Analysis of MD5 authentication in various routing protocols using simulation tools

NASA Astrophysics Data System (ADS)

Dinakaran, M.; Darshan, K. N.; Patel, Harsh

2017-11-01

Authentication being an important paradigm of security and Computer Networks require secure paths to make the flow of the data even more secure through some security protocols. So MD-5(Message Digest 5) helps in providing data integrity to the data being sent through it and authentication to the network devices. This paper gives a brief introduction to the MD-5, simulation of the networks by including MD-5 authentication using various routing protocols like OSPF, EIGRP and RIPv2. GNS3 is being used to simulate the scenarios. Analysis of the MD-5 authentication is done in the later sections of the paper.

Convergence: Yea or Nay?

ERIC Educational Resources Information Center

Villano, Matt

2008-01-01

Colleges and universities can never be too prepared, whether for physical attacks or data security breaches. A quick data slice of over 7,000 US higher ed institutions, using the Office of Postsecondary Education's Campus Security Data Analysis Cutting Tool Website and cutting across public and private two- and four-year schools, reveals some…

Analysis of ISO NE Balancing Requirements: Uncertainty-based Secure Ranges for ISO New England Dynamic Inerchange Adjustments

DOE Office of Scientific and Technical Information (OSTI.GOV)

Etingov, Pavel V.; Makarov, Yuri V.; Wu, Di

The document describes detailed uncertainty quantification (UQ) methodology developed by PNNL to estimate secure ranges of potential dynamic intra-hour interchange adjustments in the ISO-NE system and provides description of the dynamic interchange adjustment (DINA) tool developed under the same contract. The overall system ramping up and down capability, spinning reserve requirements, interchange schedules, load variations and uncertainties from various sources that are relevant to the ISO-NE system are incorporated into the methodology and the tool. The DINA tool has been tested by PNNL and ISO-NE staff engineers using ISO-NE data.

Auditing Albaha University Network Security using in-house Developed Penetration Tool

NASA Astrophysics Data System (ADS)

Alzahrani, M. E.

2018-03-01

Network security becomes very important aspect in any enterprise/organization computer network. If important information of the organization can be accessed by anyone it may be used against the organization for further own interest. Thus, network security comes into it roles. One of important aspect of security management is security audit. Security performance of Albaha university network is relatively low (in term of the total controls outlined in the ISO 27002 security control framework). This paper proposes network security audit tool to address issues in Albaha University network. The proposed penetration tool uses Nessus and Metasploit tool to find out the vulnerability of a site. A regular self-audit using inhouse developed tool will increase the overall security and performance of Albaha university network. Important results of the penetration test are discussed.

Analysis of key technologies for virtual instruments metrology

NASA Astrophysics Data System (ADS)

Liu, Guixiong; Xu, Qingui; Gao, Furong; Guan, Qiuju; Fang, Qiang

2008-12-01

Virtual instruments (VIs) require metrological verification when applied as measuring instruments. Owing to the software-centered architecture, metrological evaluation of VIs includes two aspects: measurement functions and software characteristics. Complexity of software imposes difficulties on metrological testing of VIs. Key approaches and technologies for metrology evaluation of virtual instruments are investigated and analyzed in this paper. The principal issue is evaluation of measurement uncertainty. The nature and regularity of measurement uncertainty caused by software and algorithms can be evaluated by modeling, simulation, analysis, testing and statistics with support of powerful computing capability of PC. Another concern is evaluation of software features like correctness, reliability, stability, security and real-time of VIs. Technologies from software engineering, software testing and computer security domain can be used for these purposes. For example, a variety of black-box testing, white-box testing and modeling approaches can be used to evaluate the reliability of modules, components, applications and the whole VI software. The security of a VI can be assessed by methods like vulnerability scanning and penetration analysis. In order to facilitate metrology institutions to perform metrological verification of VIs efficiently, an automatic metrological tool for the above validation is essential. Based on technologies of numerical simulation, software testing and system benchmarking, a framework for the automatic tool is proposed in this paper. Investigation on implementation of existing automatic tools that perform calculation of measurement uncertainty, software testing and security assessment demonstrates the feasibility of the automatic framework advanced.

PLAYGROUND: preparing students for the cyber battleground

NASA Astrophysics Data System (ADS)

Nielson, Seth James

2016-12-01

Attempting to educate practitioners of computer security can be difficult if for no other reason than the breadth of knowledge required today. The security profession includes widely diverse subfields including cryptography, network architectures, programming, programming languages, design, coding practices, software testing, pattern recognition, economic analysis, and even human psychology. While an individual may choose to specialize in one of these more narrow elements, there is a pressing need for practitioners that have a solid understanding of the unifying principles of the whole. We created the Playground network simulation tool and used it in the instruction of a network security course to graduate students. This tool was created for three specific purposes. First, it provides simulation sufficiently powerful to permit rigorous study of desired principles while simultaneously reducing or eliminating unnecessary and distracting complexities. Second, it permitted the students to rapidly prototype a suite of security protocols and mechanisms. Finally, with equal rapidity, the students were able to develop attacks against the protocols that they themselves had created. Based on our own observations and student reviews, we believe that these three features combine to create a powerful pedagogical tool that provides students with a significant amount of breadth and intense emotional connection to computer security in a single semester.

Secure FAST: Security Enhancement in the NATO Time Sensitive Targeting Tool

DTIC Science & Technology

2010-11-01

designed to aid in the tracking and prosecuting of Time Sensitive Targets. The FAST tool provides user level authentication and authorisation in terms...level authentication and authorisation in terms of security. It uses operating system level security but does not provide application level security for...and collaboration tool, designed to aid in the tracking and prosecuting of Time Sensitive Targets. The FAST tool provides user level authentication and

Microgrid Analysis Tools Summary

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jimenez, Antonio; Haase, Scott G; Mathur, Shivani

2018-03-05

The over-arching goal of the Alaska Microgrid Partnership is to reduce the use of total imported fuel into communities to secure all energy services by at least 50% in Alaska's remote microgrids without increasing system life cycle costs while also improving overall system reliability, security, and resilience. One goal of the Alaska Microgrid Partnership is to investigate whether a combination of energy efficiency and high-contribution (from renewable energy) power systems can reduce total imported energy usage by 50% while reducing life cycle costs and improving reliability and resiliency. This presentation provides an overview of the following four renewable energy optimizationmore » tools. Information is from respective tool websites, tool developers, and author experience. Distributed Energy Resources Customer Adoption Model (DER-CAM) Microgrid Design Toolkit (MDT) Renewable Energy Optimization (REopt) Tool Hybrid Optimization Model for Electric Renewables (HOMER).« less

Modeling Tools for Propulsion Analysis and Computational Fluid Dynamics on the Internet

NASA Technical Reports Server (NTRS)

Muss, J. A.; Johnson, C. W.; Gotchy, M. B.

2000-01-01

The existing RocketWeb(TradeMark) Internet Analysis System (httr)://www.iohnsonrockets.com/rocketweb) provides an integrated set of advanced analysis tools that can be securely accessed over the Internet. Since these tools consist of both batch and interactive analysis codes, the system includes convenient methods for creating input files and evaluating the resulting data. The RocketWeb(TradeMark) system also contains many features that permit data sharing which, when further developed, will facilitate real-time, geographically diverse, collaborative engineering within a designated work group. Adding work group management functionality while simultaneously extending and integrating the system's set of design and analysis tools will create a system providing rigorous, controlled design development, reducing design cycle time and cost.

Client-side Skype forensics: an overview

NASA Astrophysics Data System (ADS)

Meißner, Tina; Kröger, Knut; Creutzburg, Reiner

2013-03-01

IT security and computer forensics are important components in the information technology. In the present study, a client-side Skype forensics is performed. It is designed to explain which kind of user data are stored on a computer and which tools allow the extraction of those data for a forensic investigation. There are described both methods - a manual analysis and an analysis with (mainly) open source tools, respectively.

Teaching Web Security Using Portable Virtual Labs

ERIC Educational Resources Information Center

Chen, Li-Chiou; Tao, Lixin

2012-01-01

We have developed a tool called Secure WEb dEvelopment Teaching (SWEET) to introduce security concepts and practices for web application development. This tool provides introductory tutorials, teaching modules utilizing virtualized hands-on exercises, and project ideas in web application security. In addition, the tool provides pre-configured…

Secure access to patient's health records using SpeechXRays a mutli-channel biometrics platform for user authentication.

PubMed

Spanakis, Emmanouil G; Spanakis, Marios; Karantanas, Apostolos; Marias, Kostas

2016-08-01

The most commonly used method for user authentication in ICT services or systems is the application of identification tools such as passwords or personal identification numbers (PINs). The rapid development in ICT technology regarding smart devices (laptops, tablets and smartphones) has allowed also the advance of hardware components that capture several biometric traits such as fingerprints and voice. These components are aiming among others to overcome weaknesses and flaws of password usage under the prism of improved user authentication with higher level of security, privacy and usability. To this respect, the potential application of biometrics for secure user authentication regarding access in systems with sensitive data (i.e. patient's data from electronic health records) shows great potentials. SpeechXRays aims to provide a user recognition platform based on biometrics of voice acoustics analysis and audio-visual identity verification. Among others, the platform aims to be applied as an authentication tool for medical personnel in order to gain specific access to patient's electronic health records. In this work a short description of SpeechXrays implementation tool regarding eHealth is provided and analyzed. This study explores security and privacy issues, and offers a comprehensive overview of biometrics technology applications in addressing the e-Health security challenges. We present and describe the necessary requirement for an eHealth platform concerning biometric security.

Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools

DTIC Science & Technology

2008-06-01

Fortify SCA 3 2.2 Compass / ROSE 6 3 Project Analysis 9 3.1 Measuring and Analysis 9 4 Results 13 4.1 Fortify Results 13 4.1.1 CERT C++ Secure...Fortify C Rules 23 Appendix B Fortify C++ Rules 35 Appendix C C Rules Implemented in Compass Rose 43 Appendix D ROSE C++ Rules 51 References...to Daniel Quinlan at Lawrence Livermore National Laboratory for all his help getting us up and running with Compass /ROSE. Thanks to our SEI editor

Automating Risk Analysis of Software Design Models

PubMed Central

Ruiz, Guifré; Heymann, Elisa; César, Eduardo; Miller, Barton P.

2014-01-01

The growth of the internet and networked systems has exposed software to an increased amount of security threats. One of the responses from software developers to these threats is the introduction of security activities in the software development lifecycle. This paper describes an approach to reduce the need for costly human expertise to perform risk analysis in software, which is common in secure development methodologies, by automating threat modeling. Reducing the dependency on security experts aims at reducing the cost of secure development by allowing non-security-aware developers to apply secure development with little to no additional cost, making secure development more accessible. To automate threat modeling two data structures are introduced, identification trees and mitigation trees, to identify threats in software designs and advise mitigation techniques, while taking into account specification requirements and cost concerns. These are the components of our model for automated threat modeling, AutSEC. We validated AutSEC by implementing it in a tool based on data flow diagrams, from the Microsoft security development methodology, and applying it to VOMS, a grid middleware component, to evaluate our model's performance. PMID:25136688

Automating risk analysis of software design models.

PubMed

Frydman, Maxime; Ruiz, Guifré; Heymann, Elisa; César, Eduardo; Miller, Barton P

2014-01-01

The growth of the internet and networked systems has exposed software to an increased amount of security threats. One of the responses from software developers to these threats is the introduction of security activities in the software development lifecycle. This paper describes an approach to reduce the need for costly human expertise to perform risk analysis in software, which is common in secure development methodologies, by automating threat modeling. Reducing the dependency on security experts aims at reducing the cost of secure development by allowing non-security-aware developers to apply secure development with little to no additional cost, making secure development more accessible. To automate threat modeling two data structures are introduced, identification trees and mitigation trees, to identify threats in software designs and advise mitigation techniques, while taking into account specification requirements and cost concerns. These are the components of our model for automated threat modeling, AutSEC. We validated AutSEC by implementing it in a tool based on data flow diagrams, from the Microsoft security development methodology, and applying it to VOMS, a grid middleware component, to evaluate our model's performance.

CALS Database Usage and Analysis Tool Study

DTIC Science & Technology

1991-09-01

inference aggregation and cardinality aggregation as two distinct aspects of the aggregation problem. The paper develops the concept of a semantic...aggregation, cardinality aggregation I " CALS Database Usage Analysis Tool Study * Bibliography * Page 7 i NIDX - An Expert System for Real-Time...1989 IEEE Symposium on Research in Security and Privacy, Oakland, CA, May 1989. [21 Baur, D.S.; Eichelman, F.R. 1I; Herrera , R.M.; Irgon, A.E

An enhanced MMW and SMMW/THz imaging system performance prediction and analysis tool for concealed weapon detection and pilotage obstacle avoidance

NASA Astrophysics Data System (ADS)

Murrill, Steven R.; Jacobs, Eddie L.; Franck, Charmaine C.; Petkie, Douglas T.; De Lucia, Frank C.

2015-10-01

The U.S. Army Research Laboratory (ARL) has continued to develop and enhance a millimeter-wave (MMW) and submillimeter- wave (SMMW)/terahertz (THz)-band imaging system performance prediction and analysis tool for both the detection and identification of concealed weaponry, and for pilotage obstacle avoidance. The details of the MATLAB-based model which accounts for the effects of all critical sensor and display components, for the effects of atmospheric attenuation, concealment material attenuation, and active illumination, were reported on at the 2005 SPIE Europe Security and Defence Symposium (Brugge). An advanced version of the base model that accounts for both the dramatic impact that target and background orientation can have on target observability as related to specular and Lambertian reflections captured by an active-illumination-based imaging system, and for the impact of target and background thermal emission, was reported on at the 2007 SPIE Defense and Security Symposium (Orlando). Further development of this tool that includes a MODTRAN-based atmospheric attenuation calculator and advanced system architecture configuration inputs that allow for straightforward performance analysis of active or passive systems based on scanning (single- or line-array detector element(s)) or staring (focal-plane-array detector elements) imaging architectures was reported on at the 2011 SPIE Europe Security and Defence Symposium (Prague). This paper provides a comprehensive review of a newly enhanced MMW and SMMW/THz imaging system analysis and design tool that now includes an improved noise sub-model for more accurate and reliable performance predictions, the capability to account for postcapture image contrast enhancement, and the capability to account for concealment material backscatter with active-illumination- based systems. Present plans for additional expansion of the model's predictive capabilities are also outlined.

Hybrid methods for cybersecurity analysis :

DOE Office of Scientific and Technical Information (OSTI.GOV)

Davis, Warren Leon,; Dunlavy, Daniel M.

2014-01-01

Early 2010 saw a signi cant change in adversarial techniques aimed at network intrusion: a shift from malware delivered via email attachments toward the use of hidden, embedded hyperlinks to initiate sequences of downloads and interactions with web sites and network servers containing malicious software. Enterprise security groups were well poised and experienced in defending the former attacks, but the new types of attacks were larger in number, more challenging to detect, dynamic in nature, and required the development of new technologies and analytic capabilities. The Hybrid LDRD project was aimed at delivering new capabilities in large-scale data modeling andmore » analysis to enterprise security operators and analysts and understanding the challenges of detection and prevention of emerging cybersecurity threats. Leveraging previous LDRD research e orts and capabilities in large-scale relational data analysis, large-scale discrete data analysis and visualization, and streaming data analysis, new modeling and analysis capabilities were quickly brought to bear on the problems in email phishing and spear phishing attacks in the Sandia enterprise security operational groups at the onset of the Hybrid project. As part of this project, a software development and deployment framework was created within the security analyst work ow tool sets to facilitate the delivery and testing of new capabilities as they became available, and machine learning algorithms were developed to address the challenge of dynamic threats. Furthermore, researchers from the Hybrid project were embedded in the security analyst groups for almost a full year, engaged in daily operational activities and routines, creating an atmosphere of trust and collaboration between the researchers and security personnel. The Hybrid project has altered the way that research ideas can be incorporated into the production environments of Sandias enterprise security groups, reducing time to deployment from months and years to hours and days for the application of new modeling and analysis capabilities to emerging threats. The development and deployment framework has been generalized into the Hybrid Framework and incor- porated into several LDRD, WFO, and DOE/CSL projects and proposals. And most importantly, the Hybrid project has provided Sandia security analysts with new, scalable, extensible analytic capabilities that have resulted in alerts not detectable using their previous work ow tool sets.« less

Midlevel Maternity Providers' Preferences of a Childbirth Monitoring Tool in Low-Income Health Units in Uganda.

PubMed

Balikuddembe, Michael S; Wakholi, Peter K; Tumwesigye, Nazarius M; Tylleskär, Thorkild

2018-01-01

A third of women in childbirth are inadequately monitored, partly due to the tools used. Some stakeholders assert that the current labour monitoring tools are not efficient and need improvement to become more relevant to childbirth attendants. The study objective was to explore the expectations of maternity service providers for a mobile childbirth monitoring tool in maternity facilities in a low-income country like Uganda. Semi-structured interviews of purposively selected midwives and doctors in rural-urban childbirth facilities in Uganda were conducted before thematic data analysis. The childbirth providers expected a tool that enabled fast and secure childbirth record storage and sharing. They desired a tool that would automatically and conveniently register patient clinical findings, and actively provide interactive clinical decision support on a busy ward. The tool ought to support agreed upon standards for good pregnancy outcomes but also adaptable to the patient and their difficult working conditions. The tool functionality should include clinical data management and real-time decision support to the midwives, while the non-functional attributes include versatility and security.

Famine Early Warning Systems Network (FEWS NET) Agro-climatology Analysis Tools and Knowledge Base Products for Food Security Applications

NASA Astrophysics Data System (ADS)

Budde, M. E.; Rowland, J.; Anthony, M.; Palka, S.; Martinez, J.; Hussain, R.

2017-12-01

The U.S. Geological Survey (USGS) supports the use of Earth observation data for food security monitoring through its role as an implementing partner of the Famine Early Warning Systems Network (FEWS NET). The USGS Earth Resources Observation and Science (EROS) Center has developed tools designed to aid food security analysts in developing assumptions of agro-climatological outcomes. There are four primary steps to developing agro-climatology assumptions; including: 1) understanding the climatology, 2) evaluating current climate modes, 3) interpretation of forecast information, and 4) incorporation of monitoring data. Analysts routinely forecast outcomes well in advance of the growing season, which relies on knowledge of climatology. A few months prior to the growing season, analysts can assess large-scale climate modes that might influence seasonal outcomes. Within two months of the growing season, analysts can evaluate seasonal forecast information as indicators. Once the growing season begins, monitoring data, based on remote sensing and field information, can characterize the start of season and remain integral monitoring tools throughout the duration of the season. Each subsequent step in the process can lead to modifications of the original climatology assumption. To support such analyses, we have created an agro-climatology analysis tool that characterizes each step in the assumption building process. Satellite-based rainfall and normalized difference vegetation index (NDVI)-based products support both the climatology and monitoring steps, sea-surface temperature data and knowledge of the global climate system inform the climate modes, and precipitation forecasts at multiple scales support the interpretation of forecast information. Organizing these data for a user-specified area provides a valuable tool for food security analysts to better formulate agro-climatology assumptions that feed into food security assessments. We have also developed a knowledge base for over 80 countries that provide rainfall and NDVI-based products, including annual and seasonal summaries, historical anomalies, coefficient of variation, and number of years below 70% of annual or seasonal averages. These products provide a quick look for analysts to assess the agro-climatology of a country.

Visualization Tools for Teaching Computer Security

ERIC Educational Resources Information Center

Yuan, Xiaohong; Vega, Percy; Qadah, Yaseen; Archer, Ricky; Yu, Huiming; Xu, Jinsheng

2010-01-01

Using animated visualization tools has been an important teaching approach in computer science education. We have developed three visualization and animation tools that demonstrate various information security concepts and actively engage learners. The information security concepts illustrated include: packet sniffer and related computer network…

Automatic Inference of Cryptographic Key Length Based on Analysis of Proof Tightness

DTIC Science & Technology

2016-06-01

within an attack tree structure, then expand attack tree methodology to include cryptographic reductions. We then provide the algorithms for...maintaining and automatically reasoning about these expanded attack trees . We provide a software tool that utilizes machine-readable proof and attack metadata...and the attack tree methodology to provide rapid and precise answers regarding security parameters and effective security. This eliminates the need

Sustainable Biofuel Crops Project, Final Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Juhn, Daniel; Grantham, Hedley

2014-05-28

Over the last six years, the Food and Agriculture Organization of the United Nations (FAO) has developed the Bioenergy and Food Security (BEFS) Approach to help countries design and implement sustainable bioenergy policies and strategies. The BEFS Approach consists of two sets of multidisciplinary and integrated tools and guidance (the BEFS Rapid Appraisal and the BEFS Detailed Analysis) to facilitate better decision on bioenergy development which should foster both food and energy security, and contribute to agricultural and rural development. The development of the BEFS Approach was for the most part funded by the German Federal Ministry of Food andmore » Agriculture. Recognizing the need to provide support to countries that wanted an initial assessment of their sustainable bioenergy potential, and of the associated opportunities, risks and trade offs, FAO began developing the BEFS-RA (Rapid Appraisal). The BEFS RA is a spreadsheet–based assessment and analysis tool designed to outline the country's basic energy, agriculture and food security context, the natural resources potential, the bioenergy end use options, including initial financial and economic implications, and the identification of issues that might require fuller investigation with the BEFS Detailed Analysis.« less

Unix Security Cookbook

NASA Astrophysics Data System (ADS)

Rehan, S. C.

This document has been written to help Site Managers secure their Unix hosts from being compromised by hackers. I have given brief introductions to the security tools along with downloading, configuring and running information. I have also included a section on my recommendations for installing these security tools starting from an absolute minimum security requirement.

33 CFR 101.510 - Assessment tools.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 33 Navigation and Navigable Waters 1 2014-07-01 2014-07-01 false Assessment tools. 101.510 Section 101.510 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: GENERAL Other Provisions § 101.510 Assessment tools. Ports, vessels, and facilities...

What are we assessing when we measure food security? A compendium and review of current metrics.

PubMed

Jones, Andrew D; Ngure, Francis M; Pelto, Gretel; Young, Sera L

2013-09-01

The appropriate measurement of food security is critical for targeting food and economic aid; supporting early famine warning and global monitoring systems; evaluating nutrition, health, and development programs; and informing government policy across many sectors. This important work is complicated by the multiple approaches and tools for assessing food security. In response, we have prepared a compendium and review of food security assessment tools in which we review issues of terminology, measurement, and validation. We begin by describing the evolving definition of food security and use this discussion to frame a review of the current landscape of measurement tools available for assessing food security. We critically assess the purpose/s of these tools, the domains of food security assessed by each, the conceptualizations of food security that underpin each metric, as well as the approaches that have been used to validate these metrics. Specifically, we describe measurement tools that 1) provide national-level estimates of food security, 2) inform global monitoring and early warning systems, 3) assess household food access and acquisition, and 4) measure food consumption and utilization. After describing a number of outstanding measurement challenges that might be addressed in future research, we conclude by offering suggestions to guide the selection of appropriate food security metrics.

What Are We Assessing When We Measure Food Security? A Compendium and Review of Current Metrics12

PubMed Central

Jones, Andrew D.; Ngure, Francis M.; Pelto, Gretel; Young, Sera L.

2013-01-01

The appropriate measurement of food security is critical for targeting food and economic aid; supporting early famine warning and global monitoring systems; evaluating nutrition, health, and development programs; and informing government policy across many sectors. This important work is complicated by the multiple approaches and tools for assessing food security. In response, we have prepared a compendium and review of food security assessment tools in which we review issues of terminology, measurement, and validation. We begin by describing the evolving definition of food security and use this discussion to frame a review of the current landscape of measurement tools available for assessing food security. We critically assess the purpose/s of these tools, the domains of food security assessed by each, the conceptualizations of food security that underpin each metric, as well as the approaches that have been used to validate these metrics. Specifically, we describe measurement tools that 1) provide national-level estimates of food security, 2) inform global monitoring and early warning systems, 3) assess household food access and acquisition, and 4) measure food consumption and utilization. After describing a number of outstanding measurement challenges that might be addressed in future research, we conclude by offering suggestions to guide the selection of appropriate food security metrics. PMID:24038241

Violence and Abuse in Rural America

MedlinePlus

... for Success Am I Rural? Evidence-based Toolkits Economic Impact Analysis Tool Community Health Gateway Sustainability Planning ... phone and internet, as reported in Rural Survivors & Economic Security . Advocacy and Legal Services: For all forms ...

[The comparative evaluation of level of security culture in medical organizations].

PubMed

Roitberg, G E; Kondratova, N V; Galanina, E V

2016-01-01

The study was carried out on the basis of clinic “Medicine” in 2014-2015 concerning security culture. The sampling included 465 filled HSPSC questionnaires. The comparative analysis of received was implemented. The “Zubovskaia district hospital” Having no accreditation according security standards and group of clinics from USA functioning for many years in the system of patient security support were selected as objects for comparison. The evaluation was implemented concerning dynamics of security culture in organization at implementation of strategies of security of patients during 5 years and comparison of obtained results with USA clinics was made. The study results demonstrated that in conditions of absence of implemented standards of security in medical organization total evaluation of security remains extremely low. The study of security culture using HSPSC questionnaire is an effective tool for evaluating implementation of various strategies of security ofpatient. The functioning in the system of international standards of quality, primarily JCI standards, permits during several years to achieve high indices of security culture.

Security Risks: Management and Mitigation in the Software Life Cycle

NASA Technical Reports Server (NTRS)

Gilliam, David P.

2004-01-01

A formal approach to managing and mitigating security risks in the software life cycle is requisite to developing software that has a higher degree of assurance that it is free of security defects which pose risk to the computing environment and the organization. Due to its criticality, security should be integrated as a formal approach in the software life cycle. Both a software security checklist and assessment tools should be incorporated into this life cycle process and integrated with a security risk assessment and mitigation tool. The current research at JPL addresses these areas through the development of a Sotfware Security Assessment Instrument (SSAI) and integrating it with a Defect Detection and Prevention (DDP) risk management tool.

Privacy and security in teleradiology.

PubMed

Ruotsalainen, Pekka

2010-01-01

Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper. Copyright (c) 2009 Elsevier Ireland Ltd. All rights reserved.

Climate tools in mainstream Linux distributions

NASA Astrophysics Data System (ADS)

McKinstry, Alastair

2015-04-01

Debian/meterology is a project to integrate climate tools and analysis software into the mainstream Debian/Ubuntu Linux distributions. This work describes lessons learnt, and recommends practices for scientific software to be adopted and maintained in OS distributions. In addition to standard analysis tools (cdo,, grads, ferret, metview, ncl, etc.), software used by the Earth System Grid Federation was chosen for integraion, to enable ESGF portals to be built on this base; however exposing scientific codes via web APIs enables security weaknesses, normally ignorable, to be exposed. How tools are hardened, and what changes are required to handle security upgrades, are described. Secondly, to enable libraries and components (e.g. Python modules) to be integrated requires planning by writers: it is not sufficient to assume users can upgrade their code when you make incompatible changes. Here, practices are recommended to enable upgrades and co-installability of C, C++, Fortran and Python codes. Finally, software packages such as NetCDF and HDF5 can be built in multiple configurations. Tools may then expect incompatible versions of these libraries (e.g. serial and parallel) to be simultaneously available; how this was solved in Debian using "pkg-config" and shared library interfaces is described, and best practices for software writers to enable this are summarised.

Nuclear Power Plant Cyber Security Discrete Dynamic Event Tree Analysis (LDRD 17-0958) FY17 Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Wheeler, Timothy A.; Denman, Matthew R.; Williams, R. A.

Instrumentation and control of nuclear power is transforming from analog to modern digital assets. These control systems perform key safety and security functions. This transformation is occurring in new plant designs as well as in the existing fleet of plants as the operation of those plants is extended to 60 years. This transformation introduces new and unknown issues involving both digital asset induced safety issues and security issues. Traditional nuclear power risk assessment tools and cyber security assessment methods have not been modified or developed to address the unique nature of cyber failure modes and of cyber security threat vulnerabilities.more » iii This Lab-Directed Research and Development project has developed a dynamic cyber-risk in- formed tool to facilitate the analysis of unique cyber failure modes and the time sequencing of cyber faults, both malicious and non-malicious, and impose those cyber exploits and cyber faults onto a nuclear power plant accident sequence simulator code to assess how cyber exploits and cyber faults could interact with a plants digital instrumentation and control (DI&C) system and defeat or circumvent a plants cyber security controls. This was achieved by coupling an existing Sandia National Laboratories nuclear accident dynamic simulator code with a cyber emulytics code to demonstrate real-time simulation of cyber exploits and their impact on automatic DI&C responses. Studying such potential time-sequenced cyber-attacks and their risks (i.e., the associated impact and the associated degree of difficulty to achieve the attack vector) on accident management establishes a technical risk informed framework for developing effective cyber security controls for nuclear power.« less

Monitoring Global Food Security with New Remote Sensing Products and Tools

NASA Astrophysics Data System (ADS)

Budde, M. E.; Rowland, J.; Senay, G. B.; Funk, C. C.; Husak, G. J.; Magadzire, T.; Verdin, J. P.

2012-12-01

Global agriculture monitoring is a crucial aspect of monitoring food security in the developing world. The Famine Early Warning Systems Network (FEWS NET) has a long history of using remote sensing and crop modeling to address food security threats in the form of drought, floods, pests, and climate change. In recent years, it has become apparent that FEWS NET requires the ability to apply monitoring and modeling frameworks at a global scale to assess potential impacts of foreign production and markets on food security at regional, national, and local levels. Scientists at the U.S. Geological Survey (USGS) Earth Resources Observation and Science (EROS) Center and the University of California Santa Barbara (UCSB) Climate Hazards Group have provided new and improved data products as well as visualization and analysis tools in support of the increased mandate for remote monitoring. We present our monitoring products for measuring actual evapotranspiration (ETa), normalized difference vegetation index (NDVI) in a near-real-time mode, and satellite-based rainfall estimates and derivatives. USGS FEWS NET has implemented a Simplified Surface Energy Balance (SSEB) model to produce operational ETa anomalies for Africa and Central Asia. During the growing season, ETa anomalies express surplus or deficit crop water use, which is directly related to crop condition and biomass. We present current operational products and provide supporting validation of the SSEB model. The expedited Moderate Resolution Imaging Spectroradiometer (eMODIS) production system provides FEWS NET with an improved NDVI dataset for crop and rangeland monitoring. eMODIS NDVI provides a reliable data stream with a relatively high spatial resolution (250-m) and short latency period (less than 12 hours) which allows for better operational vegetation monitoring. We provide an overview of these data and cite specific applications for crop monitoring. FEWS NET uses satellite rainfall estimates as inputs for monitoring agricultural food production and driving crop water balance models. We present a series of derived rainfall products and provide an update on efforts to improve satellite-based estimates. We also present advancements in monitoring tools, namely, the Early Warning eXplorer (EWX) and interactive rainfall and NDVI time series viewers. The EWX is a data analysis and visualization tool that allows users to rapidly visualize multiple remote sensing datasets and compare standardized anomaly maps and time series. The interactive time series viewers allow users to analyze rainfall and NDVI time series over multiple spatial domains. New and improved data products and more targeted analysis tools are a necessity as food security monitoring requirements expand and resources become limited.

A Security Analysis of the 802.11s Wireless Mesh Network Routing Protocol and Its Secure Routing Protocols

PubMed Central

Tan, Whye Kit; Lee, Sang-Gon; Lam, Jun Huy; Yoo, Seong-Moo

2013-01-01

Wireless mesh networks (WMNs) can act as a scalable backbone by connecting separate sensor networks and even by connecting WMNs to a wired network. The Hybrid Wireless Mesh Protocol (HWMP) is the default routing protocol for the 802.11s WMN. The routing protocol is one of the most important parts of the network, and it requires protection, especially in the wireless environment. The existing security protocols, such as the Broadcast Integrity Protocol (BIP), Counter with cipher block chaining message authentication code protocol (CCMP), Secure Hybrid Wireless Mesh Protocol (SHWMP), Identity Based Cryptography HWMP (IBC-HWMP), Elliptic Curve Digital Signature Algorithm HWMP (ECDSA-HWMP), and Watchdog-HWMP aim to protect the HWMP frames. In this paper, we have analyzed the vulnerabilities of the HWMP and developed security requirements to protect these identified vulnerabilities. We applied the security requirements to analyze the existing secure schemes for HWMP. The results of our analysis indicate that none of these protocols is able to satisfy all of the security requirements. We also present a quantitative complexity comparison among the protocols and an example of a security scheme for HWMP to demonstrate how the result of our research can be utilized. Our research results thus provide a tool for designing secure schemes for the HWMP. PMID:24002231

A security analysis of the 802.11s wireless mesh network routing protocol and its secure routing protocols.

PubMed

Tan, Whye Kit; Lee, Sang-Gon; Lam, Jun Huy; Yoo, Seong-Moo

2013-09-02

Wireless mesh networks (WMNs) can act as a scalable backbone by connecting separate sensor networks and even by connecting WMNs to a wired network. The Hybrid Wireless Mesh Protocol (HWMP) is the default routing protocol for the 802.11s WMN. The routing protocol is one of the most important parts of the network, and it requires protection, especially in the wireless environment. The existing security protocols, such as the Broadcast Integrity Protocol (BIP), Counter with cipher block chaining message authentication code protocol (CCMP), Secure Hybrid Wireless Mesh Protocol (SHWMP), Identity Based Cryptography HWMP (IBC-HWMP), Elliptic Curve Digital Signature Algorithm HWMP (ECDSA-HWMP), and Watchdog-HWMP aim to protect the HWMP frames. In this paper, we have analyzed the vulnerabilities of the HWMP and developed security requirements to protect these identified vulnerabilities. We applied the security requirements to analyze the existing secure schemes for HWMP. The results of our analysis indicate that none of these protocols is able to satisfy all of the security requirements. We also present a quantitative complexity comparison among the protocols and an example of a security scheme for HWMP to demonstrate how the result of our research can be utilized. Our research results thus provide a tool for designing secure schemes for the HWMP.

Self port scanning tool : providing a more secure computing Environment through the use of proactive port scanning

NASA Technical Reports Server (NTRS)

Kocher, Joshua E; Gilliam, David P.

