every computer security vulnerability is yet another problem created by the indirections in system designs and that focusing on the indirections involved is a better way to design, evaluate, and compare security solutions. We are not proposing that indirection be avoided when solving problems, but that understanding the relationships between indirections and vulnerabilities is key to securing computer systems. Using this perspective, we analyzemore » common vulnerabilities that plague our computer systems, consider the effectiveness of currently available security solutions, and propose several new security solutions.« less

Computer Security Awareness Guide for Department of Energy Laboratories, Government Agencies, and others for use with Lawrence Livermore National Laboratory`s (LLNL): Computer security short subjects videos

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

Lonnie Moore, the Computer Security Manager, CSSM/CPPM at Lawrence Livermore National Laboratory (LLNL) and Gale Warshawsky, the Coordinator for Computer Security Education & Awareness at LLNL, wanted to share topics such as computer ethics, software piracy, privacy issues, and protecting information in a format that would capture and hold an audience`s attention. Four Computer Security Short Subject videos were produced which ranged from 1-3 minutes each. These videos are very effective education and awareness tools that can be used to generate discussions about computer security concerns and good computing practices. Leaders may incorporate the Short Subjects into presentations. After talkingmore » about a subject area, one of the Short Subjects may be shown to highlight that subject matter. Another method for sharing them could be to show a Short Subject first and then lead a discussion about its topic. The cast of characters and a bit of information about their personalities in the LLNL Computer Security Short Subjects is included in this report.« less

Research on Quantum Authentication Methods for the Secure Access Control Among Three Elements of Cloud Computing

NASA Astrophysics Data System (ADS)

Dong, Yumin; Xiao, Shufen; Ma, Hongyang; Chen, Libo

2016-12-01

Cloud computing and big data have become the developing engine of current information technology (IT) as a result of the rapid development of IT. However, security protection has become increasingly important for cloud computing and big data, and has become a problem that must be solved to develop cloud computing. The theft of identity authentication information remains a serious threat to the security of cloud computing. In this process, attackers intrude into cloud computing services through identity authentication information, thereby threatening the security of data from multiple perspectives. Therefore, this study proposes a model for cloud computing protection and management based on quantum authentication, introduces the principle of quantum authentication, and deduces the quantum authentication process. In theory, quantum authentication technology can be applied in cloud computing for security protection. This technology cannot be cloned; thus, it is more secure and reliable than classical methods.

Regulation, Privacy and Security: Chairman's Opening Remarks

PubMed Central

Gabrieli, E.R.

1979-01-01

Medical privacy is a keystone of a free democratic society. To conserve the right of the patient to medical privacy, computerization of the medical data must be regulated. This paper enumerates some steps to be taken urgently for the protection of computerized sensitive medical data. A computer-oriented medical lexicon is urgently needed for accurate coding. Health industry standards should be drafted. The goals of various data centers must be sharply defined to avoid conflicts of interest. Medical privacy should be studied further, and medical data centers should consider cost-effectiveness. State boards for medical privacy should be created to monitor data security procedures. There is a need for purposeful decentralization. A national medical information policy should be drafted, and a national clinical information board should implement the nation's medical information policy.

Organisational Pattern Driven Recovery Mechanisms

NASA Astrophysics Data System (ADS)

Giacomo, Valentina Di; Presenza, Domenico; Riccucci, Carlo

The process of reaction to system failures and security attacks is strongly influenced by its infrastructural, procedural and organisational settings. Analysis of reaction procedures and practices from different domains (Air Traffic Management, Response to Computer Security Incident, Response to emergencies, recovery in Chemical Process Industry) highlight three key requirements for this activity: smooth collaboration and coordination among responders, accurate monitoring and management of resources and ability to adapt pre-established reaction plans to the actual context. The SERENITY Reaction Mechanisms (SRM) is the subsystem of the SERENITY Run-time Framework aimed to provide SERENITY aware AmI settings (i.e. socio-technical systems with highly distributed dynamic services) with functionalities to implement applications specific reaction strategies. The SRM uses SERENITY Organisational S&D Patterns as run-time models to drive these three key functionalities.

Phishing

MedlinePlus

... Money & Credit Homes & Mortgages Health & Fitness Jobs & Making Money Privacy, Identity & Online Security Limiting Unwanted Calls and Emails Online Security "Free" Security Scans Computer Security Disposing of Old Computers ...

Examining the Security Awareness, Information Privacy, and the Security Behaviors of Home Computer Users

ERIC Educational Resources Information Center

Edwards, Keith

2015-01-01

Attacks on computer systems continue to be a problem. The majority of the attacks target home computer users. To help mitigate the attacks some companies provide security awareness training to their employees. However, not all people work for a company that provides security awareness training and typically, home computer users do not have the…

32 CFR 2004.20 - National Industrial Security Program Operating Manual (NISPOM) [201(a)].

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false National Industrial Security Program Operating Manual (NISPOM) [201(a)]. 2004.20 Section 2004.20 National Defense Other Regulations Relating to National... that surface from industry, Executive Branch departments and agencies, or the NISPPAC. When consensus...

78 FR 73915 - Community Alliance, Inc., Defi Global, Inc., Easy Energy, Inc., Industry Concept Holdings, Inc...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-09

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Community Alliance, Inc., Defi Global, Inc., Easy Energy, Inc., Industry Concept Holdings, Inc., and Transworld Benefits International, Inc.; Order... that there is a lack of current and accurate information concerning the securities of Industry Concept...

49 CFR 8.31 - Industrial security.

Code of Federal Regulations, 2010 CFR

2010-10-01

... regulation is DOD 5220.22-M, National Industrial Security Program Operating Manual. This regulation is effective within the Department of Transportation, which functions as a User Agency as prescribed in the...

15 CFR 700.92 - Applicability of this regulation and official actions.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS DEFENSE PRIORITIES AND ALLOCATIONS SYSTEM Miscellaneous Provisions § 700.92...

76 FR 42765 - Departmental Offices; Renewal of the Treasury Borrowing Advisory Committee of the Securities...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-19

... Committee of the Securities Industry and Financial Markets Association ACTION: Notice of Renewal of... Securities Industry and Financial Markets Association (the ``Committee'') is necessary and in the public interest in connection with the performance of duties imposed on the Department of the Treasury by law. FOR...

75 FR 52625 - Amendment to the International Traffic in Arms Regulations: Export Exemption for Technical Data

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-27

... the provisions of the Department of Defense National Industrial Security Program Operating Manual, an... Department of Defense National Industrial Security Program Operating Manual (unless such requirements are in..., Arms Control and International Security, Department of State. [FR Doc. 2010-21450 Filed 8-26-10; 8:45...

77 FR 14848 - Self-Regulatory Organizations; Financial Industry Regulatory Authority, Inc.; Notice of Filing...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-13

... SECURITIES AND EXCHANGE COMMISSION [Release No. 34-66528; File No. SR-FINRA-2012-014] Self... Requirements for Credit Default Swaps) March 7, 2012. Pursuant to Section 19(b)(1) of the Securities Exchange..., 2012, Financial Industry Regulatory Authority, Inc. (``FINRA'') filed with the Securities and Exchange...

75 FR 71164 - Self-Regulatory Organizations; Financial Industry Regulatory Authority, Inc.; Notice of Filing...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-22

... SECURITIES AND EXCHANGE COMMISSION [Release No. 34-63319; File No. SR-FINRA-2010-060] Self... Changes to Certain FINRA Rules November 16, 2010. Pursuant to Section 19(b)(1) of the Securities Exchange..., 2010, Financial Industry Regulatory Authority, Inc. (``FINRA'') filed with the Securities and Exchange...

Development and Demonstration of a Security Core Component

DOE Office of Scientific and Technical Information (OSTI.GOV)

Turke, Andy

In recent years, the convergence of a number of trends has resulted in Cyber Security becoming a much greater concern for electric utilities. A short list of these trends includes: · Industrial Control Systems (ICSs) have evolved from depending on proprietary hardware and operating software toward using standard off-the-shelf hardware and operating software. This has meant that these ICSs can no longer depend on “security through obscurity. · Similarly, these same systems have evolved toward using standard communications protocols, further reducing their ability to rely upon obscurity. · The rise of the Internet and the accompanying demand for more datamore » about virtually everything has resulted in formerly isolated ICSs becoming at least partially accessible via Internet-connected networks. · “Cyber crime” has become commonplace, whether it be for industrial espionage, reconnaissance for a possible cyber attack, theft, or because some individual or group “has something to prove.” Electric utility system operators are experts at running the power grid. The reality is, especially at small and mid-sized utilities, these SCADA operators will by default be “on the front line” if and when a cyber attack occurs against their systems. These people are not computer software, networking, or cyber security experts, so they are ill-equipped to deal with a cyber security incident. Cyber Security Manager (CSM) was conceived, designed, and built so that it can be configured to know what a utility’s SCADA/EMS/DMS system looks like under normal conditions. To do this, CSM monitors log messages from any device that uses the syslog standard. It can also monitor a variety of statistics from the computers that make up the SCADA/EMS/DMS: outputs from host-based security tools, intrusion detection systems, SCADA alarms, and real-time SCADA values – even results from a SIEM (Security Information and Event Management) system. When the system deviates from “normal,” CSM can alert the operator in language that they understand that an incident may be occurring, provide actionable intelligence, and informing them what actions to take. These alarms may be viewed on CSM’s built-in user interface, sent to a SCADA alarm list, or communicated via email, phone, pager, or SMS message. In recognition of the fact that “real world” training for cyber security events is impractical, CSM has a built-in Operator Training Simulator capability. This can be used stand alone to create simulated event scenarios for training purposes. It may also be used in conjunction with the recipient’s SCADA/EMS/DMS Operator Training Simulator. In addition to providing cyber security situational awareness for electric utility operators, CSM also provides tools for analysts and support personnel; in fact, the majority of user interface displays are designed for use in analyzing current and past security events. CSM keeps security-related information in long-term storage, as well as writing any decisions it makes to a (syslog) log for use forensic or other post-event analysis.« less

Controlling Infrastructure Costs: Right-Sizing the Mission Control Facility

NASA Technical Reports Server (NTRS)

Martin, Keith; Sen-Roy, Michael; Heiman, Jennifer

2009-01-01

Johnson Space Center's Mission Control Center is a space vehicle, space program agnostic facility. The current operational design is essentially identical to the original facility architecture that was developed and deployed in the mid-90's. In an effort to streamline the support costs of the mission critical facility, the Mission Operations Division (MOD) of Johnson Space Center (JSC) has sponsored an exploratory project to evaluate and inject current state-of-the-practice Information Technology (IT) tools, processes and technology into legacy operations. The general push in the IT industry has been trending towards a data-centric computer infrastructure for the past several years. Organizations facing challenges with facility operations costs are turning to creative solutions combining hardware consolidation, virtualization and remote access to meet and exceed performance, security, and availability requirements. The Operations Technology Facility (OTF) organization at the Johnson Space Center has been chartered to build and evaluate a parallel Mission Control infrastructure, replacing the existing, thick-client distributed computing model and network architecture with a data center model utilizing virtualization to provide the MCC Infrastructure as a Service. The OTF will design a replacement architecture for the Mission Control Facility, leveraging hardware consolidation through the use of blade servers, increasing utilization rates for compute platforms through virtualization while expanding connectivity options through the deployment of secure remote access. The architecture demonstrates the maturity of the technologies generally available in industry today and the ability to successfully abstract the tightly coupled relationship between thick-client software and legacy hardware into a hardware agnostic "Infrastructure as a Service" capability that can scale to meet future requirements of new space programs and spacecraft. This paper discusses the benefits and difficulties that a migration to cloud-based computing philosophies has uncovered when compared to the legacy Mission Control Center architecture. The team consists of system and software engineers with extensive experience with the MCC infrastructure and software currently used to support the International Space Station (ISS) and Space Shuttle program (SSP).

Science and Technology Resources on the Internet: Computer Security.

ERIC Educational Resources Information Center

Kinkus, Jane F.

2002-01-01

Discusses issues related to computer security, including confidentiality, integrity, and authentication or availability; and presents a selected list of Web sites that cover the basic issues of computer security under subject headings that include ethics, privacy, kids, antivirus, policies, cryptography, operating system security, and biometrics.…

Hacked E-mail

MedlinePlus

... Money & Credit Homes & Mortgages Health & Fitness Jobs & Making Money Privacy, Identity & Online Security Limiting Unwanted Calls and Emails Online Security "Free" Security Scans Computer Security Disposing of Old Computers ...

Computer Security Systems Enable Access.

ERIC Educational Resources Information Center

Riggen, Gary

1989-01-01

A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

Cloud computing in pharmaceutical R&D: business risks and mitigations.

PubMed

Geiger, Karl

2010-05-01

Cloud computing provides information processing power and business services, delivering these services over the Internet from centrally hosted locations. Major technology corporations aim to supply these services to every sector of the economy. Deploying business processes 'in the cloud' requires special attention to the regulatory and business risks assumed when running on both hardware and software that are outside the direct control of a company. The identification of risks at the correct service level allows a good mitigation strategy to be selected. The pharmaceutical industry can take advantage of existing risk management strategies that have already been tested in the finance and electronic commerce sectors. In this review, the business risks associated with the use of cloud computing are discussed, and mitigations achieved through knowledge from securing services for electronic commerce and from good IT practice are highlighted.

The research of computer network security and protection strategy

NASA Astrophysics Data System (ADS)

He, Jian

2017-05-01

With the widespread popularity of computer network applications, its security is also received a high degree of attention. Factors affecting the safety of network is complex, for to do a good job of network security is a systematic work, has the high challenge. For safety and reliability problems of computer network system, this paper combined with practical work experience, from the threat of network security, security technology, network some Suggestions and measures for the system design principle, in order to make the masses of users in computer networks to enhance safety awareness and master certain network security technology.

Advanced Simulation and Computing Business Plan

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rummel, E.

To maintain a credible nuclear weapons program, the National Nuclear Security Administration’s (NNSA’s) Office of Defense Programs (DP) needs to make certain that the capabilities, tools, and expert staff are in place and are able to deliver validated assessments. This requires a complete and robust simulation environment backed by an experimental program to test ASC Program models. This ASC Business Plan document encapsulates a complex set of elements, each of which is essential to the success of the simulation component of the Nuclear Security Enterprise. The ASC Business Plan addresses the hiring, mentoring, and retaining of programmatic technical staff responsiblemore » for building the simulation tools of the nuclear security complex. The ASC Business Plan describes how the ASC Program engages with industry partners—partners upon whom the ASC Program relies on for today’s and tomorrow’s high performance architectures. Each piece in this chain is essential to assure policymakers, who must make decisions based on the results of simulations, that they are receiving all the actionable information they need.« less

76 FR 7817 - Announcing Draft Federal Information Processing Standard 180-4, Secure Hash Standard, and Request...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-11

... before May 12, 2011. ADDRESSES: Written comments may be sent to: Chief, Computer Security Division... FURTHER INFORMATION CONTACT: Elaine Barker, Computer Security Division, National Institute of Standards... Quynh Dang, Computer Security Division, National Institute of Standards and Technology, Gaithersburg, MD...

Two Stage Sibling Cycle Compressor/Expander.

DTIC Science & Technology

1994-02-01

documents, follow the procedures in DoD 5200.22-M, Industrial Security Manual, Section 11-19 or DoD 5200.1 -R, Information Security Program Regulation...procedures in DoD 5200.22-M, Industrial Security Manual, Section 11-19 or DoD 5200.1-R, Information Security Program Regulation, Chapter IX. For...Spae Piston rotation periodically connects channels from expansion/ compresion ces to ports P1Port B2 Heat Exchangers B Piston moves Ports Process Al

A review of emerging non-volatile memory (NVM) technologies and applications

NASA Astrophysics Data System (ADS)

Chen, An

2016-11-01

This paper will review emerging non-volatile memory (NVM) technologies, with the focus on phase change memory (PCM), spin-transfer-torque random-access-memory (STTRAM), resistive random-access-memory (RRAM), and ferroelectric field-effect-transistor (FeFET) memory. These promising NVM devices are evaluated in terms of their advantages, challenges, and applications. Their performance is compared based on reported parameters of major industrial test chips. Memory selector devices and cell structures are discussed. Changing market trends toward low power (e.g., mobile, IoT) and data-centric applications create opportunities for emerging NVMs. High-performance and low-cost emerging NVMs may simplify memory hierarchy, introduce non-volatility in logic gates and circuits, reduce system power, and enable novel architectures. Storage-class memory (SCM) based on high-density NVMs could fill the performance and density gap between memory and storage. Some unique characteristics of emerging NVMs can be utilized for novel applications beyond the memory space, e.g., neuromorphic computing, hardware security, etc. In the beyond-CMOS era, emerging NVMs have the potential to fulfill more important functions and enable more efficient, intelligent, and secure computing systems.