2005-01-01

Secure computing is a necessity in the hostile environment that the internet has become. Protection from nefarious individuals and organizations requires a solution that is more a methodology than a one time fix. One aspect of this methodology is having the knowledge of which network ports a computer has open to the world, These network ports are essentially the doorways from the internet into the computer. An assessment method which uses the nmap software to scan ports has been developed to aid System Administrators (SAs) with analysis of open ports on their system(s). Additionally, baselines for several operating systems have been developed so that SAs can compare their open ports to a baseline for a given operating system. Further, the tool is deployed on a website where SAs and Users can request a port scan of their computer. The results are then emailed to the requestor. This tool aids Users, SAs, and security professionals by providing an overall picture of what services are running, what ports are open, potential trojan programs or backdoors, and what ports can be closed.

Integration of the SSPM and STAGE with the MPACT Virtual Facility Distributed Test Bed.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Cipiti, Benjamin B.; Shoman, Nathan

The Material Protection Accounting and Control Technologies (MPACT) program within DOE NE is working toward a 2020 milestone to demonstrate a Virtual Facility Distributed Test Bed. The goal of the Virtual Test Bed is to link all MPACT modeling tools, technology development, and experimental work to create a Safeguards and Security by Design capability for fuel cycle facilities. The Separation and Safeguards Performance Model (SSPM) forms the core safeguards analysis tool, and the Scenario Toolkit and Generation Environment (STAGE) code forms the core physical security tool. These models are used to design and analyze safeguards and security systems and generatemore » performance metrics. Work over the past year has focused on how these models will integrate with the other capabilities in the MPACT program and specific model changes to enable more streamlined integration in the future. This report describes the model changes and plans for how the models will be used more collaboratively. The Virtual Facility is not designed to integrate all capabilities into one master code, but rather to maintain stand-alone capabilities that communicate results between codes more effectively.« less

A taxonomy and discussion of software attack technologies

NASA Astrophysics Data System (ADS)

Banks, Sheila B.; Stytz, Martin R.

2005-03-01

Software is a complex thing. It is not an engineering artifact that springs forth from a design by simply following software coding rules; creativity and the human element are at the heart of the process. Software development is part science, part art, and part craft. Design, architecture, and coding are equally important activities and in each of these activities, errors may be introduced that lead to security vulnerabilities. Therefore, inevitably, errors enter into the code. Some of these errors are discovered during testing; however, some are not. The best way to find security errors, whether they are introduced as part of the architecture development effort or coding effort, is to automate the security testing process to the maximum extent possible and add this class of tools to the tools available, which aids in the compilation process, testing, test analysis, and software distribution. Recent technological advances, improvements in computer-generated forces (CGFs), and results in research in information assurance and software protection indicate that we can build a semi-intelligent software security testing tool. However, before we can undertake the security testing automation effort, we must understand the scope of the required testing, the security failures that need to be uncovered during testing, and the characteristics of the failures. Therefore, we undertook the research reported in the paper, which is the development of a taxonomy and a discussion of software attacks generated from the point of view of the security tester with the goal of using the taxonomy to guide the development of the knowledge base for the automated security testing tool. The representation for attacks and threat cases yielded by this research captures the strategies, tactics, and other considerations that come into play during the planning and execution of attacks upon application software. The paper is organized as follows. Section one contains an introduction to our research and a discussion of the motivation for our work. Section two contains a presents our taxonomy of software attacks and a discussion of the strategies employed and general weaknesses exploited for each attack. Section three contains a summary and suggestions for further research.

Method for automation of tool preproduction

NASA Astrophysics Data System (ADS)

Rychkov, D. A.; Yanyushkin, A. S.; Lobanov, D. V.; Arkhipov, P. V.

2018-03-01

The primary objective of tool production is a creation or selection of such tool design which could make it possible to secure high process efficiency, tool availability as well as a quality of received surfaces with minimum means and resources spent on it. It takes much time of application people, being engaged in tool preparation, to make a correct selection of the appropriate tool among the set of variants. Program software has been developed to solve the problem, which helps to create, systematize and carry out a comparative analysis of tool design to identify the rational variant under given production conditions. The literature indicates that systematization and selection of the tool rational design has been carried out in accordance with the developed modeling technology and comparative design analysis. Software application makes it possible to reduce the period of design by 80....85% and obtain a significant annual saving.

Expert Approaches to Analysis

DTIC Science & Technology

1999-03-01

of epistemic forms and games , which can form the basis for building a tool to support expert analyses. 15. SUBJECT TERMS Expert analysis Epistemic...forms Epistemic games SECURITY CLASSIFICATION OF 16. REPORT Unclassified 17. ABSTRACT Unclassified 18. THIS PAGE Unclassified 19. LIMITATION OF...1998 Principal Investigators: Allan Collins & William Ferguson BBN Technologies Introduction 1 Prior Work 2 Structural-Analysis Games 2 Functional

Web vulnerability study of online pharmacy sites.

PubMed

Kuzma, Joanne

2011-01-01

Consumers are increasingly using online pharmacies, but these sites may not provide an adequate level of security with the consumers' personal data. There is a gap in this research addressing the problems of security vulnerabilities in this industry. The objective is to identify the level of web application security vulnerabilities in online pharmacies and the common types of flaws, thus expanding on prior studies. Technical, managerial and legal recommendations on how to mitigate security issues are presented. The proposed four-step method first consists of choosing an online testing tool. The next steps involve choosing a list of 60 online pharmacy sites to test, and then running the software analysis to compile a list of flaws. Finally, an in-depth analysis is performed on the types of web application vulnerabilities. The majority of sites had serious vulnerabilities, with the majority of flaws being cross-site scripting or old versions of software that have not been updated. A method is proposed for the securing of web pharmacy sites, using a multi-phased approach of technical and managerial techniques together with a thorough understanding of national legal requirements for securing systems.

Analysis of Alternatives for Risk Assessment Methodologies and Tools

DOE Office of Scientific and Technical Information (OSTI.GOV)

Nachtigal, Noel M.; Fruetel, Julia A.; Gleason, Nathaniel J.

The purpose of this document is to provide a basic overview and understanding of risk assessment methodologies and tools from the literature and to assess the suitability of these methodologies and tools for cyber risk assessment. Sandia National Laboratories (SNL) performed this review in support of risk modeling activities performed for the Stakeholder Engagement and Cyber Infrastructure Resilience (SECIR) division of the Department of Homeland Security (DHS) Office of Cybersecurity and Communications (CS&C). The set of methodologies and tools covered in this document is not intended to be exhaustive; instead, it focuses on those that are commonly used in themore » risk assessment community. The classification of methodologies and tools was performed by a group of analysts with experience in risk analysis and cybersecurity, and the resulting analysis of alternatives has been tailored to address the needs of a cyber risk assessment.« less

An Analysis of the Computer Security Ramifications of Weakened Asymmetric Cryptographic Algorithms

DTIC Science & Technology

2012-06-01

OpenVPN (Yonan). TLS (and by extension SSL) obviously rely on encryption to provide the confidentiality, integrity and authentication services it...Secure Shell (SSH) Transport Layer Protocol.” IETF, Jan. 2006. <tools.ietf.org/html/rfc4253> Yonan, James, and Mattock. " OpenVPN ." SourceForge...11 May 2012. <http://sourceforge.net/projects/ openvpn /> 92 REPORT DOCUMENTATION PAGE Form Approved OMB No. 074-0188 The public reporting

77 FR 28894 - Maritime Vulnerability Self-Assessment Tool

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-16

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Maritime Vulnerability Self... maritime vulnerability self- assessment tool. SUMMARY: The Transportation Security Administration (TSA... conducting vulnerability assessments became available and usage of the TMSARM has dropped off considerably...

Identifying and tracking attacks on networks: C3I displays and related technologies

NASA Astrophysics Data System (ADS)

Manes, Gavin W.; Dawkins, J.; Shenoi, Sujeet; Hale, John C.

2003-09-01

Converged network security is extremely challenging for several reasons; expanded system and technology perimeters, unexpected feature interaction, and complex interfaces all conspire to provide hackers with greater opportunities for compromising large networks. Preventive security services and architectures are essential, but in and of themselves do not eliminate all threat of compromise. Attack management systems mitigate this residual risk by facilitating incident detection, analysis and response. There are a wealth of attack detection and response tools for IP networks, but a dearth of such tools for wireless and public telephone networks. Moreover, methodologies and formalisms have yet to be identified that can yield a common model for vulnerabilities and attacks in converged networks. A comprehensive attack management system must coordinate detection tools for converged networks, derive fully-integrated attack and network models, perform vulnerability and multi-stage attack analysis, support large-scale attack visualization, and orchestrate strategic responses to cyber attacks that cross network boundaries. We present an architecture that embodies these principles for attack management. The attack management system described engages a suite of detection tools for various networking domains, feeding real-time attack data to a comprehensive modeling, analysis and visualization subsystem. The resulting early warning system not only provides network administrators with a heads-up cockpit display of their entire network, it also supports guided response and predictive capabilities for multi-stage attacks in converged networks.

Genomic analysis and geographic visualization of H5N1 and SARS-CoV.

PubMed

Hill, Andrew W; Alexandrov, Boyan; Guralnick, Robert P; Janies, Daniel

2007-10-11

Emerging infectious diseases and organisms present critical issues of national security public health, and economic welfare. We still understand little about the zoonotic potential of many viruses. To this end, we are developing novel database tools to manage comparative genomic datasets. These tools add value because they allow us to summarize the direction, frequency and order of genomic changes. We will perform numerous real world tests with our tools with both Avian Influenza and Coronaviruses.

Providing security for automated process control systems at hydropower engineering facilities

NASA Astrophysics Data System (ADS)

Vasiliev, Y. S.; Zegzhda, P. D.; Zegzhda, D. P.

2016-12-01

This article suggests the concept of a cyberphysical system to manage computer security of automated process control systems at hydropower engineering facilities. According to the authors, this system consists of a set of information processing tools and computer-controlled physical devices. Examples of cyber attacks on power engineering facilities are provided, and a strategy of improving cybersecurity of hydropower engineering systems is suggested. The architecture of the multilevel protection of the automated process control system (APCS) of power engineering facilities is given, including security systems, control systems, access control, encryption, secure virtual private network of subsystems for monitoring and analysis of security events. The distinctive aspect of the approach is consideration of interrelations and cyber threats, arising when SCADA is integrated with the unified enterprise information system.

Life-Cycle Inventory Analysis of Bioproducts from a Modular Advanced Biomass Pyrolysis System

Treesearch

Richard Bergman; Hongmei Gu

2014-01-01

Expanding bioenergy production has the potential to reduce net greenhouse gas (GHG) emissions and improve energy security. Science-based assessments of new bioenergy technologies are essential tools for policy makers dealing with expanding renewable energy production. Using life cycle inventory (LCI) analysis, this study evaluated a 200-kWe...

Continuous Security and Configuration Monitoring of HPC Clusters

DOE Office of Scientific and Technical Information (OSTI.GOV)

Garcia-Lomeli, H. D.; Bertsch, A. D.; Fox, D. M.

Continuous security and configuration monitoring of information systems has been a time consuming and laborious task for system administrators at the High Performance Computing (HPC) center. Prior to this project, system administrators had to manually check the settings of thousands of nodes, which required a significant number of hours rendering the old process ineffective and inefficient. This paper explains the application of Splunk Enterprise, a software agent, and a reporting tool in the development of a user application interface to track and report on critical system updates and security compliance status of HPC Clusters. In conjunction with other configuration managementmore » systems, the reporting tool is to provide continuous situational awareness to system administrators of the compliance state of information systems. Our approach consisted of the development, testing, and deployment of an agent to collect any arbitrary information across a massively distributed computing center, and organize that information into a human-readable format. Using Splunk Enterprise, this raw data was then gathered into a central repository and indexed for search, analysis, and correlation. Following acquisition and accumulation, the reporting tool generated and presented actionable information by filtering the data according to command line parameters passed at run time. Preliminary data showed results for over six thousand nodes. Further research and expansion of this tool could lead to the development of a series of agents to gather and report critical system parameters. However, in order to make use of the flexibility and resourcefulness of the reporting tool the agent must conform to specifications set forth in this paper. This project has simplified the way system administrators gather, analyze, and report on the configuration and security state of HPC clusters, maintaining ongoing situational awareness. Rather than querying each cluster independently, compliance checking can be managed from one central location.« less

A security vulnerabilities assessment tool for interim storage facilities of low-level radioactive wastes.

PubMed

Bible, J; Emery, R J; Williams, T; Wang, S

2006-11-01

Limited permanent low-level radioactive waste (LLRW) disposal capacity and correspondingly high disposal costs have resulted in the creation of numerous interim storage facilities for either decay-in-storage operations or longer term accumulation efforts. These facilities, which may be near the site of waste generation or in distal locations, often were not originally designed for the purpose of LLRW storage, particularly with regard to security. Facility security has become particularly important in light of the domestic terrorist acts of 2001, wherein LLRW, along with many other sources of radioactivity, became recognized commodities to those wishing to create disruption through the purposeful dissemination of radioactive materials. Since some LLRW materials may be in facilities that may exhibit varying degrees of security control sophistication, a security vulnerabilities assessment tool grounded in accepted criminal justice theory and security practice has been developed. The tool, which includes dedicated sections on general security, target hardening, criminalization benefits, and the presence of guardians, can be used by those not formally schooled in the security profession to assess the level of protection afforded to their respective facilities. The tool equips radiation safety practitioners with the ability to methodically and systematically assess the presence or relative status of various facility security aspects, many of which may not be considered by individuals from outside the security profession. For example, radiation safety professionals might not ordinarily consider facility lighting aspects, which is a staple for the security profession since it is widely known that crime disproportionately occurs more frequently at night or in poorly lit circumstances. Likewise, the means and associated time dimensions for detecting inventory discrepancies may not be commonly considered. The tool provides a simple means for radiation safety professionals to assess, and perhaps enhance in a reasonable fashion, the security of their interim storage operations. Aspects of the assessment tool can also be applied to other activities involving the protection of sources of radiation as well.

A Secure and Robust User Authenticated Key Agreement Scheme for Hierarchical Multi-medical Server Environment in TMIS.

PubMed

Das, Ashok Kumar; Odelu, Vanga; Goswami, Adrijit

2015-09-01

The telecare medicine information system (TMIS) helps the patients to gain the health monitoring facility at home and access medical services over the Internet of mobile networks. Recently, Amin and Biswas presented a smart card based user authentication and key agreement security protocol usable for TMIS system using the cryptographic one-way hash function and biohashing function, and claimed that their scheme is secure against all possible attacks. Though their scheme is efficient due to usage of one-way hash function, we show that their scheme has several security pitfalls and design flaws, such as (1) it fails to protect privileged-insider attack, (2) it fails to protect strong replay attack, (3) it fails to protect strong man-in-the-middle attack, (4) it has design flaw in user registration phase, (5) it has design flaw in login phase, (6) it has design flaw in password change phase, (7) it lacks of supporting biometric update phase, and (8) it has flaws in formal security analysis. In order to withstand these security pitfalls and design flaws, we aim to propose a secure and robust user authenticated key agreement scheme for the hierarchical multi-server environment suitable in TMIS using the cryptographic one-way hash function and fuzzy extractor. Through the rigorous security analysis including the formal security analysis using the widely-accepted Burrows-Abadi-Needham (BAN) logic, the formal security analysis under the random oracle model and the informal security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The simulation results show that our scheme is also secure. Our scheme is more efficient in computation and communication as compared to Amin-Biswas's scheme and other related schemes. In addition, our scheme supports extra functionality features as compared to other related schemes. As a result, our scheme is very appropriate for practical applications in TMIS.

Text messaging to communicate with public health audiences: how the HIPAA Security Rule affects practice.

PubMed

Karasz, Hilary N; Eiden, Amy; Bogan, Sharon

2013-04-01

Text messaging is a powerful communication tool for public health purposes, particularly because of the potential to customize messages to meet individuals' needs. However, using text messaging to send personal health information requires analysis of laws addressing the protection of electronic health information. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule is written with flexibility to account for changing technologies. In practice, however, the rule leads to uncertainty about how to make text messaging policy decisions. Text messaging to send health information can be implemented in a public health setting through 2 possible approaches: restructuring text messages to remove personal health information and retaining limited personal health information in the message but conducting a risk analysis and satisfying other requirements to meet the HIPAA Security Rule.

AgriSense-STARS: Advancing Methods of Agricultural Monitoring for Food Security in Smallholder Regions - the Case for Tanzania

NASA Astrophysics Data System (ADS)

Dempewolf, J.; Becker-Reshef, I.; Nakalembe, C. L.; Tumbo, S.; Maurice, S.; Mbilinyi, B.; Ntikha, O.; Hansen, M.; Justice, C. J.; Adusei, B.; Kongo, V.

2015-12-01

In-season monitoring of crop conditions provides critical information for agricultural policy and decision making and most importantly for food security planning and management. Nationwide agricultural monitoring in countries dominated by smallholder farming systems, generally relies on extensive networks of field data collectors. In Tanzania, extension agents make up this network and report on conditions across the country, approaching a "near-census". Data is collected on paper which is resource and time intensive, as well as prone to errors. Data quality is ambiguous and there is a general lack of clear and functional feedback loops between farmers, extension agents, analysts and decision makers. Moreover, the data are not spatially explicit, limiting the usefulness for analysis and quality of policy outcomes. Despite significant advances in remote sensing and information communication technologies (ICT) for monitoring agriculture, the full potential of these new tools is yet to be realized in Tanzania. Their use is constrained by the lack of resources, skills and infrastructure to access and process these data. The use of ICT technologies for data collection, processing and analysis is equally limited. The AgriSense-STARS project is developing and testing a system for national-scale in-season monitoring of smallholder agriculture using a combination of three main tools, 1) GLAM-East Africa, an automated MODIS satellite image processing system, 2) field data collection using GeoODK and unmanned aerial vehicles (UAVs), and 3) the Tanzania Crop Monitor, a collaborative online portal for data management and reporting. These tools are developed and applied in Tanzania through the National Food Security Division of the Ministry of Agriculture, Food Security and Cooperatives (MAFC) within a statistically representative sampling framework (area frame) that ensures data quality, representability and resource efficiency.

Scenario and multiple criteria decision analysis for energy and environmental security of military and industrial installations.

PubMed

Karvetski, Christopher W; Lambert, James H; Linkov, Igor

2011-04-01

Military and industrial facilities need secure and reliable power generation. Grid outages can result in cascading infrastructure failures as well as security breaches and should be avoided. Adding redundancy and increasing reliability can require additional environmental, financial, logistical, and other considerations and resources. Uncertain scenarios consisting of emergent environmental conditions, regulatory changes, growth of regional energy demands, and other concerns result in further complications. Decisions on selecting energy alternatives are made on an ad hoc basis. The present work integrates scenario analysis and multiple criteria decision analysis (MCDA) to identify combinations of impactful emergent conditions and to perform a preliminary benefits analysis of energy and environmental security investments for industrial and military installations. Application of a traditional MCDA approach would require significant stakeholder elicitations under multiple uncertain scenarios. The approach proposed in this study develops and iteratively adjusts a scoring function for investment alternatives to find the scenarios with the most significant impacts on installation security. A robust prioritization of investment alternatives can be achieved by integrating stakeholder preferences and focusing modeling and decision-analytical tools on a few key emergent conditions and scenarios. The approach is described and demonstrated for a campus of several dozen interconnected industrial buildings within a major installation. Copyright © 2010 SETAC.

An enhanced biometric authentication scheme for telecare medicine information systems with nonce using chaotic hash function.

PubMed

Das, Ashok Kumar; Goswami, Adrijit

2014-06-01

Recently, Awasthi and Srivastava proposed a novel biometric remote user authentication scheme for the telecare medicine information system (TMIS) with nonce. Their scheme is very efficient as it is based on efficient chaotic one-way hash function and bitwise XOR operations. In this paper, we first analyze Awasthi-Srivastava's scheme and then show that their scheme has several drawbacks: (1) incorrect password change phase, (2) fails to preserve user anonymity property, (3) fails to establish a secret session key beween a legal user and the server, (4) fails to protect strong replay attack, and (5) lacks rigorous formal security analysis. We then a propose a novel and secure biometric-based remote user authentication scheme in order to withstand the security flaw found in Awasthi-Srivastava's scheme and enhance the features required for an idle user authentication scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks, including the replay and man-in-the-middle attacks. Our scheme is also efficient as compared to Awasthi-Srivastava's scheme.

Secure and Efficient Regression Analysis Using a Hybrid Cryptographic Framework: Development and Evaluation

PubMed Central

Jiang, Xiaoqian; Aziz, Md Momin Al; Wang, Shuang; Mohammed, Noman

2018-01-01

Background Machine learning is an effective data-driven tool that is being widely used to extract valuable patterns and insights from data. Specifically, predictive machine learning models are very important in health care for clinical data analysis. The machine learning algorithms that generate predictive models often require pooling data from different sources to discover statistical patterns or correlations among different attributes of the input data. The primary challenge is to fulfill one major objective: preserving the privacy of individuals while discovering knowledge from data. Objective Our objective was to develop a hybrid cryptographic framework for performing regression analysis over distributed data in a secure and efficient way. Methods Existing secure computation schemes are not suitable for processing the large-scale data that are used in cutting-edge machine learning applications. We designed, developed, and evaluated a hybrid cryptographic framework, which can securely perform regression analysis, a fundamental machine learning algorithm using somewhat homomorphic encryption and a newly introduced secure hardware component of Intel Software Guard Extensions (Intel SGX) to ensure both privacy and efficiency at the same time. Results Experimental results demonstrate that our proposed method provides a better trade-off in terms of security and efficiency than solely secure hardware-based methods. Besides, there is no approximation error. Computed model parameters are exactly similar to plaintext results. Conclusions To the best of our knowledge, this kind of secure computation model using a hybrid cryptographic framework, which leverages both somewhat homomorphic encryption and Intel SGX, is not proposed or evaluated to this date. Our proposed framework ensures data security and computational efficiency at the same time. PMID:29506966

Secure and Efficient Regression Analysis Using a Hybrid Cryptographic Framework: Development and Evaluation.

PubMed

Sadat, Md Nazmus; Jiang, Xiaoqian; Aziz, Md Momin Al; Wang, Shuang; Mohammed, Noman

2018-03-05

Machine learning is an effective data-driven tool that is being widely used to extract valuable patterns and insights from data. Specifically, predictive machine learning models are very important in health care for clinical data analysis. The machine learning algorithms that generate predictive models often require pooling data from different sources to discover statistical patterns or correlations among different attributes of the input data. The primary challenge is to fulfill one major objective: preserving the privacy of individuals while discovering knowledge from data. Our objective was to develop a hybrid cryptographic framework for performing regression analysis over distributed data in a secure and efficient way. Existing secure computation schemes are not suitable for processing the large-scale data that are used in cutting-edge machine learning applications. We designed, developed, and evaluated a hybrid cryptographic framework, which can securely perform regression analysis, a fundamental machine learning algorithm using somewhat homomorphic encryption and a newly introduced secure hardware component of Intel Software Guard Extensions (Intel SGX) to ensure both privacy and efficiency at the same time. Experimental results demonstrate that our proposed method provides a better trade-off in terms of security and efficiency than solely secure hardware-based methods. Besides, there is no approximation error. Computed model parameters are exactly similar to plaintext results. To the best of our knowledge, this kind of secure computation model using a hybrid cryptographic framework, which leverages both somewhat homomorphic encryption and Intel SGX, is not proposed or evaluated to this date. Our proposed framework ensures data security and computational efficiency at the same time. ©Md Nazmus Sadat, Xiaoqian Jiang, Md Momin Al Aziz, Shuang Wang, Noman Mohammed. Originally published in JMIR Medical Informatics (http://medinform.jmir.org), 05.03.2018.

An Integrated Toolset for Agile Systems Engineering Requirements Analysis

DTIC Science & Technology

2011-05-19

Tool STDUse Cases Collaboration Tool Data Mgmt T l 1 e a a managemen oo Run the test in the test lab, redline the STD Update the collaboration...Boeing Defense, Space & Security Lean-Agile Software A I t t d T l t fn n egra e oo se or Agile Systems Engineering Requirements Analysis Phyllis...Regulations (ITAR) and the Export Administration R l ti (EAR) h i l bl b t h th i th BOEING is a trademark of Boeing Management Company. Copyright © 2010

SPI/U3.2. Security Profile Inspector for UNIX Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bartoletti, A.

1994-08-01

SPI/U3.2 consists of five tools used to assess and report the security posture of computers running the UNIX operating system. The tools are: Access Control Test: A rule-based system which identifies sequential dependencies in UNIX access controls. Binary Authentication Tool: Evaluates the release status of system binaries by comparing a crypto-checksum to provide table entries. Change Detection Tool: Maintains and applies a snapshot of critical system files and attributes for purposes of change detection. Configuration Query Language: Accepts CQL-based scripts (provided) to evaluate queries over the status of system files, configuration of services and many other elements of UNIX systemmore » security. Password Security Inspector: Tests for weak or aged passwords. The tools are packaged with a forms-based user interface providing on-line context-sensistive help, job scheduling, parameter management and output report management utilities. Tools may be run independent of the UI.« less

Enhanced terahertz imaging system performance analysis and design tool for concealed weapon identification

NASA Astrophysics Data System (ADS)

Murrill, Steven R.; Franck, Charmaine C.; Espinola, Richard L.; Petkie, Douglas T.; De Lucia, Frank C.; Jacobs, Eddie L.

2011-11-01

The U.S. Army Research Laboratory (ARL) and the U.S. Army Night Vision and Electronic Sensors Directorate (NVESD) have developed a terahertz-band imaging system performance model/tool for detection and identification of concealed weaponry. The details of the MATLAB-based model which accounts for the effects of all critical sensor and display components, and for the effects of atmospheric attenuation, concealment material attenuation, and active illumination, were reported on at the 2005 SPIE Europe Security & Defence Symposium (Brugge). An advanced version of the base model that accounts for both the dramatic impact that target and background orientation can have on target observability as related to specular and Lambertian reflections captured by an active-illumination-based imaging system, and for the impact of target and background thermal emission, was reported on at the 2007 SPIE Defense and Security Symposium (Orlando). This paper will provide a comprehensive review of an enhanced, user-friendly, Windows-executable, terahertz-band imaging system performance analysis and design tool that now includes additional features such as a MODTRAN-based atmospheric attenuation calculator and advanced system architecture configuration inputs that allow for straightforward performance analysis of active or passive systems based on scanning (single- or line-array detector element(s)) or staring (focal-plane-array detector elements) imaging architectures. This newly enhanced THz imaging system design tool is an extension of the advanced THz imaging system performance model that was developed under the Defense Advanced Research Project Agency's (DARPA) Terahertz Imaging Focal-Plane Technology (TIFT) program. This paper will also provide example system component (active-illumination source and detector) trade-study analyses using the new features of this user-friendly THz imaging system performance analysis and design tool.

DEVELOPING NEW TOOLS FOR POLICY ANALYSIS

DOE Office of Scientific and Technical Information (OSTI.GOV)

Donovan, Richard L.; Schwartz, Michael J.; Selby, Kevin B.

2010-08-11

For the past three years, the Office of Security Policy has been aggressively pursuing substantial improvements in the U. S. Department of Energy (DOE) regulations and directives related to safeguards and security (S&S). An initial effort focused on areas where specific improvements could be made. This revision was completed during 2009 with the publication of a number of revised manuals. Developing these revisions involved more than 100 experts in the various disciplines involved, yet the changes made were only those that could be identified and agreed upon based largely on expert opinion. The next phase of changes will be moremore » analytically based. A thorough review of the entire (S&S) directives set will be conducted using software tools to analyze the present directives with a view toward 1) identifying areas of positive synergism among topical areas, 2) identifying areas of unnecessary duplication within and among topical areas, and 3) identifying requirements that are less than effective in achieving the intended protection goals. This paper will describe the software tools available and in development that will be used in this effort. Some examples of the output of the tools will be included, as will a short discussion of the follow-on analysis that will be performed when these outputs are available to policy analysts.« less

[Experience feed back committee in radiotherapy (CREx): a compulsory tool for security management evaluation at two years].

PubMed

Lartigau, E; Coche-Dequeant, B; Dumortier, V; Giscard, S; Lacornerie, T; Lasue, A; Cheval, V; Martel, V; Malfait, B; Fuchs, A; Pestel, M; Damman, M; Forrest, M

2008-11-01

After working on treatment organisation in radiotherapy (bonne pratiques organisationnelles en radiothérapie - action pilote MEAH 2003), the development of a security policy has become crucial. With the help of Air France Consulting and the MEAH, three cancer centers in Angers, Lille and Villejuif worked together on the implantation of experience feed back committees (CREx) dedicated to the registration, analysis and correction of precursor events. After two years, we report the centre Oscar-Lambret experience in Lille and try to get the recommendations for generalisation of the process. This seems now to be compulsory for security management in oncology.

A Counter-IED Preparedness Methodology for Large Event Planning

DOE Office of Scientific and Technical Information (OSTI.GOV)

Payne, Patricia W; Koch, Daniel B

Since 2009, Oak Ridge National Laboratory (ORNL) has been involved in a project sponsored by the Department of Homeland Security Science and Technology Directorate aimed at improving preparedness against Improvised Explosive Devices (IED) at large sporting events. Led by the University of Southern Mississippi (USM) as part of the Southeast Region Research Initiative, the project partners have been developing tools and methodologies for use by security personnel and first responders at sports stadiums. ORNL s contribution has been to develop an automated process to gather and organize disparate data that is usually part of an organization s security plan. Themore » organized data informs a table-top exercise (TTX) conducted by USM using additional tools developed by them and their subcontractors. After participating in several pilot TTXs, patterns are beginning to emerge that would enable improvements to be formulated to increase the level of counter-IED preparedness. This paper focuses on the data collection and analysis process and shares insights gained to date.« less

A Complex Systems Approach to More Resilient Multi-Layered Security Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Brown, Nathanael J. K.; Jones, Katherine A.; Bandlow, Alisa

In July 2012, protestors cut through security fences and gained access to the Y-12 National Security Complex. This was believed to be a highly reliable, multi-layered security system. This report documents the results of a Laboratory Directed Research and Development (LDRD) project that created a consistent, robust mathematical framework using complex systems analysis algorithms and techniques to better understand the emergent behavior, vulnerabilities and resiliency of multi-layered security systems subject to budget constraints and competing security priorities. Because there are several dimensions to security system performance and a range of attacks that might occur, the framework is multi-objective for amore » performance frontier to be estimated. This research explicitly uses probability of intruder interruption given detection (P I) as the primary resilience metric. We demonstrate the utility of this framework with both notional as well as real-world examples of Physical Protection Systems (PPSs) and validate using a well-established force-on-force simulation tool, Umbra.« less

Creating a spatially-explicit index: a method for assessing the global wildfire-water risk

NASA Astrophysics Data System (ADS)

Robinne, François-Nicolas; Parisien, Marc-André; Flannigan, Mike; Miller, Carol; Bladon, Kevin D.

2017-04-01

The wildfire-water risk (WWR) has been defined as the potential for wildfires to adversely affect water resources that are important for downstream ecosystems and human water needs for adequate water quantity and quality, therefore compromising the security of their water supply. While tools and methods are numerous for watershed-scale risk analysis, the development of a toolbox for the large-scale evaluation of the wildfire risk to water security has only started recently. In order to provide managers and policy-makers with an adequate tool, we implemented a method for the spatial analysis of the global WWR based on the Driving forces-Pressures-States-Impacts-Responses (DPSIR) framework. This framework relies on the cause-and-effect relationships existing between the five categories of the DPSIR chain. As this approach heavily relies on data, we gathered an extensive set of spatial indicators relevant to fire-induced hydrological hazards and water consumption patterns by human and natural communities. When appropriate, we applied a hydrological routing function to our indicators in order to simulate downstream accumulation of potentially harmful material. Each indicator was then assigned a DPSIR category. We collapsed the information in each category using a principal component analysis in order to extract the most relevant pixel-based information provided by each spatial indicator. Finally, we compiled our five categories using an additive indexation process to produce a spatially-explicit index of the WWR. A thorough sensitivity analysis has been performed in order to understand the relationship between the final risk values and the spatial pattern of each category used during the indexation. For comparison purposes, we aggregated index scores by global hydrological regions, or hydrobelts, to get a sense of regional DPSIR specificities. This rather simple method does not necessitate the use of complex physical models and provides a scalable and efficient tool for the analysis of global water security issues.

Text Messaging to Communicate With Public Health Audiences: How the HIPAA Security Rule Affects Practice

PubMed Central

Karasz, Hilary N.; Eiden, Amy; Bogan, Sharon

2013-01-01

Text messaging is a powerful communication tool for public health purposes, particularly because of the potential to customize messages to meet individuals’ needs. However, using text messaging to send personal health information requires analysis of laws addressing the protection of electronic health information. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule is written with flexibility to account for changing technologies. In practice, however, the rule leads to uncertainty about how to make text messaging policy decisions. Text messaging to send health information can be implemented in a public health setting through 2 possible approaches: restructuring text messages to remove personal health information and retaining limited personal health information in the message but conducting a risk analysis and satisfying other requirements to meet the HIPAA Security Rule. PMID:23409902

Network Analytical Tool for Monitoring Global Food Safety Highlights China

PubMed Central

Nepusz, Tamás; Petróczi, Andrea; Naughton, Declan P.

2009-01-01

Background The Beijing Declaration on food safety and security was signed by over fifty countries with the aim of developing comprehensive programs for monitoring food safety and security on behalf of their citizens. Currently, comprehensive systems for food safety and security are absent in many countries, and the systems that are in place have been developed on different principles allowing poor opportunities for integration. Methodology/Principal Findings We have developed a user-friendly analytical tool based on network approaches for instant customized analysis of food alert patterns in the European dataset from the Rapid Alert System for Food and Feed. Data taken from alert logs between January 2003 – August 2008 were processed using network analysis to i) capture complexity, ii) analyze trends, and iii) predict possible effects of interventions by identifying patterns of reporting activities between countries. The detector and transgressor relationships are readily identifiable between countries which are ranked using i) Google's PageRank algorithm and ii) the HITS algorithm of Kleinberg. The program identifies Iran, China and Turkey as the transgressors with the largest number of alerts. However, when characterized by impact, counting the transgressor index and the number of countries involved, China predominates as a transgressor country. Conclusions/Significance This study reports the first development of a network analysis approach to inform countries on their transgressor and detector profiles as a user-friendly aid for the adoption of the Beijing Declaration. The ability to instantly access the country-specific components of the several thousand annual reports will enable each country to identify the major transgressors and detectors within its trading network. Moreover, the tool can be used to monitor trading countries for improved detector/transgressor ratios. PMID:19688088

2008 Homeland Security S and T Stakeholders Conference West-Volume 3 Tuesday

DTIC Science & Technology

2008-01-16

Architecture ( PNNL SRS) • Online data collection / entry • Data Warehouse • On Demand Analysis and Reporting Tools • Reports, Charts & Graphs • Visual / Data...Sustainability 2007– 2016 Our region wide investment include all PANYNJ business areas Computer Statistical Analysis COMPSTAT •NYPD 1990’s •Personnel Management...Coast Guard, and public health Expertise, Depth, Agility Staff Degrees 6 Our Value Added Capabilities • Risk Analysis • Operations Analysis

Large-Scale Survey Findings Inform Patients’ Experiences in Using Secure Messaging to Engage in Patient-Provider Communication and Self-Care Management: A Quantitative Assessment

PubMed Central

Patel, Nitin R; Lind, Jason D; Antinori, Nicole

2015-01-01

Background Secure email messaging is part of a national transformation initiative in the United States to promote new models of care that support enhanced patient-provider communication. To date, only a limited number of large-scale studies have evaluated users’ experiences in using secure email messaging. Objective To quantitatively assess veteran patients’ experiences in using secure email messaging in a large patient sample. Methods A cross-sectional mail-delivered paper-and-pencil survey study was conducted with a sample of respondents identified as registered for the Veteran Health Administrations’ Web-based patient portal (My HealtheVet) and opted to use secure messaging. The survey collected demographic data, assessed computer and health literacy, and secure messaging use. Analyses conducted on survey data include frequencies and proportions, chi-square tests, and one-way analysis of variance. Results The majority of respondents (N=819) reported using secure messaging 6 months or longer (n=499, 60.9%). They reported secure messaging to be helpful for completing medication refills (n=546, 66.7%), managing appointments (n=343, 41.9%), looking up test results (n=350, 42.7%), and asking health-related questions (n=340, 41.5%). Notably, some respondents reported using secure messaging to address sensitive health topics (n=67, 8.2%). Survey responses indicated that younger age (P=.039) and higher levels of education (P=.025) and income (P=.003) were associated with more frequent use of secure messaging. Females were more likely to report using secure messaging more often, compared with their male counterparts (P=.098). Minorities were more likely to report using secure messaging more often, at least once a month, compared with nonminorities (P=.086). Individuals with higher levels of health literacy reported more frequent use of secure messaging (P=.007), greater satisfaction (P=.002), and indicated that secure messaging is a useful (P=.002) and easy-to-use (P≤.001) communication tool, compared with individuals with lower reported health literacy. Many respondents (n=328, 40.0%) reported that they would like to receive education and/or felt other veterans would benefit from education on how to access and use the electronic patient portal and secure messaging (n=652, 79.6%). Conclusions Survey findings validated qualitative findings found in previous research, such that veterans perceive secure email messaging as a useful tool for communicating with health care teams. To maximize sustained utilization of secure email messaging, marketing, education, skill building, and system modifications are needed. These findings can inform ongoing efforts to promote the sustained use of this electronic tool to support for patient-provider communication. PMID:26690761

Large-Scale Survey Findings Inform Patients' Experiences in Using Secure Messaging to Engage in Patient-Provider Communication and Self-Care Management: A Quantitative Assessment.

PubMed

Haun, Jolie N; Patel, Nitin R; Lind, Jason D; Antinori, Nicole

2015-12-21

Secure email messaging is part of a national transformation initiative in the United States to promote new models of care that support enhanced patient-provider communication. To date, only a limited number of large-scale studies have evaluated users' experiences in using secure email messaging. To quantitatively assess veteran patients' experiences in using secure email messaging in a large patient sample. A cross-sectional mail-delivered paper-and-pencil survey study was conducted with a sample of respondents identified as registered for the Veteran Health Administrations' Web-based patient portal (My HealtheVet) and opted to use secure messaging. The survey collected demographic data, assessed computer and health literacy, and secure messaging use. Analyses conducted on survey data include frequencies and proportions, chi-square tests, and one-way analysis of variance. The majority of respondents (N=819) reported using secure messaging 6 months or longer (n=499, 60.9%). They reported secure messaging to be helpful for completing medication refills (n=546, 66.7%), managing appointments (n=343, 41.9%), looking up test results (n=350, 42.7%), and asking health-related questions (n=340, 41.5%). Notably, some respondents reported using secure messaging to address sensitive health topics (n=67, 8.2%). Survey responses indicated that younger age (P=.039) and higher levels of education (P=.025) and income (P=.003) were associated with more frequent use of secure messaging. Females were more likely to report using secure messaging more often, compared with their male counterparts (P=.098). Minorities were more likely to report using secure messaging more often, at least once a month, compared with nonminorities (P=.086). Individuals with higher levels of health literacy reported more frequent use of secure messaging (P=.007), greater satisfaction (P=.002), and indicated that secure messaging is a useful (P=.002) and easy-to-use (P≤.001) communication tool, compared with individuals with lower reported health literacy. Many respondents (n=328, 40.0%) reported that they would like to receive education and/or felt other veterans would benefit from education on how to access and use the electronic patient portal and secure messaging (n=652, 79.6%). Survey findings validated qualitative findings found in previous research, such that veterans perceive secure email messaging as a useful tool for communicating with health care teams. To maximize sustained utilization of secure email messaging, marketing, education, skill building, and system modifications are needed. These findings can inform ongoing efforts to promote the sustained use of this electronic tool to support for patient-provider communication.

Emulation Platform for Cyber Analysis of Wireless Communication Network Protocols

DOE Office of Scientific and Technical Information (OSTI.GOV)

Van Leeuwen, Brian P.; Eldridge, John M.

Wireless networking and mobile communications is increasing around the world and in all sectors of our lives. With increasing use, the density and complexity of the systems increase with more base stations and advanced protocols to enable higher data throughputs. The security of data transported over wireless networks must also evolve with the advances in technologies enabling more capable wireless networks. However, means for analysis of the effectiveness of security approaches and implementations used on wireless networks are lacking. More specifically a capability to analyze the lower-layer protocols (i.e., Link and Physical layers) is a major challenge. An analysis approachmore » that incorporates protocol implementations without the need for RF emissions is necessary. In this research paper several emulation tools and custom extensions that enable an analysis platform to perform cyber security analysis of lower layer wireless networks is presented. A use case of a published exploit in the 802.11 (i.e., WiFi) protocol family is provided to demonstrate the effectiveness of the described emulation platform.« less

Cyber Security Audit and Attack Detection Toolkit

DOE Office of Scientific and Technical Information (OSTI.GOV)

Peterson, Dale

2012-05-31

This goal of this project was to develop cyber security audit and attack detection tools for industrial control systems (ICS). Digital Bond developed and released a tool named Bandolier that audits ICS components commonly used in the energy sector against an optimal security configuration. The Portaledge Project developed a capability for the PI Historian, the most widely used Historian in the energy sector, to aggregate security events and detect cyber attacks.

Uncertainty in simulating wheat yields under climate change

USDA-ARS?s Scientific Manuscript database

Anticipating the impacts of climate change on crop yields is critical for assessing future food security. Process-based crop simulation models are the most commonly used tools in such assessments. Analysis of uncertainties in future greenhouse gas emissions and their impacts on future climate change...

Configuration Management and Infrastructure Monitoring Using CFEngine and Icinga for Real-time Heterogeneous Data Taking Environment

NASA Astrophysics Data System (ADS)

Poat, M. D.; Lauret, J.; Betts, W.

2015-12-01

The STAR online computing environment is an intensive ever-growing system used for real-time data collection and analysis. Composed of heterogeneous and sometimes groups of custom-tuned machines, the computing infrastructure was previously managed by manual configurations and inconsistently monitored by a combination of tools. This situation led to configuration inconsistency and an overload of repetitive tasks along with lackluster communication between personnel and machines. Globally securing this heterogeneous cyberinfrastructure was tedious at best and an agile, policy-driven system ensuring consistency, was pursued. Three configuration management tools, Chef, Puppet, and CFEngine have been compared in reliability, versatility and performance along with a comparison of infrastructure monitoring tools Nagios and Icinga. STAR has selected the CFEngine configuration management tool and the Icinga infrastructure monitoring system leading to a versatile and sustainable solution. By leveraging these two tools STAR can now swiftly upgrade and modify the environment to its needs with ease as well as promptly react to cyber-security requests. By creating a sustainable long term monitoring solution, the detection of failures was reduced from days to minutes, allowing rapid actions before the issues become dire problems, potentially causing loss of precious experimental data or uptime.

Control Theoretic Modeling for Uncertain Cultural Attitudes and Unknown Adversarial Intent

DTIC Science & Technology

2009-02-01

Constructive computational tools. 15. SUBJECT TERMS social learning, social networks , multiagent systems, game theory 16. SECURITY CLASSIFICATION OF: a...over- reactionary behaviors; 3) analysis of rational social learning in networks : analysis of belief propagation in social networks in various...general methodology as a predictive device for social network formation and for communication network formation with constraints on the lengths of

Detection and Prevention of Insider Threats in Database Driven Web Services

NASA Astrophysics Data System (ADS)

Chumash, Tzvi; Yao, Danfeng

In this paper, we take the first step to address the gap between the security needs in outsourced hosting services and the protection provided in the current practice. We consider both insider and outsider attacks in the third-party web hosting scenarios. We present SafeWS, a modular solution that is inserted between server side scripts and databases in order to prevent and detect website hijacking and unauthorized access to stored data. To achieve the required security, SafeWS utilizes a combination of lightweight cryptographic integrity and encryption tools, software engineering techniques, and security data management principles. We also describe our implementation of SafeWS and its evaluation. The performance analysis of our prototype shows the overhead introduced by security verification is small. SafeWS will allow business owners to significantly reduce the security risks and vulnerabilities of outsourcing their sensitive customer data to third-party providers.

Synchronization of random bit generators based on coupled chaotic lasers and application to cryptography.

PubMed

Kanter, Ido; Butkovski, Maria; Peleg, Yitzhak; Zigzag, Meital; Aviad, Yaara; Reidler, Igor; Rosenbluh, Michael; Kinzel, Wolfgang

2010-08-16

Random bit generators (RBGs) constitute an important tool in cryptography, stochastic simulations and secure communications. The later in particular has some difficult requirements: high generation rate of unpredictable bit strings and secure key-exchange protocols over public channels. Deterministic algorithms generate pseudo-random number sequences at high rates, however, their unpredictability is limited by the very nature of their deterministic origin. Recently, physical RBGs based on chaotic semiconductor lasers were shown to exceed Gbit/s rates. Whether secure synchronization of two high rate physical RBGs is possible remains an open question. Here we propose a method, whereby two fast RBGs based on mutually coupled chaotic lasers, are synchronized. Using information theoretic analysis we demonstrate security against a powerful computational eavesdropper, capable of noiseless amplification, where all parameters are publicly known. The method is also extended to secure synchronization of a small network of three RBGs.

Verification of S&D Solutions for Network Communications and Devices

NASA Astrophysics Data System (ADS)

Rudolph, Carsten; Compagna, Luca; Carbone, Roberto; Muñoz, Antonio; Repp, Jürgen

This chapter describes the tool-supported verification of S&D Solutions on the level of network communications and devices. First, the general goals and challenges of verification in the context of AmI systems are highlighted and the role of verification and validation within the SERENITY processes is explained.Then, SERENITY extensions to the SH VErification tool are explained using small examples. Finally, the applicability of existing verification tools is discussed in the context of the AVISPA toolset. The two different tools show that for the security analysis of network and devices S&D Patterns relevant complementary approachesexist and can be used.

Quality of protection evaluation of security mechanisms.

PubMed

Ksiezopolski, Bogdan; Zurek, Tomasz; Mokkas, Michail

2014-01-01

Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol.

XMI2USE: A Tool for Transforming XMI to USE Specifications

NASA Astrophysics Data System (ADS)

Sun, Wuliang; Song, Eunjee; Grabow, Paul C.; Simmonds, Devon M.

The UML-based Specification Environment (USE) tool supports syntactic analysis, type checking, consistency checking, and dynamic validation of invariants and pre-/post conditions specified in the Object Constraint Language (OCL). Due to its animation and analysis power, it is useful when checking critical non-functional properties such as security policies. However, the USE tool requires one to specify (i.e., "write") a model using its own textual language and does not allow one to import any model specification files created by other UML modeling tools. Hence, to make the best use of existing UML tools, we often create a model with OCL constraints using a modeling tool such as the IBM Rational Software Architect (RSA) and then use the USE tool for model validation. This approach, however, requires a manual transformation between the specifications of two different tool formats, which is error-prone and diminishes the benefit of automated model-level validations. In this paper, we describe our own implementation of a specification transformation engine that is based on the Model Driven Architecture (MDA) framework and currently supports automatic tool-level transformations from RSA to USE.

Design and Analysis of an Enhanced Patient-Server Mutual Authentication Protocol for Telecare Medical Information System.

PubMed

Amin, Ruhul; Islam, S K Hafizul; Biswas, G P; Khan, Muhammad Khurram; Obaidat, Mohammad S

2015-11-01

In order to access remote medical server, generally the patients utilize smart card to login to the server. It has been observed that most of the user (patient) authentication protocols suffer from smart card stolen attack that means the attacker can mount several common attacks after extracting smart card information. Recently, Lu et al.'s proposes a session key agreement protocol between the patient and remote medical server and claims that the same protocol is secure against relevant security attacks. However, this paper presents several security attacks on Lu et al.'s protocol such as identity trace attack, new smart card issue attack, patient impersonation attack and medical server impersonation attack. In order to fix the mentioned security pitfalls including smart card stolen attack, this paper proposes an efficient remote mutual authentication protocol using smart card. We have then simulated the proposed protocol using widely-accepted AVISPA simulation tool whose results make certain that the same protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. Moreover, the rigorous security analysis proves that the proposed protocol provides strong security protection on the relevant security attacks including smart card stolen attack. We compare the proposed scheme with several related schemes in terms of computation cost and communication cost as well as security functionalities. It has been observed that the proposed scheme is comparatively better than related existing schemes.

Global Situational Awareness with Free Tools

DTIC Science & Technology

2015-01-15

Client Technical Solutions • Software Engineering Measurement and Analysis • Architecture Practices • Product Line Practice • Team Software Process...multiple data sources • Snort (Snorby on Security Onion ) • Nagios • SharePoint RSS • Flow • Others • Leverage standard data formats • Keyhole Markup Language

Undergraduates, Technology, and Social Connections

ERIC Educational Resources Information Center

Palmer, Betsy; Boniek, Susan; Turner, Elena; Lovell, Elyse D'nn

2014-01-01

The purpose of this study was to examine the spectrum of undergraduate students' social interactions and related technological tools. Qualitative methods were used for this phenomenological study exploring 35 in-person interviews, with horizonalization in an open coding system secured by in-depth analysis which revealed nuanced themes and…

A forensic identification case and DPid - can it be a useful tool?

PubMed

Queiroz, Cristhiane Leão de; Bostock, Ellen Marie; Santos, Carlos Ferreira; Guimarães, Marco Aurélio; Silva, Ricardo Henrique Alves da

2017-01-01

The aim of this study was to show DPid as an important tool of potential application to solve cases with dental prosthesis, such as the forensic case reported, in which a skull, denture and dental records were received for analysis. Human identification is still challenging in various circumstances and Dental Prosthetics Identification (DPid) stores the patient's name and prosthesis information and provides access through an embedded code in dental prosthesis or an identification card. All of this information is digitally stored on servers accessible only by dentists, laboratory technicians and patients with their own level of secure access. DPid provides a complete single-source list of all dental prosthesis features (materials and components) under complete and secure documentation used for clinical follow-up and for human identification. If DPid tool was present in this forensic case, it could have been solved without requirement of DNA exam, which confirmed the dental comparison of antemortem and postmortem records, and concluded the case as a positive identification.

Airport Viz - a 3D Tool to Enhance Security Operations

DOE Office of Scientific and Technical Information (OSTI.GOV)

Koch, Daniel B

2006-01-01

In the summer of 2000, the National Safe Skies Alliance (NSSA) awarded a project to the Applied Visualization Center (AVC) at the University of Tennessee, Knoxville (UTK) to develop a 3D computer tool to assist the Federal Aviation Administration security group, now the Transportation Security Administration (TSA), in evaluating new equipment and procedures to improve airport checkpoint security. A preliminary tool was demonstrated at the 2001 International Aviation Security Technology Symposium. Since then, the AVC went on to construct numerous detection equipment models as well as models of several airports. Airport Viz has been distributed by the NSSA to amore » number of airports around the country which are able to incorporate their own CAD models into the software due to its unique open architecture. It provides a checkpoint design and passenger flow simulation function, a layout design and simulation tool for checked baggage and cargo screening, and a means to assist in the vulnerability assessment of airport access points for pedestrians and vehicles.« less

Grid Computing and Collaboration Technology in Support of Fusion Energy Sciences

NASA Astrophysics Data System (ADS)

Schissel, D. P.

2004-11-01

The SciDAC Initiative is creating a computational grid designed to advance scientific understanding in fusion research by facilitating collaborations, enabling more effective integration of experiments, theory and modeling, and allowing more efficient use of experimental facilities. The philosophy is that data, codes, analysis routines, visualization tools, and communication tools should be thought of as easy to use network available services. Access to services is stressed rather than portability. Services share the same basic security infrastructure so that stakeholders can control their own resources and helps ensure fair use of resources. The collaborative control room is being developed using the open-source Access Grid software that enables secure group-to-group collaboration with capabilities beyond teleconferencing including application sharing and control. The ability to effectively integrate off-site scientists into a dynamic control room will be critical to the success of future international projects like ITER. Grid computing, the secure integration of computer systems over high-speed networks to provide on-demand access to data analysis capabilities and related functions, is being deployed as an alternative to traditional resource sharing among institutions. The first grid computational service deployed was the transport code TRANSP and included tools for run preparation, submission, monitoring and management. This approach saves user sites from the laborious effort of maintaining a complex code while at the same time reducing the burden on developers by avoiding the support of a large number of heterogeneous installations. This tutorial will present the philosophy behind an advanced collaborative environment, give specific examples, and discuss its usage beyond FES.

A Robust and Effective Smart-Card-Based Remote User Authentication Mechanism Using Hash Function

PubMed Central

Odelu, Vanga; Goswami, Adrijit

2014-01-01

In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy, and also for mutual authentication purpose a login user validates whether the remote server is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics, and the smart card have been proposed in the literature. However, most schemes proposed in the literature are either computationally expensive or insecure against several known attacks. In this paper, we aim to propose a new robust and effective password-based remote user authentication scheme using smart card. Our scheme is efficient, because our scheme uses only efficient one-way hash function and bitwise XOR operations. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. We perform the simulation for the formal security analysis using the widely accepted AVISPA (Automated Validation Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. Furthermore, our scheme supports efficiently the password change phase always locally without contacting the remote server and correctly. In addition, our scheme performs significantly better than other existing schemes in terms of communication, computational overheads, security, and features provided by our scheme. PMID:24892078

A robust and effective smart-card-based remote user authentication mechanism using hash function.

PubMed

Das, Ashok Kumar; Odelu, Vanga; Goswami, Adrijit

2014-01-01

In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy, and also for mutual authentication purpose a login user validates whether the remote server is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics, and the smart card have been proposed in the literature. However, most schemes proposed in the literature are either computationally expensive or insecure against several known attacks. In this paper, we aim to propose a new robust and effective password-based remote user authentication scheme using smart card. Our scheme is efficient, because our scheme uses only efficient one-way hash function and bitwise XOR operations. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. We perform the simulation for the formal security analysis using the widely accepted AVISPA (Automated Validation Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. Furthermore, our scheme supports efficiently the password change phase always locally without contacting the remote server and correctly. In addition, our scheme performs significantly better than other existing schemes in terms of communication, computational overheads, security, and features provided by our scheme.

Firmware Modification Analysis in Programmable Logic Controllers

DTIC Science & Technology

2014-03-27

security and operational requirements [18, 19]. Money is a factor for the DOD but not a driving one. With private industry, money is a primary influential... functions in the original firmware. A proof-of-concept experiment demonstrates the functionality of the analysis tool using different firmware versions...Opcode Difference Comparison . . . . . . . . . . . . . . 37 3.1.2.3 Function Difference Comparison . . . . . . . . . . . . . 37 3.1.2.4 Call Graph

Achieving the four dimensions of food security for resettled refugees in Australia: A systematic review.

PubMed

Lawlis, Tanya; Islam, Wasima; Upton, Penney

2018-04-01

Food security is defined by four dimensions: food availability, access, utilisation and stability. Resettled refugees face unique struggles securing these dimensions and, thus, food security when moving to a new country. This systematic review aimed to identify the challenges Australian refugees experience in achieving the four dimensions of food security. The Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) guidelines were followed; the SPIDER tool was used to determine eligibility criteria. Three databases were searched using terms relating to food in/security and refugees from 2000 to 20 May 2017. Seven articles were retained for analysis. Studies were categorised against the four dimensions, with four studies identifying challenges against all dimensions. Challenges contributing to high levels of food insecurity in each dimension included: availability and cost of traditional foods, difficulty in accessing preferred food outlets, limited food knowledge and preparation skills and food stability due to low income and social support. Food insecurity adversely impacts refugee health and integration. Methodical research framed by the four dimensions of food security is imperative to address challenges to securing food security in refugee groups and assisting in the development of sustainable interventions. © 2017 Dietitians Association of Australia.

Creation of security engineering programs by the Southwest Surety Institute

NASA Astrophysics Data System (ADS)

Romero, Van D.; Rogers, Bradley; Winfree, Tim; Walsh, Dan; Garcia, Mary Lynn

1998-12-01

The Southwest Surety Institute includes Arizona State University (ASU), Louisiana State University (LSU), New Mexico Institute of Mining and Technology (NM Tech), New Mexico State University (NMSU), and Sandia National Laboratories (SNL). The universities currently offer a full spectrum of post-secondary programs in security system design and evaluation, including an undergraduate minor, a graduate program, and continuing education programs. The programs are based on the methodology developed at Sandia National Laboratories over the past 25 years to protect critical nuclear assets. The programs combine basic concepts and principles from business, criminal justice, and technology to create an integrated performance-based approach to security system design and analysis. Existing university capabilities in criminal justice (NMSU), explosives testing and technology (NM Tech and LSU), and engineering technology (ASU) are leveraged to provide unique science-based programs that will emphasize the use of performance measures and computer analysis tools to prove the effectiveness of proposed systems in the design phase. Facility managers may then balance increased protection against the cost of implementation and risk mitigation, thereby enabling effective business decisions. Applications expected to benefit from these programs include corrections, law enforcement, counter-terrorism, critical infrastructure protection, financial and medical care fraud, industrial security, and border security.

Framework for Deploying a Virtualized Computing Environment for Collaborative and Secure Data Analytics

PubMed Central

Meyer, Adrian; Green, Laura; Faulk, Ciearro; Galla, Stephen; Meyer, Anne-Marie

2016-01-01

Introduction: Large amounts of health data generated by a wide range of health care applications across a variety of systems have the potential to offer valuable insight into populations and health care systems, but robust and secure computing and analytic systems are required to leverage this information. Framework: We discuss our experiences deploying a Secure Data Analysis Platform (SeDAP), and provide a framework to plan, build and deploy a virtual desktop infrastructure (VDI) to enable innovation, collaboration and operate within academic funding structures. It outlines 6 core components: Security, Ease of Access, Performance, Cost, Tools, and Training. Conclusion: A platform like SeDAP is not simply successful through technical excellence and performance. It’s adoption is dependent on a collaborative environment where researchers and users plan and evaluate the requirements of all aspects. PMID:27683665

An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system.

PubMed

Das, Ashok Kumar; Bruhadeshwar, Bezawada

2013-10-01

Recently Lee and Liu proposed an efficient password based authentication and key agreement scheme using smart card for the telecare medicine information system [J. Med. Syst. (2013) 37:9933]. In this paper, we show that though their scheme is efficient, their scheme still has two security weaknesses such as (1) it has design flaws in authentication phase and (2) it has design flaws in password change phase. In order to withstand these flaws found in Lee-Liu's scheme, we propose an improvement of their scheme. Our improved scheme keeps also the original merits of Lee-Liu's scheme. We show that our scheme is efficient as compared to Lee-Liu's scheme. Further, through the security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our scheme is secure against passive and active attacks.

Unlocking User-Centered Design Methods for Building Cyber Security Visualizations

DTIC Science & Technology

2015-10-03

a final, deployed tool. Goodall et al. interviewed analysts to derive requirements for a network security tool [14], while Stoll et al. explain the...4673-7599-3/15/$31.00 c©2015 IEEE 2015 IEEE SYMPOSIUM ON VISUALIZATION FOR CYBER SECURITY (VIZSEC) [14] J. R. Goodall , A. A. Ozok, W. G. Lutters, P...Visualization for Cyber Security, pages 91–98. IEEE, 2005. [19] A. Komlodi, P. Rheingans, U. Ayachit, J. Goodall , and A. Joshi. A user- centered look at

IT security evaluation - “hybrid” approach and risk of its implementation

NASA Astrophysics Data System (ADS)

Livshitz, I. I.; Neklyudov, A. V.; Lontsikh, P. A.

2018-05-01

It is relevant to evolve processes of evaluation of the IT security nowadays. Creating and application of the common evaluation approaches for an IT component, which are processed by the governmental and civil organizations, are still not solving problem. It is suggested to create a more precise and complex assessment tool for an IT security – the “hybrid” method of the IT security evaluation for a particular object, which is based on a range of adequate assessment tools.

The PEDA Model. An advocacy tool modeling the interrelationships between population, development, the environment and agriculture in Africa.

PubMed

1999-01-01

This article reports on the PEDA (population changes, environment, socioeconomic development and agriculture) model and its implication for policy-making in Africa. PEDA is an interactive computer simulation model (developed for a Windows environment) demonstrating the long-term impacts of alternative national policies on food security status of the population. The model is based on multistate demographic techniques, projecting at the same time 8 different subgroups (by age and sex) in the population, and based on 3 dichotomous individual characteristics: urban/rural place of residence; literacy status; and food security status. Through the manipulation of scenario variables, the model enables the user to project the proportion of the population that will be food secure and food insecure for a chosen point in time. This model developed by Dr. W. Lutz, Director of the International Institute for Applied Systems Analysis, will serve as an advocacy tool to help convince policy-makers and country experts in Africa of the negative synergy arising from the interconnections of population growth, environmental deterioration, and declining agricultural production.

GEOGLAM Crop Assessment Tool: Adapting from global agricultural monitoring to food security monitoring

NASA Astrophysics Data System (ADS)

Humber, M. L.; Becker-Reshef, I.; Nordling, J.; Barker, B.; McGaughey, K.

2014-12-01

The GEOGLAM Crop Monitor's Crop Assessment Tool was released in August 2013 in support of the GEOGLAM Crop Monitor's objective to develop transparent, timely crop condition assessments in primary agricultural production areas, highlighting potential hotspots of stress/bumper crops. The Crop Assessment Tool allows users to view satellite derived products, best available crop masks, and crop calendars (created in collaboration with GEOGLAM Crop Monitor partners), then in turn submit crop assessment entries detailing the crop's condition, drivers, impacts, trends, and other information. Although the Crop Assessment Tool was originally intended to collect data on major crop production at the global scale, the types of data collected are also relevant to the food security and rangelands monitoring communities. In line with the GEOGLAM Countries at Risk philosophy of "foster[ing] the coordination of product delivery and capacity building efforts for national and regional organizations, and the development of harmonized methods and tools", a modified version of the Crop Assessment Tool is being developed for the USAID Famine Early Warning Systems Network (FEWS NET). As a member of the Countries at Risk component of GEOGLAM, FEWS NET provides agricultural monitoring, timely food security assessments, and early warnings of potential significant food shortages focusing specifically on countries at risk of food security emergencies. While the FEWS NET adaptation of the Crop Assessment Tool focuses on crop production in the context of food security rather than large scale production, the data collected is nearly identical to the data collected by the Crop Monitor. If combined, the countries monitored by FEWS NET and GEOGLAM Crop Monitor would encompass over 90 countries representing the most important regions for crop production and food security.

Water System Security and Resilience in Homeland Security Research

EPA Pesticide Factsheets

EPA's water security research provides tools needed to improve infrastructure security and to recover from an attack or contamination incident involving chemical, biological, or radiological (CBR) agents or weapons.

A Multi-Pronged Plan

ERIC Educational Resources Information Center

Starkman, Neal

2007-01-01

As schools adopt new and varied technologies to protect the campus community, the need to look at security tools in terms of a comprehensive, layered, and integrated strategy, becomes clear. This article discusses how schools are using these security tools.

MiMiR – an integrated platform for microarray data sharing, mining and analysis

PubMed Central

Tomlinson, Chris; Thimma, Manjula; Alexandrakis, Stelios; Castillo, Tito; Dennis, Jayne L; Brooks, Anthony; Bradley, Thomas; Turnbull, Carly; Blaveri, Ekaterini; Barton, Geraint; Chiba, Norie; Maratou, Klio; Soutter, Pat; Aitman, Tim; Game, Laurence

2008-01-01

Background Despite considerable efforts within the microarray community for standardising data format, content and description, microarray technologies present major challenges in managing, sharing, analysing and re-using the large amount of data generated locally or internationally. Additionally, it is recognised that inconsistent and low quality experimental annotation in public data repositories significantly compromises the re-use of microarray data for meta-analysis. MiMiR, the Microarray data Mining Resource was designed to tackle some of these limitations and challenges. Here we present new software components and enhancements to the original infrastructure that increase accessibility, utility and opportunities for large scale mining of experimental and clinical data. Results A user friendly Online Annotation Tool allows researchers to submit detailed experimental information via the web at the time of data generation rather than at the time of publication. This ensures the easy access and high accuracy of meta-data collected. Experiments are programmatically built in the MiMiR database from the submitted information and details are systematically curated and further annotated by a team of trained annotators using a new Curation and Annotation Tool. Clinical information can be annotated and coded with a clinical Data Mapping Tool within an appropriate ethical framework. Users can visualise experimental annotation, assess data quality, download and share data via a web-based experiment browser called MiMiR Online. All requests to access data in MiMiR are routed through a sophisticated middleware security layer thereby allowing secure data access and sharing amongst MiMiR registered users prior to publication. Data in MiMiR can be mined and analysed using the integrated EMAAS open source analysis web portal or via export of data and meta-data into Rosetta Resolver data analysis package. Conclusion The new MiMiR suite of software enables systematic and effective capture of extensive experimental and clinical information with the highest MIAME score, and secure data sharing prior to publication. MiMiR currently contains more than 150 experiments corresponding to over 3000 hybridisations and supports the Microarray Centre's large microarray user community and two international consortia. The MiMiR flexible and scalable hardware and software architecture enables secure warehousing of thousands of datasets, including clinical studies, from microarray and potentially other -omics technologies. PMID:18801157

MiMiR--an integrated platform for microarray data sharing, mining and analysis.

PubMed

Tomlinson, Chris; Thimma, Manjula; Alexandrakis, Stelios; Castillo, Tito; Dennis, Jayne L; Brooks, Anthony; Bradley, Thomas; Turnbull, Carly; Blaveri, Ekaterini; Barton, Geraint; Chiba, Norie; Maratou, Klio; Soutter, Pat; Aitman, Tim; Game, Laurence

2008-09-18

Despite considerable efforts within the microarray community for standardising data format, content and description, microarray technologies present major challenges in managing, sharing, analysing and re-using the large amount of data generated locally or internationally. Additionally, it is recognised that inconsistent and low quality experimental annotation in public data repositories significantly compromises the re-use of microarray data for meta-analysis. MiMiR, the Microarray data Mining Resource was designed to tackle some of these limitations and challenges. Here we present new software components and enhancements to the original infrastructure that increase accessibility, utility and opportunities for large scale mining of experimental and clinical data. A user friendly Online Annotation Tool allows researchers to submit detailed experimental information via the web at the time of data generation rather than at the time of publication. This ensures the easy access and high accuracy of meta-data collected. Experiments are programmatically built in the MiMiR database from the submitted information and details are systematically curated and further annotated by a team of trained annotators using a new Curation and Annotation Tool. Clinical information can be annotated and coded with a clinical Data Mapping Tool within an appropriate ethical framework. Users can visualise experimental annotation, assess data quality, download and share data via a web-based experiment browser called MiMiR Online. All requests to access data in MiMiR are routed through a sophisticated middleware security layer thereby allowing secure data access and sharing amongst MiMiR registered users prior to publication. Data in MiMiR can be mined and analysed using the integrated EMAAS open source analysis web portal or via export of data and meta-data into Rosetta Resolver data analysis package. The new MiMiR suite of software enables systematic and effective capture of extensive experimental and clinical information with the highest MIAME score, and secure data sharing prior to publication. MiMiR currently contains more than 150 experiments corresponding to over 3000 hybridisations and supports the Microarray Centre's large microarray user community and two international consortia. The MiMiR flexible and scalable hardware and software architecture enables secure warehousing of thousands of datasets, including clinical studies, from microarray and potentially other -omics technologies.

A cascading failure analysis tool for post processing TRANSCARE simulations

DOE Office of Scientific and Technical Information (OSTI.GOV)

This is a MATLAB-based tool to post process simulation results in the EPRI software TRANSCARE, for massive cascading failure analysis following severe disturbances. There are a few key modules available in this tool, including: 1. automatically creating a contingency list to run TRANSCARE simulations, including substation outages above a certain kV threshold, N-k (1, 2 or 3) generator outages and branche outages; 2. read in and analyze a CKO file of PCG definition, an initiating event list, and a CDN file; 3. post process all the simulation results saved in a CDN file and perform critical event corridor analysis; 4.more » provide a summary of TRANSCARE simulations; 5. Identify the most frequently occurring event corridors in the system; and 6. Rank the contingencies using a user defined security index to quantify consequences in terms of total load loss, total number of cascades, etc.« less

Attack Methodology Analysis: Emerging Trends in Computer-Based Attack Methodologies and Their Applicability to Control System Networks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bri Rolston

2005-06-01

Threat characterization is a key component in evaluating the threat faced by control systems. Without a thorough understanding of the threat faced by critical infrastructure networks, adequate resources cannot be allocated or directed effectively to the defense of these systems. Traditional methods of threat analysis focus on identifying the capabilities and motivations of a specific attacker, assessing the value the adversary would place on targeted systems, and deploying defenses according to the threat posed by the potential adversary. Too many effective exploits and tools exist and are easily accessible to anyone with access to an Internet connection, minimal technical skills,more » and a significantly reduced motivational threshold to be able to narrow the field of potential adversaries effectively. Understanding how hackers evaluate new IT security research and incorporate significant new ideas into their own tools provides a means of anticipating how IT systems are most likely to be attacked in the future. This research, Attack Methodology Analysis (AMA), could supply pertinent information on how to detect and stop new types of attacks. Since the exploit methodologies and attack vectors developed in the general Information Technology (IT) arena can be converted for use against control system environments, assessing areas in which cutting edge exploit development and remediation techniques are occurring can provide significance intelligence for control system network exploitation, defense, and a means of assessing threat without identifying specific capabilities of individual opponents. Attack Methodology Analysis begins with the study of what exploit technology and attack methodologies are being developed in the Information Technology (IT) security research community within the black and white hat community. Once a solid understanding of the cutting edge security research is established, emerging trends in attack methodology can be identified and the gap between those threats and the defensive capabilities of control systems can be analyzed. The results of the gap analysis drive changes in the cyber security of critical infrastructure networks to close the gap between current exploits and existing defenses. The analysis also provides defenders with an idea of how threat technology is evolving and how defenses will need to be modified to address these emerging trends.« less

Analyzing Cyber-Physical Threats on Robotic Platforms.