DOE/DHS INDUSTRIAL CONTROL SYSTEM CYBER SECURITY PROGRAMS: A MODEL FOR USE IN NUCLEAR FACILITY SAFEGUARDS AND SECURITY

DOE Office of Scientific and Technical Information (OSTI.GOV)

Robert S. Anderson; Mark Schanfein; Trond Bjornard

2011-07-01

Many critical infrastructure sectors have been investigating cyber security issues for several years especially with the help of two primary government programs. The U.S. Department of Energy (DOE) National SCADA Test Bed and the U.S. Department of Homeland Security (DHS) Control Systems Security Program have both implemented activities aimed at securing the industrial control systems that operate the North American electric grid along with several other critical infrastructure sectors (ICS). These programs have spent the last seven years working with industry including asset owners, educational institutions, standards and regulating bodies, and control system vendors. The programs common mission is tomore » provide outreach, identification of cyber vulnerabilities to ICS and mitigation strategies to enhance security postures. The success of these programs indicates that a similar approach can be successfully translated into other sectors including nuclear operations, safeguards, and security. The industry regulating bodies have included cyber security requirements and in some cases, have incorporated sets of standards with penalties for non-compliance such as the North American Electric Reliability Corporation Critical Infrastructure Protection standards. These DOE and DHS programs that address security improvements by both suppliers and end users provide an excellent model for nuclear facility personnel concerned with safeguards and security cyber vulnerabilities and countermeasures. It is not a stretch to imagine complete surreptitious collapse of protection against the removal of nuclear material or even initiation of a criticality event as witnessed at Three Mile Island or Chernobyl in a nuclear ICS inadequately protected against the cyber threat.« less

Efficient Redundancy Techniques in Cloud and Desktop Grid Systems using MAP/G/c-type Queues

NASA Astrophysics Data System (ADS)

Chakravarthy, Srinivas R.; Rumyantsev, Alexander

2018-03-01

Cloud computing is continuing to prove its flexibility and versatility in helping industries and businesses as well as academia as a way of providing needed computing capacity. As an important alternative to cloud computing, desktop grids allow to utilize the idle computer resources of an enterprise/community by means of distributed computing system, providing a more secure and controllable environment with lower operational expenses. Further, both cloud computing and desktop grids are meant to optimize limited resources and at the same time to decrease the expected latency for users. The crucial parameter for optimization both in cloud computing and in desktop grids is the level of redundancy (replication) for service requests/workunits. In this paper we study the optimal replication policies by considering three variations of Fork-Join systems in the context of a multi-server queueing system with a versatile point process for the arrivals. For services we consider phase type distributions as well as shifted exponential and Weibull. We use both analytical and simulation approach in our analysis and report some interesting qualitative results.

Best Practices for the Security of Radioactive Materials

DOE Office of Scientific and Technical Information (OSTI.GOV)

Coulter, D.T.; Musolino, S.

2009-05-01

This work is funded under a grant provided by the US Department of Health and Human Services, Centers for Disease Control. The Department of Health and Mental Hygiene (DOHMH) awarded a contract to Brookhaven National Laboratory (BNL) to develop best practices guidance for Office of Radiological Health (ORH) licensees to increase on-site security to deter and prevent theft of radioactive materials (RAM). The purpose of this document is to describe best practices available to manage the security of radioactive materials in medical centers, hospitals, and research facilities. There are thousands of such facilities in the United States, and recent studiesmore » suggest that these materials may be vulnerable to theft or sabotage. Their malevolent use in a radiological-dispersion device (RDD), viz., a dirty bomb, can have severe environmental- and economic- impacts, the associated area denial, and potentially large cleanup costs, as well as other effects on the licensees and the public. These issues are important to all Nuclear Regulatory Commission and Agreement State licensees, and to the general public. This document outlines approaches for the licensees possessing these materials to undertake security audits to identify vulnerabilities in how these materials are stored or used, and to describe best practices to upgrade or enhance their security. Best practices can be described as the most efficient (least amount of effort/cost) and effective (best results) way of accomplishing a task and meeting an objective, based on repeatable procedures that have proven themselves over time for many people and circumstances. Best practices within the security industry include information security, personnel security, administrative security, and physical security. Each discipline within the security industry has its own 'best practices' that have evolved over time into common ones. With respect to radiological devices and radioactive-materials security, industry best practices encompass both physical security (hardware and engineering) and administrative procedures. Security regimes for these devices and materials typically use a defense-in-depth- or layered-security approach to eliminate single points of failure. The Department of Energy, the Department of Homeland Security, the Department of Defense, the American Society of Industrial Security (ASIS), the Security Industry Association (SIA) and Underwriters Laboratory (UL) all rovide design guidance and hardware specifications. With a graded approach, a physical-security specialist can tailor an integrated security-management system in the most appropriate cost-effective manner to meet the regulatory and non-regulatory requirements of the licensee or client.« less

78 FR 24161 - Bureau of Industry and Security

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-24

... of Industry and Security senior management. 4. Discussion on General Technology Note as it applies to.... Report of Composite Working Group and other working groups. 7. Report on regime-based activities. 8...

15 CFR 730.9 - Organization of the Bureau of Industry and Security.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Department's organizational and administrative orders are available via Office of Management and Organization... Strategic Industries and Economic Security, and the Office of Technology Evaluation. The functions of the...

77 FR 57072 - Proposed Information Collection; Comment Request; National Security and Critical Technology...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-17

... Request; National Security and Critical Technology Assessments of the U.S. Industrial Base AGENCY: Bureau... Federal agencies, conducts assessments of U.S. industrial base sectors deemed critical to U.S. national... needs of these critical market segments in order to maintain a strong U.S. industrial base. II. Method...

Secure key storage and distribution

DOEpatents

Agrawal, Punit

2015-06-02

This disclosure describes a distributed, fault-tolerant security system that enables the secure storage and distribution of private keys. In one implementation, the security system includes a plurality of computing resources that independently store private keys provided by publishers and encrypted using a single security system public key. To protect against malicious activity, the security system private key necessary to decrypt the publication private keys is not stored at any of the computing resources. Rather portions, or shares of the security system private key are stored at each of the computing resources within the security system and multiple security systems must communicate and share partial decryptions in order to decrypt the stored private key.

77 FR 70117 - Purchase of Certain Debt Securities by Business and Industrial Development Companies Relying on...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-23

... investment grade by at least one NRSRO and securities issued by registered open-end investment companies that... Investment Company Act will also limit a BIDCO's investments in registered open-end funds to those funds that... 3235-AL02 Purchase of Certain Debt Securities by Business and Industrial Development Companies Relying...

Quantum-Enhanced Cyber Security: Experimental Computation on Quantum-Encrypted Data

DTIC Science & Technology

2017-03-02

AFRL-AFOSR-UK-TR-2017-0020 Quantum-Enhanced Cyber Security: Experimental Computation on Quantum-Encrypted Data Philip Walther UNIVERSITT WIEN Final...REPORT TYPE Final 3. DATES COVERED (From - To) 15 Oct 2015 to 31 Dec 2016 4. TITLE AND SUBTITLE Quantum-Enhanced Cyber Security: Experimental Computation...FORM SF 298 Final Report for FA9550-1-6-1-0004 Quantum-enhanced cyber security: Experimental quantum computation with quantum-encrypted data

78 FR 1275 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-08

... Social Security Administration (Computer Matching Agreement 1071). SUMMARY: In accordance with the... of its new computer matching program with the Social Security Administration (SSA). DATES: OPM will... conditions under which SSA will disclose Social Security benefit data to OPM via direct computer link. OPM...

77 FR 32709 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Homeland Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-01

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0089] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Homeland Security (DHS))--Match Number 1010 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching program that...

FAA computer security : recommendations to address continuing weaknesses

DOT National Transportation Integrated Search

2000-12-01

In September, testimony before the Committee on Science, House of Representatives, focused on the Federal Aviation Administration's (FAA) computer security program. In brief, we reported that FAA's agency-wide computer security program has serious, p...

15 CFR Appendix I to Part 700 - Form BIS-999-Request for Special Priorities Assistance

Code of Federal Regulations, 2010 CFR

2010-01-01

... and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS DEFENSE PRIORITIES AND ALLOCATIONS SYSTEM Pt. 700, App. I Appendix I...

An analysis of United States K-12 stem education versus STEM workforce at the dawn of the digital revolution

NASA Astrophysics Data System (ADS)

Cataldo, Franca

The world is at the dawn of a third industrial revolution, the digital revolution, that brings great changes the world over. Today, computing devices, the Internet, and the World Wide Web are vital technology tools that affect every aspect of everyday life and success. While computing technologies offer enormous benefits, there are equally enormous safety and security risks that have been growing exponentially since they became widely available to the public in 1994. Cybercriminals are increasingly implementing sophisticated and serious hack attacks and breaches upon our nation's government, financial institutions, organizations, communities, and private citizens. There is a great need for computer scientists to carry America's innovation and economic growth forward and for cybersecurity professionals to keep our nation safe from criminal hacking. In this digital age, computer science and cybersecurity are essential foundational ingredients of technological innovation, economic growth, and cybersecurity that span all industries. Yet, America's K-12 education institutions are not teaching the computer science and cybersecurity skills required to produce a technologically-savvy 21st century workforce. Education is the key to preparing students to enter the workforce and, therefore, American K-12 STEM education must be reformed to accommodate the teachings required in the digital age. Keywords: Cybersecurity Education, Cybersecurity Education Initiatives, Computer Science Education, Computer Science Education Initiatives, 21 st Century K-12 STEM Education Reform, 21st Century Digital Literacies, High-Tech Innovative Problem-Solving Skills, 21st Century Digital Workforce, Standardized Testing, Foreign Language and Culture Studies, Utica College, Professor Chris Riddell.

Security model for VM in cloud

NASA Astrophysics Data System (ADS)

Kanaparti, Venkataramana; Naveen K., R.; Rajani, S.; Padmvathamma, M.; Anitha, C.

2013-03-01

Cloud computing is a new approach emerged to meet ever-increasing demand for computing resources and to reduce operational costs and Capital Expenditure for IT services. As this new way of computation allows data and applications to be stored away from own corporate server, it brings more issues in security such as virtualization security, distributed computing, application security, identity management, access control and authentication. Even though Virtualization forms the basis for cloud computing it poses many threats in securing cloud. As most of Security threats lies at Virtualization layer in cloud we proposed this new Security Model for Virtual Machine in Cloud (SMVC) in which every process is authenticated by Trusted-Agent (TA) in Hypervisor as well as in VM. Our proposed model is designed to with-stand attacks by unauthorized process that pose threat to applications related to Data Mining, OLAP systems, Image processing which requires huge resources in cloud deployed on one or more VM's.

Seven layers of security to help protect biomedical research facilities.

PubMed

Mortell, Norman

2010-04-01

In addition to risks such as theft and fire that can confront any type of business, the biomedical research community often faces additional concerns over animal rights extremists, infiltrations, data security and intellectual property rights. Given these concerns, it is not surprising that the industry gives a high priority to security. This article identifies security threats faced by biomedical research companies and shows how these threats are ranked in importance by industry stakeholders. The author then goes on to discuss seven key 'layers' of security, from the external environment to the research facility itself, and how these layers all contribute to the creation of a successfully secured facility.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bates, T.R. Jr.; Tait, S.; Mumford, G.

The authors discuss how improvements that can increase rig safety can be made in equipment, regulations, and stabilized personnel levels. With regard to equipment, exposure to material handling must be reduced through automation, and well-control technology must be improved by enhanced use of computers and better systems to handle gas. According to this analysis, regulations are needed that are global in scope and have had their costs-to-benefits fully and fairly assessed. Self regulation must be used effectively throughout the industry. Job security and wages should be made adequate to maintain an experienced, motivated, and safe work force.

17 CFR 229.1201 - (Item 1201) General instructions to oil and gas industry-specific disclosures.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 2 2013-04-01 2013-04-01 false (Item 1201) General instructions to oil and gas industry-specific disclosures. 229.1201 Section 229.1201 Commodity and Securities... instructions to oil and gas industry-specific disclosures. (a) If oil and gas producing activities are material...

17 CFR 229.1201 - (Item 1201) General instructions to oil and gas industry-specific disclosures.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 2 2012-04-01 2012-04-01 false (Item 1201) General instructions to oil and gas industry-specific disclosures. 229.1201 Section 229.1201 Commodity and Securities... instructions to oil and gas industry-specific disclosures. (a) If oil and gas producing activities are material...

Smart Power Infrastructure Demonstration for Energy Reliability and Security (SPIDERS)

DTIC Science & Technology

2012-05-01

protect, and secure the United States and its interests. • AOF is the United States, Alaska, Canada, Mexico, Bahamas, Puerto Rico , and the U.S. Virgin...Criteria (UFC) for Smart Microgrid Cyber design guides for Industrial Control Systems (ICS) Residual systems Operations and Maintenance Operator...Training Sustainment Commercial Transition Cooperation with NIST for microgrid security standards Working with industry associations and

The cyber security threat stops in the boardroom.

PubMed

Scully, Tim

The attitude that 'it won't happen to me' still prevails in the boardrooms of industry when senior executives consider the threat of targeted cyber intrusions. Not much has changed in the commercial world of cyber security over the past few years; hackers are not being challenged to find new ways to steal companies' intellectual property and confidential information. The consequences of even major security breaches seem not to be felt by the leaders of victim companies. Why is this so? Surely IT security practitioners are seeking new ways to detect and prevent targeted intrusions into companies' networks? Are the consequences of targeted intrusions so insignificant that the captains of industry tolerate them? Or do only others feel the pain of their failure? This paper initially explores the failure of cyber security in industry and contends that, while industry leaders should not be alone in accepting responsibility for this failure, they must take the initiative to make life harder for cyber threat actors. They cannot wait for government leadership on policy, strategy or coordination. The paper then suggests some measures that a CEO can adopt to build a new corporate approach to cyber security.

Close the Gate, Lock the Windows, Bolt the Doors: Securing Library Computers. Online Treasures

ERIC Educational Resources Information Center

Balas, Janet

2005-01-01

This article, written by a systems librarian at the Monroeville Public Library, discusses a major issue affecting all computer users, security. It indicates that while, staying up-to-date on the latest security issues has become essential for all computer users, it's more critical for network managers who are responsible for securing computer…

Developing a computer security training program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

1990-01-01

We all know that training can empower the computer protection program. However, pushing computer security information outside the computer security organization into the rest of the company is often labeled as an easy project or a dungeon full of dragons. Used in part or whole, the strategy offered in this paper may help the developer of a computer security training program ward off dragons and create products and services. The strategy includes GOALS (what the result of training will be), POINTERS (tips to ensure survival), and STEPS (products and services as a means to accomplish the goals).

Cyber physical systems based on cloud computing and internet of things for energy efficiency

NASA Astrophysics Data System (ADS)

Suciu, George; Butca, Cristina; Suciu, Victor; Cretu, Alexandru; Fratu, Octavian

2016-12-01

Cyber Physical Systems (CPS) and energy efficiency play a major role in the context of industry expansion. Management practices for improving efficiency in the field of energy consumption became a priority of many major industries who are inefficient in terms of exploitation costs. The effort of adopting energy management means in an organization is quite challenging due to the lack of resources and expertise. One major problem consists in the lack of knowledge for energy management and practices. This paper aims to present authors' concept in creating a Cyber Physical Energy System (CPES) that will change organizations' way of consuming energy, by making them aware of their use. The presented concept will consider the security of the whole system and the easy integration with the existing electric network infrastructure.

6 CFR 13.27 - Computation of time.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Computation of time. 13.27 Section 13.27 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROGRAM FRAUD CIVIL REMEDIES § 13.27 Computation of time. (a) In computing any period of time under this part or in an order issued...

Reviews on Security Issues and Challenges in Cloud Computing

NASA Astrophysics Data System (ADS)

An, Y. Z.; Zaaba, Z. F.; Samsudin, N. F.

2016-11-01

Cloud computing is an Internet-based computing service provided by the third party allowing share of resources and data among devices. It is widely used in many organizations nowadays and becoming more popular because it changes the way of how the Information Technology (IT) of an organization is organized and managed. It provides lots of benefits such as simplicity and lower costs, almost unlimited storage, least maintenance, easy utilization, backup and recovery, continuous availability, quality of service, automated software integration, scalability, flexibility and reliability, easy access to information, elasticity, quick deployment and lower barrier to entry. While there is increasing use of cloud computing service in this new era, the security issues of the cloud computing become a challenges. Cloud computing must be safe and secure enough to ensure the privacy of the users. This paper firstly lists out the architecture of the cloud computing, then discuss the most common security issues of using cloud and some solutions to the security issues since security is one of the most critical aspect in cloud computing due to the sensitivity of user's data.

Information Systems, Security, and Privacy.

ERIC Educational Resources Information Center

Ware, Willis H.

1984-01-01

Computer security and computer privacy issues are discussed. Among the areas addressed are technical and human security threats, security and privacy issues for information in electronic mail systems, the need for a national commission to examine these issues, and security/privacy issues relevant to colleges and universities. (JN)

Intelligent cloud computing security using genetic algorithm as a computational tools

NASA Astrophysics Data System (ADS)

Razuky AL-Shaikhly, Mazin H.

2018-05-01

An essential change had occurred in the field of Information Technology which represented with cloud computing, cloud giving virtual assets by means of web yet awesome difficulties in the field of information security and security assurance. Currently main problem with cloud computing is how to improve privacy and security for cloud “cloud is critical security”. This paper attempts to solve cloud security by using intelligent system with genetic algorithm as wall to provide cloud data secure, all services provided by cloud must detect who receive and register it to create list of users (trusted or un-trusted) depend on behavior. The execution of present proposal has shown great outcome.

Optical Verification Laboratory Demonstration System for High Security Identification Cards

NASA Technical Reports Server (NTRS)

Javidi, Bahram

1997-01-01

Document fraud including unauthorized duplication of identification cards and credit cards is a serious problem facing the government, banks, businesses, and consumers. In addition, counterfeit products such as computer chips, and compact discs, are arriving on our shores in great numbers. With the rapid advances in computers, CCD technology, image processing hardware and software, printers, scanners, and copiers, it is becoming increasingly easy to reproduce pictures, logos, symbols, paper currency, or patterns. These problems have stimulated an interest in research, development and publications in security technology. Some ID cards, credit cards and passports currently use holograms as a security measure to thwart copying. The holograms are inspected by the human eye. In theory, the hologram cannot be reproduced by an unauthorized person using commercially-available optical components; in practice, however, technology has advanced to the point where the holographic image can be acquired from a credit card-photographed or captured with by a CCD camera-and a new hologram synthesized using commercially-available optical components or hologram-producing equipment. Therefore, a pattern that can be read by a conventional light source and a CCD camera can be reproduced. An optical security and anti-copying device that provides significant security improvements over existing security technology was demonstrated. The system can be applied for security verification of credit cards, passports, and other IDs so that they cannot easily be reproduced. We have used a new scheme of complex phase/amplitude patterns that cannot be seen and cannot be copied by an intensity-sensitive detector such as a CCD camera. A random phase mask is bonded to a primary identification pattern which could also be phase encoded. The pattern could be a fingerprint, a picture of a face, or a signature. The proposed optical processing device is designed to identify both the random phase mask and the primary pattern [1-3]. We have demonstrated experimentally an optical processor for security verification of objects, products, and persons. This demonstration is very important to encourage industries to consider the proposed system for research and development.