PubMed

Ahmad Yousef, Khalil M; AlMajali, Anas; Ghalyon, Salah Abu; Dweik, Waleed; Mohd, Bassam J

2018-05-21

Robots are increasingly involved in our daily lives. Fundamental to robots are the communication link (or stream) and the applications that connect the robots to their clients or users. Such communication link and applications are usually supported through client/server network connection. This networking system is amenable of being attacked and vulnerable to the security threats. Ensuring security and privacy for robotic platforms is thus critical, as failures and attacks could have devastating consequences. In this paper, we examine several cyber-physical security threats that are unique to the robotic platforms; specifically the communication link and the applications. Threats target integrity, availability and confidential security requirements of the robotic platforms, which use MobileEyes/arnlServer client/server applications. A robot attack tool (RAT) was developed to perform specific security attacks. An impact-oriented approach was adopted to analyze the assessment results of the attacks. Tests and experiments of attacks were conducted in simulation environment and physically on the robot. The simulation environment was based on MobileSim; a software tool for simulating, debugging and experimenting on MobileRobots/ActivMedia platforms and their environments. The robot platform PeopleBot TM was used for physical experiments. The analysis and testing results show that certain attacks were successful at breaching the robot security. Integrity attacks modified commands and manipulated the robot behavior. Availability attacks were able to cause Denial-of-Service (DoS) and the robot was not responsive to MobileEyes commands. Integrity and availability attacks caused sensitive information on the robot to be hijacked. To mitigate security threats, we provide possible mitigation techniques and suggestions to raise awareness of threats on the robotic platforms, especially when the robots are involved in critical missions or applications.

Analyzing Cyber-Physical Threats on Robotic Platforms †

PubMed Central

2018-01-01

Robots are increasingly involved in our daily lives. Fundamental to robots are the communication link (or stream) and the applications that connect the robots to their clients or users. Such communication link and applications are usually supported through client/server network connection. This networking system is amenable of being attacked and vulnerable to the security threats. Ensuring security and privacy for robotic platforms is thus critical, as failures and attacks could have devastating consequences. In this paper, we examine several cyber-physical security threats that are unique to the robotic platforms; specifically the communication link and the applications. Threats target integrity, availability and confidential security requirements of the robotic platforms, which use MobileEyes/arnlServer client/server applications. A robot attack tool (RAT) was developed to perform specific security attacks. An impact-oriented approach was adopted to analyze the assessment results of the attacks. Tests and experiments of attacks were conducted in simulation environment and physically on the robot. The simulation environment was based on MobileSim; a software tool for simulating, debugging and experimenting on MobileRobots/ActivMedia platforms and their environments. The robot platform PeopleBotTM was used for physical experiments. The analysis and testing results show that certain attacks were successful at breaching the robot security. Integrity attacks modified commands and manipulated the robot behavior. Availability attacks were able to cause Denial-of-Service (DoS) and the robot was not responsive to MobileEyes commands. Integrity and availability attacks caused sensitive information on the robot to be hijacked. To mitigate security threats, we provide possible mitigation techniques and suggestions to raise awareness of threats on the robotic platforms, especially when the robots are involved in critical missions or applications. PMID:29883403

A secure user anonymity-preserving three-factor remote user authentication scheme for the telecare medicine information systems.

PubMed

Das, Ashok Kumar

2015-03-01

Recent advanced technology enables the telecare medicine information system (TMIS) for the patients to gain the health monitoring facility at home and also to access medical services over the Internet of mobile networks. Several remote user authentication schemes have been proposed in the literature for TMIS. However, most of them are either insecure against various known attacks or they are inefficient. Recently, Tan proposed an efficient user anonymity preserving three-factor authentication scheme for TMIS. In this paper, we show that though Tan's scheme is efficient, it has several security drawbacks such as (1) it fails to provide proper authentication during the login phase, (2) it fails to provide correct updation of password and biometric of a user during the password and biometric update phase, and (3) it fails to protect against replay attack. In addition, Tan's scheme lacks the formal security analysis and verification. Later, Arshad and Nikooghadam also pointed out some security flaws in Tan's scheme and then presented an improvement on Tan's s scheme. However, we show that Arshad and Nikooghadam's scheme is still insecure against the privileged-insider attack through the stolen smart-card attack, and it also lacks the formal security analysis and verification. In order to withstand those security loopholes found in both Tan's scheme, and Arshad and Nikooghadam's scheme, we aim to propose an effective and more secure three-factor remote user authentication scheme for TMIS. Our scheme provides the user anonymity property. Through the rigorous informal and formal security analysis using random oracle models and the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, we show that our scheme is secure against various known attacks, including the replay and man-in-the-middle attacks. Furthermore, our scheme is also efficient as compared to other related schemes.

Design tools for complex dynamic security systems.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Byrne, Raymond Harry; Rigdon, James Brian; Rohrer, Brandon Robinson

2007-01-01

The development of tools for complex dynamic security systems is not a straight forward engineering task but, rather, a scientific task where discovery of new scientific principles and math is necessary. For years, scientists have observed complex behavior but have had difficulty understanding it. Prominent examples include: insect colony organization, the stock market, molecular interactions, fractals, and emergent behavior. Engineering such systems will be an even greater challenge. This report explores four tools for engineered complex dynamic security systems: Partially Observable Markov Decision Process, Percolation Theory, Graph Theory, and Exergy/Entropy Theory. Additionally, enabling hardware technology for next generation security systemsmore » are described: a 100 node wireless sensor network, unmanned ground vehicle and unmanned aerial vehicle.« less

A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity.

PubMed

Amin, Ruhul; Biswas, G P

2015-08-01

Telecare medical information system (TMIS) makes an efficient and convenient connection between patient(s)/user(s) and doctor(s) over the insecure internet. Therefore, data security, privacy and user authentication are enormously important for accessing important medical data over insecure communication. Recently, many user authentication protocols for TMIS have been proposed in the literature and it has been observed that most of the protocols cannot achieve complete security requirements. In this paper, we have scrutinized two (Mishra et al., Xu et al.) remote user authentication protocols using smart card and explained that both the protocols are suffering against several security weaknesses. We have then presented three-factor user authentication and key agreement protocol usable for TMIS, which fix the security pitfalls of the above mentioned schemes. The informal cryptanalysis makes certain that the proposed protocol provides well security protection on the relevant security attacks. Furthermore, the simulator AVISPA tool confirms that the protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The security functionalities and performance comparison analysis confirm that our protocol not only provide strong protection on security attacks, but it also achieves better complexities along with efficient login and password change phase as well as session key verification property.

Quality of Protection Evaluation of Security Mechanisms

PubMed Central

Ksiezopolski, Bogdan; Zurek, Tomasz; Mokkas, Michail

2014-01-01

Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol. PMID:25136683

Assessment of global water security: moving beyond water scarcity assessment

NASA Astrophysics Data System (ADS)

Wada, Y.; Gain, A. K.; Giupponi, C.

2015-12-01

Water plays an important role in underpinning equitable, stable and productive societies, and the ecosystems on which we depend. Many international river basins are likely to experience 'low water security' over the coming decades. Hence, ensuring water security along with energy and food securities has been recognised as priority goals in Sustainable Development Goals (SDGs) by the United Nations. This water security is not rooted only in the limitation of physical resources, i.e. the shortage in the availability of freshwater relative to water demand, but also on social and economic factors (e.g. flawed water planning and management approaches, institutional incapability to provide water services, unsustainable economic policies). Until recently, advanced tools and methods are available for assessment of global water scarcity. However, integrating both physical and socio-economic indicators assessment of water security at global level is not available yet. In this study, we present the first global understanding of water security using a spatial multi-criteria analysis framework that goes beyond available water scarcity assessment. For assessing water security at global scale, the term 'security' is conceptualized as a function of 'availability', 'accessibility to services', 'safety and quality', and 'management'. The Water security index is calculated by aggregating the indicators using both simple additive weighting (SAW) and ordered weighted average (OWA).

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bartoletti, T.

SPI/U3.1 consists of five tools used to assess and report the security posture of computers running the UNIX operating system. The tools are: Access Control Test: A rule-based system which identifies sequential dependencies in UNIX access controls. Binary Inspector Tool: Evaluates the release status of system binaries by comparing a crypto-checksum to provide table entries. Change Detection Tool: Maintains and applies a snapshot of critical system files and attributes for purposes of change detection. Configuration Query Language: Accepts CQL-based scripts (provided) to evaluate queries over the status of system files, configuration of services and many other elements of UNIX systemmore » security. Password Security Inspector: Tests for weak or aged passwords. The tools are packaged with a forms-based user interface providing on-line context-sensistive help, job scheduling, parameter management and output report management utilities. Tools may be run independent of the UI.« less

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bartoletti, Tony

SPI/U3.2 consists of five tools used to assess and report the security posture of computers running the UNIX operating system. The tools are: Access Control Test: A rule-based system which identifies sequential dependencies in UNIX access controls. Binary Authentication Tool: Evaluates the release status of system binaries by comparing a crypto-checksum to provide table entries. Change Detection Tool: Maintains and applies a snapshot of critical system files and attributes for purposes of change detection. Configuration Query Language: Accepts CQL-based scripts (provided) to evaluate queries over the status of system files, configuration of services and many other elements of UNIX systemmore » security. Password Security Inspector: Tests for weak or aged passwords. The tools are packaged with a forms-based user interface providing on-line context-sensistive help, job scheduling, parameter management and output report management utilities. Tools may be run independent of the UI.« less

Big sagebrush in pinyon-juniper woodlands: Using forest inventory and analysis data as a management tool for quantifying and monitoring mule deer habitat

Treesearch

Chris Witt; Paul L. Patterson

2011-01-01

We used Interior West Forest Inventory and Analysis (IW-FIA) data to identify conditions where pinyon-juniper woodlands provide security cover, thermal cover, and suitable amounts of big sagebrush (Artemisia tridentata spp.) forage to mule deer in Utah. Roughly one quarter of Utah's pinyon-juniper woodlands had a big sagebrush component in their understory....

simuwatt - A Tablet Based Electronic Auditing Tool

DOE Office of Scientific and Technical Information (OSTI.GOV)

Macumber, Daniel; Parker, Andrew; Lisell, Lars

2014-05-08

'simuwatt Energy Auditor' (TM) is a new tablet-based electronic auditing tool that is designed to dramatically reduce the time and cost to perform investment-grade audits and improve quality and consistency. The tool uses the U.S. Department of Energy's OpenStudio modeling platform and integrated Building Component Library to automate modeling and analysis. simuwatt's software-guided workflow helps users gather required data, and provides the data in a standard electronic format that is automatically converted to a baseline OpenStudio model for energy analysis. The baseline energy model is calibrated against actual monthly energy use to ASHRAE Standard 14 guidelines. Energy conservation measures frommore » the Building Component Library are then evaluated using OpenStudio's parametric analysis capability. Automated reporting creates audit documents that describe recommended packages of energy conservation measures. The development of this tool was partially funded by the U.S. Department of Defense's Environmental Security Technology Certification Program. As part of this program, the tool is being tested at 13 buildings on 5 Department of Defense sites across the United States. Results of the first simuwatt audit tool demonstration are presented in this paper.« less

A framework for analyzing the economic tradeoffs between urban commerce and security against terrorism.

PubMed

Rose, Adam; Avetisyan, Misak; Chatterjee, Samrat

2014-08-01

This article presents a framework for economic consequence analysis of terrorism countermeasures. It specifies major categories of direct and indirect costs, benefits, spillover effects, and transfer payments that must be estimated in a comprehensive assessment. It develops a spreadsheet tool for data collection, storage, and refinement, as well as estimation of the various components of the necessary economic accounts. It also illustrates the usefulness of the framework in the first assessment of the tradeoffs between enhanced security and changes in commercial activity in an urban area, with explicit attention to the role of spillover effects. The article also contributes a practical user interface to the model for emergency managers. © 2014 Society for Risk Analysis.

A progress report on UNICOS misuse detection at Los Alamos

DOE Office of Scientific and Technical Information (OSTI.GOV)

Thompson, J.L.; Jackson, K.A.; Stallings, C.A.

An effective method for detecting computer misuse is the automatic monitoring and analysis of on-line user activity. During the past year, Los Alamos enhanced its Network Anomaly Detection and Intrusion Reporter (NADIR) to include analysis of user activity on Los Alamos` UNICOS Crays. In near real-time, NADIR compares user activity to historical profiles and tests activity against expert rules. The expert rules express Los Alamos` security policy and define improper or suspicious behavior. NADIR reports suspicious behavior to security auditors and provides tools to aid in follow-up investigations. This paper describes the implementation to date of the UNICOS component ofmore » NADIR, along with the operational experiences and future plans for the system.« less

Developing a Value of Information (VoI) Enabled System from Collection to Analysis

DTIC Science & Technology

2016-11-01

Information, Android, smartphone , information dissemination, visual analytic 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF...List of Figures Fig. 1 Spot report main screen .........................................................................2 Fig. 2 Smartphone app...included the creation of 2 Android smartphone applications (apps) and the enhancement of an existing tool (Contour). Prior work with Android

Dynamic Attack Tree Tool for Risk Assessments

DOE Office of Scientific and Technical Information (OSTI.GOV)

Black, Karl

2012-03-13

DATT enables interactive visualization, qualitative analysis and recording of cyber and other forms of risk. It facilitates dynamic risk-based approaches (as opposed to static compliance-based) to security and risk management in general. DATT allows decision makers to consistently prioritize risk mitigation strategies and quickly see where attention is most needed across the enterprise.

The influence of ihsan attitude and economic condition to farmer household food security

NASA Astrophysics Data System (ADS)

Hendrarini, H.; Rahayu, E. S.; Kusnandar; Sunarsono, R. J.; Soedarto, T.

2018-03-01

Ihsan attitude is one unique attitude that was owned by farmers in Bangkalan Madura, Indonesia. This study was focused to examining the relationship of ihsan attitude and economic condition on household food security of farmers in Bangkalan. The ihsan attitude will be one a new view regarding to the human resource perspective in agribusiness. For that this study was aimed to analyse the influence and the effect of that attitude to food security of farmer household. Data were collected from 360 respondents, followed with descriptive analysis. The social ecological model was the basis concept in this study, moreover its also used to test the three variables. In this study, a structural equation model tools call WarpPLS was employed. Results from this study would be provide ihsan attitude picture to economic conditions on household food security of farmers indicated, that would be important for formulation of the farmer empowerment policy in the future.

Leap Frog Digital Sensors and Definition, Integration & Testing FY 2003 Annual Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Meitzler, Wayne D.; Ouderkirk, Steven J.; Shoemaker, Steven V.

2003-12-31

The objective of Leap Frog is to develop a comprehensive security tool that is transparent to the user community and more effective than current methods for preventing and detecting security compromises of critical physical and digital assets. Current security tools intrude on the people that interact with these critical assets by requiring them to perform additional functions or having additional visible sensors. Leap Frog takes security to the next level by being more effective and reducing the adverse impact on the people interacting with protected assets.

Tools for Administration of a UNIX-Based Network

NASA Technical Reports Server (NTRS)

LeClaire, Stephen; Farrar, Edward

2004-01-01

Several computer programs have been developed to enable efficient administration of a large, heterogeneous, UNIX-based computing and communication network that includes a variety of computers connected to a variety of subnetworks. One program provides secure software tools for administrators to create, modify, lock, and delete accounts of specific users. This program also provides tools for users to change their UNIX passwords and log-in shells. These tools check for errors. Another program comprises a client and a server component that, together, provide a secure mechanism to create, modify, and query quota levels on a network file system (NFS) mounted by use of the VERITAS File SystemJ software. The client software resides on an internal secure computer with a secure Web interface; one can gain access to the client software from any authorized computer capable of running web-browser software. The server software resides on a UNIX computer configured with the VERITAS software system. Directories where VERITAS quotas are applied are NFS-mounted. Another program is a Web-based, client/server Internet Protocol (IP) address tool that facilitates maintenance lookup of information about IP addresses for a network of computers.

All-optical video-image encryption with enforced security level using independent component analysis

NASA Astrophysics Data System (ADS)

Alfalou, A.; Mansour, A.

2007-10-01

In the last two decades, wireless communications have been introduced in various applications. However, the transmitted data can be, at any moment, intercepted by non-authorized people. That could explain why data encryption and secure transmission have gained enormous popularity. In order to secure data transmission, we should pay attention to two aspects: transmission rate and encryption security level. In this paper, we address these two aspects by proposing a new video-image transmission scheme. This new system consists in using the advantage of optical high transmission rate and some powerful signal processing tools to secure the transmitted data. The main idea of our approach is to secure transmitted information at two levels: at the classical level by using an adaptation of standard optical techniques and at a second level (spatial diversity) by using independent transmitters. In the second level, a hacker would need to intercept not only one channel but all of them in order to retrieve information. At the receiver, we can easily apply ICA algorithms to decrypt the received signals and retrieve information.

Metrics for the National SCADA Test Bed Program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Craig, Philip A.; Mortensen, J.; Dagle, Jeffery E.

2008-12-05

The U.S. Department of Energy Office of Electricity Delivery and Energy Reliability (DOE-OE) National SCADA Test Bed (NSTB) Program is providing valuable inputs into the electric industry by performing topical research and development (R&D) to secure next generation and legacy control systems. In addition, the program conducts vulnerability and risk analysis, develops tools, and performs industry liaison, outreach and awareness activities. These activities will enhance the secure and reliable delivery of energy for the United States. This report will describe metrics that could be utilized to provide feedback to help enhance the effectiveness of the NSTB Program.

A forensic identification case and DPid - can it be a useful tool?

PubMed Central

de QUEIROZ, Cristhiane Leão; BOSTOCK, Ellen Marie; SANTOS, Carlos Ferreira; GUIMARÃES, Marco Aurélio; da SILVA, Ricardo Henrique Alves

2017-01-01

Abstract Objective The aim of this study was to show DPid as an important tool of potential application to solve cases with dental prosthesis, such as the forensic case reported, in which a skull, denture and dental records were received for analysis. Material and Methods Human identification is still challenging in various circumstances and Dental Prosthetics Identification (DPid) stores the patient’s name and prosthesis information and provides access through an embedded code in dental prosthesis or an identification card. All of this information is digitally stored on servers accessible only by dentists, laboratory technicians and patients with their own level of secure access. DPid provides a complete single-source list of all dental prosthesis features (materials and components) under complete and secure documentation used for clinical follow-up and for human identification. Results and Conclusion If DPid tool was present in this forensic case, it could have been solved without requirement of DNA exam, which confirmed the dental comparison of antemortem and postmortem records, and concluded the case as a positive identification. PMID:28678955

Design of a Web-tool for diagnostic clinical trials handling medical imaging research.

PubMed

Baltasar Sánchez, Alicia; González-Sistal, Angel

2011-04-01

New clinical studies in medicine are based on patients and controls using different imaging diagnostic modalities. Medical information systems are not designed for clinical trials employing clinical imaging. Although commercial software and communication systems focus on storage of image data, they are not suitable for storage and mining of new types of quantitative data. We sought to design a Web-tool to support diagnostic clinical trials involving different experts and hospitals or research centres. The image analysis of this project is based on skeletal X-ray imaging. It involves a computerised image method using quantitative analysis of regions of interest in healthy bone and skeletal metastases. The database is implemented with ASP.NET 3.5 and C# technologies for our Web-based application. For data storage, we chose MySQL v.5.0, one of the most popular open source databases. User logins were necessary, and access to patient data was logged for auditing. For security, all data transmissions were carried over encrypted connections. This Web-tool is available to users scattered at different locations; it allows an efficient organisation and storage of data (case report form) and images and allows each user to know precisely what his task is. The advantages of our Web-tool are as follows: (1) sustainability is guaranteed; (2) network locations for collection of data are secured; (3) all clinical information is stored together with the original images and the results derived from processed images and statistical analysis that enable us to perform retrospective studies; (4) changes are easily incorporated because of the modular architecture; and (5) assessment of trial data collected at different sites is centralised to reduce statistical variance.

Real-time network security situation visualization and threat assessment based on semi-Markov process

NASA Astrophysics Data System (ADS)

Chen, Junhua

2013-03-01

To cope with a large amount of data in current sensed environments, decision aid tools should provide their understanding of situations in a time-efficient manner, so there is an increasing need for real-time network security situation awareness and threat assessment. In this study, the state transition model of vulnerability in the network based on semi-Markov process is proposed at first. Once events are triggered by an attacker's action or system response, the current states of the vulnerabilities are known. Then we calculate the transition probabilities of the vulnerability from the current state to security failure state. Furthermore in order to improve accuracy of our algorithms, we adjust the probabilities that they exploit the vulnerability according to the attacker's skill level. In the light of the preconditions and post-conditions of vulnerabilities in the network, attack graph is built to visualize security situation in real time. Subsequently, we predict attack path, recognize attack intention and estimate the impact through analysis of attack graph. These help administrators to insight into intrusion steps, determine security state and assess threat. Finally testing in a network shows that this method is reasonable and feasible, and can undertake tremendous analysis task to facilitate administrators' work.

Digitizing and Securing Archived Laboratory Notebooks

ERIC Educational Resources Information Center

Caporizzo, Marilyn

2008-01-01

The Information Group at Millipore has been successfully using a digital rights management tool to secure the email distribution of archived laboratory notebooks. Millipore is a life science leader providing cutting-edge technologies, tools, and services for bioscience research and biopharmaceutical manufacturing. Consisting of four full-time…

CWA 15793 2011 Planning and Implementation Tool

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gross, Alan; Nail, George

This software, built on an open source platform called Electron (runs on Chromium and Node.js), is designed to assist organizations in the implementation of a biorisk management system consistent with the requirements of the international, publicly available guidance document CEN Workshop Agreement 15793:2011 (CWA 15793). The software includes tools for conducting organizational gap analysis against CWA 15793 requirements, planning tools to support the implementation of CWA 15793 requirements, and performance monitoring support. The gap analysis questions are based on the text of CWA 15793, and its associated guidance document, CEN Workshop Agreement 16393:2012. The authors have secured permission from themore » publisher of CWA 15793, the European Committee for Standardization (CEN), to use language from the document in the software, with the understanding that the software will be made available freely, without charge.« less

Computer Network Security: Best Practices for Alberta School Jurisdictions.

ERIC Educational Resources Information Center

Alberta Dept. of Education, Edmonton.

This paper provides a snapshot of the computer network security industry and addresses specific issues related to network security in public education. The following topics are covered: (1) security policy, including reasons for establishing a policy, risk assessment, areas to consider, audit tools; (2) workstations, including physical security,…

Cyber / Physical Security Vulnerability Assessment Integration

DOE Office of Scientific and Technical Information (OSTI.GOV)

MacDonald, Douglas G.; Simpkins, Bret E.

Abstract Both physical protection and cyber security domains offer solutions for the discovery of vulnerabilities through the use of various assessment processes and software tools. Each vulnerability assessment (VA) methodology provides the ability to identify and categorize vulnerabilities, and quantifies the risks within their own areas of expertise. Neither approach fully represents the true potential security risk to a site and/or a facility, nor comprehensively assesses the overall security posture. The technical approach to solving this problem was to identify methodologies and processes that blend the physical and cyber security assessments, and develop tools to accurately quantify the unaccounted formore » risk. SMEs from both the physical and the cyber security domains developed the blending methodologies, and cross trained each other on the various aspects of the physical and cyber security assessment processes. A local critical infrastructure entity volunteered to host a proof of concept physical/cyber security assessment, and the lessons learned have been leveraged by this effort. The four potential modes of attack an adversary can use in approaching a target are; Physical Only Attack, Cyber Only Attack, Physical Enabled Cyber Attack, and the Cyber Enabled Physical Attack. The Physical Only and the Cyber Only pathway analysis are two of the most widely analyzed attack modes. The pathway from an off-site location to the desired target location is dissected to ensure adversarial activity can be detected and neutralized by the protection strategy, prior to completion of a predefined task. This methodology typically explores a one way attack from the public space (or common area) inward towards the target. The Physical Enabled Cyber Attack and the Cyber Enabled Physical Attack are much more intricate. Both scenarios involve beginning in one domain to affect change in the other, then backing outward to take advantage of the reduced system effectiveness, before penetrating further into the defenses. The proper identification and assessment of the overlapping areas (and interaction between these areas) in the VA process is necessary to accurately assess the true risk.« less

Measuring Global Water Security Towards Sustainable Development Goals

NASA Technical Reports Server (NTRS)

Gain, Animesh K.; Giupponi, Carlo; Wada, Yoshihide

2016-01-01

Water plays an important role in underpinning equitable, stable and productive societies and ecosystems. Hence, United Nations recognized ensuring water security as one (Goal 6) of the seventeen sustainable development goals (SDGs). Many international river basins are likely to experience 'low water security' over the coming decades. Water security is rooted not only in the physical availability of freshwater resources relative to water demand, but also on social and economic factors (e.g. sound water planning and management approaches, institutional capacity to provide water services, sustainable economic policies). Until recently, advanced tools and methods are available for the assessment of water scarcity. However, quantitative and integrated-physical and socio-economic-approaches for spatial analysis of water security at global level are not available yet. In this study, we present a spatial multi-criteria analysis framework to provide a global assessment of water security. The selected indicators are based on Goal 6 of SDGs. The term 'security' is conceptualized as a function of 'availability', 'accessibility to services', 'safety and quality', and 'management'. The proposed global water security index (GWSI) is calculated by aggregating indicator values on a pixel-by-pixel basis, using the ordered weighted average method, which allows for the exploration of the sensitivity of final maps to different attitudes of hypothetical policy makers. Our assessment suggests that countries of Africa, South Asia and Middle East experience very low water security. Other areas of high water scarcity, such as some parts of United States, Australia and Southern Europe, show better GWSI values, due to good performance of management, safety and quality, and accessibility. The GWSI maps show the areas of the world in which integrated strategies are needed to achieve water related targets of the SDGs particularly in the African and Asian continents.

If we offer it, will they accept? Factors affecting patient use intentions of personal health records and secure messaging.

PubMed

Agarwal, Ritu; Anderson, Catherine; Zarate, Jesus; Ward, Claudine

2013-02-26

Personal health records (PHRs) are an important tool for empowering patients and stimulating health action. To date, the volitional adoption of publicly available PHRs by consumers has been low. This may be partly due to patient concerns about issues such as data security, accuracy of the clinical information stored in the PHR, and challenges with keeping the information updated. One potential solution to mitigate concerns about security, accuracy, and updating of information that may accelerate technology adoption is the provision of PHRs by employers where the PHR is pre-populated with patients' health data. Increasingly, employers and payers are offering this technology to employees as a mechanism for greater patient engagement in health and well-being. Little is known about the antecedents of PHR acceptance in the context of an employer sponsored PHR system. Using social cognitive theory as a lens, we theorized and empirically tested how individual factors (patient activation and provider satisfaction) and two environment factors (technology and organization) influence patient intentions to use a PHR among early adopters of the technology. In technology factors, we studied tool empowerment potential and value of tool functionality. In organization factors, we focused on communication tactics deployed by the organization during PHR rollout. We conducted cross-sectional analysis of field data collected during the first 3 months post go-live of the deployment of a PHR with secure messaging implemented by the Air Force Medical Service at Elmendorf Air Force Base in Alaska in December 2010. A questionnaire with validated measures was designed and completed by 283 participants. The research model was estimated using moderated multiple regression. Provider satisfaction, interactions between environmental factors (communication tactics and value of the tool functionality), and interactions between patient activation and tool empowerment potential were significantly (P<.05) associated with behavioral intentions to use the PHR tool. The independent variables collectively explained 42% of the variance in behavioral intentions. The study demonstrated that individual and environmental factors influence intentions to use the PHR. Patients who were more satisfied with their provider had higher use intentions. For patients who perceived the health care process management support features of the tool to be of significant value, communication tactics served to increase their use intentions. Finally, patients who believed the tool to be empowering demonstrated higher intentions to use, which were further enhanced for highly activated patients. The findings highlight the importance of communication tactics and technology characteristics and have implications for the management of PHR implementations.

Performance Analysis of Automated Attack Graph Generation Software

DTIC Science & Technology

2006-12-01

MIT Lincoln Laboratory – NetSPA .................................................13 3. Skybox - Skybox View...Lip05*) 3. Skybox - Skybox View Skybox View is a commercially available tool developed by Skybox Security that can automatically generate...each host. It differs from CAULDRON because it requires that Skybox View probe live networks and must be connected to live networks during its

Empowering Accountability for Vocational-Technical Education: The Analysis and Use of Wage Records.

ERIC Educational Resources Information Center

Jarosik, Daniel; Phelps, L. Allen

Since 1988, state governments have been required to collect quarterly from private sector employers gross earnings by Social Security numbers, industry of employment, and county of employment. A study was conducted of 13 states' efforts to use this wage record database as a tool for improving educational accountability and assessing the impact of…

Securing your Site in Development and Beyond

DOE Office of Scientific and Technical Information (OSTI.GOV)

Akopov, Mikhail S.

Why wait until production deployment, or even staging and testing deployment to identify security vulnerabilities? Using tools like Burp Suite, you can find security vulnerabilities before they creep up on you. Prevent cross-site scripting attacks, and establish a firmer trust between your website and your client. Verify that Apache/Nginx have the correct SSL Ciphers set. We explore using these tools and more to validate proper Apache/Nginx configurations, and to be compliant with modern configuration standards as part of the development cycle. Your clients can use tools like https://securityheaders.io and https://ssllabs.com to get a graded report on your level of compliancemore » with OWASP Secure Headers Project and SSLLabs recommendations. Likewise, you should always use the same sites to validate your configurations. Burp Suite will find common misconfigurations and will also perform more thorough security testing of your applications. In this session you will see examples of vulnerabilities that were detected early on, as well has how to integrate these practices into your daily workflow.« less

In Internet-Based Visualization System Study about Breakthrough Applet Security Restrictions

NASA Astrophysics Data System (ADS)

Chen, Jie; Huang, Yan

In the process of realization Internet-based visualization system of the protein molecules, system needs to allow users to use the system to observe the molecular structure of the local computer, that is, customers can generate the three-dimensional graphics from PDB file on the client computer. This requires Applet access to local file, related to the Applet security restrictions question. In this paper include two realization methods: 1.Use such as signature tools, key management tools and Policy Editor tools provided by the JDK to digital signature and authentication for Java Applet, breakthrough certain security restrictions in the browser. 2. Through the use of Servlet agent implement indirect access data methods, breakthrough the traditional Java Virtual Machine sandbox model restriction of Applet ability. The two ways can break through the Applet's security restrictions, but each has its own strengths.

Unlocking User-Centered Design Methods for Building Cyber Security Visualizations

DTIC Science & Technology

2015-08-07

have rarely linked these methods to a final, deployed tool. Goodall et al. interviewed analysts to derive requirements for a network security tool [14... Goodall , W. Lutters, and A. Komlodi. The work of intrusion detec- tion: rethinking the role of security analysts. AMCIS 2004 Proceed- ings, 2004. [14] J. R... Goodall , A. A. Ozok, W. G. Lutters, P. Rheingans, and A. Kom- lodi. A user-centered approach to visualizing network traffic for intru- sion

Smart Grids and their Applicability for the Development of the Electricity Sector for Colombia in the year 2050

NASA Astrophysics Data System (ADS)

Viola, J.; Aceros, C.

2016-07-01

Smart Grids are a technology that can be used to implement a sustainable energy scheme of a country. Therefore, this paper proposes the development of a prospective analysis of Smart Grids as a tool to ensure energetic security in Colombia in 2050. Using LEAP software, a base scenario for Colombian energy demand has developed according to current policies, with a time horizon from 2012 to 2050. The energy analysis is based on three scenarios, taking into account the impact of cogeneration in the residential and industrial sector using renewable energy and the power quality indicators. The results show that the implementation of Smart Grids generate energy savings and increasing the coverage of the national electricity system, ensuring energetic security of the country by 2050.

Quality control, analysis and secure sharing of Luminex® immunoassay data using the open source LabKey Server platform

PubMed Central

2013-01-01

Background Immunoassays that employ multiplexed bead arrays produce high information content per sample. Such assays are now frequently used to evaluate humoral responses in clinical trials. Integrated software is needed for the analysis, quality control, and secure sharing of the high volume of data produced by such multiplexed assays. Software that facilitates data exchange and provides flexibility to perform customized analyses (including multiple curve fits and visualizations of assay performance over time) could increase scientists’ capacity to use these immunoassays to evaluate human clinical trials. Results The HIV Vaccine Trials Network and the Statistical Center for HIV/AIDS Research and Prevention collaborated with LabKey Software to enhance the open source LabKey Server platform to facilitate workflows for multiplexed bead assays. This system now supports the management, analysis, quality control, and secure sharing of data from multiplexed immunoassays that leverage Luminex xMAP® technology. These assays may be custom or kit-based. Newly added features enable labs to: (i) import run data from spreadsheets output by Bio-Plex Manager™ software; (ii) customize data processing, curve fits, and algorithms through scripts written in common languages, such as R; (iii) select script-defined calculation options through a graphical user interface; (iv) collect custom metadata for each titration, analyte, run and batch of runs; (v) calculate dose–response curves for titrations; (vi) interpolate unknown concentrations from curves for titrated standards; (vii) flag run data for exclusion from analysis; (viii) track quality control metrics across runs using Levey-Jennings plots; and (ix) automatically flag outliers based on expected values. Existing system features allow researchers to analyze, integrate, visualize, export and securely share their data, as well as to construct custom user interfaces and workflows. Conclusions Unlike other tools tailored for Luminex immunoassays, LabKey Server allows labs to customize their Luminex analyses using scripting while still presenting users with a single, graphical interface for processing and analyzing data. The LabKey Server system also stands out among Luminex tools for enabling smooth, secure transfer of data, quality control information, and analyses between collaborators. LabKey Server and its Luminex features are freely available as open source software at http://www.labkey.com under the Apache 2.0 license. PMID:23631706

Quality control, analysis and secure sharing of Luminex® immunoassay data using the open source LabKey Server platform.