75 FR 38595 - Guidance to States Regarding Driver History Record Information Security, Continuity of Operation...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-02

... Standards and Technology's (NIST) Computer Security Division maintains a Computer Security Resource Center... Regarding Driver History Record Information Security, Continuity of Operation Planning, and Disaster... (SDLAs) to support their efforts at maintaining the security of information contained in the driver...

48 CFR 4.402 - General.

Code of Federal Regulations, 2010 CFR

2010-10-01

..., January 6, 1993 (58 FR 3479, January 8, 1993), entitled “National Industrial Security Program” (NISP... National Industrial Security Program Operating Manual (NISPOM) incorporates the requirements of these... Central Intelligence, is responsible for issuance and maintenance of this Manual. The following DOD...

12 CFR 225.125 - Investment adviser activities.

Code of Federal Regulations, 2012 CFR

2012-01-01

... Court has upheld that determination. See Securities Industry Ass'n v. Board of Governors, 468 U.S. 207 (1984); see also Securities Industry Ass'n v. Board of Governors, 821 F.2d 810 (D.C. Cir. 1987), cert...

12 CFR 225.125 - Investment adviser activities.

Code of Federal Regulations, 2013 CFR

2013-01-01

... Court has upheld that determination. See Securities Industry Ass'n v. Board of Governors, 468 U.S. 207 (1984); see also Securities Industry Ass'n v. Board of Governors, 821 F.2d 810 (D.C. Cir. 1987), cert...

12 CFR 225.125 - Investment adviser activities.

Code of Federal Regulations, 2014 CFR

2014-01-01

... Court has upheld that determination. See Securities Industry Ass'n v. Board of Governors, 468 U.S. 207 (1984); see also Securities Industry Ass'n v. Board of Governors, 821 F.2d 810 (D.C. Cir. 1987), cert...

75 FR 43486 - Proposed Information Collection; Comment Request; Special Comprehensive License

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-26

... DEPARTMENT OF COMMERCE Bureau of Industry and Security Proposed Information Collection; Comment Request; Special Comprehensive License AGENCY: Bureau of Industry and Security, Commerce ACTION: Notice....gov . SUPPLEMENTARY INFORMATION: I. Abstract The Special Comprehensive License (SCL) procedure...

Benefits of cloud computing for PACS and archiving.

PubMed

Koch, Patrick

2012-01-01

The goal of cloud-based services is to provide easy, scalable access to computing resources and IT services. The healthcare industry requires a private cloud that adheres to government mandates designed to ensure privacy and security of patient data while enabling access by authorized users. Cloud-based computing in the imaging market has evolved from a service that provided cost effective disaster recovery for archived data to fully featured PACS and vendor neutral archiving services that can address the needs of healthcare providers of all sizes. Healthcare providers worldwide are now using the cloud to distribute images to remote radiologists while supporting advanced reading tools, deliver radiology reports and imaging studies to referring physicians, and provide redundant data storage. Vendor managed cloud services eliminate large capital investments in equipment and maintenance, as well as staffing for the data center--creating a reduction in total cost of ownership for the healthcare provider.

The European computer model for optronic system performance prediction (ECOMOS)

NASA Astrophysics Data System (ADS)

Repasi, Endre; Bijl, Piet; Labarre, Luc; Wittenstein, Wolfgang; Bürsing, Helge

2017-05-01

ECOMOS is a multinational effort within the framework of an EDA Project Arrangement. Its aim is to provide a generally accepted and harmonized European computer model for computing nominal Target Acquisition (TA) ranges of optronic imagers operating in the Visible or thermal Infrared (IR). The project involves close co-operation of defence and security industry and public research institutes from France, Germany, Italy, The Netherlands and Sweden. ECOMOS uses and combines well-accepted existing European tools to build up a strong competitive position. This includes two TA models: the analytical TRM4 model and the image-based TOD model. In addition, it uses the atmosphere model MATISSE. In this paper, the central idea of ECOMOS is exposed. The overall software structure and the underlying models are shown and elucidated. The status of the project development is given as well as a short outlook on validation tests and the future potential of simulation for sensor assessment.

Restricted access processor - An application of computer security technology

NASA Technical Reports Server (NTRS)

Mcmahon, E. M.

1985-01-01

This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

Process Security in Chemical Engineering Education

ERIC Educational Resources Information Center

Piluso, Cristina; Uygun, Korkut; Huang, Yinlun; Lou, Helen H.

2005-01-01

The threats of terrorism have greatly alerted the chemical process industries to assure plant security at all levels: infrastructure-improvement-focused physical security, information-protection-focused cyber security, and design-and-operation-improvement-focused process security. While developing effective plant security methods and technologies…

OPSAID Initial Design and Testing Report.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hurd, Steven A.; Stamp, Jason Edwin; Chavez, Adrian R.

2007-11-01

Process Control System (PCS) security is critical to our national security. Yet, there are a number of technological, economic, and educational impediments to PCS owners implementing effective security on their systems. OPSAID (Open PCS Security Architecture for Interoperable Design), a project sponsored by the US Department of Energy's Office of Electricity Delivery and Reliability, aims to address this issue through developing and testing an open source architecture for PCS security. Sandia National Laboratories, along with a team of PCS vendors and owners, have developed and tested this PCS security architecture. This report describes their progress to date.2 AcknowledgementsThe authors acknowledgemore » and thank their colleagues for their assistance with the OPSAID project.Sandia National Laboratories: Alex Berry, Charles Perine, Regis Cassidy, Bryan Richardson, Laurence PhillipsTeumim Technical, LLC: Dave TeumimIn addition, the authors are greatly indebted to the invaluable help of the members of the OPSAID Core Team. Their assistance has been critical to the success and industry acceptance of the OPSAID project.Schweitzer Engineering Laboratory: Rhett Smith, Ryan Bradetich, Dennis GammelTelTone: Ori Artman Entergy: Dave Norton, Leonard Chamberlin, Mark AllenThe authors would like to acknowledge that the work that produced the results presented in this paper was funded by the U.S. Department of Energy/Office of Electricity Delivery and Energy Reliability (DOE/OE) as part of the National SCADA Test Bed (NSTB) Program. Executive SummaryProcess control systems (PCS) are very important for critical infrastructure and manufacturing operations, yet cyber security technology in PCS is generally poor. The OPSAID (Open PCS (Process Control System) Security Architecture for Interoperable Design) program is intended to address these security shortcomings by accelerating the availability and deployment of comprehensive security technology for PCS, both for existing PCS and inherently secure PCS in the future. All activities are closely linked to industry outreach and advisory efforts.Generally speaking, the OPSAID project is focused on providing comprehensive security functionality to PCS that communicate using IP. This is done through creating an interoperable PCS security architecture and developing a reference implementation, which is tested extensively for performance and reliability.This report first provides background on the PCS security problem and OPSAID, followed by goals and objectives of the project. The report also includes an overview of the results, including the OPSAID architecture and testing activities, along with results from industry outreach activities. Conclusion and recommendation sections follow. Finally, a series of appendices provide more detailed information regarding architecture and testing activities.Summarizing the project results, the OPSAID architecture was defined, which includes modular security functionality and corresponding component modules. The reference implementation, which includes the collection of component modules, was tested extensively and proved to provide more than acceptable performance in a variety of test scenarios. The primary challenge in implementation and testing was correcting initial configuration errors.OPSAID industry outreach efforts were very successful. A small group of industry partners were extensively involved in both the design and testing of OPSAID. Conference presentations resulted in creating a larger group of potential industry partners.Based upon experience implementing and testing OPSAID, as well as through collecting industry feedback, the OPSAID project has done well and is well received. Recommendations for future work include further development of advanced functionality, refinement of interoperability guidance, additional laboratory and field testing, and industry outreach that includes PCS owner education. 4 5 --This page intentionally left blank --« less

Proposal for a Security Management in Cloud Computing for Health Care

PubMed Central

Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources. PMID:24701137

Proposal for a security management in cloud computing for health care.

PubMed

Haufe, Knut; Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.

Overview of Computer Security Certification and Accreditation. Final Report.

ERIC Educational Resources Information Center

Ruthberg, Zella G.; Neugent, William

Primarily intended to familiarize ADP (automatic data processing) policy and information resource managers with the approach to computer security certification and accreditation found in "Guideline to Computer Security Certification and Accreditation," Federal Information Processing Standards Publications (FIPS-PUB) 102, this overview…

Visualization Tools for Teaching Computer Security

ERIC Educational Resources Information Center

Yuan, Xiaohong; Vega, Percy; Qadah, Yaseen; Archer, Ricky; Yu, Huiming; Xu, Jinsheng

2010-01-01

Using animated visualization tools has been an important teaching approach in computer science education. We have developed three visualization and animation tools that demonstrate various information security concepts and actively engage learners. The information security concepts illustrated include: packet sniffer and related computer network…

Crowd Sensing-Enabling Security Service Recommendation for Social Fog Computing Systems

PubMed Central

Wu, Jun; Su, Zhou; Li, Jianhua

2017-01-01

Fog computing, shifting intelligence and resources from the remote cloud to edge networks, has the potential of providing low-latency for the communication from sensing data sources to users. For the objects from the Internet of Things (IoT) to the cloud, it is a new trend that the objects establish social-like relationships with each other, which efficiently brings the benefits of developed sociality to a complex environment. As fog service become more sophisticated, it will become more convenient for fog users to share their own services, resources, and data via social networks. Meanwhile, the efficient social organization can enable more flexible, secure, and collaborative networking. Aforementioned advantages make the social network a potential architecture for fog computing systems. In this paper, we design an architecture for social fog computing, in which the services of fog are provisioned based on “friend” relationships. To the best of our knowledge, this is the first attempt at an organized fog computing system-based social model. Meanwhile, social networking enhances the complexity and security risks of fog computing services, creating difficulties of security service recommendations in social fog computing. To address this, we propose a novel crowd sensing-enabling security service provisioning method to recommend security services accurately in social fog computing systems. Simulation results show the feasibilities and efficiency of the crowd sensing-enabling security service recommendation method for social fog computing systems. PMID:28758943

Crowd Sensing-Enabling Security Service Recommendation for Social Fog Computing Systems.

PubMed

Wu, Jun; Su, Zhou; Wang, Shen; Li, Jianhua

2017-07-30

Fog computing, shifting intelligence and resources from the remote cloud to edge networks, has the potential of providing low-latency for the communication from sensing data sources to users. For the objects from the Internet of Things (IoT) to the cloud, it is a new trend that the objects establish social-like relationships with each other, which efficiently brings the benefits of developed sociality to a complex environment. As fog service become more sophisticated, it will become more convenient for fog users to share their own services, resources, and data via social networks. Meanwhile, the efficient social organization can enable more flexible, secure, and collaborative networking. Aforementioned advantages make the social network a potential architecture for fog computing systems. In this paper, we design an architecture for social fog computing, in which the services of fog are provisioned based on "friend" relationships. To the best of our knowledge, this is the first attempt at an organized fog computing system-based social model. Meanwhile, social networking enhances the complexity and security risks of fog computing services, creating difficulties of security service recommendations in social fog computing. To address this, we propose a novel crowd sensing-enabling security service provisioning method to recommend security services accurately in social fog computing systems. Simulation results show the feasibilities and efficiency of the crowd sensing-enabling security service recommendation method for social fog computing systems.

Maritime security report number 1. August 1995

DOT National Transportation Integrated Search

1995-08-01

Maritime Security Reports are unclassified periodic publications prepared to inform the commercial maritime industry, senior Maritime Administration officials, the Secretary of Transportation's Office of Intelligence and Security, and the Security Su...

Security enhancement study for the U.S. motorcoach industry : executive summary

DOT National Transportation Integrated Search

2003-05-01

The Security Enhancement Study for the U.S. Motorcoach Industry was commissioned by the Federal Motor Carrier Safety Administration (FMCSA) and conducted by the John A. Volpe National Transportation Systems Center (Volpe Center). It was prepared to i...

78 FR 41032 - Proposed Information Collection; Comment Request; Special Comprehensive License

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-09

... DEPARTMENT OF COMMERCE Bureau of Industry and Security Proposed Information Collection; Comment Request; Special Comprehensive License AGENCY: Bureau of Industry and Security. ACTION: Notice. [email protected] . SUPPLEMENTARY INFORMATION: I. Abstract The Special Comprehensive License (SCL) procedure...

Additional Security Considerations for Grid Management

NASA Technical Reports Server (NTRS)

Eidson, Thomas M.

2003-01-01

The use of Grid computing environments is growing in popularity. A Grid computing environment is primarily a wide area network that encompasses multiple local area networks, where some of the local area networks are managed by different organizations. A Grid computing environment also includes common interfaces for distributed computing software so that the heterogeneous set of machines that make up the Grid can be used more easily. The other key feature of a Grid is that the distributed computing software includes appropriate security technology. The focus of most Grid software is on the security involved with application execution, file transfers, and other remote computing procedures. However, there are other important security issues related to the management of a Grid and the users who use that Grid. This note discusses these additional security issues and makes several suggestions as how they can be managed.

Preaching What We Practice: Teaching Ethical Decision-Making to Computer Security Professionals

NASA Astrophysics Data System (ADS)

Fleischmann, Kenneth R.

The biggest challenge facing computer security researchers and professionals is not learning how to make ethical decisions; rather it is learning how to recognize ethical decisions. All too often, technology development suffers from what Langdon Winner terms technological somnambulism - we sleepwalk through our technology design, following past precedents without a second thought, and fail to consider the perspectives of other stakeholders [1]. Computer security research and practice involves a number of opportunities for ethical decisions. For example, decisions about whether or not to automatically provide security updates involve tradeoffs related to caring versus user autonomy. Decisions about online voting include tradeoffs between convenience and security. Finally, decisions about routinely screening e-mails for spam involve tradeoffs of efficiency and privacy. It is critical that these and other decisions facing computer security researchers and professionals are confronted head on as value-laden design decisions, and that computer security researchers and professionals consider the perspectives of various stakeholders in making these decisions.

Quality and security - They work together

NASA Technical Reports Server (NTRS)

Carr, Richard; Tynan, Marie; Davis, Russell

1991-01-01

This paper describes the importance of considering computer security as part of software quality assurance practice. The intended audience is primarily those professionals involved in the design, development, and quality assurance of software. Many issues are raised which point to the need ultimately for integration of quality assurance and computer security disciplines. To address some of the issues raised, the NASA Automated Information Security program is presented as a model which may be used for improving interactions between the quality assurance and computer security community of professionals.

78 FR 15734 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0010] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and... computer matching program between the Department of Homeland Security/U.S. Citizenship and Immigration...

78 FR 15733 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0008] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and... computer matching program between the Department of Homeland Security/U.S. Citizenship and Immigration...

FAA computer security : concerns remain due to personnel and other continuing weaknesses

DOT National Transportation Integrated Search

2000-08-01

FAA has a history of computer security weaknesses in a number of areas, including its physical security management at facilities that house air traffic control (ATC) systems, systems security for both operational and future systems, management struct...

77 FR 12623 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-01

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National... Information Security Oversight Office no later than Friday, March 16, 2012. The Information Security Oversight... FURTHER INFORMATION CONTACT: David O. Best, Senior Program Analyst, The Information Security Oversight...

78 FR 38724 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-27

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0006] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and... Agreement that establishes a computer matching program between the Department of Homeland Security/U.S...

15 CFR 30.5 - Electronic Export Information filing application and certification processes and standards.

Code of Federal Regulations, 2014 CFR

2014-01-01

... Census Bureau's Foreign Trade Division Computer Security Officer and refrain from using AESDirect until... Bureau's Foreign Trade Division Computer Security Officer that the company's computer systems accessing... threat to national security interests such that its participation in postdeparture filing should be...

15 CFR 30.5 - Electronic Export Information filing application and certification processes and standards.

Code of Federal Regulations, 2012 CFR

2012-01-01

... Census Bureau's Foreign Trade Division Computer Security Officer and refrain from using AESDirect until... Bureau's Foreign Trade Division Computer Security Officer that the company's computer systems accessing... threat to national security interests such that its participation in postdeparture filing should be...

15 CFR 30.5 - Electronic Export Information filing application and certification processes and standards.

Code of Federal Regulations, 2013 CFR

2013-01-01

... Census Bureau's Foreign Trade Division Computer Security Officer and refrain from using AESDirect until... Bureau's Foreign Trade Division Computer Security Officer that the company's computer systems accessing... threat to national security interests such that its participation in postdeparture filing should be...

75 FR 18841 - Office for Civil Rights; Privacy Act of 1974, Amended System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-13

... Privacy Act of 1974, Federal Information Security Management Act of 2002, Computer Security Act of 1987... 1974, Federal Information Security Management Act of 2002, Computer Security Act of 1987, the Paperwork... Oversight, the Chair of the Senate Committee on Homeland Security and Governmental Affairs, and the...

15 CFR 701.4 - Procedures.

Code of Federal Regulations, 2013 CFR

2013-01-01

... INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS REPORTING OF OFFSETS AGREEMENTS IN SALES OF WEAPON SYSTEMS OR DEFENSE-RELATED ITEMS TO FOREIGN COUNTRIES OR FOREIGN FIRMS § 701.4 Procedures. (a) Reporting period. The Department of Commerce publishes a notice in the...

15 CFR 700.81 - Appeals.

Code of Federal Regulations, 2010 CFR

2010-01-01

... INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS DEFENSE..., or other relevant information and documents available to the Department of Commerce, or consult with... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false Appeals. 700.81 Section 700.81...

15 CFR 700.60 - General provisions.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false General provisions. 700.60 Section 700.60 Commerce and Foreign Trade Regulations Relating to Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS...

15 CFR 700.62 - Directives.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false Directives. 700.62 Section 700.62 Commerce and Foreign Trade Regulations Relating to Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS DEFENSE...

15 CFR 700.61 - Rating Authorizations.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false Rating Authorizations. 700.61 Section 700.61 Commerce and Foreign Trade Regulations Relating to Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS...

15 CFR 700.70 - General provisions.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false General provisions. 700.70 Section 700.70 Commerce and Foreign Trade Regulations Relating to Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS...

15 CFR 701.5 - Confidentiality.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false Confidentiality. 701.5 Section 701.5 Commerce and Foreign Trade Regulations Relating to Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS REPORTING OF...

15 CFR 701.4 - Procedures.

Code of Federal Regulations, 2014 CFR

2014-01-01

... INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS REPORTING OF OFFSETS AGREEMENTS IN SALES OF WEAPON SYSTEMS OR DEFENSE-RELATED ITEMS TO FOREIGN COUNTRIES OR FOREIGN FIRMS § 701.4 Procedures. (a) Reporting period. The Department of Commerce publishes a notice in the...

15 CFR 701.4 - Procedures.

Code of Federal Regulations, 2012 CFR

2012-01-01

... INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS REPORTING OF OFFSETS AGREEMENTS IN SALES OF WEAPON SYSTEMS OR DEFENSE-RELATED ITEMS TO FOREIGN COUNTRIES OR FOREIGN FIRMS § 701.4 Procedures. (a) Reporting period. The Department of Commerce publishes a notice in the...

15 CFR 701.4 - Procedures.

Code of Federal Regulations, 2011 CFR

2011-01-01

... INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS REPORTING OF OFFSETS AGREEMENTS IN SALES OF WEAPON SYSTEMS OR DEFENSE-RELATED ITEMS TO FOREIGN COUNTRIES OR FOREIGN FIRMS § 701.4 Procedures. (a) Reporting period. The Department of Commerce publishes a notice in the...

Challenges and Security in Cloud Computing

NASA Astrophysics Data System (ADS)

Chang, Hyokyung; Choi, Euiin

People who live in this world want to solve any problems as they happen then. An IT technology called Ubiquitous computing should help the situations easier and we call a technology which makes it even better and powerful cloud computing. Cloud computing, however, is at the stage of the beginning to implement and use and it faces a lot of challenges in technical matters and security issues. This paper looks at the cloud computing security.

Physics through the 1990s: Scientific interfaces and technological applications

NASA Technical Reports Server (NTRS)

1986-01-01

The volume examines the scientific interfaces and technological applications of physics. Twelve areas are dealt with: biological physics-biophysics, the brain, and theoretical biology; the physics-chemistry interface-instrumentation, surfaces, neutron and synchrotron radiation, polymers, organic electronic materials; materials science; geophysics-tectonics, the atmosphere and oceans, planets, drilling and seismic exploration, and remote sensing; computational physics-complex systems and applications in basic research; mathematics-field theory and chaos; microelectronics-integrated circuits, miniaturization, future trends; optical information technologies-fiber optics and photonics; instrumentation; physics applications to energy needs and the environment; national security-devices, weapons, and arms control; medical physics-radiology, ultrasonics, MNR, and photonics. An executive summary and many chapters contain recommendations regarding funding, education, industry participation, small-group university research and large facility programs, government agency programs, and computer database needs.

20 CFR 229.65 - Initial reduction.

Code of Federal Regulations, 2010 CFR

2010-04-01

... wage (see § 225.2 of this chapter) used to compute the DIB O/M under the Social Security Act rules... that exceed the maximum used in computing social security benefits) for the 5 consecutive years after... earnings that exceed the maximum used in computing social security benefits) for the year of highest...

A Computational Model and Multi-Agent Simulation for Information Assurance

DTIC Science & Technology

2002-06-01

Podell , Information Security: an Integrated Collection of Essays, IEEE Computer Society Press, Los Alamitos, CA, 1994. Brinkley, D. L. and Schell, R...R., “What is There to Worry About? An Introduction to the Computer Security Problem,” ed. Abrams and Jajodia and Podell , Information Security: an

Distributed intrusion detection system based on grid security model

NASA Astrophysics Data System (ADS)

Su, Jie; Liu, Yahui

2008-03-01

Grid computing has developed rapidly with the development of network technology and it can solve the problem of large-scale complex computing by sharing large-scale computing resource. In grid environment, we can realize a distributed and load balance intrusion detection system. This paper first discusses the security mechanism in grid computing and the function of PKI/CA in the grid security system, then gives the application of grid computing character in the distributed intrusion detection system (IDS) based on Artificial Immune System. Finally, it gives a distributed intrusion detection system based on grid security system that can reduce the processing delay and assure the detection rates.

15 CFR 700.91 - Records and reports.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false Records and reports. 700.91 Section 700.91 Commerce and Foreign Trade Regulations Relating to Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS...

77 FR 25133 - Order Temporarily Denying Export Privileges

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-27

... DEPARTMENT OF COMMERCE Bureau of Industry and Security Order Temporarily Denying Export Privileges... Section 766.24 of the Export Administration Regulations (``EAR'' or the ``Regulations''),\\1\\ the Bureau of Industry and Security (``BIS''), U.S. Department of Commerce, through its Office of Export Enforcement...

15 CFR 700.90 - Protection against claims.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false Protection against claims. 700.90 Section 700.90 Commerce and Foreign Trade Regulations Relating to Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS...

15 CFR 701.3 - Applicability and scope.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false Applicability and scope. 701.3 Section 701.3 Commerce and Foreign Trade Regulations Relating to Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS...

76 FR 23971 - Proposed Information Collection; Comment Request; Competitive Enhancement Needs Assessment Survey...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-29

... DEPARTMENT OF COMMERCE Bureau of Industry and Security Proposed Information Collection; Comment Request; Competitive Enhancement Needs Assessment Survey Program AGENCY: Bureau of Industry and Security... their abilities to meet defense program needs. The information collected from voluntary surveys will be...

15 CFR 700.53 - Criteria for assistance.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 15 Commerce and Foreign Trade 2 2012-01-01 2012-01-01 false Criteria for assistance. 700.53 Section 700.53 Commerce and Foreign Trade Regulations Relating to Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS...

15 CFR 700.53 - Criteria for assistance.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 15 Commerce and Foreign Trade 2 2013-01-01 2013-01-01 false Criteria for assistance. 700.53 Section 700.53 Commerce and Foreign Trade Regulations Relating to Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS...

15 CFR 700.53 - Criteria for assistance.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 15 Commerce and Foreign Trade 2 2011-01-01 2011-01-01 false Criteria for assistance. 700.53 Section 700.53 Commerce and Foreign Trade Regulations Relating to Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS...

15 CFR 700.53 - Criteria for assistance.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 15 Commerce and Foreign Trade 2 2014-01-01 2014-01-01 false Criteria for assistance. 700.53 Section 700.53 Commerce and Foreign Trade Regulations Relating to Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS...

15 CFR 700.53 - Criteria for assistance.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false Criteria for assistance. 700.53 Section 700.53 Commerce and Foreign Trade Regulations Relating to Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS...

A Lightweight Protocol for Secure Video Streaming

PubMed Central

Morkevicius, Nerijus; Bagdonas, Kazimieras

2018-01-01

The Internet of Things (IoT) introduces many new challenges which cannot be solved using traditional cloud and host computing models. A new architecture known as fog computing is emerging to address these technological and security gaps. Traditional security paradigms focused on providing perimeter-based protections and client/server point to point protocols (e.g., Transport Layer Security (TLS)) are no longer the best choices for addressing new security challenges in fog computing end devices, where energy and computational resources are limited. In this paper, we present a lightweight secure streaming protocol for the fog computing “Fog Node-End Device” layer. This protocol is lightweight, connectionless, supports broadcast and multicast operations, and is able to provide data source authentication, data integrity, and confidentiality. The protocol is based on simple and energy efficient cryptographic methods, such as Hash Message Authentication Codes (HMAC) and symmetrical ciphers, and uses modified User Datagram Protocol (UDP) packets to embed authentication data into streaming data. Data redundancy could be added to improve reliability in lossy networks. The experimental results summarized in this paper confirm that the proposed method efficiently uses energy and computational resources and at the same time provides security properties on par with the Datagram TLS (DTLS) standard. PMID:29757988

A Lightweight Protocol for Secure Video Streaming.

PubMed

Venčkauskas, Algimantas; Morkevicius, Nerijus; Bagdonas, Kazimieras; Damaševičius, Robertas; Maskeliūnas, Rytis

2018-05-14

The Internet of Things (IoT) introduces many new challenges which cannot be solved using traditional cloud and host computing models. A new architecture known as fog computing is emerging to address these technological and security gaps. Traditional security paradigms focused on providing perimeter-based protections and client/server point to point protocols (e.g., Transport Layer Security (TLS)) are no longer the best choices for addressing new security challenges in fog computing end devices, where energy and computational resources are limited. In this paper, we present a lightweight secure streaming protocol for the fog computing "Fog Node-End Device" layer. This protocol is lightweight, connectionless, supports broadcast and multicast operations, and is able to provide data source authentication, data integrity, and confidentiality. The protocol is based on simple and energy efficient cryptographic methods, such as Hash Message Authentication Codes (HMAC) and symmetrical ciphers, and uses modified User Datagram Protocol (UDP) packets to embed authentication data into streaming data. Data redundancy could be added to improve reliability in lossy networks. The experimental results summarized in this paper confirm that the proposed method efficiently uses energy and computational resources and at the same time provides security properties on par with the Datagram TLS (DTLS) standard.

Managing the technological edge: the UNESCO International Computation Centre and the limits to the transfer of computer technology, 1946-61.

PubMed

Nofre, David

2014-07-01

The spread of the modern computer is assumed to have been a smooth process of technology transfer. This view relies on an assessment of the open circulation of knowledge ensured by the US and British governments in the early post-war years. This article presents new historical evidence that question this view. At the centre of the article lies the ill-fated establishment of the UNESCO International Computation Centre. The project was initially conceived in 1946 to provide advanced computation capabilities to scientists of all nations. It soon became a prize sought by Western European countries like The Netherlands and Italy seeking to speed up their own national research programs. Nonetheless, as the article explains, the US government's limitations on the research function of the future centre resulted in the withdrawal of European support for the project. These limitations illustrate the extent to which US foreign science policy could operate as (stealth) industrial policy to secure a competitive technological advantage and the prospects of US manufacturers in a future European market.

76 FR 81477 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-28

... sessions will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L... Secure Mobile Devices, --Panel Discussion on cyber R&D Strategy, and --Update of NIST Computer Security... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and...

Analyzing the security of an existing computer system

NASA Technical Reports Server (NTRS)

Bishop, M.

1986-01-01

Most work concerning secure computer systems has dealt with the design, verification, and implementation of provably secure computer systems, or has explored ways of making existing computer systems more secure. The problem of locating security holes in existing systems has received considerably less attention; methods generally rely on thought experiments as a critical step in the procedure. The difficulty is that such experiments require that a large amount of information be available in a format that makes correlating the details of various programs straightforward. This paper describes a method of providing such a basis for the thought experiment by writing a special manual for parts of the operating system, system programs, and library subroutines.

Susceptibility of South Korea to hydrologic extremes affecting the global food system

NASA Astrophysics Data System (ADS)

Puma, M. J.; Chon, S. Y.

2015-12-01

Food security in South Korea is closely linked to trade in the global food system. The country's production of major grains declined from 5.8 million metric tons (mmt) in 1998 to 4.8 mmt in 2014, which coincided with a shift in grain self sufficiency from 43% down to 24% over this same period. Many factors led to these changes, including reductions in domestic agricultural land, governmental policies supporting industry over agriculture, and a push towards trade liberalization. South Korea's self sufficiency is now one of the lowest among Organisation for Economic Co-operation and Development (OECD) countries, leaving it vulnerable to disruptions in the global food system. Here we explore this vulnerability by assessing how global trade disruptions would affect Korea's food security. We impose historical extreme drought and flood events that would possibly affect today's major food producing regions concurrently. Next we compute food supply deficits in South Korea that might result from these events. Our analyses provide a framework for formulating domestic food policies to enhance South Korea's food security in the increasingly fragile global food system.

An Embedded Sensor Node Microcontroller with Crypto-Processors.

PubMed

Panić, Goran; Stecklina, Oliver; Stamenković, Zoran

2016-04-27

Wireless sensor network applications range from industrial automation and control, agricultural and environmental protection, to surveillance and medicine. In most applications, data are highly sensitive and must be protected from any type of attack and abuse. Security challenges in wireless sensor networks are mainly defined by the power and computing resources of sensor devices, memory size, quality of radio channels and susceptibility to physical capture. In this article, an embedded sensor node microcontroller designed to support sensor network applications with severe security demands is presented. It features a low power 16-bitprocessor core supported by a number of hardware accelerators designed to perform complex operations required by advanced crypto algorithms. The microcontroller integrates an embedded Flash and an 8-channel 12-bit analog-to-digital converter making it a good solution for low-power sensor nodes. The article discusses the most important security topics in wireless sensor networks and presents the architecture of the proposed hardware solution. Furthermore, it gives details on the chip implementation, verification and hardware evaluation. Finally, the chip power dissipation and performance figures are estimated and analyzed.

An Efficient and Adaptive Mutual Authentication Framework for Heterogeneous Wireless Sensor Network-Based Applications

PubMed Central

Kumar, Pardeep; Ylianttila, Mika; Gurtov, Andrei; Lee, Sang-Gon; Lee, Hoon-Jae

2014-01-01

Robust security is highly coveted in real wireless sensor network (WSN) applications since wireless sensors' sense critical data from the application environment. This article presents an efficient and adaptive mutual authentication framework that suits real heterogeneous WSN-based applications (such as smart homes, industrial environments, smart grids, and healthcare monitoring). The proposed framework offers: (i) key initialization; (ii) secure network (cluster) formation (i.e., mutual authentication and dynamic key establishment); (iii) key revocation; and (iv) new node addition into the network. The correctness of the proposed scheme is formally verified. An extensive analysis shows the proposed scheme coupled with message confidentiality, mutual authentication and dynamic session key establishment, node privacy, and message freshness. Moreover, the preliminary study also reveals the proposed framework is secure against popular types of attacks, such as impersonation attacks, man-in-the-middle attacks, replay attacks, and information-leakage attacks. As a result, we believe the proposed framework achieves efficiency at reasonable computation and communication costs and it can be a safeguard to real heterogeneous WSN applications. PMID:24521942

An Embedded Sensor Node Microcontroller with Crypto-Processors

PubMed Central

Panić, Goran; Stecklina, Oliver; Stamenković, Zoran

2016-01-01

Wireless sensor network applications range from industrial automation and control, agricultural and environmental protection, to surveillance and medicine. In most applications, data are highly sensitive and must be protected from any type of attack and abuse. Security challenges in wireless sensor networks are mainly defined by the power and computing resources of sensor devices, memory size, quality of radio channels and susceptibility to physical capture. In this article, an embedded sensor node microcontroller designed to support sensor network applications with severe security demands is presented. It features a low power 16-bitprocessor core supported by a number of hardware accelerators designed to perform complex operations required by advanced crypto algorithms. The microcontroller integrates an embedded Flash and an 8-channel 12-bit analog-to-digital converter making it a good solution for low-power sensor nodes. The article discusses the most important security topics in wireless sensor networks and presents the architecture of the proposed hardware solution. Furthermore, it gives details on the chip implementation, verification and hardware evaluation. Finally, the chip power dissipation and performance figures are estimated and analyzed. PMID:27128925

An efficient and adaptive mutual authentication framework for heterogeneous wireless sensor network-based applications.

PubMed

Kumar, Pardeep; Ylianttila, Mika; Gurtov, Andrei; Lee, Sang-Gon; Lee, Hoon-Jae

2014-02-11

Robust security is highly coveted in real wireless sensor network (WSN) applications since wireless sensors' sense critical data from the application environment. This article presents an efficient and adaptive mutual authentication framework that suits real heterogeneous WSN-based applications (such as smart homes, industrial environments, smart grids, and healthcare monitoring). The proposed framework offers: (i) key initialization; (ii) secure network (cluster) formation (i.e., mutual authentication and dynamic key establishment); (iii) key revocation; and (iv) new node addition into the network. The correctness of the proposed scheme is formally verified. An extensive analysis shows the proposed scheme coupled with message confidentiality, mutual authentication and dynamic session key establishment, node privacy, and message freshness. Moreover, the preliminary study also reveals the proposed framework is secure against popular types of attacks, such as impersonation attacks, man-in-the-middle attacks, replay attacks, and information-leakage attacks. As a result, we believe the proposed framework achieves efficiency at reasonable computation and communication costs and it can be a safeguard to real heterogeneous WSN applications.

Discussion on the Technology and Method of Computer Network Security Management

NASA Astrophysics Data System (ADS)

Zhou, Jianlei

2017-09-01

With the rapid development of information technology, the application of computer network technology has penetrated all aspects of society, changed people's way of life work to a certain extent, brought great convenience to people. But computer network technology is not a panacea, it can promote the function of social development, but also can cause damage to the community and the country. Due to computer network’ openness, easiness of sharing and other characteristics, it had a very negative impact on the computer network security, especially the loopholes in the technical aspects can cause damage on the network information. Based on this, this paper will do a brief analysis on the computer network security management problems and security measures.

Resilient off-grid microgrids: Capacity planning and N-1 security

DOE PAGES

Madathil, Sreenath Chalil; Yamangil, Emre; Nagarajan, Harsha; ...

2017-06-13

Over the past century the electric power industry has evolved to support the delivery of power over long distances with highly interconnected transmission systems. Despite this evolution, some remote communities are not connected to these systems. These communities rely on small, disconnected distribution systems, i.e., microgrids to deliver power. However, as microgrids often are not held to the same reliability standards as transmission grids, remote communities can be at risk for extended blackouts. To address this issue, we develop an optimization model and an algorithm for capacity planning and operations of microgrids that include N-1 security and other practical modelingmore » features like AC power flow physics, component efficiencies and thermal limits. Lastly, we demonstrate the computational effectiveness of our approach on two test systems; a modified version of the IEEE 13 node test feeder and a model of a distribution system in a remote community in Alaska.« less

The business of medicine: how to overcome financial obstacles and secure financing for your private practice and ancillary services business.