PubMed

Eckels, Josh; Nathe, Cory; Nelson, Elizabeth K; Shoemaker, Sara G; Nostrand, Elizabeth Van; Yates, Nicole L; Ashley, Vicki C; Harris, Linda J; Bollenbeck, Mark; Fong, Youyi; Tomaras, Georgia D; Piehler, Britt

2013-04-30

Immunoassays that employ multiplexed bead arrays produce high information content per sample. Such assays are now frequently used to evaluate humoral responses in clinical trials. Integrated software is needed for the analysis, quality control, and secure sharing of the high volume of data produced by such multiplexed assays. Software that facilitates data exchange and provides flexibility to perform customized analyses (including multiple curve fits and visualizations of assay performance over time) could increase scientists' capacity to use these immunoassays to evaluate human clinical trials. The HIV Vaccine Trials Network and the Statistical Center for HIV/AIDS Research and Prevention collaborated with LabKey Software to enhance the open source LabKey Server platform to facilitate workflows for multiplexed bead assays. This system now supports the management, analysis, quality control, and secure sharing of data from multiplexed immunoassays that leverage Luminex xMAP® technology. These assays may be custom or kit-based. Newly added features enable labs to: (i) import run data from spreadsheets output by Bio-Plex Manager™ software; (ii) customize data processing, curve fits, and algorithms through scripts written in common languages, such as R; (iii) select script-defined calculation options through a graphical user interface; (iv) collect custom metadata for each titration, analyte, run and batch of runs; (v) calculate dose-response curves for titrations; (vi) interpolate unknown concentrations from curves for titrated standards; (vii) flag run data for exclusion from analysis; (viii) track quality control metrics across runs using Levey-Jennings plots; and (ix) automatically flag outliers based on expected values. Existing system features allow researchers to analyze, integrate, visualize, export and securely share their data, as well as to construct custom user interfaces and workflows. Unlike other tools tailored for Luminex immunoassays, LabKey Server allows labs to customize their Luminex analyses using scripting while still presenting users with a single, graphical interface for processing and analyzing data. The LabKey Server system also stands out among Luminex tools for enabling smooth, secure transfer of data, quality control information, and analyses between collaborators. LabKey Server and its Luminex features are freely available as open source software at http://www.labkey.com under the Apache 2.0 license.

Improving the Security of the U.S. Aeronautical Domain: Adopting an Intelligence-Led, Risk-Based Strategy and Partnership

DTIC Science & Technology

2010-12-01

Methodology RMAT Risk Management Assessment Tool SIDA Security Identification Display Area SIGINT Signals Intelligence SO18 Aviation Security...aircraft operate (§ 1542.203); • Provide detection and physical security measures for the “Security Identification Display Area” ( SIDA ), i.e., the area

Integrated modeling approach for optimal management of water, energy and food security nexus

NASA Astrophysics Data System (ADS)

Zhang, Xiaodong; Vesselinov, Velimir V.

2017-03-01

Water, energy and food (WEF) are inextricably interrelated. Effective planning and management of limited WEF resources to meet current and future socioeconomic demands for sustainable development is challenging. WEF production/delivery may also produce environmental impacts; as a result, green-house-gas emission control will impact WEF nexus management as well. Nexus management for WEF security necessitates integrated tools for predictive analysis that are capable of identifying the tradeoffs among various sectors, generating cost-effective planning and management strategies and policies. To address these needs, we have developed an integrated model analysis framework and tool called WEFO. WEFO provides a multi-period socioeconomic model for predicting how to satisfy WEF demands based on model inputs representing productions costs, socioeconomic demands, and environmental controls. WEFO is applied to quantitatively analyze the interrelationships and trade-offs among system components including energy supply, electricity generation, water supply-demand, food production as well as mitigation of environmental impacts. WEFO is demonstrated to solve a hypothetical nexus management problem consistent with real-world management scenarios. Model parameters are analyzed using global sensitivity analysis and their effects on total system cost are quantified. The obtained results demonstrate how these types of analyses can be helpful for decision-makers and stakeholders to make cost-effective decisions for optimal WEF management.

Security and Resilience | Grid Modernization | NREL

Science.gov Websites

Security and Resilience Security and Resilience NREL develops tools and solutions to enable a more Consortium, NREL collaborates with industry, academia, and other research organizations to find solutions to

Open Tools for Integrated Modelling to Understand SDG development - The OPTIMUS program

NASA Astrophysics Data System (ADS)

Howells, Mark; Zepeda, Eduardo; Rogner, H. Holger; Sanchez, Marco; Roehrl, Alexander; Cicowiez, Matrin; Mentis, Dimitris; Korkevelos, Alexandros; Taliotis, Constantinos; Broad, Oliver; Alfstad, Thomas

2016-04-01

The recently adopted Sustainable Development Goals (SDGs) - a set of 17 measurable and time-bound goals with 169 associated targets for 2030 - are highly inclusive challenges before the world community ranging from eliminating poverty to human rights, inequality, a secure world and protection of the environment. Each individual goal or target by themselves present enormous tasks, taken together they are overwhelming. There strong and weak interlinkages, hence trade-offs and complementarities among goals and targets. Some targets may affect several goals while other goals and targets may conflict or be mutually exclusive (Ref). Meeting each of these requires the judicious exploitation of resource, with energy playing an important role. Such complexity demands to be addressed in an integrated way using systems analysis tools to support informed policy formulation, planning, allocation of scarce resources, monitoring progress, effectiveness and review at different scales. There is no one size fits all methodology that conceivably could include all goal and targets simultaneously. But there are methodologies encapsulating critical subsets of the goal and targets with strong interlinkages with a 'soft' reflection on the weak interlinkages. Universal food security or sustainable energy for all inherently support goals and targets on human rights and equality but possibly at the cost of biodiversity or desertification. Integrated analysis and planning tools are not yet commonplace at national universities - or indeed in many policy making organs. What is needed is a fundamental realignment of institutions and integrations of their planning processes and decision making. We introduce a series of open source tools to support the SDG planning and implementation process. The Global User-friendly CLEW Open Source (GLUCOSE) tool optimizes resource interactions and constraints; The Global Electrification Tool kit (GETit) provides the first global spatially explicit electrification simulator; A national CLEW tool allows for the optimization of national level integrated resource use and Macro-CLEW presents the same allowing for detailed economic-biophysical interactions. Finally open Model Management Infrastructure (MoManI) is presented that allows for the rapid prototyping of new additions to, or new resource optimization tools. Collectively these tools provide insights to some fifteen of the SDGs and are made publicly available with support to governments and academic institutions.

DOE Office of Scientific and Technical Information (OSTI.GOV)

MacDonald, Douglas G.; Clements, Samuel L.; Patrick, Scott W.

Securing high value and critical assets is one of the biggest challenges facing this nation and others around the world. In modern integrated systems, there are four potential modes of attack available to an adversary: • physical only attack, • cyber only attack, • physical-enabled cyber attack, • cyber-enabled physical attack. Blended attacks involve an adversary working in one domain to reduce system effectiveness in another domain. This enables the attacker to penetrate further into the overall layered defenses. Existing vulnerability assessment (VA) processes and software tools which predict facility vulnerabilities typically evaluate the physical and cyber domains separately. Vulnerabilitiesmore » which result from the integration of cyber-physical control systems are not well characterized and are often overlooked by existing assessment approaches. In this paper, we modified modification of the timely detection methodology, used for decades in physical security VAs, to include cyber components. The Physical and Cyber Risk Analysis Tool (PACRAT) prototype illustrates an integrated vulnerability assessment that includes cyber-physical interdependencies. Information about facility layout, network topology, and emplaced safeguards is used to evaluate how well suited a facility is to detect, delay, and respond to attacks, to identify the pathways most vulnerable to attack, and to evaluate how often safeguards are compromised for a given threat or adversary type. We have tested the PACRAT prototype on critical infrastructure facilities and the results are promising. Future work includes extending the model to prescribe the recommended security improvements via an automated cost-benefit analysis.« less

Software For Computer-Security Audits

NASA Technical Reports Server (NTRS)

Arndt, Kate; Lonsford, Emily

1994-01-01

Information relevant to potential breaches of security gathered efficiently. Automated Auditing Tools for VAX/VMS program includes following automated software tools performing noted tasks: Privileged ID Identification, program identifies users and their privileges to circumvent existing computer security measures; Critical File Protection, critical files not properly protected identified; Inactive ID Identification, identifications of users no longer in use found; Password Lifetime Review, maximum lifetimes of passwords of all identifications determined; and Password Length Review, minimum allowed length of passwords of all identifications determined. Written in DEC VAX DCL language.

Validity and reliability of food security measures.

PubMed

Cafiero, Carlo; Melgar-Quiñonez, Hugo R; Ballard, Terri J; Kepple, Anne W

2014-12-01

This paper reviews some of the existing food security indicators, discussing the validity of the underlying concept and the expected reliability of measures under reasonably feasible conditions. The main objective of the paper is to raise awareness on existing trade-offs between different qualities of possible food security measurement tools that must be taken into account when such tools are proposed for practical application, especially for use within an international monitoring framework. The hope is to provide a timely, useful contribution to the process leading to the definition of a food security goal and the associated monitoring framework within the post-2015 Development Agenda. © 2014 New York Academy of Sciences.

Towards a more holistic sustainability assessment framework for agro-bioenergy systems — A review

DOE Office of Scientific and Technical Information (OSTI.GOV)

Arodudu, Oludunsin, E-mail: Oludunsin.Arodudu@zalf.de; Potsdam University, Institute of Earth and Environmental Sciences, Karl-Liebknecht-Straße 24-25, 14476 Potsdam, Golm; Helming, Katharina

The use of life cycle assessment (LCA) as a sustainability assessment tool for agro-bioenergy system usually has an industrial agriculture bias. Furthermore, LCA generally has often been criticized for being a decision maker tool which may not consider decision takers perceptions. They are lacking in spatial and temporal depth, and unable to assess sufficiently some environmental impact categories such as biodiversity, land use etc. and most economic and social impact categories, e.g. food security, water security, energy security. This study explored tools, methodologies and frameworks that can be deployed individually, as well as in combination with each other for bridgingmore » these methodological gaps in application to agro-bioenergy systems. Integrating agronomic options, e.g. alternative farm power, tillage, seed sowing options, fertilizer, pesticide, irrigation into the boundaries of LCAs for agro-bioenergy systems will not only provide an alternative agro-ecological perspective to previous LCAs, but will also lead to the derivation of indicators for assessment of some social and economic impact categories. Deploying life cycle thinking approaches such as energy return on energy invested-EROEI, human appropriation of net primary production-HANPP, net greenhouse gas or carbon balance-NCB, water footprint individually and in combination with each other will also lead to further derivation of indicators suitable for assessing relevant environmental, social and economic impact categories. Also, applying spatio-temporal simulation models has a potential for improving the spatial and temporal depths of LCA analysis.« less

Teaching Internet Security, Safety in Our Classrooms

ERIC Educational Resources Information Center

DeFranco, Joanna F.

2011-01-01

Internet security is an important topic for educators due to curriculums now incorporating tools such as the Internet, Google docs, e-portfolios, and course management systems. Those tools require students to spend more time online, where they are susceptible to manipulation or intimidation if they do not stay on task. Kids of all ages lack…

A New Look at Security Education: YouTube as YouTool

ERIC Educational Resources Information Center

Werner, Laurie A.; Frank, Charles E.

2010-01-01

Teaching a computer security course which includes network administration and protection software is especially challenging because textbook tools are out of date by the time the text is published. In an effort to use lab activities that work effectively, we turned to the internet. This paper describes several resources for teaching computer…

Automating Security Protocol Analysis

DTIC Science & Technology

2004-03-01

language that allows easy representation of pattern interaction. Using CSP, Lowe tests whether a protocol achieves authentication. In the case of...only to correctly code whatever protocol they intend to evaluate. The tool, OCaml 3.04 [1], translates the protocol into Horn clauses and then...model protocol transactions. One example of automated modeling software is Maude [19]. Maude was the intended language for this research, but Java

Civilian Surge: Key to Complex Operations

DTIC Science & Technology

2008-12-01

Division, the unit’s combat operations were reduced by 60 percent over a period of 8 months, enabling Soldiers to focus on improving security, health ... improving the usefulness of existing conflict early warning tools and integrating them with the analysis, prevention, and response components of S /CRS...force protection procedures. Integrated Stabilization Assistance Programs Since 2005, S /CRS has provided technical assistance consultations to

A Quantitative Experimental Study of the Effectiveness of Systems to Identify Network Attackers

ERIC Educational Resources Information Center

Handorf, C. Russell

2016-01-01

This study analyzed the meta-data collected from a honeypot that was run by the Federal Bureau of Investigation for a period of 5 years. This analysis compared the use of existing industry methods and tools, such as Intrusion Detection System alerts, network traffic flow and system log traffic, within the Open Source Security Information Manager…

Building the Future Air Force: Analysis of Platform versus Weapon Development

DTIC Science & Technology

2016-05-26

Operation Desert Storm, GulfWar. 16. SECURITY CLASSIFICATION OF: a. REPORT b. ABSTRACT c. THIS PAGE u u u 17. LIMITATION OF 18. NUMBER...More Surprises: The Vietnam War ...................................................................... 20 The Right Tools for the Job: Operation Desert...require flexibility amongst military forces. The more flexible the force, the more effective at fulfilling policy requirements. “ Operational mission

Security Personnel Practices and Policies in U.S. Hospitals: Findings From a National Survey.

PubMed

Schoenfisch, Ashley L; Pompeii, Lisa A

2016-06-27

Concerns of violence in hospitals warrant examination of current hospital security practices. Cross-sectional survey data were collected from members of a health care security and safety association to examine the type of personnel serving as security in hospitals, their policies and practices related to training and weapon/restraint tool carrying/use, and the broader context in which security personnel work to maintain staff and patient safety, with an emphasis on workplace violence prevention and mitigation. Data pertaining to 340 hospitals suggest security personnel were typically non-sworn officers directly employed (72%) by hospitals. Available tools included handcuffs (96%), batons (56%), oleoresin capsicum products (e.g., pepper spray; 52%), hand guns (52%), conducted electrical weapons (e.g., TASERs®; 47%), and K9 units (12%). Current workplace violence prevention policy components, as well as recommendations to improve hospital security practices, aligned with Occupational Safety and Health Administration guidelines. Comprehensive efforts to address the safety and effectiveness of hospital security personnel should consider security personnel's relationships with other hospital work groups and hospitals' focus on patients' safety and satisfaction. © 2016 The Author(s).

Metrics for Identifying Food Security Status and the Population with Potential to Benefit from Nutrition Interventions in the Lives Saved Tool (LiST).

PubMed

Jackson, Bianca D; Walker, Neff; Heidkamp, Rebecca

2017-11-01

Background: The Lives Saved Tool (LiST) uses the poverty head-count ratio at $1.90/d as a proxy for food security to identify the percentage of the population with the potential to benefit from balanced energy supplementation and complementary feeding (CF) interventions, following the approach used for the Lancet 's 2008 series on Maternal and Child Undernutrition. Because much work has been done in the development of food security indicators, a re-evaluation of the use of this indicator was warranted. Objective: The aim was to re-evaluate the use of the poverty head-count ratio at $1.90/d as the food security proxy indicator in LiST. Methods: We carried out a desk review to identify available indicators of food security. We identified 3 indicators and compared them by using scatterplots, Spearman's correlations, and Bland-Altman plot analysis. We generated LiST projections to compare the modeled impact results with the use of the different indicators. Results: There are many food security indicators available, but only 3 additional indicators were identified with the data availability requirements to be used as the food security indicator in LiST. As expected, analyzed food security indicators were significantly positively correlated ( P < 0.001), but there was generally poor agreement between them. The disparity between the indicators also increases as the values of the indicators increase. Consequently, the choice of indicator can have a considerable effect on the impact of interventions modeled in LiST, especially in food-insecure contexts. Conclusions: There was no single indicator identified that is ideal for measuring the percentage of the population who is food insecure for LiST. Thus, LiST will use the food security indicators that were used in the meta-analyses that produced the effect estimates. These are the poverty head-count ratio at $1.90/d for CF interventions and the prevalence of a low body mass index in women of reproductive age for balanced energy supplementation interventions. © 2017 American Society for Nutrition.

Probabilistic risk analysis and terrorism risk.

PubMed

Ezell, Barry Charles; Bennett, Steven P; von Winterfeldt, Detlof; Sokolowski, John; Collins, Andrew J

2010-04-01

Since the terrorist attacks of September 11, 2001, and the subsequent establishment of the U.S. Department of Homeland Security (DHS), considerable efforts have been made to estimate the risks of terrorism and the cost effectiveness of security policies to reduce these risks. DHS, industry, and the academic risk analysis communities have all invested heavily in the development of tools and approaches that can assist decisionmakers in effectively allocating limited resources across the vast array of potential investments that could mitigate risks from terrorism and other threats to the homeland. Decisionmakers demand models, analyses, and decision support that are useful for this task and based on the state of the art. Since terrorism risk analysis is new, no single method is likely to meet this challenge. In this article we explore a number of existing and potential approaches for terrorism risk analysis, focusing particularly on recent discussions regarding the applicability of probabilistic and decision analytic approaches to bioterrorism risks and the Bioterrorism Risk Assessment methodology used by the DHS and criticized by the National Academies and others.

New and Improved Remotely Sensed Products and Tools for Agricultural Monitoring Applications in Support of Famine Early Warning

NASA Astrophysics Data System (ADS)

Budde, M. E.; Rowland, J.; Senay, G. B.; Funk, C. C.; Pedreros, D.; Husak, G. J.; Bohms, S.

2011-12-01

The high global food prices in 2008 led to the acknowledgement that there is a need to monitor the inter-connectivity of global and regional markets and their potential impacts on food security in many more regions than previously considered. The crisis prompted an expansion of monitoring by the Famine Early Warning Systems Network (FEWS NET) to include additional countries, beyond those where food security has long been of concern. Scientists at the U.S. Geological Survey (USGS) Earth Resources Observation and Science (EROS) Center and the University of California Santa Barbara Climate Hazards Group have provided new and improved data products as well as visualization and analysis tools in support of this increased mandate for remote monitoring. We present a new product for measuring actual evapotranspiration (ETa) based on the implementation of a surface energy balance model and site improvements of two standard FEWS NET monitoring products: normalized difference vegetation index (NDVI) and satellite-based rainfall estimates. USGS FEWS NET has implemented a simplified surface energy balance model to produce operational ETa anomalies for Africa. During the growing season, ETa anomalies express surplus or deficit crop water use which is directly related to crop condition and biomass. The expedited Moderate Resolution Imaging Spectroradiometer (eMODIS) production system provides FEWS NET with a much improved NDVI dataset for crop and rangeland monitoring. eMODIS NDVI provides a reliable data stream with a vastly improved spatial resolution (250-m) and short latency period (less than 12 hours) which allows for better operational vegetation monitoring. FEWS NET uses satellite rainfall estimates as inputs for monitoring agricultural food production. By combining high resolution (0.05 deg) rainfall mean fields with Tropical Rainfall Measuring Mission rainfall estimates and infrared temperature data, we provide pentadal (5-day) rainfall fields suitable for crop monitoring and modeling. We also present two new monitoring tools, the Early Warning eXplorer (EWX) and the Decision Support Interface (DSI). The EWX is a data analysis tool which provides the ability to rapidly visualize multiple remote sensing datasets and compare standardized anomaly maps and time series. The DSI uses remote sensing data in an automated fashion to map areas of drought concern and ranks their severity at both crop zone and administrative levels. New and improved data products and more targeted analysis tools are a necessity as food security monitoring requirements expand and resources become limited.

Network Computing Infrastructure to Share Tools and Data in Global Nuclear Energy Partnership

NASA Astrophysics Data System (ADS)

Kim, Guehee; Suzuki, Yoshio; Teshima, Naoya

CCSE/JAEA (Center for Computational Science and e-Systems/Japan Atomic Energy Agency) integrated a prototype system of a network computing infrastructure for sharing tools and data to support the U.S. and Japan collaboration in GNEP (Global Nuclear Energy Partnership). We focused on three technical issues to apply our information process infrastructure, which are accessibility, security, and usability. In designing the prototype system, we integrated and improved both network and Web technologies. For the accessibility issue, we adopted SSL-VPN (Security Socket Layer-Virtual Private Network) technology for the access beyond firewalls. For the security issue, we developed an authentication gateway based on the PKI (Public Key Infrastructure) authentication mechanism to strengthen the security. Also, we set fine access control policy to shared tools and data and used shared key based encryption method to protect tools and data against leakage to third parties. For the usability issue, we chose Web browsers as user interface and developed Web application to provide functions to support sharing tools and data. By using WebDAV (Web-based Distributed Authoring and Versioning) function, users can manipulate shared tools and data through the Windows-like folder environment. We implemented the prototype system in Grid infrastructure for atomic energy research: AEGIS (Atomic Energy Grid Infrastructure) developed by CCSE/JAEA. The prototype system was applied for the trial use in the first period of GNEP.

A Multiserver Biometric Authentication Scheme for TMIS using Elliptic Curve Cryptography.

PubMed

Chaudhry, Shehzad Ashraf; Khan, Muhammad Tawab; Khan, Muhammad Khurram; Shon, Taeshik

2016-11-01

Recently several authentication schemes are proposed for telecare medicine information system (TMIS). Many of such schemes are proved to have weaknesses against known attacks. Furthermore, numerous such schemes cannot be used in real time scenarios. Because they assume a single server for authentication across the globe. Very recently, Amin et al. (J. Med. Syst. 39(11):180, 2015) designed an authentication scheme for secure communication between a patient and a medical practitioner using a trusted central medical server. They claimed their scheme to extend all security requirements and emphasized the efficiency of their scheme. However, the analysis in this article proves that the scheme designed by Amin et al. is vulnerable to stolen smart card and stolen verifier attacks. Furthermore, their scheme is having scalability issues along with inefficient password change and password recovery phases. Then we propose an improved scheme. The proposed scheme is more practical, secure and lightweight than Amin et al.'s scheme. The security of proposed scheme is proved using the popular automated tool ProVerif.

Securing support for eye health policy in low- and middle-income countries: identifying stakeholders through a multi-level analysis.

PubMed

Morone, Piergiuseppe; Camacho Cuena, Eva; Kocur, Ivo; Banatvala, Nicholas

2014-05-01

This article empirically evaluates advocacy in low- and middle-income countries as a key tool for raising policy priority and securing high-level decision maker support in eye health. We used a unique data set based on a survey conducted by World Health Organization in 2011 on eye care and prevention of blindness in 82 low- and middle-income countries. The theoretical framework derives from the idea that a plethora of stakeholders at local and global level pressure national governments, acting in economic and the political spheres. Previously, eye care has not been investigated in such a framework. We found structural differences across countries with different income levels and proposed policy recommendations to secure high-level decision makers' support for promoting eye health. Three case studies suggest that, in order to secure more support and resources for eye health, domestic and international stakeholders must strengthen their engagement with ministries of health at political and above all economic levels.

Security of BB84 with weak randomness and imperfect qubit encoding

NASA Astrophysics Data System (ADS)

Zhao, Liang-Yuan; Yin, Zhen-Qiang; Li, Hong-Wei; Chen, Wei; Fang, Xi; Han, Zheng-Fu; Huang, Wei

2018-03-01

The main threats for the well-known Bennett-Brassard 1984 (BB84) practical quantum key distribution (QKD) systems are that its encoding is inaccurate and measurement device may be vulnerable to particular attacks. Thus, a general physical model or security proof to tackle these loopholes simultaneously and quantitatively is highly desired. Here we give a framework on the security of BB84 when imperfect qubit encoding and vulnerability of measurement device are both considered. In our analysis, the potential attacks to measurement device are generalized by the recently proposed weak randomness model which assumes the input random numbers are partially biased depending on a hidden variable planted by an eavesdropper. And the inevitable encoding inaccuracy is also introduced here. From a fundamental view, our work reveals the potential information leakage due to encoding inaccuracy and weak randomness input. For applications, our result can be viewed as a useful tool to quantitatively evaluate the security of a practical QKD system.

Smart Secure Homes: A Survey of Smart Home Technologies that Sense, Assess, and Respond to Security Threats.

PubMed

Dahmen, Jessamyn; Cook, Diane J; Wang, Xiaobo; Honglei, Wang

2017-08-01

Smart home design has undergone a metamorphosis in recent years. The field has evolved from designing theoretical smart home frameworks and performing scripted tasks in laboratories. Instead, we now find robust smart home technologies that are commonly used by large segments of the population in a variety of settings. Recent smart home applications are focused on activity recognition, health monitoring, and automation. In this paper, we take a look at another important role for smart homes: security. We first explore the numerous ways smart homes can and do provide protection for their residents. Next, we provide a comparative analysis of the alternative tools and research that has been developed for this purpose. We investigate not only existing commercial products that have been introduced but also discuss the numerous research that has been focused on detecting and identifying potential threats. Finally, we close with open challenges and ideas for future research that will keep individuals secure and healthy while in their own homes.

Stochastic models of the Social Security trust funds.

PubMed

Burdick, Clark; Manchester, Joyce

Each year in March, the Board of Trustees of the Social Security trust funds reports on the current and projected financial condition of the Social Security programs. Those programs, which pay monthly benefits to retired workers and their families, to the survivors of deceased workers, and to disabled workers and their families, are financed through the Old-Age, Survivors, and Disability Insurance (OASDI) Trust Funds. In their 2003 report, the Trustees present, for the first time, results from a stochastic model of the combined OASDI trust funds. Stochastic modeling is an important new tool for Social Security policy analysis and offers the promise of valuable new insights into the financial status of the OASDI trust funds and the effects of policy changes. The results presented in this article demonstrate that several stochastic models deliver broadly consistent results even though they use very different approaches and assumptions. However, they also show that the variation in trust fund outcomes differs as the approach and assumptions are varied. Which approach and assumptions are best suited for Social Security policy analysis remains an open question. Further research is needed before the promise of stochastic modeling is fully realized. For example, neither parameter uncertainty nor variability in ultimate assumption values is recognized explicitly in the analyses. Despite this caveat, stochastic modeling results are already shedding new light on the range and distribution of trust fund outcomes that might occur in the future.

Designing and Operating Through Compromise: Architectural Analysis of CKMS for the Advanced Metering Infrastructure

DOE Office of Scientific and Technical Information (OSTI.GOV)

Duren, Mike; Aldridge, Hal; Abercrombie, Robert K

2013-01-01

Compromises attributable to the Advanced Persistent Threat (APT) highlight the necessity for constant vigilance. The APT provides a new perspective on security metrics (e.g., statistics based cyber security) and quantitative risk assessments. We consider design principals and models/tools that provide high assurance for energy delivery systems (EDS) operations regardless of the state of compromise. Cryptographic keys must be securely exchanged, then held and protected on either end of a communications link. This is challenging for a utility with numerous substations that must secure the intelligent electronic devices (IEDs) that may comprise complex control system of systems. For example, distribution andmore » management of keys among the millions of intelligent meters within the Advanced Metering Infrastructure (AMI) is being implemented as part of the National Smart Grid initiative. Without a means for a secure cryptographic key management system (CKMS) no cryptographic solution can be widely deployed to protect the EDS infrastructure from cyber-attack. We consider 1) how security modeling is applied to key management and cyber security concerns on a continuous basis from design through operation, 2) how trusted models and key management architectures greatly impact failure scenarios, and 3) how hardware-enabled trust is a critical element to detecting, surviving, and recovering from attack.« less

`G.A.T.E': Gap analysis for TTX evaluation

NASA Astrophysics Data System (ADS)

Cacciotti, Ilaria; Di Giovanni, Daniele; Pergolini, Alessandro; Malizia, Andrea; Carestia, Mariachiara; Palombi, Leonardo; Bellecci, Carlo; Gaudio, Pasquale

2016-06-01

A Table Top Exercise (TTX) gap analysis tool was developed with the aim to provide a complete, systematic and objective evaluation of TTXs organized in safety and security fields. A TTX consists in a discussion-based emergency management exercise, organized in a simulated emergency scenario, involving groups of players who are subjected to a set of solicitations (`injects'), in order to evaluate their emergency response abilities. This kind of exercise is devoted to identify strengths and shortfalls and to propose potential and promising changes in the approach to a particular situation. In order to manage the TTX derived data collection and analysis, a gap analysis tool would be very useful and functional at identifying the 'gap' between them and specific areas and actions for improvement, consisting the gap analysis in a comparison between actual performances and optimal/expected ones. In this context, a TTX gap analysis tool was designed, with the objective to provide an evaluation of Team players' competences and performances and TTX organization and structure. The influence of both the players' expertise and the reaction time (difference between expected time and time necessary to actually complete the injects) on the final evaluation of the inject responses was also taken into account.

The DISAM Journal of International Security Assistance Management. Volume 24, Number 4, Summer 2002

DTIC Science & Technology

2002-01-01

to the SAFR-hosted Holiday Party where they prepare favorite dishes to be sampled and savored. While they are in the U.S., they take advantage of the...tool facilitates the generation of a multitude of reports providing insight into trends and the analysis of business processes and case management...nations, Canada, Japan, Australia, and New Zealand. A listing of countries located in regions defined for the purpose of this analysis –Asia, Near East

Suicide Awareness

MedlinePlus

... Resources Resource Request System Contact Us Legal and Security Accessibility Accessibility Tools Disclaimer Privacy Act Statement & Security No Fear Act FOIA Inspector General Audits & Investigative ...

cryoem-cloud-tools: A software platform to deploy and manage cryo-EM jobs in the cloud.

PubMed

Cianfrocco, Michael A; Lahiri, Indrajit; DiMaio, Frank; Leschziner, Andres E

2018-06-01

Access to streamlined computational resources remains a significant bottleneck for new users of cryo-electron microscopy (cryo-EM). To address this, we have developed tools that will submit cryo-EM analysis routines and atomic model building jobs directly to Amazon Web Services (AWS) from a local computer or laptop. These new software tools ("cryoem-cloud-tools") have incorporated optimal data movement, security, and cost-saving strategies, giving novice users access to complex cryo-EM data processing pipelines. Integrating these tools into the RELION processing pipeline and graphical user interface we determined a 2.2 Å structure of ß-galactosidase in ∼55 hours on AWS. We implemented a similar strategy to submit Rosetta atomic model building and refinement to AWS. These software tools dramatically reduce the barrier for entry of new users to cloud computing for cryo-EM and are freely available at cryoem-tools.cloud. Copyright © 2018. Published by Elsevier Inc.

Simulation Data Management - Requirements and Design Specification

DOE Office of Scientific and Technical Information (OSTI.GOV)

Clay, Robert L.; Friedman-Hill, Ernest J.; Gibson, Marcus J.

Simulation Data Management (SDM), the ability to securely organize, archive, and share analysis models and the artifacts used to create them, is a fundamental requirement for modern engineering analysis based on computational simulation. We have worked separately to provide secure, network SDM services to engineers and scientists at our respective laboratories for over a decade. We propose to leverage our experience and lessons learned to help develop and deploy a next-generation SDM service as part of a multi-laboratory team. This service will be portable across multiple sites and platforms, and will be accessible via a range of command-line tools andmore » well-documented APIs. In this document, we’ll review our high-level and low-level requirements for such a system, review one existing system, and briefly discuss our proposed implementation.« less

Verifying the secure setup of UNIX client/servers and detection of network intrusion

NASA Astrophysics Data System (ADS)

Feingold, Richard; Bruestle, Harry R.; Bartoletti, Tony; Saroyan, R. A.; Fisher, John M.

1996-03-01

This paper describes our technical approach to developing and delivering Unix host- and network-based security products to meet the increasing challenges in information security. Today's global `Infosphere' presents us with a networked environment that knows no geographical, national, or temporal boundaries, and no ownership, laws, or identity cards. This seamless aggregation of computers, networks, databases, applications, and the like store, transmit, and process information. This information is now recognized as an asset to governments, corporations, and individuals alike. This information must be protected from misuse. The Security Profile Inspector (SPI) performs static analyses of Unix-based clients and servers to check on their security configuration. SPI's broad range of security tests and flexible usage options support the needs of novice and expert system administrators alike. SPI's use within the Department of Energy and Department of Defense has resulted in more secure systems, less vulnerable to hostile intentions. Host-based information protection techniques and tools must also be supported by network-based capabilities. Our experience shows that a weak link in a network of clients and servers presents itself sooner or later, and can be more readily identified by dynamic intrusion detection techniques and tools. The Network Intrusion Detector (NID) is one such tool. NID is designed to monitor and analyze activity on the Ethernet broadcast Local Area Network segment and product transcripts of suspicious user connections. NID's retrospective and real-time modes have proven invaluable to security officers faced with ongoing attacks to their systems and networks.

Vulnerabilities in GSM technology and feasibility of selected attacks

NASA Astrophysics Data System (ADS)

Voznak, M.; Prokes, M.; Sevcik, L.; Frnda, J.; Toral-Cruz, Homer; Jakovlev, Sergej; Fazio, Peppino; Mehic, M.; Mikulec, M.

2015-05-01

Global System for Mobile communication (GSM) is the most widespread technology for mobile communications in the world and serving over 7 billion users. Since first publication of system documentation there has been notified a potential safety problem's occurrence. Selected types of attacks, based on the analysis of the technical feasibility and the degree of risk of these weaknesses, were implemented and demonstrated in laboratory of the VSB-Technical University of Ostrava, Czech Republic. These vulnerabilities were analyzed and afterwards possible attacks were described. These attacks were implemented using open-source tools, software programmable radio USRP (Universal Software RadioPeripheral) and DVB-T (Digital Video Broadcasting - Terrestrial) receiver. GSM security architecture is being scrutinized since first public releases of its specification mainly pointing out weaknesses in authentication and ciphering mechanisms. This contribution also summarizes practically proofed and used scenarios that are performed using opensource software tools and variety of scripts mostly written in Python. Main goal of this paper is in analyzing security issues in GSM network and practical demonstration of selected attacks.