PubMed

Nayor, David

2012-01-01

Doctors across the country who operate private medical practices are facing increasing financial obstacles, namely shrinking income as a result of rising costs and lower reimbursements. In addition, as hospitals have become overburdened many physicians have opened up private surgical centers; magnetic resonance imaging and computed tomography and positron emission tomography scanning facilities; pathology labs; colonoscopy/endoscopy suites; lithotripsy centers; and other medical businesses typically performed within the hospital. Moreover, many doctors seek loans to purchase existing practices or for their capital contribution in medical partnerships. The past decade has thus seen a significant increase in the number of doctors taking out small business loans. Indeed, banks view the healthcare industry as a large growth market. This article includes practical information, advice, and resources to help doctors to secure bank financing for their practices, ancillary services business, real estate, and equipment on the best possible market terms.

Resilient off-grid microgrids: Capacity planning and N-1 security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Madathil, Sreenath Chalil; Yamangil, Emre; Nagarajan, Harsha

Over the past century the electric power industry has evolved to support the delivery of power over long distances with highly interconnected transmission systems. Despite this evolution, some remote communities are not connected to these systems. These communities rely on small, disconnected distribution systems, i.e., microgrids to deliver power. However, as microgrids often are not held to the same reliability standards as transmission grids, remote communities can be at risk for extended blackouts. To address this issue, we develop an optimization model and an algorithm for capacity planning and operations of microgrids that include N-1 security and other practical modelingmore » features like AC power flow physics, component efficiencies and thermal limits. Lastly, we demonstrate the computational effectiveness of our approach on two test systems; a modified version of the IEEE 13 node test feeder and a model of a distribution system in a remote community in Alaska.« less

The Economic Impact of the Homeland Security Advisory System: The Cost of Heightened Border Security

DTIC Science & Technology

2008-12-01

the United States. Secondary economic impacts of the HSAS such as the airline industry , lost tourism , and retail business from cross-border...Ontario and its businesses. The study is aimed at the trucking, automotive, and tourism industries ; and how they are impacted by border delays. The...19 A. DETROIT-WINDSOR AND THE AUTOMOTIVE INDUSTRY ............19 B. THE AMBASSADOR BRIDGE SYSTEM .................................................21

78 FR 26057 - Extension of Agency Information Collection Activity Under OMB Review: Pipeline Corporate Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-03

... Information Collection Activity Under OMB Review: Pipeline Corporate Security Review AGENCY: Transportation.... Information Collection Requirement Title: Pipeline Corporate Security Review (PCSR). Type of Request... current industry security practices through its Pipeline Corporate Security Review (PCSR) program. The...

An approach to quality and security of supply for single-use bioreactors.

PubMed

Barbaroux, Magali; Gerighausen, Susanne; Hackel, Heiko

2014-01-01

Single-use systems (also referred to as disposables) have become a huge part of the bioprocessing industry, which raised concern in the industry regarding quality and security of supply. Processes must be in place to assure the supply and control of outsourced activities and quality of purchased materials along the product life cycle. Quality and security of supply for single-use bioreactors (SUBs) are based on a multidisciplinary approach. Developing a state-of-the-art SUB-system based on quality by design (QbD) principles requires broad expertise and know-how including the cell culture application, polymer chemistry, regulatory requirements, and a deep understanding of the biopharmaceutical industry. Using standardized products reduces the complexity and strengthens the robustness of the supply chain. Well-established supplier relations including risk mitigation strategies are the basis for achieving long-term security of supply. Well-developed quality systems including change control approaches aligned with the requirements of the biopharmaceutical industry are a key factor in supporting long-term product availability. This chapter outlines the approach to security of supply for key materials used in single-use production processes for biopharmaceuticals from a supplier perspective.

Personal computer security: part 1. Firewalls, antivirus software, and Internet security suites.

PubMed

Caruso, Ronald D

2003-01-01

Personal computer (PC) security in the era of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) involves two interrelated elements: safeguarding the basic computer system itself and protecting the information it contains and transmits, including personal files. HIPAA regulations have toughened the requirements for securing patient information, requiring every radiologist with such data to take further precautions. Security starts with physically securing the computer. Account passwords and a password-protected screen saver should also be set up. A modern antivirus program can easily be installed and configured. File scanning and updating of virus definitions are simple processes that can largely be automated and should be performed at least weekly. A software firewall is also essential for protection from outside intrusion, and an inexpensive hardware firewall can provide yet another layer of protection. An Internet security suite yields additional safety. Regular updating of the security features of installed programs is important. Obtaining a moderate degree of PC safety and security is somewhat inconvenient but is necessary and well worth the effort. Copyright RSNA, 2003

77 FR 1915 - Proposed Information Collection; Comment Request; Licensing Responsibilities and Enforcement

Federal Register 2010, 2011, 2012, 2013, 2014

2012-01-12

... Commerce, Room 6616, 14th and Constitution Avenue NW., Washington, DC 20230 (or via the Internet at JJessup... DEPARTMENT OF COMMERCE Bureau of Industry and Security Proposed Information Collection; Comment Request; Licensing Responsibilities and Enforcement AGENCY: Bureau of Industry and Security, Commerce...

77 FR 54559 - Proposed Information Collection; Comment Request; Offsets in Military Exports

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-05

... DEPARTMENT OF COMMERCE Bureau of Industry and Security Proposed Information Collection; Comment Request; Offsets in Military Exports AGENCY: Bureau of Industry and Security, Department of Commerce. ACTION: Notice. SUMMARY: The Department of Commerce, as part of its continuing effort to reduce paperwork...

78 FR 38922 - Order Relating to Billy L. Powell, Sr.

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-28

... DEPARTMENT OF COMMERCE Bureau of Industry and Security Order Relating to Billy L. Powell, Sr. In the Matter of: Billy L. Powell, Sr., 1911 Hickory Creek, Kingwood, TX 77339, Respondent. The Bureau of Industry and Security, U.S. Department of Commerce (``BIS''), [[Page 38923

77 FR 22559 - Proposed Information Collection; Comment Request; Chemical Weapons Convention Provisions of the...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-16

... DEPARTMENT OF COMMERCE Bureau of Industry and Security Proposed Information Collection; Comment Request; Chemical Weapons Convention Provisions of the Export Administration Regulations AGENCY: Bureau of Industry and Security, Commerce. ACTION: Notice. SUMMARY: The Department of Commerce, as part of its...

76 FR 13442 - Joint Industry Plan; Order Approving Amendment No. 25 to the Joint Self-Regulatory Organization...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-11

..., Consolidation and Dissemination of Quotation and Transaction Information for Nasdaq-Listed Securities Traded on... Exchange, Inc., Financial Industry Regulatory Authority, Inc., International Securities Exchange LLC...-Regulatory Organization Plan Governing the Collection, Consolidation, and Dissemination of Quotation and...

15 CFR 701.6 - Violations, penalties, and remedies.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false Violations, penalties, and remedies. 701.6 Section 701.6 Commerce and Foreign Trade Regulations Relating to Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE...

15 CFR 700.74 - Violations, penalties, and remedies.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false Violations, penalties, and remedies. 700.74 Section 700.74 Commerce and Foreign Trade Regulations Relating to Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE...

Photonics engineering: snapshot applications in healthcare, homeland security, agriculture, and industry

NASA Astrophysics Data System (ADS)

Sumriddetchkajorn, Sarun

2015-01-01

Throughout my experience in photonics engineering, this article shows that photonics is indeed a key technology enabler for enhancing our competitiveness. In particular, I snapshot the achievements of NECTEC research teams in implementing devices and systems suitable for healthcare, homeland security, agriculture, and industry.

75 FR 11841 - Proposed Information Collection; Comment Request; Short Supply Regulations, Petroleum (Crude Oil)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-12

... DEPARTMENT OF COMMERCE Bureau of Industry and Security Proposed Information Collection; Comment Request; Short Supply Regulations, Petroleum (Crude Oil) AGENCY: Bureau of Industry and Security. ACTION... supporting documentation for license applications to export petroleum (crude oil) and is used by licensing...

77 FR 29616 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-18

.... DCIO 01 System name: Defense Industrial Base (DIB) Cyber Security/Information Assurance Records. System location: Director, Defense Industrial Base (DIB) Cyber Security/Information Assurance (CS/IA) Program, 1235 South Clark Street, Suite 1500, Arlington, VA 22202. DoD Cyber Crime Center, 911 Elkridge Landing...

75 FR 5166 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-01

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2009-0043] Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration/Railroad Retirement Board (SSA/RRB))-- Match Number 1308 AGENCY: Social Security Administration (SSA). ACTION: Notice of renewal of an existing...

Intelligent Control in Automation Based on Wireless Traffic Analysis

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kurt Derr; Milos Manic

2007-09-01

Wireless technology is a central component of many factory automation infrastructures in both the commercial and government sectors, providing connectivity among various components in industrial realms (distributed sensors, machines, mobile process controllers). However wireless technologies provide more threats to computer security than wired environments. The advantageous features of Bluetooth technology resulted in Bluetooth units shipments climbing to five million per week at the end of 2005 [1, 2]. This is why the real-time interpretation and understanding of Bluetooth traffic behavior is critical in both maintaining the integrity of computer systems and increasing the efficient use of this technology in controlmore » type applications. Although neuro-fuzzy approaches have been applied to wireless 802.11 behavior analysis in the past, a significantly different Bluetooth protocol framework has not been extensively explored using this technology. This paper presents a new neurofuzzy traffic analysis algorithm of this still new territory of Bluetooth traffic. Further enhancements of this algorithm are presented along with the comparison against the traditional, numerical approach. Through test examples, interesting Bluetooth traffic behavior characteristics were captured, and the comparative elegance of this computationally inexpensive approach was demonstrated. This analysis can be used to provide directions for future development and use of this prevailing technology in various control type applications, as well as making the use of it more secure.« less

Intelligent Control in Automation Based on Wireless Traffic Analysis

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kurt Derr; Milos Manic

Wireless technology is a central component of many factory automation infrastructures in both the commercial and government sectors, providing connectivity among various components in industrial realms (distributed sensors, machines, mobile process controllers). However wireless technologies provide more threats to computer security than wired environments. The advantageous features of Bluetooth technology resulted in Bluetooth units shipments climbing to five million per week at the end of 2005 [1, 2]. This is why the real-time interpretation and understanding of Bluetooth traffic behavior is critical in both maintaining the integrity of computer systems and increasing the efficient use of this technology in controlmore » type applications. Although neuro-fuzzy approaches have been applied to wireless 802.11 behavior analysis in the past, a significantly different Bluetooth protocol framework has not been extensively explored using this technology. This paper presents a new neurofuzzy traffic analysis algorithm of this still new territory of Bluetooth traffic. Further enhancements of this algorithm are presented along with the comparison against the traditional, numerical approach. Through test examples, interesting Bluetooth traffic behavior characteristics were captured, and the comparative elegance of this computationally inexpensive approach was demonstrated. This analysis can be used to provide directions for future development and use of this prevailing technology in various control type applications, as well as making the use of it more secure.« less

A survey of medical informatics in Belgium.

PubMed

Roger, F H; Behets, M; Andre, J; de Moor, G; Sevens, C; Willems, J L

1987-01-01

The Belgian Society for Medical Informatics (MIM) organized a survey in 1986 in order to assess the present state of development of medical informatics in Belgium. Questionnaires were sent to hospitals, laboratories, private practitioners and pharmacists, as well as to social security organizations and software industries. The response rate was higher in hospitals (93%) than in any other category. Results showed a large number of computerized hospitals (93% of general acute care hospitals and 91% of psychiatric hospitals). There has been a sharp increase (+ 15%) in computerization of the admission, accounting and billing procedures since 1985, most likely in relation with administrative rules issued by the Belgian Government. The same trend (+ 20%) has been observed for computer applications in clinical laboratories, between 1984 and 1985. There is almost one computer terminal for ten beds in the hospitals with more than 200 beds in 1986. This figure exemplifies the present trend to on-line access to data. Computerized instrumental aids to medicine such as text processing, imaging or computerized interpretation of signals have known a rapid extension during recent years, although less comprehensive than administrative applications in hospitals and in social security organizations. The present state of other applications in medicine (general practice, pharmacy, etc.) was more difficult to assess as those information systems remain more pinpointed. In all medical fields, there appears to be a new rise in computer programs offered by software companies.

Adoption of information technology by resident physicians.

PubMed

Parekh, Selene G; Nazarian, David G; Lim, Charles K

2004-04-01

The Internet represents a technological revolution that is transforming our society. In the healthcare industry, physicians have been typified as slow adopters of information technology. However, young physicians, having been raised in a computer-prevalent society, may be more likely to embrace technology. We attempt to characterize the use and acceptance of the Internet and information technology among resident physicians in a large academic medical center and to assess concerns regarding privacy, security, and credibility of information on the Internet. A 41-question survey was distributed to 150 pediatric, medical, and surgical residents at an urban, academic medical center. One hundred thirty-five residents completed the survey (response rate of 90%). Responses were evaluated and statistical analysis was done. The majority of resident physicians in our survey have adopted the tools of information technology. Ninety-eight percent used the Internet and 96% use e-mail. Two-thirds of the respondents used the Internet for healthcare-related purposes and a similar percentage thought that the Internet has affected their practice of medicine positively. The majority of residents thought that Internet healthcare services such as electronic medical records, peer-support websites, and remote patient monitoring would be beneficial for the healthcare industry. However, they are concerned about the credibility, privacy, and security of health and medical information online. The majority of resident physicians in our institution use Internet and information technology in their practice of medicine. Most think that the Internet will continue to have a beneficial role in the healthcare industry.

A Semantic Based Policy Management Framework for Cloud Computing Environments

ERIC Educational Resources Information Center

Takabi, Hassan

2013-01-01

Cloud computing paradigm has gained tremendous momentum and generated intensive interest. Although security issues are delaying its fast adoption, cloud computing is an unstoppable force and we need to provide security mechanisms to ensure its secure adoption. In this dissertation, we mainly focus on issues related to policy management and access…

Computer Security: the Achilles’ Heel of the Electronic Air Force?

DTIC Science & Technology

2013-02-01

commercials not enough. In the Pentagon a General Electric system called “GCOS” provided classified (secret) com- putation for the Air Staff and others...necessary computer function. January–February 2013 Air & Space Power Journal | 169 Historical Highlight Government designers not perfect. After the Pentagon ...laboratory computer to evaluate Multics as a potential multilevel secure computer for the Pentagon . Although it had the best security design of any system

Change Detection Algorithms for Information Assurance of Computer Networks

DTIC Science & Technology

2002-01-01

original document contains color images. 14. ABSTRACT see report 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT 18...number of computer attacks increases steadily per year. At the time of this writing the Internet Security Systems’ baseline assessment is that a new...across a network by exploiting security flaws in widely-used services offered by vulnerable computers. In order to locate the vulnerable computers, the

Health Information System in a Cloud Computing Context.

PubMed

Sadoughi, Farahnaz; Erfannia, Leila

2017-01-01

Healthcare as a worldwide industry is experiencing a period of growth based on health information technology. The capabilities of cloud systems make it as an option to develop eHealth goals. The main objectives of the present study was to evaluate the advantages and limitations of health information systems implementation in a cloud-computing context that was conducted as a systematic review in 2016. Science direct, Scopus, Web of science, IEEE, PubMed and Google scholar were searched according study criteria. Among 308 articles initially found, 21 articles were entered in the final analysis. All the studies had considered cloud computing as a positive tool to help advance health technology, but none had insisted too much on its limitations and threats. Electronic health record systems have been mostly studied in the fields of implementation, designing, and presentation of models and prototypes. According to this research, the main advantages of cloud-based health information systems could be categorized into the following groups: economic benefits and advantages of information management. The main limitations of the implementation of cloud-based health information systems could be categorized into the 4 groups of security, legal, technical, and human restrictions. Compared to earlier studies, the present research had the advantage of dealing with the issue of health information systems in a cloud platform. The high frequency of studies conducted on the implementation of cloud-based health information systems revealed health industry interest in the application of this technology. Security was a subject discussed in most studies due to health information sensitivity. In this investigation, some mechanisms and solutions were discussed concerning the mentioned systems, which would provide a suitable area for future scientific research on this issue. The limitations and solutions discussed in this systematic study would help healthcare managers and decision-makers take better and more efficient advantages of this technology and make better planning to adopt cloud-based health information systems.

Computer Security: The Human Element.

ERIC Educational Resources Information Center

Guynes, Carl S.; Vanacek, Michael T.

1981-01-01

The security and effectiveness of a computer system are dependent on the personnel involved. Improved personnel and organizational procedures can significantly reduce the potential for computer fraud. (Author/MLF)

75 FR 13258 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-19

.../index.html/ . Agenda: --Cloud Computing Implementations --Health IT --OpenID --Pending Cyber Security... will be available for the public and media. --OpenID --Cloud Computing Implementations --Security...

NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 2

ScienceCinema

Thomas D'Agostino

2017-12-09

Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 1

ScienceCinema

Thomas D'Agostino

2017-12-09

Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

Embedding Secure Coding Instruction into the IDE: Complementing Early and Intermediate CS Courses with ESIDE

ERIC Educational Resources Information Center

Whitney, Michael; Lipford, Heather Richter; Chu, Bill; Thomas, Tyler

2018-01-01

Many of the software security vulnerabilities that people face today can be remediated through secure coding practices. A critical step toward the practice of secure coding is ensuring that our computing students are educated on these practices. We argue that secure coding education needs to be included across a computing curriculum. We are…

78 FR 72951 - Self-Regulatory Organizations; Financial Industry Regulatory Authority, Inc.; Order Approving...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-04

... To Adopt FINRA Rules 4314 (Securities Loans and Borrowings), 4330 (Customer Protection--Permissible Use of Customers' Securities) and 4340 (Callable Securities) in the Consolidated FINRA Rulebook, as... loans and borrowings, permissible use of customers' securities, and callable securities as FINRA Rules...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2010 CFR

2010-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

77 FR 74913 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-18

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0055] Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA)/Office of Personnel Management (OPM))--Match Number 1307 AGENCY: Social Security Administration. ACTION: Notice of a renewal of an existing...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2014 CFR

2014-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2012 CFR

2012-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2013 CFR

2013-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2011 CFR

2011-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

Computer-Based Testing: Test Site Security.