Verification Tools Secure Online Shopping, Banking

NASA Technical Reports Server (NTRS)

2010-01-01

Just like rover or rocket technology sent into space, the software that controls these technologies must be extensively tested to ensure reliability and effectiveness. Ames Research Center invented the open-source Java Pathfinder (JPF) toolset for the deep testing of Java-based programs. Fujitsu Labs of America Inc., based in Sunnyvale, California, improved the capabilities of the JPF Symbolic Pathfinder tool, establishing the tool as a means of thoroughly testing the functionality and security of Web-based Java applications such as those used for Internet shopping and banking.

Preventing Abuse and Neglect

MedlinePlus

... Resources Resource Request System Contact Us Legal and Security Accessibility Accessibility Tools Disclaimer Privacy Act Statement & Security No Fear Act FOIA Inspector General Audits & Investigative ...

Interactive 3D Models and Simulations for Nuclear Security Education, Training, and Analysis.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Warner, David K.; Dickens, Brian Scott; Heimer, Donovan J.

By providing examples of products that have been produced in the past, it is the hopes of the authors that the audience will have a more thorough understanding of 3D modeling tools, potential applications, and capabilities that they can provide. Truly the applications and capabilities of these types of tools are only limited by one’s imagination. The future of three-dimensional models lies in the expansion into the world of virtual reality where one will experience a fully immersive first-person environment. The use of headsets and hand tools will allow students and instructors to have a more thorough spatial understanding ofmore » facilities and scenarios that they will encounter in the real world.« less

Power system security enhancement through direct non-disruptive load control

NASA Astrophysics Data System (ADS)

Ramanathan, Badri Narayanan

The transition to a competitive market structure raises significant concerns regarding reliability of the power grid. A need to build tools for security assessment that produce operating limit boundaries for both static and dynamic contingencies is recognized. Besides, an increase in overall uncertainty in operating conditions makes corrective actions at times ineffective leaving the system vulnerable to instability. The tools that are in place for stability enhancement are mostly corrective and suffer from lack of robustness to operating condition changes. They often pose serious coordination challenges. With deregulation, there have also been ownership and responsibility issues associated with stability controls. However, the changing utility business model and the developments in enabling technologies such as two-way communication, metering, and control open up several new possibilities for power system security enhancement. This research proposes preventive modulation of selected loads through direct control for power system security enhancement. Two main contributions of this research are the following: development of an analysis framework and two conceptually different analysis approaches for load modulation to enhance oscillatory stability, and the development and study of algorithms for real-time modulation of thermostatic loads. The underlying analysis framework is based on the Structured Singular Value (SSV or mu) theory. Based on the above framework, two fundamentally different approaches towards analysis of the amount of load modulation for desired stability performance have been developed. Both the approaches have been tested on two different test systems: CIGRE Nordic test system and an equivalent of the Western Electric Coordinating Council test system. This research also develops algorithms for real-time modulation of thermostatic loads that use the results of the analysis. In line with some recent load management programs executed by utilities, two different algorithms based on dynamic programming are proposed for air-conditioner loads, while a decision-tree based algorithm is proposed for water-heater loads. An optimization framework has been developed employing the above algorithms. Monte Carlo simulations have been performed using this framework with the objective of studying the impact of different parameters and constraints on the effectiveness as well as the effect of control. The conclusions drawn from this research strongly advocate direct load control for stability enhancement from the perspectives of robustness and coordination, as well as economic viability and the developments towards availability of the institutional framework for load participation in providing system reliability services.

Capabilities-Based Planning for Energy Security at Department of Defense Installations

DTIC Science & Technology

2013-01-01

Support Services—The ability to provide assis- tance for payload and launch vehicles including safety, reception , staging, integration, movement to the...pubs/technical_reports/TR1249.html Davis, Paul K., and Paul Dreyer, RAND’s Portfolio Analysis Tool (PAT): Theory , Methods, and Reference Manual, Santa...Steven C. Bankes, and Michael Egner, Enhancing Strategic Planning with Massive Scenario Generation: Theory and Experiments, Santa Monica, Calif

Analysis of Commercial Unsaturated Polyester Repair Resins

DTIC Science & Technology

2009-07-01

resins utilizing renewable fatty acid -based monomers. 15. SUBJECT TERMS vinyl ester, styrene, fatty acid monomers, HAP, triglycerides 16. SECURITY...criteria for selecting the appropriate repair include whether the component can be removed and whether the back side is accessible. For a typical moderate...field repair, any remaining coating in the repair area is removed by hand sanding or portable tools. Damage is cut out in an appropriate

The tool for the automatic analysis of lexical sophistication (TAALES): version 2.0.

PubMed

Kyle, Kristopher; Crossley, Scott; Berger, Cynthia

2017-07-11

This study introduces the second release of the Tool for the Automatic Analysis of Lexical Sophistication (TAALES 2.0), a freely available and easy-to-use text analysis tool. TAALES 2.0 is housed on a user's hard drive (allowing for secure data processing) and is available on most operating systems (Windows, Mac, and Linux). TAALES 2.0 adds 316 indices to the original tool. These indices are related to word frequency, word range, n-gram frequency, n-gram range, n-gram strength of association, contextual distinctiveness, word recognition norms, semantic network, and word neighbors. In this study, we validated TAALES 2.0 by investigating whether its indices could be used to model both holistic scores of lexical proficiency in free writes and word choice scores in narrative essays. The results indicated that the TAALES 2.0 indices could be used to explain 58% of the variance in lexical proficiency scores and 32% of the variance in word-choice scores. Newly added TAALES 2.0 indices, including those related to n-gram association strength, word neighborhood, and word recognition norms, featured heavily in these predictor models, suggesting that TAALES 2.0 represents a substantial upgrade.

Where Big Data and Prediction Meet

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ahrens, James; Brase, Jim M.; Hart, Bill

Our ability to assemble and analyze massive data sets, often referred to under the title of “big data”, is an increasingly important tool for shaping national policy. This in turn has introduced issues from privacy concerns to cyber security. But as IBM’s John Kelly emphasized in the last Innovation, making sense of the vast arrays of data will require radically new computing tools. In the past, technologies and tools for analysis of big data were viewed as quite different from the traditional realm of high performance computing (HPC) with its huge models of phenomena such as global climate or supportingmore » the nuclear test moratorium. Looking ahead, this will change with very positive benefits for both worlds. Societal issues such as global security, economic planning and genetic analysis demand increased understanding that goes beyond existing data analysis and reduction. The modeling world often produces simulations that are complex compositions of mathematical models and experimental data. This has resulted in outstanding successes such as the annual assessment of the state of the US nuclear weapons stockpile without underground nuclear testing. Ironically, while there were historically many test conducted, this body of data provides only modest insight into the underlying physics of the system. A great deal of emphasis was thus placed on the level of confidence we can develop for the predictions. As data analytics and simulation come together, there is a growing need to assess the confidence levels in both data being gathered and the complex models used to make predictions. An example of this is assuring the security or optimizing the performance of critical infrastructure systems such as the power grid. If one wants to understand the vulnerabilities of the system or impacts of predicted threats, full scales tests of the grid against threat scenarios are unlikely. Preventive measures would need to be predicated on well-defined margins of confidence in order to take mitigating actions that could have wide ranging impacts. There is a rich opportunity for interaction and exchange between the HPC simulation and data analytics communities.« less

Investigation Organizer

NASA Technical Reports Server (NTRS)

Panontin, Tina; Carvalho, Robert; Keller, Richard

2004-01-01

Contents include the folloving:Overview of the Application; Input Data; Analytical Process; Tool's Output; and Application of the Results of the Analysis.The tool enables the first element through a Web-based application that can be accessed by distributed teams to store and retrieve any type of digital investigation material in a secure environment. The second is accomplished by making the relationships between information explicit through the use of a semantic network-a structure that literally allows an investigator or team to "connect -the-dots." The third element, the significance of the correlated information, is established through causality and consistency tests using a number of different methods embedded within the tool, including fault trees, event sequences, and other accident models. And finally, the evidence gathered and structured within the tool can be directly, electronically archived to preserve the evidence and investigative reasoning.

Semantic-JSON: a lightweight web service interface for Semantic Web contents integrating multiple life science databases.

PubMed

Kobayashi, Norio; Ishii, Manabu; Takahashi, Satoshi; Mochizuki, Yoshiki; Matsushima, Akihiro; Toyoda, Tetsuro

2011-07-01

Global cloud frameworks for bioinformatics research databases become huge and heterogeneous; solutions face various diametric challenges comprising cross-integration, retrieval, security and openness. To address this, as of March 2011 organizations including RIKEN published 192 mammalian, plant and protein life sciences databases having 8.2 million data records, integrated as Linked Open or Private Data (LOD/LPD) using SciNetS.org, the Scientists' Networking System. The huge quantity of linked data this database integration framework covers is based on the Semantic Web, where researchers collaborate by managing metadata across public and private databases in a secured data space. This outstripped the data query capacity of existing interface tools like SPARQL. Actual research also requires specialized tools for data analysis using raw original data. To solve these challenges, in December 2009 we developed the lightweight Semantic-JSON interface to access each fragment of linked and raw life sciences data securely under the control of programming languages popularly used by bioinformaticians such as Perl and Ruby. Researchers successfully used the interface across 28 million semantic relationships for biological applications including genome design, sequence processing, inference over phenotype databases, full-text search indexing and human-readable contents like ontology and LOD tree viewers. Semantic-JSON services of SciNetS.org are provided at http://semanticjson.org.

Countries at Risk: Heightened Human Security Risk to States With Transboundary Water Resources and Instability

NASA Astrophysics Data System (ADS)

Veilleux, J. C.; Sullivan, G. S.; Paola, C.; Starget, A.; Watson, J. E.; Hwang, Y. J.; Picucci, J. A.; Choi, C. S.

2014-12-01

The Countries at Risk project is a global assessment of countries with transboundary water resources that are at risk for conflict because of high human security instability. Building upon Basins at Risk (BAR) research, our team used updated Transboundary Freshwater Dispute Database georeferenced social and environmental data, quantitative data from global indices, and qualitative data from news media sources. Our assessment considered a combination of analyzing 15 global indices related to water or human security to identify which countries scored as highest risk in each index. From this information, we were able to assess the highest risk countries' human security risk by using a new human security measurement tool, as well as comparing this analysis to the World Bank's Fragile States Index and the experimental Human Security Index. In addition, we identified which countries have the highest number of shared basins, the highest percentage of territory covered by a transboundary basin, and the highest dependency of withdrawal from transboundary waters from outside their country boundaries. By synthesizing these social and environmental data assessments, we identified five countries to analyze as case studies. These five countries are Afghanistan, China, Iraq, Moldova, and Sudan. We created a series of 30 maps to spatial analyze the relationship between the transboundary basins and social and environmental parameters to include population, institutional capacity, and physical geography by country. Finally, we synthesized our spatial analysis, Human Security Key scores, and current events scored by using the BAR scale to determine what aspects and which basins are most at risk with each country in our case studies and how this concerns future global water resources.

Measuring global water security towards sustainable development goals

NASA Astrophysics Data System (ADS)

Gain, Animesh K.; Giupponi, Carlo; Wada, Yoshihide

2016-12-01

Water plays an important role in underpinning equitable, stable and productive societies and ecosystems. Hence, United Nations recognized ensuring water security as one (Goal 6) of the seventeen sustainable development goals (SDGs). Many international river basins are likely to experience ‘low water security’ over the coming decades. Water security is rooted not only in the physical availability of freshwater resources relative to water demand, but also on social and economic factors (e.g. sound water planning and management approaches, institutional capacity to provide water services, sustainable economic policies). Until recently, advanced tools and methods are available for the assessment of water scarcity. However, quantitative and integrated—physical and socio-economic—approaches for spatial analysis of water security at global level are not available yet. In this study, we present a spatial multi-criteria analysis framework to provide a global assessment of water security. The selected indicators are based on Goal 6 of SDGs. The term ‘security’ is conceptualized as a function of ‘availability’, ‘accessibility to services’, ‘safety and quality’, and ‘management’. The proposed global water security index (GWSI) is calculated by aggregating indicator values on a pixel-by-pixel basis, using the ordered weighted average method, which allows for the exploration of the sensitivity of final maps to different attitudes of hypothetical policy makers. Our assessment suggests that countries of Africa, South Asia and Middle East experience very low water security. Other areas of high water scarcity, such as some parts of United States, Australia and Southern Europe, show better GWSI values, due to good performance of management, safety and quality, and accessibility. The GWSI maps show the areas of the world in which integrated strategies are needed to achieve water related targets of the SDGs particularly in the African and Asian continents.

Bridging the Host-Network Divide: Survey, Taxonomy, and Solution

DOE Office of Scientific and Technical Information (OSTI.GOV)

Fink, Glenn A.; Duggirala, Vedavyas; Correa, Ricardo

2007-04-17

Abstract: "This paper presents a new direction in security awareness tools for system administration--the Host-Network (HoNe) Visualizer. Our requirements for the HoNe Visualizer come from needs system administrators expressed in interviews, from reviewing the literature, and from conducting usability studies with prototypes. We present a tool taxonomy that serves as a framework for our literature review, and we use the taxonomy to show what is missing in the administrator's arsenal. Then we unveil our tool and its supporting infrastructure that we believe will fill the empty niche. We found that most security tools provide either an internal view of amore » host or an external view of traffic on a network. Our interviewees revealed how they must construct a mental end-to-end view from separate tools that individually give an incomplete view, expending valuable time and mental effort. Because of limitations designed into TCP/IP [RFC-791, RFC-793], no tool can effectively correlate host and network data into an end-to-end view without kernel modifications. Currently, no other visualization exists to support end-to-end analysis. But HoNe's infrastructure overcomes TCP/IP's limitations bridging the network and transport layers in the network stack and making end-to-end correlation possible. The capstone is the HoNe Visualizer that amplifies the users' cognitive power and reduces their mental workload by illustrating the correlated data graphically. Users said HoNe would be particularly good for discovering day-zero exploits. Our usability study revealed that users performed better on intrusion detection tasks using our visualization than with tools they were accustomed to using regardless of their experience level."« less

Two-dimensional gap analysis: a tool for efficient conservation planning and biodiversity policy implementation.

PubMed

Angelstam, Per; Mikusiński, Grzegorz; Rönnbäck, Britt-Inger; Ostman, Anders; Lazdinis, Marius; Roberge, Jean-Michel; Arnberg, Wolter; Olsson, Jan

2003-12-01

The maintenance of biodiversity by securing representative and well-connected habitat networks in managed landscapes requires a wise combination of protection, management, and restoration of habitats at several scales. We suggest that the integration of natural and social sciences in the form of "Two-dimensional gap analysis" is an efficient tool for the implementation of biodiversity policies. The tool links biologically relevant "horizontal" ecological issues with "vertical" issues related to institutions and other societal issues. Using forest biodiversity as an example, we illustrate how one can combine ecological and institutional aspects of biodiversity conservation, thus facilitating environmentally sustainable regional development. In particular, we use regional gap analysis for identification of focal forest types, habitat modelling for ascertaining the functional connectivity of "green infrastructures", as tools for the horizontal gap analysis. For the vertical dimension we suggest how the social sciences can be used for assessing the success in the implementation of biodiversity policies in real landscapes by identifying institutional obstacles while implementing policies. We argue that this interdisciplinary approach could be applied in a whole range of other environments including other terrestrial biota and aquatic ecosystems where functional habitat connectivity, nonlinear response to habitat loss and a multitude of economic and social interests co-occur in the same landscape.

Integrated Modeling Approach for Optimal Management of Water, Energy and Food Security Nexus

DOE Office of Scientific and Technical Information (OSTI.GOV)

Zhang, Xiaodong; Vesselinov, Velimir Valentinov

We report that water, energy and food (WEF) are inextricably interrelated. Effective planning and management of limited WEF resources to meet current and future socioeconomic demands for sustainable development is challenging. WEF production/delivery may also produce environmental impacts; as a result, green-house-gas emission control will impact WEF nexus management as well. Nexus management for WEF security necessitates integrated tools for predictive analysis that are capable of identifying the tradeoffs among various sectors, generating cost-effective planning and management strategies and policies. To address these needs, we have developed an integrated model analysis framework and tool called WEFO. WEFO provides a multi-periodmore » socioeconomic model for predicting how to satisfy WEF demands based on model inputs representing productions costs, socioeconomic demands, and environmental controls. WEFO is applied to quantitatively analyze the interrelationships and trade-offs among system components including energy supply, electricity generation, water supply-demand, food production as well as mitigation of environmental impacts. WEFO is demonstrated to solve a hypothetical nexus management problem consistent with real-world management scenarios. Model parameters are analyzed using global sensitivity analysis and their effects on total system cost are quantified. Lastly, the obtained results demonstrate how these types of analyses can be helpful for decision-makers and stakeholders to make cost-effective decisions for optimal WEF management.« less

Integrated Modeling Approach for Optimal Management of Water, Energy and Food Security Nexus

DOE PAGES

Zhang, Xiaodong; Vesselinov, Velimir Valentinov

2016-12-28

We report that water, energy and food (WEF) are inextricably interrelated. Effective planning and management of limited WEF resources to meet current and future socioeconomic demands for sustainable development is challenging. WEF production/delivery may also produce environmental impacts; as a result, green-house-gas emission control will impact WEF nexus management as well. Nexus management for WEF security necessitates integrated tools for predictive analysis that are capable of identifying the tradeoffs among various sectors, generating cost-effective planning and management strategies and policies. To address these needs, we have developed an integrated model analysis framework and tool called WEFO. WEFO provides a multi-periodmore » socioeconomic model for predicting how to satisfy WEF demands based on model inputs representing productions costs, socioeconomic demands, and environmental controls. WEFO is applied to quantitatively analyze the interrelationships and trade-offs among system components including energy supply, electricity generation, water supply-demand, food production as well as mitigation of environmental impacts. WEFO is demonstrated to solve a hypothetical nexus management problem consistent with real-world management scenarios. Model parameters are analyzed using global sensitivity analysis and their effects on total system cost are quantified. Lastly, the obtained results demonstrate how these types of analyses can be helpful for decision-makers and stakeholders to make cost-effective decisions for optimal WEF management.« less

DOE Office of Scientific and Technical Information (OSTI.GOV)

Eto, Joseph H.; Parashar, Manu; Lewis, Nancy Jo

The Real Time System Operations (RTSO) 2006-2007 project focused on two parallel technical tasks: (1) Real-Time Applications of Phasors for Monitoring, Alarming and Control; and (2) Real-Time Voltage Security Assessment (RTVSA) Prototype Tool. The overall goal of the phasor applications project was to accelerate adoption and foster greater use of new, more accurate, time-synchronized phasor measurements by conducting research and prototyping applications on California ISO's phasor platform - Real-Time Dynamics Monitoring System (RTDMS) -- that provide previously unavailable information on the dynamic stability of the grid. Feasibility assessment studies were conducted on potential application of this technology for small-signal stabilitymore » monitoring, validating/improving existing stability nomograms, conducting frequency response analysis, and obtaining real-time sensitivity information on key metrics to assess grid stress. Based on study findings, prototype applications for real-time visualization and alarming, small-signal stability monitoring, measurement based sensitivity analysis and frequency response assessment were developed, factory- and field-tested at the California ISO and at BPA. The goal of the RTVSA project was to provide California ISO with a prototype voltage security assessment tool that runs in real time within California ISO?s new reliability and congestion management system. CERTS conducted a technical assessment of appropriate algorithms, developed a prototype incorporating state-of-art algorithms (such as the continuation power flow, direct method, boundary orbiting method, and hyperplanes) into a framework most suitable for an operations environment. Based on study findings, a functional specification was prepared, which the California ISO has since used to procure a production-quality tool that is now a part of a suite of advanced computational tools that is used by California ISO for reliability and congestion management.« less

Securing Sensitive Flight and Engine Simulation Data Using Smart Card Technology

NASA Technical Reports Server (NTRS)

Blaser, Tammy M.

2003-01-01

NASA Glenn Research Center has developed a smart card prototype capable of encrypting and decrypting disk files required to run a distributed aerospace propulsion simulation. Triple Data Encryption Standard (3DES) encryption is used to secure the sensitive intellectual property on disk pre, during, and post simulation execution. The prototype operates as a secure system and maintains its authorized state by safely storing and permanently retaining the encryption keys only on the smart card. The prototype is capable of authenticating a single smart card user and includes pre simulation and post simulation tools for analysis and training purposes. The prototype's design is highly generic and can be used to protect any sensitive disk files with growth capability to urn multiple simulations. The NASA computer engineer developed the prototype on an interoperable programming environment to enable porting to other Numerical Propulsion System Simulation (NPSS) capable operating system environments.

Support for Systematic Code Reviews with the SCRUB Tool

NASA Technical Reports Server (NTRS)

Holzmann, Gerald J.

2010-01-01

SCRUB is a code review tool that supports both large, team-based software development efforts (e.g., for mission software) as well as individual tasks. The tool was developed at JPL to support a new, streamlined code review process that combines human-generated review reports with program-generated review reports from a customizable range of state-of-the-art source code analyzers. The leading commercial tools include Codesonar, Coverity, and Klocwork, each of which can achieve a reasonably low rate of false-positives in the warnings that they generate. The time required to analyze code with these tools can vary greatly. In each case, however, the tools produce results that would be difficult to realize with human code inspections alone. There is little overlap in the results produced by the different analyzers, and each analyzer used generally increases the effectiveness of the overall effort. The SCRUB tool allows all reports to be accessed through a single, uniform interface (see figure) that facilitates brows ing code and reports. Improvements over existing software include significant simplification, and leveraging of a range of commercial, static source code analyzers in a single, uniform framework. The tool runs as a small stand-alone application, avoiding the security problems related to tools based on Web browsers. A developer or reviewer, for instance, must have already obtained access rights to a code base before that code can be browsed and reviewed with the SCRUB tool. The tool cannot open any files or folders to which the user does not already have access. This means that the tool does not need to enforce or administer any additional security policies. The analysis results presented through the SCRUB tool s user interface are always computed off-line, given that, especially for larger projects, this computation can take longer than appropriate for interactive tool use. The recommended code review process that is supported by the SCRUB tool consists of three phases: Code Review, Developer Response, and Closeout Resolution. In the Code Review phase, all tool-based analysis reports are generated, and specific comments from expert code reviewers are entered into the SCRUB tool. In the second phase, Developer Response, the developer is asked to respond to each comment and tool-report that was produced, either agreeing or disagreeing to provide a fix that addresses the issue that was raised. In the third phase, Closeout Resolution, all disagreements are discussed in a meeting of all parties involved, and a resolution is made for all disagreements. The first two phases generally take one week each, and the third phase is concluded in a single closeout meeting.

Re-designing the PhEDEx Security Model

DOE Office of Scientific and Technical Information (OSTI.GOV)

Huang, C.-H.; Wildish, T.; Zhang, X.

2014-01-01

PhEDEx, the data-placement tool used by the CMS experiment at the LHC, was conceived in a more trusting time. The security model provided a safe environment for site agents and operators, but offerred little more protection than that. Data was not sufficiently protected against loss caused by operator error or software bugs or by deliberate manipulation of the database. Operators were given high levels of access to the database, beyond what was actually needed to accomplish their tasks. This exposed them to the risk of suspicion should an incident occur. Multiple implementations of the security model led to difficulties maintainingmore » code, which can lead to degredation of security over time. In order to meet the simultaneous goals of protecting CMS data, protecting the operators from undue exposure to risk, increasing monitoring capabilities and improving maintainability of the security model, the PhEDEx security model was redesigned and re-implemented. Security was moved from the application layer into the database itself, fine-grained access roles were established, and tools and procedures created to control the evolution of the security model over time. In this paper we describe this work, we describe the deployment of the new security model, and we show how these enhancements improve security on several fronts simultaneously.« less

Re-designing the PhEDEx Security Model

NASA Astrophysics Data System (ADS)

C-H, Huang; Wildish, T.; X, Zhang

2014-06-01

PhEDEx, the data-placement tool used by the CMS experiment at the LHC, was conceived in a more trusting time. The security model provided a safe environment for site agents and operators, but offerred little more protection than that. Data was not sufficiently protected against loss caused by operator error or software bugs or by deliberate manipulation of the database. Operators were given high levels of access to the database, beyond what was actually needed to accomplish their tasks. This exposed them to the risk of suspicion should an incident occur. Multiple implementations of the security model led to difficulties maintaining code, which can lead to degredation of security over time. In order to meet the simultaneous goals of protecting CMS data, protecting the operators from undue exposure to risk, increasing monitoring capabilities and improving maintainability of the security model, the PhEDEx security model was redesigned and re-implemented. Security was moved from the application layer into the database itself, fine-grained access roles were established, and tools and procedures created to control the evolution of the security model over time. In this paper we describe this work, we describe the deployment of the new security model, and we show how these enhancements improve security on several fronts simultaneously.

Generating Southern Africa Precipitation Forecast Using the FEWS Engine, a New Application for the Google Earth Engine

NASA Astrophysics Data System (ADS)

Landsfeld, M. F.; Hegewisch, K.; Daudert, B.; Morton, C.; Husak, G. J.; Friedrichs, M.; Funk, C. C.; Huntington, J. L.; Abatzoglou, J. T.; Verdin, J. P.

2016-12-01

The Famine Early Warning Systems Network (FEWS NET) focuses on food insecurity in developing nations and provides objective, evidence-based analysis to help government decision-makers and relief agencies plan for and respond to humanitarian emergencies. The network of FEWS NET analysts and scientists require flexible, interactive tools to aid in their monitoring and research efforts. Because they often work in bandwidth-limited regions, lightweight Internet tools and services that bypass the need for downloading massive datasets are preferred for their work. To support food security analysis FEWS NET developed a custom interface for the Google Earth Engine (GEE). GEE is a platform developed by Google to support scientific analysis of environmental data in their cloud computing environment. This platform allows scientists and independent researchers to mine massive collections of environmental data, leveraging Google's vast computational resources for purposes of detecting changes and monitoring the Earth's surface and climate. GEE hosts an enormous amount of satellite imagery and climate archives, one of which is the Climate Hazards Group Infrared Precipitation with Stations dataset (CHIRPS). CHIRPS precipitation dataset is a key input for FEWS NET monitoring and forecasting efforts. In this talk we introduce the FEWS Engine interface. We present an application that highlights the utility of FEWS Engine for forecasting the upcoming seasonal precipitation of southern Africa. Specifically, the current state of ENSO is assessed and used to identify similar historical seasons. The FEWS Engine compositing tool is used to examine rainfall and other environmental data for these analog seasons. The application illustrates the unique benefits of using FEWS Engine for on-the-fly food security scenario development.

Verifying the secure setup of Unix client/servers and detection of network intrusion

DOE Office of Scientific and Technical Information (OSTI.GOV)

Feingold, R.; Bruestle, H.R.; Bartoletti, T.

1995-07-01

This paper describes our technical approach to developing and delivering Unix host- and network-based security products to meet the increasing challenges in information security. Today`s global ``Infosphere`` presents us with a networked environment that knows no geographical, national, or temporal boundaries, and no ownership, laws, or identity cards. This seamless aggregation of computers, networks, databases, applications, and the like store, transmit, and process information. This information is now recognized as an asset to governments, corporations, and individuals alike. This information must be protected from misuse. The Security Profile Inspector (SPI) performs static analyses of Unix-based clients and servers to checkmore » on their security configuration. SPI`s broad range of security tests and flexible usage options support the needs of novice and expert system administrators alike. SPI`s use within the Department of Energy and Department of Defense has resulted in more secure systems, less vulnerable to hostile intentions. Host-based information protection techniques and tools must also be supported by network-based capabilities. Our experience shows that a weak link in a network of clients and servers presents itself sooner or later, and can be more readily identified by dynamic intrusion detection techniques and tools. The Network Intrusion Detector (NID) is one such tool. NID is designed to monitor and analyze activity on an Ethernet broadcast Local Area Network segment and produce transcripts of suspicious user connections. NID`s retrospective and real-time modes have proven invaluable to security officers faced with ongoing attacks to their systems and networks.« less

Current Capabilities, Requirements and a Proposed Strategy for Interdependency Analysis in the UK

NASA Astrophysics Data System (ADS)

Bloomfield, Robin; Chozos, Nick; Salako, Kizito

The UK government recently commissioned a research study to identify the state-of-the-art in Critical Infrastructure modelling and analysis, and the government/industry requirements for such tools and services. This study (Cetifs) concluded with a strategy aiming to bridge the gaps between the capabilities and requirements, which would establish interdependency analysis as a commercially viable service in the near future. This paper presents the findings of this study that was carried out by CSR, City University London, Adelard LLP, a safety/security consultancy and Cranfield University, defense academy of the UK.

Optical asymmetric image encryption using gyrator wavelet transform

NASA Astrophysics Data System (ADS)

Mehra, Isha; Nishchal, Naveen K.

2015-11-01

In this paper, we propose a new optical information processing tool termed as gyrator wavelet transform to secure a fully phase image, based on amplitude- and phase-truncation approach. The gyrator wavelet transform constitutes four basic parameters; gyrator transform order, type and level of mother wavelet, and position of different frequency bands. These parameters are used as encryption keys in addition to the random phase codes to the optical cryptosystem. This tool has also been applied for simultaneous compression and encryption of an image. The system's performance and its sensitivity to the encryption parameters, such as, gyrator transform order, and robustness has also been analyzed. It is expected that this tool will not only update current optical security systems, but may also shed some light on future developments. The computer simulation results demonstrate the abilities of the gyrator wavelet transform as an effective tool, which can be used in various optical information processing applications, including image encryption, and image compression. Also this tool can be applied for securing the color image, multispectral, and three-dimensional images.

Numerical Propulsion System Simulation: A Common Tool for Aerospace Propulsion Being Developed

NASA Technical Reports Server (NTRS)

Follen, Gregory J.; Naiman, Cynthia G.

2001-01-01

The NASA Glenn Research Center is developing an advanced multidisciplinary analysis environment for aerospace propulsion systems called the Numerical Propulsion System Simulation (NPSS). This simulation is initially being used to support aeropropulsion in the analysis and design of aircraft engines. NPSS provides increased flexibility for the user, which reduces the total development time and cost. It is currently being extended to support the Aviation Safety Program and Advanced Space Transportation. NPSS focuses on the integration of multiple disciplines such as aerodynamics, structure, and heat transfer with numerical zooming on component codes. Zooming is the coupling of analyses at various levels of detail. NPSS development includes using the Common Object Request Broker Architecture (CORBA) in the NPSS Developer's Kit to facilitate collaborative engineering. The NPSS Developer's Kit will provide the tools to develop custom components and to use the CORBA capability for zooming to higher fidelity codes, coupling to multidiscipline codes, transmitting secure data, and distributing simulations across different platforms. These powerful capabilities will extend NPSS from a zero-dimensional simulation tool to a multifidelity, multidiscipline system-level simulation tool for the full life cycle of an engine.

Incorporating voltage security into the planning, operation and monitoring of restructured electric energy markets

NASA Astrophysics Data System (ADS)

Nair, Nirmal-Kumar

As open access market principles are applied to power systems, significant changes are happening in their planning, operation and control. In the emerging marketplace, systems are operating under higher loading conditions as markets focus greater attention to operating costs than stability and security margins. Since operating stability is a basic requirement for any power system, there is need for newer tools to ensure stability and security margins being strictly enforced in the competitive marketplace. This dissertation investigates issues associated with incorporating voltage security into the unbundled operating environment of electricity markets. It includes addressing voltage security in the monitoring, operational and planning horizons of restructured power system. This dissertation presents a new decomposition procedure to estimate voltage security usage by transactions. The procedure follows physical law and uses an index that can be monitored knowing the state of the system. The expression derived is based on composite market coordination models that have both PoolCo and OpCo transactions, in a shared stressed transmission grid. Our procedure is able to equitably distinguish the impacts of individual transactions on voltage stability, at load buses, in a simple and fast manner. This dissertation formulates a new voltage stability constrained optimal power flow (VSCOPF) using a simple voltage security index. In modern planning, composite power system reliability analysis that encompasses both adequacy and security issues is being developed. We have illustrated the applicability of our VSCOPF into composite reliability analysis. This dissertation also delves into the various applications of voltage security index. Increasingly, FACT devices are being used in restructured markets to mitigate a variety of operational problems. Their control effects on voltage security would be demonstrated using our VSCOPF procedure. Further, this dissertation investigates the application of steady state voltage stability index to detect potential dynamic voltage collapse. Finally, this dissertation examines developments in representation, standardization, communication and exchange of power system data. Power system data is the key input to all analytical engines for system operation, monitoring and control. Data exchange and dissemination could impact voltage security evaluation and therefore needs to be critically examined.

Freedom to Tweet? Opportunities and Barriers for Federal Scientists on Social Media

NASA Astrophysics Data System (ADS)

Goldman, G. T.; Bailin, D.; Rogerson, P.; Renaud, A.; Halpern, M.; Grifo, F.

2013-12-01

The recent explosion of social media represents a fundamental shift in how scientists can share their work with the world, and federal scientists are taking advantage of these new tools. A 2009 report by the Chief Information Officers (CIO) Council--an interagency forum on federal information-technology management convened under the E-Government Act of 2002--recommends that all federal agencies develop a social media policy to address security concerns and provide guidance to employees on how they should identify themselves in these venues. In response to this report, and to the changing media landscape in general, many federal agencies have since developed polices to clarify how their employees may engage in social media. But how effective are such policies for federal scientists? Past analysis has looked at agency social media policies with an eye on performance metrics or on security and privacy of government information. Here, we assess the policies from a different angle: Do they provide sufficient guidance to government scientists and other technical experts? Do they adequately guide employees in a way that promotes responsible use while also affording them the freedom to use these tools to share their work? And how do different agencies compare? We analyzed policies, conducted a survey of federal scientists, and utilized Freedom of Information Act requests to assess how well federal policies and practices provide guidance and freedom for federal scientists using social media at 17 federal agencies. We found that some agencies have very thorough policies and practices that clearly guide and encourage their employees' use of social media outlets; while others provide minimal to no guidance to their scientists or discourage use of these tools. From this analysis, we identify opportunities for communication of federal science on social media, as well as barriers currently inhibiting federal scientists from using these tools. Finally, we offer recommendations for steps that agencies can take in order to continue progress toward providing freedom for their technical experts to fully utilize social media tools.

Enhancing Public Helicopter Safety as a Component of Homeland Security

DTIC Science & Technology

2016-12-01

Risk Assessment Tool GPS Global Positioning System IFR instrument flight rules ILS instrument landing system IMC instrument meteorological...flight rules ( IFR ) flying and the lack of a pre-flight risk assessment. Pilot fatigue is a factor that appeared in two of the accident reports (New...three common factors that emerged from the qualitative analysis of coding: inadequate proficiency of IFR flying, lack of a pre- flight risk assessment

Future Soldiers: Analysis of Entry-Level Performance Requirements and Their Predictors

DTIC Science & Technology

2005-09-01

these future missions; "* New technology such as weapons, tools, and vehicles (e.g., robotics ) and the effect of technological change on personnel...Clusters 1. Close Combat 2. Non Line-of-Sight Fire 3. Surveillance, Intelligence, and Communications 4. Unmanned Vehicle/ Robotics Operator 5. Security...minimized with (a) new materials for ballistic protection, (b) new lethalities, and (c) exoskeletons /artificial muscles. • Infantrymen will experience better

Software Assurance: Five Essential Considerations for Acquisition Officials

DTIC Science & Technology

2007-05-01

May 2007 www.stsc.hill.af.mil 17 2 • address security concerns in the software development life cycle ( SDLC )? • Are there formal software quality...What threat modeling process, if any, is used when designing the software ? What analysis, design, and construction tools are used by your software design...the-shelf (COTS), government off-the-shelf (GOTS), open- source, embedded, and legacy software . Attackers exploit unintentional vulnerabil- ities or

Risk-Based Prioritization of Research for Aviation Security Using Logic-Evolved Decision Analysis

NASA Technical Reports Server (NTRS)

Eisenhawer, S. W.; Bott, T. F.; Sorokach, M. R.; Jones, F. P.; Foggia, J. R.

2004-01-01

The National Aeronautics and Space Administration is developing advanced technologies to reduce terrorist risk for the air transportation system. Decision support tools are needed to help allocate assets to the most promising research. An approach to rank ordering technologies (using logic-evolved decision analysis), with risk reduction as the metric, is presented. The development of a spanning set of scenarios using a logic-gate tree is described. Baseline risk for these scenarios is evaluated with an approximate reasoning model. Illustrative risk and risk reduction results are presented.

Behavioral analysis of malicious code through network traffic and system call monitoring

NASA Astrophysics Data System (ADS)

Grégio, André R. A.; Fernandes Filho, Dario S.; Afonso, Vitor M.; Santos, Rafael D. C.; Jino, Mario; de Geus, Paulo L.

2011-06-01

Malicious code (malware) that spreads through the Internet-such as viruses, worms and trojans-is a major threat to information security nowadays and a profitable business for criminals. There are several approaches to analyze malware by monitoring its actions while it is running in a controlled environment, which helps to identify malicious behaviors. In this article we propose a tool to analyze malware behavior in a non-intrusive and effective way, extending the analysis possibilities to cover malware samples that bypass current approaches and also fixes some issues with these approaches.

Measuring food and nutrition security: tools and considerations for use among people living with HIV.

PubMed

Fielden, Sarah J; Anema, Aranka; Fergusson, Pamela; Muldoon, Katherine; Grede, Nils; de Pee, Saskia

2014-10-01

As an increasing number of countries implement integrated food and nutrition security (FNS) and HIV programs, global stakeholders need clarity on how to best measure FNS at the individual and household level. This paper reviews prominent FNS measurement tools, and describes considerations for interpretation in the context of HIV. There exist a range of FNS measurement tools and many have been adapted for use in HIV-endemic settings. Considerations in selecting appropriate tools include sub-types (food sufficiency, dietary diversity and food safety); scope/level of application; and available resources. Tools need to reflect both the needs of PLHIV and affected households and FNS program objectives. Generalized food sufficiency and dietary diversity tools may provide adequate measures of FNS in PLHIV for programmatic applications. Food consumption measurement tools provide further data for clinical or research applications. Measurement of food safety is an important, but underdeveloped aspect of assessment, especially for PLHIV.

Information security concepts and practices: the case of a provincial multi-specialty hospital.

PubMed

Cavalli, Enrico; Mattasoglio, Andrea; Pinciroli, Francesco; Spaggiari, Piergiorgio

2004-03-31

In recent years, major and widely accepted information security understandings and achievements confirm that the problem is complex. They clarify that technologies are fundamental tools, but management processes have even bigger relevance, as also prestigious international magazines dossier clearly explained recently. Such a magazine attention outlines the wide impact that the subject has on watchful decision makers. ISO17799 is an emerging standard in information security. In principle there are no reasons for considering it not applicable to the health care sector. In practice, because of both the just conceptual level of the standard and the peculiarities of the health care data and institutions, a lot of analysis and design work need to be invested any time a health care institution decides to deal with the subject. CEN/ENV 12924 is another emerging standard certainly more on the spot of the health care. Nevertheless, it also asks for evident further investigation. The practical case of information security design, implementation, management, and auditing inside a multi-specialty provincial Italian hospital will be described.

Analysis Of Using Firewall And Single Honeypot In Training Attack On Wireless Network

NASA Astrophysics Data System (ADS)

Mohd. Diansyah, Tengku.; Faisal, Ilham; Perdana, Adidtya; Octaviani Sembiring, Boni; Hidayati Sinaga, Tantri

2017-12-01

Security issues become one of the important aspects of a network, especially a network security on the server. These problems underlie the need to build a system that can detect threats from parties who do not have access rights (hackers) that are by building a security system honeypot. A Honeypot is a diversion of intruders' attention, in order for intruders to think that it has managed to break down and retrieve data from a network, when in fact the data is not important and the location is isolated. A way to trap or deny unauthorized use of effort in an information system. One type of honeypot is honeyd. Honeyd is a low interaction honeypot that has a smaller risk compared to high interaction types because the interaction with the honeypot does not directly involve the real system. The purpose of the implementation of honeypot and firewall, firewall is used on Mikrotik. Can be used as an administrative tool to view reports of Honeyd generated activity and administrators can also view reports that are stored in the logs in order to assist in determining network security policies.

Material Protection, Accounting, and Control Technologies (MPACT) Advanced Integration Roadmap

DOE Office of Scientific and Technical Information (OSTI.GOV)

Miller, Mike; Cipiti, Ben; Demuth, Scott Francis

2017-01-30

The development of sustainable advanced nuclear fuel cycles is a long-term goal of the Office of Nuclear Energy’s (DOE-NE) Fuel Cycle Technologies program. The Material Protection, Accounting, and Control Technologies (MPACT) campaign is supporting research and development (R&D) of advanced instrumentation, analysis tools, and integration methodologies to meet this goal (Miller, 2015). This advanced R&D is intended to facilitate safeguards and security by design of fuel cycle facilities. The lab-scale demonstration of a virtual facility, distributed test bed, that connects the individual tools being developed at National Laboratories and university research establishments, is a key program milestone for 2020. Thesemore » tools will consist of instrumentation and devices as well as computer software for modeling, simulation and integration.« less

Material Protection, Accounting, and Control Technologies (MPACT) Advanced Integration Roadmap

DOE Office of Scientific and Technical Information (OSTI.GOV)

Durkee, Joe W.; Cipiti, Ben; Demuth, Scott Francis

The development of sustainable advanced nuclear fuel cycles is a long-term goal of the Office of Nuclear Energy’s (DOE-NE) Fuel Cycle Technologies program. The Material Protection, Accounting, and Control Technologies (MPACT) campaign is supporting research and development (R&D) of advanced instrumentation, analysis tools, and integration methodologies to meet this goal (Miller, 2015). This advanced R&D is intended to facilitate safeguards and security by design of fuel cycle facilities. The lab-scale demonstration of a virtual facility, distributed test bed, that connects the individual tools being developed at National Laboratories and university research establishments, is a key program milestone for 2020. Thesemore » tools will consist of instrumentation and devices as well as computer software for modeling, simulation and integration.« less

12 CFR Appendix D-2 to Part 208 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for.... Definitions II. Standards for Safeguarding Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of...

12 CFR Appendix F to Part 225 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for.... Standards for Safeguarding Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B...

78 FR 2953 - National Cybersecurity Center of Excellence (NCCoE) Secure Exchange of Electronic Health...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-15

...-01] National Cybersecurity Center of Excellence (NCCoE) Secure Exchange of Electronic Health... the National Cybersecurity Center of Excellence (NCCoE) in the Secure Exchange of Electronic Health... accelerating the widespread adoption of integrated cybersecurity tools and technologies. The NCCoE will bring...

Augmenting Traditional Static Analysis With Commonly Available Metadata

DOE Office of Scientific and Technical Information (OSTI.GOV)

Cook, Devin

Developers and security analysts have been using static analysis for a long time to analyze programs for defects and vulnerabilities with some success. Generally a static analysis tool is run on the source code for a given program, flagging areas of code that need to be further inspected by a human analyst. These areas may be obvious bugs like potential bu er over flows, information leakage flaws, or the use of uninitialized variables. These tools tend to work fairly well - every year they find many important bugs. These tools are more impressive considering the fact that they only examinemore » the source code, which may be very complex. Now consider the amount of data available that these tools do not analyze. There are many pieces of information that would prove invaluable for finding bugs in code, things such as a history of bug reports, a history of all changes to the code, information about committers, etc. By leveraging all this additional data, it is possible to nd more bugs with less user interaction, as well as track useful metrics such as number and type of defects injected by committer. This dissertation provides a method for leveraging development metadata to find bugs that would otherwise be difficult to find using standard static analysis tools. We showcase two case studies that demonstrate the ability to find 0day vulnerabilities in large and small software projects by finding new vulnerabilities in the cpython and Roundup open source projects.« less

A Tool for Rating the Resilience of Critical Infrastructures in Extreme Fires

DTIC Science & Technology

2014-05-01

provide a tool for NRC to help the Canadian industry to develop extreme fire protection materials and technologies for critical infrastructures. Future...supported by the Canadian Safety and Security Program (CSSP) which is led by Defence Research and Development Canada’s Centre for Security Science, in...in oil refinery and chemical industry facilities. The only available standard in North America that addresses the transportation infrastructure is

The need for integration of drought monitoring tools for proactive food security management in sub-Saharan Africa

USGS Publications Warehouse

Tadesse, T.; Haile, M.; Senay, G.; Wardlow, B.D.; Knutson, C.L.

2008-01-01

Reducing the impact of drought and famine remains a challenge in sub-Saharan Africa despite ongoing drought relief assistance in recent decades. This is because drought and famine are primarily addressed through a crisis management approach when a disaster occurs, rather than stressing preparedness and risk management. Moreover, drought planning and food security efforts have been hampered by a lack of integrated drought monitoring tools, inadequate early warning systems (EWS), and insufficient information flow within and between levels of government in many sub-Saharan countries. The integration of existing drought monitoring tools for sub-Saharan Africa is essential for improving food security systems to reduce the impacts of drought and famine on society in this region. A proactive approach emphasizing integration requires the collective use of multiple tools, which can be used to detect trends in food availability and provide early indicators at local, national, and regional scales on the likely occurrence of food crises. In addition, improving the ability to monitor and disseminate critical drought-related information using available modern technologies (e.g., satellites, computers, and modern communication techniques) may help trigger timely and appropriate preventive responses and, ultimately, contribute to food security and sustainable development in sub-Saharan Africa. ?? 2008 United Nations.

Safe teleradiology: information assurance as project planning methodology

NASA Astrophysics Data System (ADS)

Collmann, Jeff R.; Alaoui, Adil; Nguyen, Dan; Lindisch, David

2003-05-01

This project demonstrates use of OCTAVE, an information security risk assessment method, as an approach to the safe design and planning of a teleradiology system. By adopting this approach to project planning, we intended to provide evidence that including information security as an intrinsic component of project planning improves information assurance and that using information assurance as a planning tool produces and improves the general system management plan. Several considerations justify this approach to planning a safe teleradiology system. First, because OCTAVE was designed as a method for retrospectively assessing and proposing enhancements for the security of existing information management systems, it should function well as a guide to prospectively designing and deploying a secure information system such as teleradiology. Second, because OCTAVE provides assessment and planning tools for use primarily by interdisciplinary teams from user organizations, not consultants, it should enhance the ability of such teams at the local level to plan safe information systems. Third, from the perspective of sociological theory, OCTAVE explicitly attempts to enhance organizational conditions identified as necessary to safely manage complex technologies. Approaching information system design from the perspective of information security risk management proactively integrates health information assurance into a project"s core. This contrasts with typical approaches that perceive "security" as a secondary attribute to be "added" after designing the system and with approaches that identify information assurance only with security devices and user training. The perspective of health information assurance embraces so many dimensions of a computerized health information system"s design that one may successfully deploy a method for retrospectively assessing information security risk as a prospective planning tool. From a sociological perspective, this approach enhances the general conditions as well as establishes specific policies and procedures for reliable performance of health information assurance.

Centralized Cryptographic Key Management and Critical Risk Assessment - CRADA Final Report For CRADA Number NFE-11-03562

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, R. K.; Peters, Scott

The Department of Energy Office of Electricity Delivery and Energy Reliability (DOE-OE) Cyber Security for Energy Delivery Systems (CSEDS) industry led program (DE-FOA-0000359) entitled "Innovation for Increasing Cyber Security for Energy Delivery Systems (12CSEDS)," awarded a contract to Sypris Electronics LLC to develop a Cryptographic Key Management System for the smart grid (Scalable Key Management Solutions for Critical Infrastructure Protection). Oak Ridge National Laboratory (ORNL) and Sypris Electronics, LLC as a result of that award entered into a CRADA (NFE-11-03562) between ORNL and Sypris Electronics, LLC. ORNL provided its Cyber Security Econometrics System (CSES) as a tool to be modifiedmore » and used as a metric to address risks and vulnerabilities in the management of cryptographic keys within the Advanced Metering Infrastructure (AMI) domain of the electric sector. ORNL concentrated our analysis on the AMI domain of which the National Electric Sector Cyber security Organization Resource (NESCOR) Working Group 1 (WG1) has documented 29 failure scenarios. The computational infrastructure of this metric involves system stakeholders, security requirements, system components and security threats. To compute this metric, we estimated the stakes that each stakeholder associates with each security requirement, as well as stochastic matrices that represent the probability of a threat to cause a component failure and the probability of a component failure to cause a security requirement violation. We applied this model to estimate the security of the AMI, by leveraging the recently established National Institute of Standards and Technology Interagency Report (NISTIR) 7628 guidelines for smart grid security and the International Electrotechnical Commission (IEC) 63351, Part 9 to identify the life cycle for cryptographic key management, resulting in a vector that assigned to each stakeholder an estimate of their average loss in terms of dollars per day of system operation. To further address probabilities of threats, information security analysis can be performed using game theory implemented in dynamic Agent Based Game Theoretic (ABGT) simulations. Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. The strategy for the game was developed by analyzing five electric sector representative failure scenarios contained in the AMI functional domain from NESCOR WG1. From these five selected scenarios, we characterized them into three specific threat categories affecting confidentiality, integrity and availability (CIA). The analysis using our ABGT simulation demonstrated how to model the AMI functional domain using a set of rationalized game theoretic rules decomposed from the failure scenarios in terms of how those scenarios might impact the AMI network with respect to CIA.« less

Cryptographic Key Management and Critical Risk Assessment

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K

The Department of Energy Office of Electricity Delivery and Energy Reliability (DOE-OE) CyberSecurity for Energy Delivery Systems (CSEDS) industry led program (DE-FOA-0000359) entitled "Innovation for Increasing CyberSecurity for Energy Delivery Systems (12CSEDS)," awarded a contract to Sypris Electronics LLC to develop a Cryptographic Key Management System for the smart grid (Scalable Key Management Solutions for Critical Infrastructure Protection). Oak Ridge National Laboratory (ORNL) and Sypris Electronics, LLC as a result of that award entered into a CRADA (NFE-11-03562) between ORNL and Sypris Electronics, LLC. ORNL provided its Cyber Security Econometrics System (CSES) as a tool to be modified and usedmore » as a metric to address risks and vulnerabilities in the management of cryptographic keys within the Advanced Metering Infrastructure (AMI) domain of the electric sector. ORNL concentrated our analysis on the AMI domain of which the National Electric Sector Cyber security Organization Resource (NESCOR) Working Group 1 (WG1) has documented 29 failure scenarios. The computational infrastructure of this metric involves system stakeholders, security requirements, system components and security threats. To compute this metric, we estimated the stakes that each stakeholder associates with each security requirement, as well as stochastic matrices that represent the probability of a threat to cause a component failure and the probability of a component failure to cause a security requirement violation. We applied this model to estimate the security of the AMI, by leveraging the recently established National Institute of Standards and Technology Interagency Report (NISTIR) 7628 guidelines for smart grid security and the International Electrotechnical Commission (IEC) 63351, Part 9 to identify the life cycle for cryptographic key management, resulting in a vector that assigned to each stakeholder an estimate of their average loss in terms of dollars per day of system operation. To further address probabilities of threats, information security analysis can be performed using game theory implemented in dynamic Agent Based Game Theoretic (ABGT) simulations. Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. The strategy for the game was developed by analyzing five electric sector representative failure scenarios contained in the AMI functional domain from NESCOR WG1. From these five selected scenarios, we characterized them into three specific threat categories affecting confidentiality, integrity and availability (CIA). The analysis using our ABGT simulation demonstrated how to model the AMI functional domain using a set of rationalized game theoretic rules decomposed from the failure scenarios in terms of how those scenarios might impact the AMI network with respect to CIA.« less

Structuring Cooperative Nuclear RIsk Reduction Initiatives with China.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Brandt, Larry; Reinhardt, Jason Christian; Hecker, Siegfried

The Stanford Center for International Security and Cooperation engaged several Chinese nuclear organizations in cooperative research that focused on responses to radiological and nuclear terrorism. The objective was to identify joint research initiatives to reduce the global dangers of such threats and to pursue initial technical collaborations in several high priority areas. Initiatives were identified in three primary research areas: 1) detection and interdiction of smuggled nuclear materials; 2) nuclear forensics; and 3) radiological (“dirty bomb”) threats and countermeasures. Initial work emphasized the application of systems and risk analysis tools, which proved effective in structuring the collaborations. The extensive engagementsmore » between national security nuclear experts in China and the U.S. during the research strengthened professional relationships between these important communities.« less

Approaches to decrease the level of parasitic noise over vibroacoustic channel in terms of configuring information security tools

NASA Astrophysics Data System (ADS)

Ivanov, A. V.; Reva, I. L.; Babin, A. A.

2018-04-01

The article deals with influence of various ways to place vibration transmitters on efficiency of rooms safety for negotiations. Standing for remote vibration listening of window glass, electro-optical channel, the most typical technical channel of information leakage, was investigated. The modern system “Sonata-AB” of 4B model is used as an active protection tool. Factors influencing on security tools configuration efficiency have been determined. The results allow utilizer to reduce masking interference level as well as parasitic noise with keeping properties of room safety.

Hole-Center Locating Tool

NASA Technical Reports Server (NTRS)

Senter, H. F.

1984-01-01

Tool alines center of new hold with existing hole. Tool marks center of new hole drilled while workpiece is in place. Secured with bolts while hole center marked with punch. Used for field installations where reference points unavailable or work area cramped and not easily accessible with conventional tools.

Assessing the level of public health partner spending using the funding formula analysis tool.

PubMed

Bernet, Patrick M

2012-01-01

Public health services are delivered through a variety of organizations. Traditional accounting of public health expenditures typically captures only spending by government agencies. New Hampshire collected information from public health partners, such as community centers that host smoking cessation classes or health education done by Girls, Inc. This study compares the new data to spending by government agencies, focusing on breakdowns by fund source and service categories. Expanded funds secured by these partners account for a 42% of all local public health spending, and they spent 4 times more than government agencies on promoting healthy behavior. The funding formula analysis tool revealed that these partners spent in ways that would be politically difficult to achieve. In an era of declining budgets, an understanding of public health's partners is increasingly vital.

RxPATROL: a Web-based tool for combating pharmacy theft.

PubMed

Smith, Meredith Y; Graham, J Aaron; Haddox, J David; Steffey, Amy

2009-01-01

To report the incidence of pharmacy-related burglaries and robberies and characteristics of pharmacies where such crimes have occurred using recent data from Rx Pattern Analysis Tracking Robberies & Other Losses (RxPATROL), a national Web-based information clearinghouse on pharmacy-related theft of prescription medications and over-the-counter products. Descriptive, nonexperimental study. United States between 2005 and 2006. Not applicable. Not applicable. Number of pharmacy theft reports received; incident type, date, and location; point of entry; and pharmacy security features. Between 2005 and 2006, 202 pharmacy burglary and 299 pharmacy robbery reports from 45 different states were filed with RxPATROL. More than 70% of pharmacies reporting such crimes lacked a security camera. Among those reporting a burglary, 60% lacked dead bolt locks, a solid exterior door, a motion detector device, or a safe or vault for storage of controlled substances. Burglars most often obtained access to the pharmacy via the front door. RxPATROL is a Web-based tool that can assist pharmacies and law enforcement in collaborating more effectively to combat and prevent pharmacy-related crimes.

Gross anatomy of network security

NASA Technical Reports Server (NTRS)

Siu, Thomas J.

2002-01-01

Information security involves many branches of effort, including information assurance, host level security, physical security, and network security. Computer network security methods and implementations are given a top-down description to permit a medically focused audience to anchor this information to their daily practice. The depth of detail of network functionality and security measures, like that of the study of human anatomy, can be highly involved. Presented at the level of major gross anatomical systems, this paper will focus on network backbone implementation and perimeter defenses, then diagnostic tools, and finally the user practices (the human element). Physical security measures, though significant, have been defined as beyond the scope of this presentation.

Semantic-JSON: a lightweight web service interface for Semantic Web contents integrating multiple life science databases

PubMed Central

Kobayashi, Norio; Ishii, Manabu; Takahashi, Satoshi; Mochizuki, Yoshiki; Matsushima, Akihiro; Toyoda, Tetsuro

2011-01-01

Global cloud frameworks for bioinformatics research databases become huge and heterogeneous; solutions face various diametric challenges comprising cross-integration, retrieval, security and openness. To address this, as of March 2011 organizations including RIKEN published 192 mammalian, plant and protein life sciences databases having 8.2 million data records, integrated as Linked Open or Private Data (LOD/LPD) using SciNetS.org, the Scientists' Networking System. The huge quantity of linked data this database integration framework covers is based on the Semantic Web, where researchers collaborate by managing metadata across public and private databases in a secured data space. This outstripped the data query capacity of existing interface tools like SPARQL. Actual research also requires specialized tools for data analysis using raw original data. To solve these challenges, in December 2009 we developed the lightweight Semantic-JSON interface to access each fragment of linked and raw life sciences data securely under the control of programming languages popularly used by bioinformaticians such as Perl and Ruby. Researchers successfully used the interface across 28 million semantic relationships for biological applications including genome design, sequence processing, inference over phenotype databases, full-text search indexing and human-readable contents like ontology and LOD tree viewers. Semantic-JSON services of SciNetS.org are provided at http://semanticjson.org. PMID:21632604

A Tool for Determining the Number of Contributors: Interpreting Complex, Compromised Low-Template Dna Samples

DTIC Science & Technology

2017-09-28

SECURITY CLASSIFICATION OF: In forensic DNA analysis, the interpretation of a sample acquired from the environment may be dependent upon the...sample acquired from the environment may be dependent upon the assumption on the number of individuals from which the evidence arose. Degraded and...NOCIt results to those obtained when allele counting or maxiumum likelihood estimator (MLE) methods are employed. NOCIt does not depend upon an AT and

Evaluation of the Presentation of Network Data via Visualization Tools for Network Analysts

DTIC Science & Technology

2014-03-01

A. (eds.) The Human Computer Interaction Handbook, pp.544–582. Lawrence Erlbaum Associates, Mawah, NJ, 2003. 4. Goodall , John R. Introduction to...of either display type being used in the analysis of cyber security tasks. Goodall (19) is one of few whose work focused on comparing user...relating source IP address to destination IP address and time, Goodall remains the only known approach comparing tabular and graphical displays

Statistical Relational Learning (SRL) as an Enabling Technology for Data Acquisition and Data Fusion in Video

DTIC Science & Technology

2013-05-02

REPORT Statistical Relational Learning ( SRL ) as an Enabling Technology for Data Acquisition and Data Fusion in Video 14. ABSTRACT 16. SECURITY...particular, it is important to reason about which portions of video require expensive analysis and storage. This project aims to make these...inferences using new and existing tools from Statistical Relational Learning ( SRL ). SRL is a recently emerging technology that enables the effective 1

An Updated Decision Support Interface: A Tool for Remote Monitoring of Crop Growing Conditions

NASA Astrophysics Data System (ADS)

Husak, G. J.; Budde, M. E.; Rowland, J.; Verdin, J. P.; Funk, C. C.; Landsfeld, M. F.

2014-12-01

Remote sensing of agroclimatological variables to monitor food production conditions is a critical component of the Famine Early Warning Systems Network portfolio of tools for assessing food security in the developing world. The Decision Support Interface (DSI) seeks to integrate a number of remotely sensed and modeled variables to create a single, simplified portal for analysis of crop growing conditions. The DSI has been reformulated to incorporate more variables and give the user more freedom in exploring the available data. This refinement seeks to transition the DSI from a "first glance" agroclimatic indicator to one better suited for the differentiation of drought events. The DSI performs analysis of variables over primary agricultural zones at the first sub-national administrative level. It uses the spatially averaged rainfall, normalized difference vegetation index (NDVI), water requirement satisfaction index (WRSI), and actual evapotranspiration (ETa) to identify potential hazards to food security. Presenting this information in a web-based client gives food security analysts and decision makers a lightweight portal for information on crop growing conditions in the region. The crop zones used for the aggregation contain timing information which is critical to the DSI presentation. Rainfall and ETa are accumulated from different points in the crop phenology to identify season-long deficits in rainfall or transpiration that adversely affect the crop-growing conditions. Furthermore, the NDVI and WRSI serve as their own seasonal accumulated measures of growing conditions by capturing vegetation vigor or actual evapotranspiration deficits. The DSI is currently active for major growing regions of sub-Saharan Africa, with intention of expanding to other areas over the coming years.

Training the next generation analyst using red cell analytics

NASA Astrophysics Data System (ADS)

Graham, Meghan N.; Graham, Jacob L.

2016-05-01

We have seen significant change in the study and practice of human reasoning in recent years from both a theoretical and methodological perspective. Ubiquitous communication coupled with advances in computing and a plethora of analytic support tools have created a push for instantaneous reporting and analysis. This notion is particularly prevalent in law enforcement, emergency services and the intelligence community (IC), where commanders (and their civilian leadership) expect not only a birds' eye view of operations as they occur, but a play-by-play analysis of operational effectiveness. This paper explores the use of Red Cell Analytics (RCA) as pedagogy to train the next-gen analyst. A group of Penn State students in the College of Information Sciences and Technology at the University Park campus of The Pennsylvania State University have been practicing Red Team Analysis since 2008. RCA draws heavily from the military application of the same concept, except student RCA problems are typically on non-military in nature. RCA students utilize a suite of analytic tools and methods to explore and develop red-cell tactics, techniques and procedures (TTPs), and apply their tradecraft across a broad threat spectrum, from student-life issues to threats to national security. The strength of RCA is not always realized by the solution but by the exploration of the analytic pathway. This paper describes the concept and use of red cell analytics to teach and promote the use of structured analytic techniques, analytic writing and critical thinking in the area of security and risk and intelligence training.

Magnet-wire wrapping tool for integrated circuits

NASA Technical Reports Server (NTRS)

Takahashi, T. H.

1972-01-01

Wire-dispensing tool which resembles mechanical pencil is used to wrap magnet wire around integrated circuit terminals uniformly and securely without damaging insulative coating on wire. Tool is hand-held and easily manipulated to execute wire wrapping movements.

Computer-Aided Sensor Development Focused on Security Issues.

PubMed

Bialas, Andrzej

2016-05-26

The paper examines intelligent sensor and sensor system development according to the Common Criteria methodology, which is the basic security assurance methodology for IT products and systems. The paper presents how the development process can be supported by software tools, design patterns and knowledge engineering. The automation of this process brings cost-, quality-, and time-related advantages, because the most difficult and most laborious activities are software-supported and the design reusability is growing. The paper includes a short introduction to the Common Criteria methodology and its sensor-related applications. In the experimental section the computer-supported and patterns-based IT security development process is presented using the example of an intelligent methane detection sensor. This process is supported by an ontology-based tool for security modeling and analyses. The verified and justified models are transferred straight to the security target specification representing security requirements for the IT product. The novelty of the paper is to provide a patterns-based and computer-aided methodology for the sensors development with a view to achieving their IT security assurance. The paper summarizes the validation experiment focused on this methodology adapted for the sensors system development, and presents directions of future research.

Computer-Aided Sensor Development Focused on Security Issues

PubMed Central

Bialas, Andrzej

2016-01-01

The paper examines intelligent sensor and sensor system development according to the Common Criteria methodology, which is the basic security assurance methodology for IT products and systems. The paper presents how the development process can be supported by software tools, design patterns and knowledge engineering. The automation of this process brings cost-, quality-, and time-related advantages, because the most difficult and most laborious activities are software-supported and the design reusability is growing. The paper includes a short introduction to the Common Criteria methodology and its sensor-related applications. In the experimental section the computer-supported and patterns-based IT security development process is presented using the example of an intelligent methane detection sensor. This process is supported by an ontology-based tool for security modeling and analyses. The verified and justified models are transferred straight to the security target specification representing security requirements for the IT product. The novelty of the paper is to provide a patterns-based and computer-aided methodology for the sensors development with a view to achieving their IT security assurance. The paper summarizes the validation experiment focused on this methodology adapted for the sensors system development, and presents directions of future research. PMID:27240360

12 CFR Appendix B to Part 364 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and...

Security Systems Commissioning: An Old Trick for Your New Dog

ERIC Educational Resources Information Center

Black, James R.

2009-01-01

Sophisticated, software-based security systems can provide powerful tools to support campus security. By nature, such systems are flexible, with many capabilities that can help manage the process of physical protection. However, the full potential of these systems can be overlooked because of unfamiliarity with the products, weaknesses in security…

Household Food Security Study Summaries. 2001 Edition.

ERIC Educational Resources Information Center

Seavey, Dorie; Sullivan, Ashley F.

This report provides the most recent data on the food security of United States households. Based on studies using the Food Security Core Module (FSCM), a tool facilitating direct documentation of the extent of food insecurity and hunger caused by income limitations, this report summarizes 35 studies representing 20 states and Canada. The report…

On Specifying the Functional Design for a Protected DMS Tool

DTIC Science & Technology

1977-03-01

of a secure data management system in terms of abstract entities. In keeping with this, the model identifies a security policy which is sufficient... policy of the model may be expressed, there- fore, as the rules which mediate the access of subjects to objects. The access authorization of the...level of a subject; however, this possibly is not acknowledged in our model. The specification of the DMS tool embodies this protection policy

Measuring political commitment and opportunities to advance food and nutrition security: piloting a rapid assessment tool.

PubMed

Fox, Ashley M; Balarajan, Yarlini; Cheng, Chloe; Reich, Michael R

2015-06-01

Lack of political commitment has been identified as a primary reason for the low priority that food and nutrition interventions receive from national governments relative to the high disease burden caused by malnutrition. Researchers have identified a number of factors that contribute to food and nutrition's 'low-priority cycle' on national policy agendas, but few tools exist to rapidly measure political commitment and identify opportunities to advance food and nutrition on the policy agenda. This article presents a theory-based rapid assessment approach to gauging countries' level of political commitment to food and nutrition security and identifying opportunities to advance food and nutrition on the policy agenda. The rapid assessment tool was piloted among food and nutrition policymakers and planners in 10 low- and middle-income countries in April to June 2013. Food and nutrition commitment and policy opportunity scores were calculated for each country and strategies to advance food and nutrition on policy agendas were designed for each country. The article finds that, in a majority of countries, political leaders had verbally and symbolically committed to addressing food and nutrition, but adequate financial resources were not allocated to implement specific programmes. In addition, whereas the low cohesion of the policy community has been viewed a major underlying cause of the low-priority status of food and nutrition, the analysis finds that policy community cohesion and having a well thought-out policy alternative were present in most countries. This tool may be useful to policymakers and planners providing information that can be used to benchmark and/or evaluate advocacy efforts to advance reforms in the food and nutrition sector; furthermore, the results can help identify specific strategies that can be employed to move the food and nutrition agenda forward. This tool complements others that have been recently developed to measure national commitment to advancing food and nutrition security. Published by Oxford University Press in association with The London School of Hygiene and Tropical Medicine © The Author 2014; all rights reserved.

An RFID-based luggage and passenger tracking system for airport security control applications

NASA Astrophysics Data System (ADS)

Vastianos, George E.; Kyriazanos, Dimitris M.; Kountouriotis, Vassilios I.; Thomopoulos, Stelios C. A.

2014-06-01

Market analysis studies of recent years have shown a steady and significant increase in the usage of RFID technology. Key factors for this growth were the decreased costs of passive RFIDs and their improved performance compared to the other identification technologies. Besides the benefits of RFID technologies into the supply chains, warehousing, traditional inventory and asset management applications, RFID has proven itself worth exploiting on experimental, as well as on commercial level in other sectors, such as healthcare, transport and security. In security sector, airport security is one of the biggest challenges. Airports are extremely busy public places and thus prime targets for terrorism, with aircraft, passengers, crew and airport infrastructure all subject to terrorist attacks. Inside this labyrinth of security challenges, the long range detection capability of the UHF passive RFID technology can be turned into a very important tracking tool that may outperform all the limitations of the barcode tracking inside the current airport security control chain. The Integrated Systems Lab of NCSR Demokritos has developed an RFID based Luggage and Passenger tracking system within the TASS (FP7-SEC-2010-241905) EU research project. This paper describes application scenarios of the system categorized according to the structured nature of the environment, the system architecture and presents evaluation results extracted from measurements with a group of different massive production GEN2 UHF RFID tags that are widely available in the world market.

A 3S Risk ?3SR? Assessment Approach for Nuclear Power: Safety Security and Safeguards.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Forrest, Robert; Reinhardt, Jason Christian; Wheeler, Timothy A.

Safety-focused risk analysis and assessment approaches struggle to adequately include malicious, deliberate acts against the nuclear power industry's fissile and waste material, infrastructure, and facilities. Further, existing methods do not adequately address non- proliferation issues. Treating safety, security, and safeguards concerns independently is inefficient because, at best, it may not take explicit advantage of measures that provide benefits against multiple risk domains, and, at worst, it may lead to implementations that increase overall risk due to incompatibilities. What is needed is an integrated safety, security and safeguards risk (or "3SR") framework for describing and assessing nuclear power risks that canmore » enable direct trade-offs and interactions in order to inform risk management processes -- a potential paradigm shift in risk analysis and management. These proceedings of the Sandia ePRA Workshop (held August 22-23, 2017) are an attempt to begin the discussions and deliberations to extend and augment safety focused risk assessment approaches to include security concerns and begin moving towards a 3S Risk approach. Safeguards concerns were not included in this initial workshop and are left to future efforts. This workshop focused on four themes in order to begin building out a the safety and security portions of the 3S Risk toolkit: 1. Historical Approaches and Tools 2. Current Challenges 3. Modern Approaches 4. Paths Forward and Next Steps This report is organized along the four areas described above, and concludes with a summary of key points. 2 Contact: rforres@sandia.gov; +1 (925) 294-2728« less

Reinforcements, ammunition limits, and termination of neutralization engagements in ASSESS

DOE Office of Scientific and Technical Information (OSTI.GOV)

Paulus, W.K.; Mondragon, J.