ERIC Educational Resources Information Center

Rosen, Gerald A.

Computer-based testing places great burdens on all involved parties to ensure test security. A task analysis of test site security might identify the areas of protecting the test, protecting the data, and protecting the environment as essential issues in test security. Protecting the test involves transmission of the examinations, identifying the…

A Formal Specification and Verification Method for the Prevention of Denial of Service in Ada Services

DTIC Science & Technology

1988-03-01

Mechanism; Computer Security. 16. PRICE CODE 17. SECURITY CLASSIFICATION IS. SECURITY CLASSIFICATION 19. SECURITY CLASSIFICATION 20. UMrrATION OF ABSTRACT...denial of service. This paper assumes that the reader is a computer science or engineering professional working in the area of formal specification and...recovery from such events as deadlocks and crashes can be accounted for in the computation of the waiting time for each service in the service hierarchy

Quantum communication with coherent states of light

NASA Astrophysics Data System (ADS)

Khan, Imran; Elser, Dominique; Dirmeier, Thomas; Marquardt, Christoph; Leuchs, Gerd

2017-06-01

Quantum communication offers long-term security especially, but not only, relevant to government and industrial users. It is worth noting that, for the first time in the history of cryptographic encoding, we are currently in the situation that secure communication can be based on the fundamental laws of physics (information theoretical security) rather than on algorithmic security relying on the complexity of algorithms, which is periodically endangered as standard computer technology advances. On a fundamental level, the security of quantum key distribution (QKD) relies on the non-orthogonality of the quantum states used. So even coherent states are well suited for this task, the quantum states that largely describe the light generated by laser systems. Depending on whether one uses detectors resolving single or multiple photon states or detectors measuring the field quadratures, one speaks of, respectively, a discrete- or a continuous-variable description. Continuous-variable QKD with coherent states uses a technology that is very similar to the one employed in classical coherent communication systems, the backbone of today's Internet connections. Here, we review recent developments in this field in two connected regimes: (i) improving QKD equipment by implementing front-end telecom devices and (ii) research into satellite QKD for bridging long distances by building upon existing optical satellite links. This article is part of the themed issue 'Quantum technology for the 21st century'.

Quantum communication with coherent states of light.

PubMed

Khan, Imran; Elser, Dominique; Dirmeier, Thomas; Marquardt, Christoph; Leuchs, Gerd

2017-08-06

Quantum communication offers long-term security especially, but not only, relevant to government and industrial users. It is worth noting that, for the first time in the history of cryptographic encoding, we are currently in the situation that secure communication can be based on the fundamental laws of physics (information theoretical security) rather than on algorithmic security relying on the complexity of algorithms, which is periodically endangered as standard computer technology advances. On a fundamental level, the security of quantum key distribution (QKD) relies on the non-orthogonality of the quantum states used. So even coherent states are well suited for this task, the quantum states that largely describe the light generated by laser systems. Depending on whether one uses detectors resolving single or multiple photon states or detectors measuring the field quadratures, one speaks of, respectively, a discrete- or a continuous-variable description. Continuous-variable QKD with coherent states uses a technology that is very similar to the one employed in classical coherent communication systems, the backbone of today's Internet connections. Here, we review recent developments in this field in two connected regimes: (i) improving QKD equipment by implementing front-end telecom devices and (ii) research into satellite QKD for bridging long distances by building upon existing optical satellite links.This article is part of the themed issue 'Quantum technology for the 21st century'. © 2017 The Author(s).

Attribute based encryption for secure sharing of E-health data

NASA Astrophysics Data System (ADS)

Charanya, R.; Nithya, S.; Manikandan, N.

2017-11-01

Distributed computing is one of the developing innovations in IT part and information security assumes a real part. It includes sending gathering of remote server and programming that permit the unified information and online access to PC administrations. Distributed computing depends on offering of asset among different clients are additionally progressively reallocated on interest. Cloud computing is a revolutionary computing paradigm which enables flexible, on-demand and low-cost usage of computing resources. The reasons for security and protection issues, which rise on the grounds that the health information possessed by distinctive clients are put away in some cloud servers rather than under their own particular control”z. To deal with security problems, various schemes based on the Attribute-Based Encryption have been proposed. In this paper, in order to make ehealth data’s more secure we use multi party in cloud computing system. Where the health data is encrypted using attributes and key policy. And the user with a particular attribute and key policy alone will be able to decrypt the health data after it is verified by “key distribution centre” and the “secure data distributor”. This technique can be used in medical field for secure storage of patient details and limiting to particular doctor access. To make data’s scalable secure we need to encrypt the health data before outsourcing.

Cognitive Computing for Security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Debenedictis, Erik; Rothganger, Fredrick; Aimone, James Bradley

Final report for Cognitive Computing for Security LDRD 165613. It reports on the development of hybrid of general purpose/ne uromorphic computer architecture, with an emphasis on potential implementation with memristors.

78 FR 16726 - Self-Regulatory Organizations; International Securities Exchange, LLC; Notice of Filing of...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-18

... Price, Managing Director, Securities Industry and Financial Markets Association, dated October 4, 2012... other industry professionals will have difficulty pricing options during Limit States and Straddle... conditions have changed and (ii) gaming the obvious error rule to retroactively adjust market maker quotes by...

75 FR 64753 - Options Price Reporting Authority; Notice of Filing and Immediate Effectiveness of Proposed...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-20

... Securities Industry Automation Corporation as OPRA's Independent System Capacity Advisor October 14, 2010... would reflect the fact that OPRA has selected the Securities Industry Automation Corporation (``SIAC..., in that capacity, provided the data processing services needed to develop, operate and maintain the...

15 CFR 758.5 - Conformity of documents and unloading of items.

Code of Federal Regulations, 2010 CFR

2010-01-01

... disposition from BIS. (ii) Contact information. U.S. Department of Commerce, Bureau of Industry and Security... Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION... documents. When a license is issued by BIS, the information entered on related export control documents (e.g...

75 FR 75453 - Proposed Information Collection; Comment Request; Technical Data Letter of Explanation

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-03

... Request; Technical Data Letter of Explanation AGENCY: Bureau of Industry and Security. ACTION: Notice....gov . SUPPLEMENTARY INFORMATION: I. Abstract These technical data letters of explanation will assure the Bureau of Industry and Security that U.S.-origin technical data will be exported only for...

15 CFR 748.15 - Authorization Validated End-User (VEU).

Code of Federal Regulations, 2010 CFR

2010-01-01

..., Bureau of Industry and Security, U.S. Department of Commerce, 14th Street and Pennsylvania Avenue, NW... People's Republic of China. (2) India. (c) Item restrictions. Items controlled under the EAR for missile... Services, Bureau of Industry and Security, U.S. Department of Commerce, 14th Street and Constitution Avenue...

76 FR 34577 - Wassenaar Arrangement 2010 Plenary Agreements Implementation: Commerce Control List, Definitions...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-14

... DEPARTMENT OF COMMERCE Bureau of Industry and Security 15 CFR Parts 740, 743, and 774 [Docket No. 110124056-1301-02] RIN 0694-AF11 Wassenaar Arrangement 2010 Plenary Agreements Implementation: Commerce Control List, Definitions, Reports; Correction AGENCY: Bureau of Industry and Security, Commerce. ACTION...

15 CFR 782.5 - Where to obtain APR report forms.

Code of Federal Regulations, 2010 CFR

2010-01-01

... (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE ADDITIONAL PROTOCOL REGULATIONS GENERAL... forms required by the APR may be downloaded from the Internet at http://www.ap.gov. You also may obtain these forms by contacting: Treaty Compliance Division, Bureau of Industry and Security, U.S. Department...

15 CFR 782.5 - Where to obtain APR report forms.

Code of Federal Regulations, 2013 CFR

2013-01-01

... (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE ADDITIONAL PROTOCOL REGULATIONS GENERAL... forms required by the APR may be downloaded from the Internet at http://www.ap.gov. You also may obtain these forms by contacting: Treaty Compliance Division, Bureau of Industry and Security, U.S. Department...

15 CFR 782.5 - Where to obtain APR report forms.

Code of Federal Regulations, 2011 CFR

2011-01-01

... (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE ADDITIONAL PROTOCOL REGULATIONS GENERAL... forms required by the APR may be downloaded from the Internet at http://www.ap.gov. You also may obtain these forms by contacting: Treaty Compliance Division, Bureau of Industry and Security, U.S. Department...

15 CFR 782.5 - Where to obtain APR report forms.

Code of Federal Regulations, 2012 CFR

2012-01-01

... (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE ADDITIONAL PROTOCOL REGULATIONS GENERAL... forms required by the APR may be downloaded from the Internet at http://www.ap.gov. You also may obtain these forms by contacting: Treaty Compliance Division, Bureau of Industry and Security, U.S. Department...

15 CFR 782.5 - Where to obtain APR report forms.

Code of Federal Regulations, 2014 CFR

2014-01-01

... (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE ADDITIONAL PROTOCOL REGULATIONS GENERAL... forms required by the APR may be downloaded from the Internet at http://www.ap.gov. You also may obtain these forms by contacting: Treaty Compliance Division, Bureau of Industry and Security, U.S. Department...

15 CFR 700.73 - Notification of failure to comply.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false Notification of failure to comply. 700.73 Section 700.73 Commerce and Foreign Trade Regulations Relating to Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE...

77 FR 70865 - Self-Regulatory Organizations; National Securities Clearing Corporation; Notice of Filing and...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-27

... industry standard for processing and settling mutual fund transactions. Through automated, standardized... trend in the mutual fund industry toward omnibus processing, a practice where distribution firms bundle... to Fund/SERV[supreg] Fees November 20, 2012. Pursuant to Section 19(b)(1) of the Securities Exchange...

Multinational Corporate Penetration, Industrialism, Region, and Social Security Expenditures: A Cross-National Analysis.

ERIC Educational Resources Information Center

Clark, Roger; Filinson, Rachel

1991-01-01

Examined determinants of spending on social security programs, using data from 75 nations representative of core, semiperipheral, and peripheral nations. Industrialization variables had strong effects in models involving all nations, as did multinational corporate penetration in extraction, particularly when region was controlled; such penetration…

78 FR 7470 - Self-Regulatory Organizations; International Securities Exchange, LLC; Notice of Filing of...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-01

... International Securities Exchange, LLC Amended and Restated Constitution January 28, 2013. Pursuant to Section... Restated Constitution \\3\\ (the ``Constitution'') to: (i) Declassify the Non- Industry Directors (including... Constitution requires, in part, that Non-Industry Directors (including the Public Directors) \\4\\ and Exchange...

78 FR 29190 - Self-Regulatory Organizations; Financial Industry Regulatory Authority, Inc.; Order Approving the...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-17

... entered into an order management system (including orders received via telephone or instant message) and... SECURITIES AND EXCHANGE COMMISSION [Release No. 34-69561; File No. SR-FINRA-2013-013] Self..., 2013, Financial Industry Regulatory Authority, Inc. (``FINRA'') filed with the Securities and Exchange...

15 CFR 700.54 - Instances where assistance will not be provided.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false Instances where assistance will not be provided. 700.54 Section 700.54 Commerce and Foreign Trade Regulations Relating to Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL...

15 CFR 700.54 - Instances where assistance will not be provided.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 15 Commerce and Foreign Trade 2 2013-01-01 2013-01-01 false Instances where assistance will not be provided. 700.54 Section 700.54 Commerce and Foreign Trade Regulations Relating to Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL...

15 CFR 700.15 - Extension of priority ratings.

Code of Federal Regulations, 2010 CFR

2010-01-01

...) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS... receipt of a DO-A3 rated order for a navigation system and needs to purchase semiconductors for its manufacture, that person must use a DO-A3 rated order to obtain the needed semiconductors. (b) The priority...

Analysis on the security of cloud computing

NASA Astrophysics Data System (ADS)

He, Zhonglin; He, Yuhua

2011-02-01

Cloud computing is a new technology, which is the fusion of computer technology and Internet development. It will lead the revolution of IT and information field. However, in cloud computing data and application software is stored at large data centers, and the management of data and service is not completely trustable, resulting in safety problems, which is the difficult point to improve the quality of cloud service. This paper briefly introduces the concept of cloud computing. Considering the characteristics of cloud computing, it constructs the security architecture of cloud computing. At the same time, with an eye toward the security threats cloud computing faces, several corresponding strategies are provided from the aspect of cloud computing users and service providers.

The Diffusion of Military Technologies to Foreign Nations: Arms Transfers Can Preserve the Defense Technological and Industrial Base

DTIC Science & Technology

1995-06-01

required, the Defense Technology Security Administration ( DTSA ) will make a determination on whether or not advanced technologies are being risked by the...sale or transfer of that product. DTSA has this role whether it is a commercial or government-to-government transfer. The Joint Chiefs of Staff also...Office of Defense Relations Security Assistance DSAA Defense Security Assistance Agency DTIB Defense Technological and Industrial Base DTSA Defense

Programmable Logic Controllers for Research on the Cyber Security of Industrial Power Plants

DTIC Science & Technology

2017-02-12

group . 15. SUBJECT TERMS Industrial control systems, cyber security 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF a. REPORT b. ABSTRACT c. THIS...currently valid OMB control number. PLEASE DO NOT RETURN YOUR FORM TO THE ABOVE ADDRESS. 1. REPORT DATE (00-MM-YYYY) ,2. REPORT TYPE 3. DATES COVERED...From- To) 12/02/2017 Final 15 August 2015 - 12 February 2017 4. TITLE AND SUBTITLE Sa. CONTRACT NUMBER Programmable Logic Controllers for Research

Cyber threats within civil aviation

NASA Astrophysics Data System (ADS)

Heitner, Kerri A.

Existing security policies in civil aviation do not adequately protect against evolving cyber threats. Cybersecurity has been recognized as a top priority among some aviation industry leaders. Heightened concerns regarding cyber threats and vulnerabilities surround components utilized in compliance with the Federal Aviation Administration's (FAA) Next Generation Air Transportation (NextGen) implementation. Automated Dependent Surveillance-B (ADS-B) and Electronic Flight Bags (EFB) have both been exploited through the research of experienced computer security professionals. Civil aviation is essential to international infrastructure and if its critical assets were compromised, it could pose a great risk to public safety and financial infrastructure. The purpose of this research was to raise awareness of aircraft system vulnerabilities in order to provoke change among current national and international cybersecurity policies, procedures and standards. Although the education of cyber threats is increasing in the aviation industry, there is not enough urgency when creating cybersecurity policies. This project intended to answer the following questions: What are the cyber threats to ADS-B of an aircraft in-flight? What are the cyber threats to EFB? What is the aviation industry's response to the issue of cybersecurity and in-flight safety? ADS-B remains unencrypted while the FAA's mandate to implement this system is rapidly approaching. The cyber threat of both portable and non-portable EFB's have received increased publicity, however, airlines are not responding quick enough (if at all) to create policies for the use of these devices. Collectively, the aviation industry is not being proactive enough to protect its aircraft or airport network systems. That is not to say there are not leaders in cybersecurity advancement. These proactive organizations must set the standard for the future to better protect society and it's most reliable form of transportation.

Computer Network Security- The Challenges of Securing a Computer Network

NASA Technical Reports Server (NTRS)

Scotti, Vincent, Jr.

2011-01-01

This article is intended to give the reader an overall perspective on what it takes to design, implement, enforce and secure a computer network in the federal and corporate world to insure the confidentiality, integrity and availability of information. While we will be giving you an overview of network design and security, this article will concentrate on the technology and human factors of securing a network and the challenges faced by those doing so. It will cover the large number of policies and the limits of technology and physical efforts to enforce such policies.

77 FR 56686 - Self-Regulatory Organizations; Financial Industry Regulatory Authority, Inc.; Notice of Filing of...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-13

... Change Relating to Post-Trade Transparency for Agency Pass-Through Mortgage-Backed Securities Traded in... and dissemination of transactions in TRACE- Eligible Securities that are: (1) Agency Pass-Through... Security, Agency Pass-Through Mortgage-Backed Security, Specified Pool Transaction, Asset-Backed Security...

ISCR FY2005 Annual Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Keyes, D E; McGraw, J R

2006-02-02

Large-scale scientific computation and all of the disciplines that support and help validate it have been placed at the focus of Lawrence Livermore National Laboratory (LLNL) by the Advanced Simulation and Computing (ASC) program of the National Nuclear Security Administration (NNSA) and the Scientific Discovery through Advanced Computing (SciDAC) initiative of the Office of Science of the Department of Energy (DOE). The maturation of simulation as a fundamental tool of scientific and engineering research is underscored in the President's Information Technology Advisory Committee (PITAC) June 2005 finding that ''computational science has become critical to scientific leadership, economic competitiveness, and nationalmore » security''. LLNL operates several of the world's most powerful computers--including today's single most powerful--and has undertaken some of the largest and most compute-intensive simulations ever performed, most notably the molecular dynamics simulation that sustained more than 100 Teraflop/s and won the 2005 Gordon Bell Prize. Ultrascale simulation has been identified as one of the highest priorities in DOE's facilities planning for the next two decades. However, computers at architectural extremes are notoriously difficult to use in an efficient manner. Furthermore, each successful terascale simulation only points out the need for much better ways of interacting with the resulting avalanche of data. Advances in scientific computing research have, therefore, never been more vital to the core missions of LLNL than at present. Computational science is evolving so rapidly along every one of its research fronts that to remain on the leading edge, LLNL must engage researchers at many academic centers of excellence. In FY 2005, the Institute for Scientific Computing Research (ISCR) served as one of LLNL's main bridges to the academic community with a program of collaborative subcontracts, visiting faculty, student internships, workshops, and an active seminar series. The ISCR identifies researchers from the academic community for computer science and computational science collaborations with LLNL and hosts them for both brief and extended visits with the aim of encouraging long-term academic research agendas that address LLNL research priorities. Through these collaborations, ideas and software flow in both directions, and LLNL cultivates its future workforce. The Institute strives to be LLNL's ''eyes and ears'' in the computer and information sciences, keeping the Laboratory aware of and connected to important external advances. It also attempts to be the ''hands and feet'' that carry those advances into the Laboratory and incorporate them into practice. ISCR research participants are integrated into LLNL's Computing Applications and Research (CAR) Department, especially into its Center for Applied Scientific Computing (CASC). In turn, these organizations address computational challenges arising throughout the rest of the Laboratory. Administratively, the ISCR flourishes under LLNL's University Relations Program (URP). Together with the other four institutes of the URP, the ISCR navigates a course that allows LLNL to benefit from academic exchanges while preserving national security. While it is difficult to operate an academic-like research enterprise within the context of a national security laboratory, the results declare the challenges well met and worth the continued effort. The pages of this annual report summarize the activities of the faculty members, postdoctoral researchers, students, and guests from industry and other laboratories who participated in LLNL's computational mission under the auspices of the ISCR during FY 2005.« less

32 CFR 253.6 - Procedures.

Code of Federal Regulations, 2010 CFR

2010-07-01

... continuation of assignment is not clearly consistent with the national interest. (d) Completed security forms (DD Form 398, Personnel Security Questionnaire (BI/SBI), or 398-2, Personnel Security Questionnaire (National Agency Check)) shall be forwarded to the Defense Industrial Security Clearance Office (DISCO...

75 FR 1566 - National Industrial Security Program Directive No. 1

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-12

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office 32 CFR Part...: Information Security Oversight Office, NARA. ACTION: Proposed rule; correction. SUMMARY: This document... Management System (FDMS) number to the proposed rule for Information Security Oversight Office (ISOO...

EMRlog method for computer security for electronic medical records with logic and data mining.

PubMed

Martínez Monterrubio, Sergio Mauricio; Frausto Solis, Juan; Monroy Borja, Raúl

2015-01-01

The proper functioning of a hospital computer system is an arduous work for managers and staff. However, inconsistent policies are frequent and can produce enormous problems, such as stolen information, frequent failures, and loss of the entire or part of the hospital data. This paper presents a new method named EMRlog for computer security systems in hospitals. EMRlog is focused on two kinds of security policies: directive and implemented policies. Security policies are applied to computer systems that handle huge amounts of information such as databases, applications, and medical records. Firstly, a syntactic verification step is applied by using predicate logic. Then data mining techniques are used to detect which security policies have really been implemented by the computer systems staff. Subsequently, consistency is verified in both kinds of policies; in addition these subsets are contrasted and validated. This is performed by an automatic theorem prover. Thus, many kinds of vulnerabilities can be removed for achieving a safer computer system.

EMRlog Method for Computer Security for Electronic Medical Records with Logic and Data Mining

PubMed Central

Frausto Solis, Juan; Monroy Borja, Raúl

2015-01-01

The proper functioning of a hospital computer system is an arduous work for managers and staff. However, inconsistent policies are frequent and can produce enormous problems, such as stolen information, frequent failures, and loss of the entire or part of the hospital data. This paper presents a new method named EMRlog for computer security systems in hospitals. EMRlog is focused on two kinds of security policies: directive and implemented policies. Security policies are applied to computer systems that handle huge amounts of information such as databases, applications, and medical records. Firstly, a syntactic verification step is applied by using predicate logic. Then data mining techniques are used to detect which security policies have really been implemented by the computer systems staff. Subsequently, consistency is verified in both kinds of policies; in addition these subsets are contrasted and validated. This is performed by an automatic theorem prover. Thus, many kinds of vulnerabilities can be removed for achieving a safer computer system. PMID:26495300

The Naval Postgraduate School SECURE ARCHIVAL STORAGE SYSTEM. Part II. Segment and Process Management Implementation.

DTIC Science & Technology

1981-03-01

Research Instructor of Computer Scienr-. Reviewed by: Released by: WILLIAM M. TOLLES Department puter Science Dean of Research 4c t SECURITY...Lyle A. Cox, Roger R. Schell, and Sonja L. Perdue 9. PERFORMING ORGANIZATION NAME ANO ADDRESS 10. PROGRAM ELEMENT. PROJECT. TASK AREA A WORK UNIT... Computer Networks, Operating Systems, Computer Security 20. AftUrCT (Cnthm, w v re eae old* It n..*p and idm 0 F W blk ..m.m.o’) ",A_;he security

Private quantum computation: an introduction to blind quantum computing and related protocols

NASA Astrophysics Data System (ADS)

Fitzsimons, Joseph F.

2017-06-01

Quantum technologies hold the promise of not only faster algorithmic processing of data, via quantum computation, but also of more secure communications, in the form of quantum cryptography. In recent years, a number of protocols have emerged which seek to marry these concepts for the purpose of securing computation rather than communication. These protocols address the task of securely delegating quantum computation to an untrusted device while maintaining the privacy, and in some instances the integrity, of the computation. We present a review of the progress to date in this emerging area.

PREFACE: 1st International Conference on Sensing for Industry, Control, Communication & Security Technologies

NASA Astrophysics Data System (ADS)

Shuja Syed, Ahmed

2013-12-01

The 1st International Conference on Sensing for Industry, Control, Communication & Security Technologies (ICSICCST-2013), took place in Karachi, Pakistan, from 24-26 June 2013. It was organized by Indus University, Karachi, in collaboration with HEJ Research Institute of Chemistry, University of Karachi, Karachi. More than 80 abstracts were submitted to the conference and were double blind-reviewed by an international scientific committee. The topics of the Conference were: Video, Image & Voice Sensing Sensing for Industry, Environment, and Health Automation and Controls Laser Sensors and Systems Displays for Innovative Applications Emerging Technologies Unmanned, Robotic, and Layered Systems Sensing for Defense, Homeland Security, and Law Enforcement The title of the conference, 'Sensing for Industry, Control, Communication & Security Technologies' is very apt in capturing the main issues facing the industry of Pakistan and the world. We believe the sensing industry, particularly in Pakistan, is currently at a critical juncture of its development. The future of the industry will depend on how the industry players choose to respond to the challenge of global competition and opportunities arising from strong growth in the Asian region for which we are pleased to note that the conference covered a comprehensive spectrum of issues with an international perspective. This will certainly assist industry players to make informed decisions in shaping the future of the industry. The conference gathered qualified researchers from developed countries like USA, UK, Sweden, Saudi Arabia, China, South Korea and Malaysia etc whose expertise resulting from the research can be drawn upon to build an exploitable area of new technology that has potential Defense, Homeland Security, and Military applicability. More than 250 researchers/students attended the event and made the event great success as the turnout was 100%. An exceptional line-up of speakers spoke at the occasion. We want to thank the Organizing Committee, the Institutions and Sponsors supporting the Conference, especially 'Centre for Emerging Sciences, Engineering & Technology (CESET), Islamabad', the IOP Publishers and everyone who contributed to the organization of this meeting, for their invaluable efforts to make this event a great success. Professor Dr Ahmed Shuja Syed Chief Editor The PDF also contains lists of the boards, committees and sponsors.

Secure or Insure: An Economic Analysis of Security Interdependencies and Investment Types

ERIC Educational Resources Information Center

Grossklags, Jens

2009-01-01

Computer users express a strong desire to prevent attacks, and to reduce the losses from computer and information security breaches. However, despite the widespread availability of various technologies, actual investments in security remain highly variable across the Internet population. As a result, attacks such as distributed denial-of-service…

77 FR 65215 - In the Matter of Licensee Identified in Attachment 1 and all Other Persons Who Obtain Safeguards...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-25

... a computing environment that has adequate computer security controls in place to prevent... NRC intends to issue a security Order to this Licensee in the near future. The Order will require compliance with specific Additional Security Measures to enhance the security for certain radioactive...

78 FR 89 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-02

... Management and Budget, and the Director of NIST on security and privacy issues pertaining to federal computer... Computer Security Division. Note that agenda items may change without notice because of possible unexpected... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and...

Computer applications for the hospital security department--buying or developing a shift log reporting system.

PubMed

Gruber, T

1996-01-01

The author presents guidelines to help a security department select a computer system to track security activities--whether it's a commercial software product, an in-house developed program, or a do-it-yourself designed system. Computerized security activity reporting, he believes, is effective and beneficial.

Aviation security : vulnerabilities still exist in the aviation security system

DOT National Transportation Integrated Search

2000-04-06

The testimony today discusses the Federal Aviation Administration's (FAA) efforts to implement and improve security in two key areas: air traffic control computer systems and airport passenger screening checkpoints. Computer systems-and the informati...

Air Traffic Control: Weak Computer Security Practices Jeopardize Flight Safety

DOT National Transportation Integrated Search

1998-05-01

Given the paramount importance of computer security of Air Traffic Control (ATC) systems, Congress asked the General Accounting Office to determine (1) whether the Fedcral Aviation Administration (FAA) is effectively managing physical security at ATC...

Motivating Contributions for Home Computer Security

ERIC Educational Resources Information Center

Wash, Richard L.

2009-01-01

Recently, malicious computer users have been compromising computers en masse and combining them to form coordinated botnets. The rise of botnets has brought the problem of home computers to the forefront of security. Home computer users commonly have insecure systems; these users do not have the knowledge, experience, and skills necessary to…

Proposal for founding mistrustful quantum cryptography on coin tossing

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kent, Adrian; Hewlett-Packard Laboratories, Filton Road, Stoke Gifford, Bristol BS34 8QZ,

2003-07-01

A significant branch of classical cryptography deals with the problems which arise when mistrustful parties need to generate, process, or exchange information. As Kilian showed a while ago, mistrustful classical cryptography can be founded on a single protocol, oblivious transfer, from which general secure multiparty computations can be built. The scope of mistrustful quantum cryptography is limited by no-go theorems, which rule out, inter alia, unconditionally secure quantum protocols for oblivious transfer or general secure two-party computations. These theorems apply even to protocols which take relativistic signaling constraints into account. The best that can be hoped for, in general, aremore » quantum protocols which are computationally secure against quantum attack. Here a method is described for building a classically certified bit commitment, and hence every other mistrustful cryptographic task, from a secure coin-tossing protocol. No security proof is attempted, but reasons are sketched why these protocols might resist quantum computational attack.« less

Laboratory Directed Research and Development FY2010 Annual Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jackson, K J

2011-03-22

A premier applied-science laboratory, Lawrence Livermore National Laboratory (LLNL) has at its core a primary national security mission - to ensure the safety, security, and reliability of the nation's nuclear weapons stockpile without nuclear testing, and to prevent and counter the spread and use of weapons of mass destruction: nuclear, chemical, and biological. The Laboratory uses the scientific and engineering expertise and facilities developed for its primary mission to pursue advanced technologies to meet other important national security needs - homeland defense, military operations, and missile defense, for example - that evolve in response to emerging threats. For broader nationalmore » needs, LLNL executes programs in energy security, climate change and long-term energy needs, environmental assessment and management, bioscience and technology to improve human health, and for breakthroughs in fundamental science and technology. With this multidisciplinary expertise, the Laboratory serves as a science and technology resource to the U.S. government and as a partner with industry and academia. This annual report discusses the following topics: (1) Advanced Sensors and Instrumentation; (2) Biological Sciences; (3) Chemistry; (4) Earth and Space Sciences; (5) Energy Supply and Use; (6) Engineering and Manufacturing Processes; (7) Materials Science and Technology; Mathematics and Computing Science; (8) Nuclear Science and Engineering; and (9) Physics.« less

OS friendly microprocessor architecture: Hardware level computer security

NASA Astrophysics Data System (ADS)

Jungwirth, Patrick; La Fratta, Patrick

2016-05-01

We present an introduction to the patented OS Friendly Microprocessor Architecture (OSFA) and hardware level computer security. Conventional microprocessors have not tried to balance hardware performance and OS performance at the same time. Conventional microprocessors have depended on the Operating System for computer security and information assurance. The goal of the OS Friendly Architecture is to provide a high performance and secure microprocessor and OS system. We are interested in cyber security, information technology (IT), and SCADA control professionals reviewing the hardware level security features. The OS Friendly Architecture is a switched set of cache memory banks in a pipeline configuration. For light-weight threads, the memory pipeline configuration provides near instantaneous context switching times. The pipelining and parallelism provided by the cache memory pipeline provides for background cache read and write operations while the microprocessor's execution pipeline is running instructions. The cache bank selection controllers provide arbitration to prevent the memory pipeline and microprocessor's execution pipeline from accessing the same cache bank at the same time. This separation allows the cache memory pages to transfer to and from level 1 (L1) caching while the microprocessor pipeline is executing instructions. Computer security operations are implemented in hardware. By extending Unix file permissions bits to each cache memory bank and memory address, the OSFA provides hardware level computer security.

Security Implications of OPC, OLE, DCOM, and RPC in Control Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

2006-01-01

OPC is a collection of software programming standards and interfaces used in the process control industry. It is intended to provide open connectivity and vendor equipment interoperability. The use of OPC technology simplifies the development of control systems that integrate components from multiple vendors and support multiple control protocols. OPC-compliant products are available from most control system vendors, and are widely used in the process control industry. OPC was originally known as OLE for Process Control; the first standards for OPC were based on underlying services in the Microsoft Windows computing environment. These underlying services (OLE [Object Linking and Embedding],more » DCOM [Distributed Component Object Model], and RPC [Remote Procedure Call]) have been the source of many severe security vulnerabilities. It is not feasible to automatically apply vendor patches and service packs to mitigate these vulnerabilities in a control systems environment. Control systems using the original OPC data access technology can thus inherit the vulnerabilities associated with these services. Current OPC standardization efforts are moving away from the original focus on Microsoft protocols, with a distinct trend toward web-based protocols that are independent of any particular operating system. However, the installed base of OPC equipment consists mainly of legacy implementations of the OLE for Process Control protocols.« less

Network gateway security method for enterprise Grid: a literature review

NASA Astrophysics Data System (ADS)

Sujarwo, A.; Tan, J.

2017-03-01

The computational Grid has brought big computational resources closer to scientists. It enables people to do a large computational job anytime and anywhere without any physical border anymore. However, the massive and spread of computer participants either as user or computational provider arise problems in security. The challenge is on how the security system, especially the one which filters data in the gateway could works in flexibility depends on the registered Grid participants. This paper surveys what people have done to approach this challenge, in order to find the better and new method for enterprise Grid. The findings of this paper is the dynamically controlled enterprise firewall to secure the Grid resources from unwanted connections with a new firewall controlling method and components.

Security Classification Reform: The Waiting Agenda.

ERIC Educational Resources Information Center

Relyea, Harold C.

1993-01-01

Provides an overview of security classification reform for consideration by the Clinton administration and the 103rd Congress. Historical background and current issues related to the security classification of information, personnel security clearances, and industrial safeguarding of classified information are discussed. A checklist of basic…

A Test-Bed of Secure Mobile Cloud Computing for Military Applications

DTIC Science & Technology

2016-09-13

searching databases. This kind of applications is a typical example of mobile cloud computing (MCC). MCC has lots of applications in the military...Release; Distribution Unlimited UU UU UU UU 13-09-2016 1-Aug-2014 31-Jul-2016 Final Report: A Test-bed of Secure Mobile Cloud Computing for Military...Army Research Office P.O. Box 12211 Research Triangle Park, NC 27709-2211 Test-bed, Mobile Cloud Computing , Security, Military Applications REPORT

Computer network security for the radiology enterprise.

PubMed

Eng, J

2001-08-01

As computer networks become an integral part of the radiology practice, it is appropriate to raise concerns regarding their security. The purpose of this article is to present an overview of computer network security risks and preventive strategies as they pertain to the radiology enterprise. A number of technologies are available that provide strong deterrence against attacks on networks and networked computer systems in the radiology enterprise. While effective, these technologies must be supplemented with vigilant user and system management.

Privacy and Data Security under Cloud Computing Arrangements: The Legal Framework and Practical Do's and Don'ts

ERIC Educational Resources Information Center

Buckman, Joel; Gold, Stephanie

2012-01-01

This article outlines privacy and data security compliance issues facing postsecondary education institutions when they utilize cloud computing and concludes with a practical list of do's and dont's. Cloud computing does not change an institution's privacy and data security obligations. It does involve reliance on a third party, which requires an…

Case Study: Creation of a Degree Program in Computer Security. White Paper.

ERIC Educational Resources Information Center

Belon, Barbara; Wright, Marie

This paper reports on research into the field of computer security, and undergraduate degrees offered in that field. Research described in the paper reveals only one computer security program at the associate's degree level in the entire country. That program, at Texas State Technical College in Waco, is a 71-credit-hour program leading to an…

75 FR 36511 - Revisions to the Export Administration Regulations Based Upon a Systematic Review of the Commerce...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-28

... DEPARTMENT OF COMMERCE Bureau of Industry and Security 15 CFR Parts 734, 738, 740, 742, 772, and... Based Upon a Systematic Review of the Commerce Control List: Additional Changes AGENCY: Bureau of Industry and Security, Commerce. ACTION: Final rule. SUMMARY: This rule amends the Export Administration...

77 FR 72917 - Editorial Corrections to the Commerce Control List of the Export Administration Regulations

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-07

... DEPARTMENT OF COMMERCE Bureau of Industry and Security 15 CFR Part 774 [Docket No. 120320200-2296-01] RIN 0694-AF62 Editorial Corrections to the Commerce Control List of the Export Administration Regulations AGENCY: Bureau of Industry and Security, Commerce. ACTION: Final rule. SUMMARY: This final rule...

77 FR 10357 - Updated Statements of Legal Authority To Reflect Continuation of Emergency Declared in Executive...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-22

... DEPARTMENT OF COMMERCE Bureau of Industry and Security 15 CFR Parts 730 and 744 [Docket No... Declared in Executive Orders 12947 and 13224 AGENCY: Bureau of Industry and Security, Commerce. ACTION... to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary...

15 CFR 745.2 - End-Use Certificate reporting requirements under the Chemical Weapons Convention.

Code of Federal Regulations, 2010 CFR

2010-01-01

... by mail or courier delivery to the following address: Information Technology Team, Treaty Compliance Division, Bureau of Industry and Security, U.S. Department of Commerce, Room 4515, 14th Street and... Relating to Commerce and Foreign Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE...

78 FR 76741 - Revisions to the Export Administration Regulations (EAR): Unverified List (UVL)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-19

... of Defense Trade Controls of the Department of State by: Precluding access to; refusing to provide... DEPARTMENT OF COMMERCE Bureau of Industry and Security 15 CFR Parts 730, 740, 744, 756, 758, and..., Bureau of Industry and Security, Department of Commerce, Phone: (202) 482-2385 or by email at Kevin...

76 FR 7102 - Simplified Network Application Processing System, On-line Registration and Account Maintenance

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-09

... DEPARTMENT OF COMMERCE Bureau of Industry and Security 15 CFR Part 748 [Docket No. 100826397-1059-02] RIN 0694-AE98 Simplified Network Application Processing System, On-line Registration and Account Maintenance AGENCY: Bureau of Industry and Security, Commerce. ACTION: Final rule. SUMMARY: The Bureau of...

Impact Upon U.S. Security of a South African Nuclear Weapons Capability.

DTIC Science & Technology

1981-04-01

Simon Brand, dubbed the international companies as the " engine of growth" for the South African economy. The petroleum market, automobile industry , and...thereby halting the flow of metals key to high technology industries which in turn, are critical to U.S. national security. Should Washington’s...to produce nuclear weapons." * More specifically, we found that South Africa has: A sufficient scientific and industrial base on which to conduct

Security and Resilience | Grid Modernization | NREL

Science.gov Websites

Security and Resilience Security and Resilience NREL develops tools and solutions to enable a more Consortium, NREL collaborates with industry, academia, and other research organizations to find solutions to

Walk the Talk: Progress in Building a Supply Chain Security Culture

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hund, Gretchen

Pacific Northwest National Laboratory (PNNL) has engaged industry to “go beyond compliance” for over a decade in controlling and securing their supply chains to ensure their goods are not diverted to nuclear weapons programs. This work has focused on dual-use industries that manufacture products that can be used in both commercial applications and in the development of a nuclear weapon. The team encourages industry to self-regulate to reduce proliferation risks. As part of that work, PNNL interviewed numerous companies about their compliance practices to understand their business and to build awareness around best practices to ensure security of goods, technology,more » and information along their supply chains. From conducting this work, PNNL identified indicators that a company can adopt as part of its commitment to nonproliferation ideals with a focus on supply chain security.« less

Understanding Mobile Apps

MedlinePlus

... share personal information let your kids spend real money — even if the app is free include ads link to social media What’s more, ... Money & Credit Homes & Mortgages Health & Fitness Jobs & Making ... Security "Free" Security Scans Computer Security Disposing of Old Computers ...

17 CFR 230.167 - Communications in connection with certain registered offerings of asset-backed securities.

Code of Federal Regulations, 2011 CFR

2011-04-01

... § 230.415, ABS informational and computational material regarding such securities used after the... informational and computational material used in reliance on Securities Act Rule 167 (§ 230.167); and (iv) A...

17 CFR 230.167 - Communications in connection with certain registered offerings of asset-backed securities.

Code of Federal Regulations, 2013 CFR

2013-04-01

... § 230.415, ABS informational and computational material regarding such securities used after the... informational and computational material used in reliance on Securities Act Rule 167 (§ 230.167); and (iv) A...

17 CFR 230.167 - Communications in connection with certain registered offerings of asset-backed securities.

Code of Federal Regulations, 2012 CFR

2012-04-01

... § 230.415, ABS informational and computational material regarding such securities used after the... informational and computational material used in reliance on Securities Act Rule 167 (§ 230.167); and (iv) A...

17 CFR 230.167 - Communications in connection with certain registered offerings of asset-backed securities.

Code of Federal Regulations, 2014 CFR

2014-04-01

... § 230.415, ABS informational and computational material regarding such securities used after the... informational and computational material used in reliance on Securities Act Rule 167 (§ 230.167); and (iv) A...

A Trusted Portable Computing Device

NASA Astrophysics Data System (ADS)

Ming-wei, Fang; Jun-jun, Wu; Peng-fei, Yu; Xin-fang, Zhang

A trusted portable computing device and its security mechanism were presented to solve the security issues, such as the attack of virus and Trojan horse, the lost and stolen of storage device, in mobile office. It used smart card to build a trusted portable security base, virtualization to create a secure virtual execution environment, two-factor authentication mechanism to identify legitimate users, and dynamic encryption to protect data privacy. The security environment described in this paper is characteristic of portability, security and reliability. It can meet the security requirement of mobile office.

Scenario and multiple criteria decision analysis for energy and environmental security of military and industrial installations.

PubMed

Karvetski, Christopher W; Lambert, James H; Linkov, Igor

2011-04-01

Military and industrial facilities need secure and reliable power generation. Grid outages can result in cascading infrastructure failures as well as security breaches and should be avoided. Adding redundancy and increasing reliability can require additional environmental, financial, logistical, and other considerations and resources. Uncertain scenarios consisting of emergent environmental conditions, regulatory changes, growth of regional energy demands, and other concerns result in further complications. Decisions on selecting energy alternatives are made on an ad hoc basis. The present work integrates scenario analysis and multiple criteria decision analysis (MCDA) to identify combinations of impactful emergent conditions and to perform a preliminary benefits analysis of energy and environmental security investments for industrial and military installations. Application of a traditional MCDA approach would require significant stakeholder elicitations under multiple uncertain scenarios. The approach proposed in this study develops and iteratively adjusts a scoring function for investment alternatives to find the scenarios with the most significant impacts on installation security. A robust prioritization of investment alternatives can be achieved by integrating stakeholder preferences and focusing modeling and decision-analytical tools on a few key emergent conditions and scenarios. The approach is described and demonstrated for a campus of several dozen interconnected industrial buildings within a major installation. Copyright © 2010 SETAC.

The Role of Self-Efficacy in Computer Security Behavior: Developing the Construct of Computer Security Self-Efficacy (CSSE)

ERIC Educational Resources Information Center

Clarke, Marlon

2011-01-01

As organizations have become more dependent on networked information systems (IS) to conduct their business operations, their susceptibility to various threats to information security has also increased. Research has consistently identified the inappropriate security behavior of the users as the most significant of these threats. Various factors…

15 CFR 705.2 - Purpose.

Code of Federal Regulations, 2010 CFR

2010-01-01

... AND SECURITY, DEPARTMENT OF COMMERCE NATIONAL SECURITY INDUSTRIAL BASE REGULATIONS EFFECT OF IMPORTED ARTICLES ON THE NATIONAL SECURITY § 705.2 Purpose. These regulations set forth the procedures by which the Department shall commence and conduct an investigation to determine the effect on the national security of...

Grid Computing for Earth Science

NASA Astrophysics Data System (ADS)

Renard, Philippe; Badoux, Vincent; Petitdidier, Monique; Cossu, Roberto

2009-04-01

The fundamental challenges facing humankind at the beginning of the 21st century require an effective response to the massive changes that are putting increasing pressure on the environment and society. The worldwide Earth science community, with its mosaic of disciplines and players (academia, industry, national surveys, international organizations, and so forth), provides a scientific basis for addressing issues such as the development of new energy resources; a secure water supply; safe storage of nuclear waste; the analysis, modeling, and mitigation of climate changes; and the assessment of natural and industrial risks. In addition, the Earth science community provides short- and medium-term prediction of weather and natural hazards in real time, and model simulations of a host of phenomena relating to the Earth and its space environment. These capabilities require that the Earth science community utilize, both in real and remote time, massive amounts of data, which are usually distributed among many different organizations and data centers.

21 CFR 1311.08 - Incorporation by reference.

Code of Federal Regulations, 2010 CFR

2010-04-01

... of Standards and Technology, Computer Security Division, Information Technology Laboratory, National... standards are available from the National Institute of Standards and Technology, Computer Security Division... 140-2, Security Requirements for Cryptographic Modules, May 25, 2001, as amended by Change Notices 2...

The European computer model for optronic system performance prediction (ECOMOS)

NASA Astrophysics Data System (ADS)

Keßler, Stefan; Bijl, Piet; Labarre, Luc; Repasi, Endre; Wittenstein, Wolfgang; Bürsing, Helge

2017-10-01

ECOMOS is a multinational effort within the framework of an EDA Project Arrangement. Its aim is to provide a generally accepted and harmonized European computer model for computing nominal Target Acquisition (TA) ranges of optronic imagers operating in the Visible or thermal Infrared (IR). The project involves close co-operation of defence and security industry and public research institutes from France, Germany, Italy, The Netherlands and Sweden. ECOMOS uses and combines well-accepted existing European tools to build up a strong competitive position. This includes two TA models: the analytical TRM4 model and the image-based TOD model. In addition, it uses the atmosphere model MATISSE. In this paper, the central idea of ECOMOS is exposed. The overall software structure and the underlying models are shown and elucidated. The status of the project development is given as well as a short discussion of validation tests and an outlook on the future potential of simulation for sensor assessment.

Interactive Synthesis of Code Level Security Rules

DTIC Science & Technology

2017-04-01

Interactive Synthesis of Code-Level Security Rules A Thesis Presented by Leo St. Amour to The Department of Computer Science in partial fulfillment...of the requirements for the degree of Master of Science in Computer Science Northeastern University Boston, Massachusetts April 2017 DISTRIBUTION...Abstract of the Thesis Interactive Synthesis of Code-Level Security Rules by Leo St. Amour Master of Science in Computer Science Northeastern University

Martime Security: Ferry Security Measures Have Been Implemented, but Evaluating Existing Studies Could Further Enhance Security

DTIC Science & Technology

2010-12-01

relevant requirements, analyzed 2006 through 2009 security operations data, interviewed federal and industry officials, and made observations at five...warranted, acted on all findings and recommendations resulting from five agency- contracted studies on ferry security completed in 2005 and 2006 ...Figure 5: Security Deficiencies by Vessel Type, 2006 through 2009 27 Figure 6: Security Deficiencies by Facility Type, 2006 through 2009 28

The DISAM Journal of International Security Assistance Management. Volume 3, Number 4

DTIC Science & Technology

2010-03-01

enough to help create jobs and build up the UAE industry . Still, for the near term, the United States stands to benefi t from several major projects ... PROJECT NUMBER 5e. TASK NUMBER 5f. WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) Defense Institute of Security Assistance...it was amazing to see what industry brought to the table as far as platforms and capabilities. Industry has made it clear that they can build the

Jamaican Maritime Security. What are the Capability Gaps that Limit the Jamaica Defence Force in the Execution of its Roles in Maritime Security

DTIC Science & Technology

2017-06-09

revenue was generated from living resources such as fish, non-living resources such as oil, and ecosystems and ecosystem processes such as tourism ...however, based on the size of Jamaica’s tourism industry and other ocean economy related industries it is reasonable to conclude that it is a...and other marine resources eventually leads to damaged beaches and coastlines, and ultimately damages tourism and other industries. Though Jamaicans

ICS security in maritime transportation : a white paper examining the security and resiliency of critical transportation infrastructure

DOT National Transportation Integrated Search

2013-07-29

The John A. Volpe National Transportation Systems Center was asked by the Office of Security of the Maritime Administration to examine the issue of industrial control systems (ICS) security in the Maritime Transportation System (MTS), and to develop ...

75 FR 21012 - Extension of Agency Information Collection Activity Under OMB Review: Highway Corporate Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-22

... Information Collection Activity Under OMB Review: Highway Corporate Security Review (CSR) AGENCY... in the highway and motor carrier industry by way of its Highway Corporate Security Review Program... comments. Information Collection Requirement Title: Corporate Security Review (CSR). Type of Request...

The Perceptions of U.S.-Based IT Security Professionals about the Effectiveness of IT Security Frameworks: A Quantitative Study

ERIC Educational Resources Information Center

Warfield, Douglas L.

2011-01-01

The evolution of information technology has included new methodologies that use information technology to control and manage various industries and government activities. Information Technology has also evolved as its own industry with global networks of interconnectivity, such as the Internet, and frameworks, models, and methodologies to control…

Secure distributed genome analysis for GWAS and sequence comparison computation.

PubMed

Zhang, Yihua; Blanton, Marina; Almashaqbeh, Ghada

2015-01-01

The rapid increase in the availability and volume of genomic data makes significant advances in biomedical research possible, but sharing of genomic data poses challenges due to the highly sensitive nature of such data. To address the challenges, a competition for secure distributed processing of genomic data was organized by the iDASH research center. In this work we propose techniques for securing computation with real-life genomic data for minor allele frequency and chi-squared statistics computation, as well as distance computation between two genomic sequences, as specified by the iDASH competition tasks. We put forward novel optimizations, including a generalization of a version of mergesort, which might be of independent interest. We provide implementation results of our techniques based on secret sharing that demonstrate practicality of the suggested protocols and also report on performance improvements due to our optimization techniques. This work describes our techniques, findings, and experimental results developed and obtained as part of iDASH 2015 research competition to secure real-life genomic computations and shows feasibility of securely computing with genomic data in practice.

Secure distributed genome analysis for GWAS and sequence comparison computation

PubMed Central

2015-01-01

Background The rapid increase in the availability and volume of genomic data makes significant advances in biomedical research possible, but sharing of genomic data poses challenges due to the highly sensitive nature of such data. To address the challenges, a competition for secure distributed processing of genomic data was organized by the iDASH research center. Methods In this work we propose techniques for securing computation with real-life genomic data for minor allele frequency and chi-squared statistics computation, as well as distance computation between two genomic sequences, as specified by the iDASH competition tasks. We put forward novel optimizations, including a generalization of a version of mergesort, which might be of independent interest. Results We provide implementation results of our techniques based on secret sharing that demonstrate practicality of the suggested protocols and also report on performance improvements due to our optimization techniques. Conclusions This work describes our techniques, findings, and experimental results developed and obtained as part of iDASH 2015 research competition to secure real-life genomic computations and shows feasibility of securely computing with genomic data in practice. PMID:26733307

Non-developmental item computer systems and the malicious software threat

NASA Technical Reports Server (NTRS)

Bown, Rodney L.

1991-01-01

The following subject areas are covered: a DOD development system - the Army Secure Operating System; non-development commercial computer systems; security, integrity, and assurance of service (SI and A); post delivery SI and A and malicious software; computer system unique attributes; positive feedback to commercial computer systems vendors; and NDI (Non-Development Item) computers and software safety.

Securing the Data Storage and Processing in Cloud Computing Environment

ERIC Educational Resources Information Center

Owens, Rodney

2013-01-01

Organizations increasingly utilize cloud computing architectures to reduce costs and energy consumption both in the data warehouse and on mobile devices by better utilizing the computing resources available. However, the security and privacy issues with publicly available cloud computing infrastructures have not been studied to a sufficient depth…

Computer Virus Bibliography, 1988-1989.

ERIC Educational Resources Information Center

Bologna, Jack, Comp.

This bibliography lists 14 books, 154 journal articles, 34 newspaper articles, and 3 research papers published during 1988-1989 on the subject of computer viruses, software protection and 'cures', virus hackers, and other related issues. Some of the sources listed include Computers and Security, Computer Security Digest, PC Week, Time, the New…

Report: EPA’s Office of Environmental Information Should Improve Ariel Rios and Potomac Yard Computer Room Security Controls

EPA Pesticide Factsheets

Report #12-P-0879, September 26, 2012. The security posture and in-place environmental control review of the computer rooms in the Ariel Rios and Potomac Yard buildings revealed numerous security and environmental control deficiencies.

Design Principles and Guidelines for Security

DTIC Science & Technology

2007-11-21

Padula , Secure Computer Systems: Unified Exposition and Multics Interpretation. Electronic Systems Division, USAF. ESD-TR-75-306, MTR-2997 Rev.1...Hanscom AFB, MA. March 1976 [7] David Elliott Bell. “Looking Back at the Bell-La Padula Model,” Proc. Annual Computer Security Applications Conference

20 CFR 225.15 - Overall Minimum PIA.

Code of Federal Regulations, 2010 CFR

2010-04-01

... Security Act based on combined railroad and social security earnings. The Overall Minimum PIA is used in computing the social security overall minimum guaranty amount. The overall minimum guaranty rate annuity... INSURANCE AMOUNT DETERMINATIONS PIA's Used in Computing Employee, Spouse and Divorced Spouse Annuities § 225...

22 CFR 127.5 - Authority of the Defense Security Service.

Code of Federal Regulations, 2010 CFR

2010-04-01

... ensure compliance with the Department of Defense National Industrial Security Program Operating Manual... 22 Foreign Relations 1 2010-04-01 2010-04-01 false Authority of the Defense Security Service. 127... VIOLATIONS AND PENALTIES § 127.5 Authority of the Defense Security Service. In the case of exports involving...

22 CFR 125.3 - Exports of classified technical data and classified defense articles.

Code of Federal Regulations, 2010 CFR

2010-04-01

... in the Department of Defense National Industrial Security Program Operating Manual (unless such.... It should also list the facility security clearance code of all U.S. parties on the license and include the Defense Security Service cognizant security office of the party responsible for packaging the...

76 FR 39887 - Extension of Agency Information Collection Activity Under OMB Review: Highway Corporate Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-07

... Information Collection Activity Under OMB Review: Highway Corporate Security Review AGENCY: Transportation... industry by way of its Highway Corporate Security Review (CSR) Program, which encompasses site visits and... Title: Highway Corporate Security Review. Type of Request: Extension of a currently approved collection...

78 FR 13075 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Pipeline...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-26

... From OMB of One Current Public Collection of Information: Pipeline Corporate Security Review Program... current security practices in the pipeline industry by way of TSA's Pipeline Corporate Security Review... Collection Requirement The TSA Pipeline Security Branch is responsible for conducting Pipeline Corporate...