1991-01-01

This paper reports on the ASSESS Neutralization Analysis module (Neutralization) which is part of Analytic system and Software for Evaluation of Safeguards and Security, ASSESS, a vulnerability assessment tool. Neutralization models a fire fight engagement between security inspectors (SIs) and adversaries. The model has been improved to represent more realistically the addition of reinforcements to an engagement, the criteria for declaring an engagement terminated, and the amount of ammunition which security forces can use. SI reinforcements must prevent adversaries from achieving their purpose even if an initial security force has been overcome. The reinforcements must be timely. A variety ofmore » reinforcement timeliness cases can be modeled. Reinforcements that are not timely are shown to be ineffective in the calculated results. Engagements may terminate before all combatants on one side are neutralized if they recognize that they are losing. A winner is declared when the number of survivors on one side is reduced to a user specified level. Realistically, the amount of ammunition that can be carried into an engagement is limited. Neutralization now permits the analyst to specify the number of rounds available to the security forces initially and the quantity of resupply that is introduced with reinforcements. These new capabilities all contribute toward more realistic modeling of neutralization engagements.« less

Safety and Security Interface Technology Initiative

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dr. Michael A. Lehto; Kevin J. Carroll; Dr. Robert Lowrie

Safety and Security Interface Technology Initiative Mr. Kevin J. Carroll Dr. Robert Lowrie, Dr. Micheal Lehto BWXT Y12 NSC Oak Ridge, TN 37831 865-576-2289/865-241-2772 carrollkj@y12.doe.gov Work Objective. Earlier this year, the Energy Facility Contractors Group (EFCOG) was asked to assist in developing options related to acceleration deployment of new security-related technologies to assist meeting design base threat (DBT) needs while also addressing the requirements of 10 CFR 830. NNSA NA-70, one of the working group participants, designated this effort the Safety and Security Interface Technology Initiative (SSIT). Relationship to Workshop Theme. “Supporting Excellence in Operations Through Safety Analysis,” (workshop theme)more » includes security and safety personnel working together to ensure effective and efficient operations. One of the specific workshop elements listed in the call for papers is “Safeguards/Security Integration with Safety.” This paper speaks directly to this theme. Description of Work. The EFCOG Safety Analysis Working Group (SAWG) and the EFCOG Security Working Group formed a core team to develop an integrated process involving both safety basis and security needs allowing achievement of the DBT objectives while ensuring safety is appropriately considered. This effort garnered significant interest, starting with a two day breakout session of 30 experts at the 2006 Safety Basis Workshop. A core team was formed, and a series of meetings were held to develop that process, including safety and security professionals, both contractor and federal personnel. A pilot exercise held at Idaho National Laboratory (INL) in mid-July 2006 was conducted as a feasibility of concept review. Work Results. The SSIT efforts resulted in a topical report transmitted from EFCOG to DOE/NNSA in August 2006. Elements of the report included: Drivers and Endstate, Control Selections Alternative Analysis Process, Terminology Crosswalk, Safety Basis/Security Documentation Integration, Configuration Control, and development of a shared ‘tool box’ of information/successes. Specific Benefits. The expectation or end state resulting from the topical report and associated implementation plan includes: (1) A recommended process for handling the documentation of the security and safety disciplines, including an appropriate change control process and participation by all stakeholders. (2) A means to package security systems with sufficient information to help expedite the flow of that system through the process. In addition, a means to share successes among sites, to include information and safety basis to the extent such information is transportable. (3) Identification of key security systems and associated essential security elements being installed and an arrangement for the sites installing these systems to host an appropriate team to review a specific system and determine what information is exportable. (4) Identification of the security systems’ essential elements and appropriate controls required for testing of these essential elements in the facility. (5) The ability to help refine and improve an agreed to control set at the manufacture stage.« less

Privacy Is Become with, Data Perturbation

NASA Astrophysics Data System (ADS)

Singh, Er. Niranjan; Singhai, Niky

2011-06-01

Privacy is becoming an increasingly important issue in many data mining applications that deal with health care, security, finance, behavior and other types of sensitive data. Is particularly becoming important in counterterrorism and homeland security-related applications. We touch upon several techniques of masking the data, namely random distortion, including the uniform and Gaussian noise, applied to the data in order to protect it. These perturbation schemes are equivalent to additive perturbation after the logarithmic Transformation. Due to the large volume of research in deriving private information from the additive noise perturbed data, the security of these perturbation schemes is questionable Many artificial intelligence and statistical methods exist for data analysis interpretation, Identifying and measuring the interestingness of patterns and rules discovered, or to be discovered is essential for the evaluation of the mined knowledge and the KDD process as a whole. While some concrete measurements exist, assessing the interestingness of discovered knowledge is still an important research issue. As the tool for the algorithm implementations we chose the language of choice in industrial world MATLAB.

Homeland Security Research Improves the Nation's Ability to ...

EPA Pesticide Factsheets

Technical Brief Homeland Security (HS) Research develops data, tools, and technologies to minimize the impact of accidents, natural disasters, terrorist attacks, and other incidents that can result in toxic chemical, biological or radiological (CBR) contamination. HS Research develops ways to detect contamination, sampling strategies, sampling and analytical methods, cleanup methods, waste management approaches, exposure assessment methods, and decision support tools (including water system models). These contributions improve EPA’s response to a broad range of environmental disasters.

Application of laser-wakefield-based x-ray source to global food security issues

NASA Astrophysics Data System (ADS)

Kieffer, J. C.; Fourmaux, S.; Hallin, E.; Arnison, P.; Brereton, N.; Pitre, F.; Dixon, M.; Tran, N.

2017-05-01

We present the development of a high throughput phase contrast screening system based on LWFA Xray sources for plant imaging. We upgraded the INRS laser-betatron beam line and we illustrate its imaging potential through the innovative development of new tools for addressing issues relevant to global food security. This initiative, led by the Global Institute of Food Security (GIFS) at the U of Saskatchewan, aims to elucidate that part of the function that maps environmental inputs onto specific plant phenotypes. The prospect of correlating phenotypic expression with adaptation to environmental stresses will provide researchers with a new tool to assess breeding programs for crops meant to thrive under the climate extremes.

An Authentication Protocol for Future Sensor Networks.

PubMed

Bilal, Muhammad; Kang, Shin-Gak

2017-04-28

Authentication is one of the essential security services in Wireless Sensor Networks (WSNs) for ensuring secure data sessions. Sensor node authentication ensures the confidentiality and validity of data collected by the sensor node, whereas user authentication guarantees that only legitimate users can access the sensor data. In a mobile WSN, sensor and user nodes move across the network and exchange data with multiple nodes, thus experiencing the authentication process multiple times. The integration of WSNs with Internet of Things (IoT) brings forth a new kind of WSN architecture along with stricter security requirements; for instance, a sensor node or a user node may need to establish multiple concurrent secure data sessions. With concurrent data sessions, the frequency of the re-authentication process increases in proportion to the number of concurrent connections. Moreover, to establish multiple data sessions, it is essential that a protocol participant have the capability of running multiple instances of the protocol run, which makes the security issue even more challenging. The currently available authentication protocols were designed for the autonomous WSN and do not account for the above requirements. Hence, ensuring a lightweight and efficient authentication protocol has become more crucial. In this paper, we present a novel, lightweight and efficient key exchange and authentication protocol suite called the Secure Mobile Sensor Network (SMSN) Authentication Protocol. In the SMSN a mobile node goes through an initial authentication procedure and receives a re-authentication ticket from the base station. Later a mobile node can use this re-authentication ticket when establishing multiple data exchange sessions and/or when moving across the network. This scheme reduces the communication and computational complexity of the authentication process. We proved the strength of our protocol with rigorous security analysis (including formal analysis using the BAN-logic) and simulated the SMSN and previously proposed schemes in an automated protocol verifier tool. Finally, we compared the computational complexity and communication cost against well-known authentication protocols.

An Authentication Protocol for Future Sensor Networks

PubMed Central

Bilal, Muhammad; Kang, Shin-Gak

2017-01-01

Authentication is one of the essential security services in Wireless Sensor Networks (WSNs) for ensuring secure data sessions. Sensor node authentication ensures the confidentiality and validity of data collected by the sensor node, whereas user authentication guarantees that only legitimate users can access the sensor data. In a mobile WSN, sensor and user nodes move across the network and exchange data with multiple nodes, thus experiencing the authentication process multiple times. The integration of WSNs with Internet of Things (IoT) brings forth a new kind of WSN architecture along with stricter security requirements; for instance, a sensor node or a user node may need to establish multiple concurrent secure data sessions. With concurrent data sessions, the frequency of the re-authentication process increases in proportion to the number of concurrent connections. Moreover, to establish multiple data sessions, it is essential that a protocol participant have the capability of running multiple instances of the protocol run, which makes the security issue even more challenging. The currently available authentication protocols were designed for the autonomous WSN and do not account for the above requirements. Hence, ensuring a lightweight and efficient authentication protocol has become more crucial. In this paper, we present a novel, lightweight and efficient key exchange and authentication protocol suite called the Secure Mobile Sensor Network (SMSN) Authentication Protocol. In the SMSN a mobile node goes through an initial authentication procedure and receives a re-authentication ticket from the base station. Later a mobile node can use this re-authentication ticket when establishing multiple data exchange sessions and/or when moving across the network. This scheme reduces the communication and computational complexity of the authentication process. We proved the strength of our protocol with rigorous security analysis (including formal analysis using the BAN-logic) and simulated the SMSN and previously proposed schemes in an automated protocol verifier tool. Finally, we compared the computational complexity and communication cost against well-known authentication protocols. PMID:28452937

DOE Office of Scientific and Technical Information (OSTI.GOV)

Troy Hiltbrand; Daniel Jones

As we look at the cyber security ecosystem, are we planning to fight the battle as we did yesterday, with firewalls and intrusion detection systems (IDS), or are we sensing a change in how security is evolving and planning accordingly? With the technology enablement and possible financial benefits of cloud computing, the traditional tools for establishing and maintaining our cyber security ecosystems are being dramatically altered.

Non-negative Tensor Factorization for Robust Exploratory Big-Data Analytics

DOE Office of Scientific and Technical Information (OSTI.GOV)

Alexandrov, Boian; Vesselinov, Velimir Valentinov; Djidjev, Hristo Nikolov

Currently, large multidimensional datasets are being accumulated in almost every field. Data are: (1) collected by distributed sensor networks in real-time all over the globe, (2) produced by large-scale experimental measurements or engineering activities, (3) generated by high-performance simulations, and (4) gathered by electronic communications and socialnetwork activities, etc. Simultaneous analysis of these ultra-large heterogeneous multidimensional datasets is often critical for scientific discoveries, decision-making, emergency response, and national and global security. The importance of such analyses mandates the development of the next-generation of robust machine learning (ML) methods and tools for bigdata exploratory analysis.

Vehicle assisted harpoon breaching tool

DOEpatents

Pacheco, James E [Albuquerque, NM; Highland, Steven E [Albuquerque, NM

2011-02-15

A harpoon breaching tool that allows security officers, SWAT teams, police, firemen, soldiers, or others to forcibly breach metal doors or walls very quickly (in a few seconds), without explosives. The harpoon breaching tool can be mounted to a vehicle's standard receiver hitch.

A Value Measure for Public-Sector Enterprise Risk Management: A TSA Case Study.

PubMed

Fletcher, Kenneth C; Abbas, Ali E

2018-05-01

This article presents a public value measure that can be used to aid executives in the public sector to better assess policy decisions and maximize value to the American people. Using Transportation Security Administration (TSA) programs as an example, we first identify the basic components of public value. We then propose a public value account to quantify the outcomes of various risk scenarios, and we determine the certain equivalent of several important TSA programs. We illustrate how this proposed measure can quantify the effects of two main challenges that government organizations face when conducting enterprise risk management: (1) short-term versus long-term incentives and (2) avoiding potential negative consequences even if they occur with low probability. Finally, we illustrate how this measure enables the use of various tools from decision analysis to be applied in government settings, such as stochastic dominance arguments and certain equivalent calculations. Regarding the TSA case study, our analysis demonstrates the value of continued expansion of the TSA trusted traveler initiative and increasing the background vetting for passengers who are afforded expedited security screening. © 2017 Society for Risk Analysis.

Performance Impact of Connectivity Restrictions and Increased Vulnerability Presence on Automated Attack Graph Generation

DTIC Science & Technology

2007-03-01

results (Ingols 2005). 2.4.3 Skybox - Skybox view Skybox View is a commercially available tool developed by Skybox Security that can automatically...generate attack graphs through the use of host-based agents, management interfaces, and an analysis server located on the target network ( Skybox 2006... Skybox , an examination of recent patents submitted by Skybox identified the algorithmic complexity of the product as n4, where n represents the number

Empirical Analysis of Using Erasure Coding in Outsourcing Data Storage With Provable Security

DTIC Science & Technology

2016-06-01

the fastest encoding performance among the four tested schemes. We expected to observe that Cauchy Reed-Solomonwould be faster than Reed- Solomon for all...providing recoverability for POR. We survey MDS codes and select Reed- Solomon and Cauchy Reed- Solomon MDS codes to be implemented into a prototype POR...tools providing recoverability for POR. We survey MDS codes and select Reed- Solomon and Cauchy Reed- Solomon MDS codes to be implemented into a

Modeling, Simulation, and Analysis for State and Local Emergency Planning and Response: Concept of Operations

DTIC Science & Technology

2009-01-01

must be considered for each threat. The Department of Homeland Security (DHS) has defined 15 National Planning Scenarios ( NPSs ), along with a...considered how to incorporate the 15 NPSs and the Target Capabilities List developed by DHS. Finally, we considered the work being done by Dr. Charles...suite of models and other tools hampers effective planning and re- sponse for all hazards, including the NPSs . The ES community has many meth- ods

Technical and Operational Analysis of the Fortress Secure Wireless Access Bridge (ES-520) in Support of Tactical Military Coalition Operations

DTIC Science & Technology

2008-03-01

Postgraduate School’s COASTS international field- testing and thesis research program. B. COASTS 2007 Indonesia, Malaysia , Singapore, Thailand, and the...software tools available for monitoring and testing network throughput. One Dell Laptop was loaded with the IxChariot console as shown in Figure 32...91 J. LAPTOP COMPUTERS As mentioned in the previous section, one dell laptop was loaded with the IxChariot console. Two additional laptop

Adaptive bill morphology for enhanced tool manipulation in New Caledonian crows

PubMed Central

Matsui, Hiroshi; Hunt, Gavin R.; Oberhofer, Katja; Ogihara, Naomichi; McGowan, Kevin J.; Mithraratne, Kumar; Yamasaki, Takeshi; Gray, Russell D.; Izawa, Ei-Ichi

2016-01-01

Early increased sophistication of human tools is thought to be underpinned by adaptive morphology for efficient tool manipulation. Such adaptive specialisation is unknown in nonhuman primates but may have evolved in the New Caledonian crow, which has sophisticated tool manufacture. The straightness of its bill, for example, may be adaptive for enhanced visually-directed use of tools. Here, we examine in detail the shape and internal structure of the New Caledonian crow’s bill using Principal Components Analysis and Computed Tomography within a comparative framework. We found that the bill has a combination of interrelated shape and structural features unique within Corvus, and possibly birds generally. The upper mandible is relatively deep and short with a straight cutting edge, and the lower mandible is strengthened and upturned. These novel combined attributes would be functional for (i) counteracting the unique loading patterns acting on the bill when manipulating tools, (ii) a strong precision grip to hold tools securely, and (iii) enhanced visually-guided tool use. Our findings indicate that the New Caledonian crow’s innovative bill has been adapted for tool manipulation to at least some degree. Early increased sophistication of tools may require the co-evolution of morphology that provides improved manipulatory skills. PMID:26955788

Developing an ANSI standard for image quality tools for the testing of active millimeter wave imaging systems

NASA Astrophysics Data System (ADS)

Barber, Jeffrey; Greca, Joseph; Yam, Kevin; Weatherall, James C.; Smith, Peter R.; Smith, Barry T.

2017-05-01

In 2016, the millimeter wave (MMW) imaging community initiated the formation of a standard for millimeter wave image quality metrics. This new standard, American National Standards Institute (ANSI) N42.59, will apply to active MMW systems for security screening of humans. The Electromagnetic Signatures of Explosives Laboratory at the Transportation Security Laboratory is supporting the ANSI standards process via the creation of initial prototypes for round-robin testing with MMW imaging system manufacturers and experts. Results obtained for these prototypes will be used to inform the community and lead to consensus objective standards amongst stakeholders. Images collected with laboratory systems are presented along with results of preliminary image analysis. Future directions for object design, data collection and image processing are discussed.

Fundamental finite key limits for one-way information reconciliation in quantum key distribution

NASA Astrophysics Data System (ADS)

Tomamichel, Marco; Martinez-Mateo, Jesus; Pacher, Christoph; Elkouss, David

2017-11-01

The security of quantum key distribution protocols is guaranteed by the laws of quantum mechanics. However, a precise analysis of the security properties requires tools from both classical cryptography and information theory. Here, we employ recent results in non-asymptotic classical information theory to show that one-way information reconciliation imposes fundamental limitations on the amount of secret key that can be extracted in the finite key regime. In particular, we find that an often used approximation for the information leakage during information reconciliation is not generally valid. We propose an improved approximation that takes into account finite key effects and numerically test it against codes for two probability distributions, that we call binary-binary and binary-Gaussian, that typically appear in quantum key distribution protocols.

Spinoff 2010

NASA Technical Reports Server (NTRS)

2010-01-01

Topics covered include: Burnishing Techniques Strengthen Hip Implants; Signal Processing Methods Monitor Cranial Pressure; Ultraviolet-Blocking Lenses Protect, Enhance Vision; Hyperspectral Systems Increase Imaging Capabilities; Programs Model the Future of Air Traffic Management; Tail Rotor Airfoils Stabilize Helicopters, Reduce Noise; Personal Aircraft Point to the Future of Transportation; Ducted Fan Designs Lead to Potential New Vehicles; Winglets Save Billions of Dollars in Fuel Costs; Sensor Systems Collect Critical Aerodynamics Data; Coatings Extend Life of Engines and Infrastructure; Radiometers Optimize Local Weather Prediction; Energy-Efficient Systems Eliminate Icing Danger for UAVs; Rocket-Powered Parachutes Rescue Entire Planes; Technologies Advance UAVs for Science, Military; Inflatable Antennas Support Emergency Communication; Smart Sensors Assess Structural Health; Hand-Held Devices Detect Explosives and Chemical Agents; Terahertz Tools Advance Imaging for Security, Industry; LED Systems Target Plant Growth; Aerogels Insulate Against Extreme Temperatures; Image Sensors Enhance Camera Technologies; Lightweight Material Patches Allow for Quick Repairs; Nanomaterials Transform Hairstyling Tools; Do-It-Yourself Additives Recharge Auto Air Conditioning; Systems Analyze Water Quality in Real Time; Compact Radiometers Expand Climate Knowledge; Energy Servers Deliver Clean, Affordable Power; Solutions Remediate Contaminated Groundwater; Bacteria Provide Cleanup of Oil Spills, Wastewater; Reflective Coatings Protect People and Animals; Innovative Techniques Simplify Vibration Analysis; Modeling Tools Predict Flow in Fluid Dynamics; Verification Tools Secure Online Shopping, Banking; Toolsets Maintain Health of Complex Systems; Framework Resources Multiply Computing Power; Tools Automate Spacecraft Testing, Operation; GPS Software Packages Deliver Positioning Solutions; Solid-State Recorders Enhance Scientific Data Collection; Computer Models Simulate Fine Particle Dispersion; Composite Sandwich Technologies Lighten Components; Cameras Reveal Elements in the Short Wave Infrared; Deformable Mirrors Correct Optical Distortions; Stitching Techniques Advance Optics Manufacturing; Compact, Robust Chips Integrate Optical Functions; Fuel Cell Stations Automate Processes, Catalyst Testing; Onboard Systems Record Unique Videos of Space Missions; Space Research Results Purify Semiconductor Materials; and Toolkits Control Motion of Complex Robotics.

Endogeneity in prison risk classification.

PubMed

Shermer, Lauren O'Neill; Bierie, David M; Stock, Amber

2013-10-01

Security designation tools are a key feature of all prisons in the United States, intended as objective measures of risk that funnel inmates into security levels-to prison environments varying in degree of intrusiveness, restriction, dangerousness, and cost. These tools are mostly (if not all) validated by measuring inmates on a set of characteristics, using scores from summations of that information to assign inmates to prisons of varying security level, and then observing whether inmates assumed more risky did in fact offend more. That approach leaves open the possibility of endogeneity--that the harsher prisons are themselves bringing about higher misconduct and thus biasing coefficients assessing individual risk. The current study assesses this potential bias by following an entry cohort of inmates to more than 100 facilities in the Federal Bureau of Prisons (BOP) and exploiting the substantial variation in classification scores within a given prison that derive from systematic overrides of security-level designations for reasons not associated with risk of misconduct. By estimating pooled models of misconduct along with prison-fixed effects specifications, the data show that a portion of the predictive accuracy thought associated with the risk-designation tool used in BOP was a function of facility-level contamination (endogeneity).

SPOT: Optimization Tool for Network Adaptable Security

NASA Astrophysics Data System (ADS)

Ksiezopolski, Bogdan; Szalachowski, Pawel; Kotulski, Zbigniew

Recently we have observed the growth of the intelligent application especially with its mobile character, called e-anything. The implementation of these applications provides guarantee of security requirements of the cryptographic protocols which are used in the application. Traditionally the protocols have been configured with the strongest possible security mechanisms. Unfortunately, when the application is used by means of the mobile devices, the strongest protection can lead to the denial of services for them. The solution of this problem is introducing the quality of protection models which will scale the protection level depending on the actual threat level. In this article we would like to introduce the application which manages the protection level of the processes in the mobile environment. The Security Protocol Optimizing Tool (SPOT) optimizes the cryptographic protocol and defines the protocol version appropriate to the actual threat level. In this article the architecture of the SPOT is presented with a detailed description of the included modules.

External validity and anchoring heuristics: application of DUNDRUM-1 to secure service gatekeeping in South Wales.

PubMed

Lawrence, Daniel; Davies, Tracey-Lee; Bagshaw, Ruth; Hewlett, Paul; Taylor, Pamela; Watt, Andrew

2018-02-01

Aims and method Structured clinical judgement tools provide scope for the standardisation of forensic service gatekeeping and also allow identification of heuristics in this decision process. The DUNDRUM-1 triage tool was completed retrospectively for 121 first-time referrals to forensic services in South Wales. Fifty were admitted to medium security, 49 to low security and 22 remained in open conditions. DUNDRUM-1 total scores differed appropriately between different levels of security. However, regression revealed heuristic anchoring on the 'legal process' and 'immediacy of risk due to mental disorder' items. Clinical implications Patient placement was broadly aligned with DUNDRUM-1 recommendations. However, not all triage items informed gatekeeping decisions. It remains to be seen whether decisions anchored in this way are effective. Declaration of interest Dr Mark Freestone gave permission for AUC values from Freestone et al. (2015) to be presented here for comparison.

Security concept in 'MyAngelWeb' a website for the individual patient at risk of emergency.

PubMed

Pinciroli, F; Nahaissi, D; Boschini, M; Ferrari, R; Meloni, G; Camnasio, M; Spaggiari, P; Carnerone, G

2000-11-01

We describe the Security Plan for the 'MyAngelWeb' service. The different actors involved in the service are subject to different security procedures. The core of the security system is implemented at the host site by means of a DBMS and standard Information Technology tools. Hardware requirements for sustainable security are needed at the web-site construction sites. They are not needed at the emergency physician's site. At the emergency physician's site, a two-way authentication system (password and test phrase method) is implemented.

Security concept in 'MyAngelWeb((R))' a website for the individual patient at risk of emergency.

PubMed

Pinciroli; Nahaissi; Boschini; Ferrari; Meloni; Camnasio; Spaggiari; Carnerone

2000-11-01

We describe the Security Plan for the 'MyAngelWeb' service. The different actors involved in the service are subject to different security procedures. The core of the security system is implemented at the host site by means of a DBMS and standard Information Technology tools. Hardware requirements for sustainable security are needed at the web-site construction sites. They are not needed at the emergency physician's site. At the emergency physician's site, a two-way authentication system (password and test phrase method) is implemented.

Using incident response trees as a tool for risk management of online financial services.

PubMed

Gorton, Dan

2014-09-01

The article introduces the use of probabilistic risk assessment for modeling the incident response process of online financial services. The main contribution is the creation of incident response trees, using event tree analysis, which provides us with a visual tool and a systematic way to estimate the probability of a successful incident response process against the currently known risk landscape, making it possible to measure the balance between front-end and back-end security measures. The model is presented using an illustrative example, and is then applied to the incident response process of a Swedish bank. Access to relevant data is verified and the applicability and usability of the proposed model is verified using one year of historical data. Potential advantages and possible shortcomings are discussed, referring to both the design phase and the operational phase, and future work is presented. © 2014 Society for Risk Analysis.

Sandia National Laboratories analysis code data base

NASA Astrophysics Data System (ADS)

Peterson, C. W.

1994-11-01

Sandia National Laboratories' mission is to solve important problems in the areas of national defense, energy security, environmental integrity, and industrial technology. The laboratories' strategy for accomplishing this mission is to conduct research to provide an understanding of the important physical phenomena underlying any problem, and then to construct validated computational models of the phenomena which can be used as tools to solve the problem. In the course of implementing this strategy, Sandia's technical staff has produced a wide variety of numerical problem-solving tools which they use regularly in the design, analysis, performance prediction, and optimization of Sandia components, systems, and manufacturing processes. This report provides the relevant technical and accessibility data on the numerical codes used at Sandia, including information on the technical competency or capability area that each code addresses, code 'ownership' and release status, and references describing the physical models and numerical implementation.

Method and tool for network vulnerability analysis

DOEpatents

Swiler, Laura Painton [Albuquerque, NM; Phillips, Cynthia A [Albuquerque, NM

2006-03-14

A computer system analysis tool and method that will allow for qualitative and quantitative assessment of security attributes and vulnerabilities in systems including computer networks. The invention is based on generation of attack graphs wherein each node represents a possible attack state and each edge represents a change in state caused by a single action taken by an attacker or unwitting assistant. Edges are weighted using metrics such as attacker effort, likelihood of attack success, or time to succeed. Generation of an attack graph is accomplished by matching information about attack requirements (specified in "attack templates") to information about computer system configuration (contained in a configuration file that can be updated to reflect system changes occurring during the course of an attack) and assumed attacker capabilities (reflected in "attacker profiles"). High risk attack paths, which correspond to those considered suited to application of attack countermeasures given limited resources for applying countermeasures, are identified by finding "epsilon optimal paths."

Tool For Installation Of Seal In Tube Fitting

NASA Technical Reports Server (NTRS)

Trevathan, Joseph R.

1993-01-01

Plierslike tool helps secure repair seal in fitting. Tool crimps repair seal into tube fitting, ensuring tight fit every time. Modified pair of snapring pliers to which knife-edge jaws have been added. Spring added between handles. Also includes separate, accompanying support ring.

Modelling of tunnelling processes and rock cutting tool wear with the particle finite element method

NASA Astrophysics Data System (ADS)

Carbonell, Josep Maria; Oñate, Eugenio; Suárez, Benjamín

2013-09-01

Underground construction involves all sort of challenges in analysis, design, project and execution phases. The dimension of tunnels and their structural requirements are growing, and so safety and security demands do. New engineering tools are needed to perform a safer planning and design. This work presents the advances in the particle finite element method (PFEM) for the modelling and the analysis of tunneling processes including the wear of the cutting tools. The PFEM has its foundation on the Lagrangian description of the motion of a continuum built from a set of particles with known physical properties. The method uses a remeshing process combined with the alpha-shape technique to detect the contacting surfaces and a finite element method for the mechanical computations. A contact procedure has been developed for the PFEM which is combined with a constitutive model for predicting the excavation front and the wear of cutting tools. The material parameters govern the coupling of frictional contact and wear between the interacting domains at the excavation front. The PFEM allows predicting several parameters which are relevant for estimating the performance of a tunnelling boring machine such as wear in the cutting tools, the pressure distribution on the face of the boring machine and the vibrations produced in the machinery and the adjacent soil/rock. The final aim is to help in the design of the excavating tools and in the planning of the tunnelling operations. The applications presented show that the PFEM is a promising technique for the analysis of tunnelling problems.

iReport: a generalised Galaxy solution for integrated experimental reporting.

PubMed

Hiltemann, Saskia; Hoogstrate, Youri; der Spek, Peter van; Jenster, Guido; Stubbs, Andrew

2014-01-01

Galaxy offers a number of visualisation options with components, such as Trackster, Circster and Galaxy Charts, but currently lacks the ability to easily combine outputs from different tools into a single view or report. A number of tools produce HTML reports as output in order to combine the various output files from a single tool; however, this requires programming and knowledge of HTML, and the reports must be custom-made for each new tool. We have developed a generic and flexible reporting tool for Galaxy, iReport, that allows users to create interactive HTML reports directly from the Galaxy UI, with the ability to combine an arbitrary number of outputs from any number of different tools. Content can be organised into different tabs, and interactivity can be added to components. To demonstrate the capability of iReport we provide two publically available examples, the first is an iReport explaining about iReports, created for, and using content from the recent Galaxy Community Conference 2014. The second is a genetic report based on a trio analysis to determine candidate pathogenic variants which uses our previously developed Galaxy toolset for whole-genome NGS analysis, CGtag. These reports may be adapted for outputs from any sequencing platform and any results, such as omics data, non-high throughput results and clinical variables. iReport provides a secure, collaborative, and flexible web-based reporting system that is compatible with Galaxy (and non-Galaxy) generated content. We demonstrate its value with a real-life example of reporting genetic trio-analysis.

An Enhanced Biometric Based Authentication with Key-Agreement Protocol for Multi-Server Architecture Based on Elliptic Curve Cryptography.

PubMed

Reddy, Alavalapati Goutham; Das, Ashok Kumar; Odelu, Vanga; Yoo, Kee-Young

2016-01-01

Biometric based authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in wireless technologies and associated constraints. Lu et al. recently proposed a robust biometric based authentication with key agreement protocol for a multi-server environment using smart cards. They claimed that their protocol is efficient and resistant to prominent security attacks. The careful investigation of this paper proves that Lu et al.'s protocol does not provide user anonymity, perfect forward secrecy and is susceptible to server and user impersonation attacks, man-in-middle attacks and clock synchronization problems. In addition, this paper proposes an enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography using smartcards. We proved that the proposed protocol achieves mutual authentication using Burrows-Abadi-Needham (BAN) logic. The formal security of the proposed protocol is verified using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our protocol can withstand active and passive attacks. The formal and informal security analyses and performance analysis demonstrates that the proposed protocol is robust and efficient compared to Lu et al.'s protocol and existing similar protocols.

A GIS-based decision support system for regional eco-security assessment and its application on the Tibetan Plateau.

PubMed

Xiaodan, Wang; Xianghao, Zhong; Pan, Gao

2010-10-01

Regional eco-security assessment is an intricate, challenging task. In previous studies, the integration of eco-environmental models and geographical information systems (GIS) usually takes two approaches: loose coupling and tight coupling. However, the present study used a full coupling approach to develop a GIS-based regional eco-security assessment decision support system (ESDSS). This was achieved by merging the pressure-state-response (PSR) model and the analytic hierarchy process (AHP) into ArcGIS 9 as a dynamic link library (DLL) using ArcObjects in ArcGIS and Visual Basic for Applications. Such an approach makes it easy to capitalize on the GIS visualization and spatial analysis functions, thereby significantly supporting the dynamic estimation of regional eco-security. A case study is presented for the Tibetan Plateau, known as the world's "third pole" after the Arctic and Antarctic. Results verified the usefulness and feasibility of the developed method. As a useful tool, the ESDSS can also help local managers to make scientifically-based and effective decisions about Tibetan eco-environmental protection and land use. Copyright (c) 2010 Elsevier Ltd. All rights reserved.

Ergonomic evaluation of a wheelchair transportation securement system.

PubMed

Ahmed, Madiha; Campbell-Kyureghyan, Naira; Frost, Karen; Bertocci, Gina

2012-01-01

The Americans with Disabilities Act (ADA) specifies guidelines covering the securement system and environment for wheeled mobility device (WhMD) passengers on the public bus system in the United States, referred to as the wheelchair tiedown and occupant restraint system (WTORS). The misuse or disuse of the WTORS system can be a source of injury for WhMD passengers riding the buses. The purpose of this study was to quantify the risks posed to the bus driver while performing the WTORS procedure using traditional ergonomic analysis methods. Four bus drivers completed the WTORS procedure for a representative passenger seated in three different WhMDs: manual wheelchair (MWC), scooter (SCTR), and power wheelchair (PWC). Potential work-related risks were identified using the four most applicable ergonomic assessment tools: PLIBEL, RULA, REBA, and iLMM. Task evaluation results revealed high levels of risk to be present to drivers during the WTORS procedure. The securement station space design and equipment layout were identified as contributing factors forcing drivers to adopt awkward postures while performing the WTORS task. These risk factors are known contributors to injury and the drivers could opt to improperly secure the passengers to avoid that risk.

Web tools for predictive toxicology model building.

PubMed

Jeliazkova, Nina

2012-07-01

The development and use of web tools in chemistry has accumulated more than 15 years of history already. Powered by the advances in the Internet technologies, the current generation of web systems are starting to expand into areas, traditional for desktop applications. The web platforms integrate data storage, cheminformatics and data analysis tools. The ease of use and the collaborative potential of the web is compelling, despite the challenges. The topic of this review is a set of recently published web tools that facilitate predictive toxicology model building. The focus is on software platforms, offering web access to chemical structure-based methods, although some of the frameworks could also provide bioinformatics or hybrid data analysis functionalities. A number of historical and current developments are cited. In order to provide comparable assessment, the following characteristics are considered: support for workflows, descriptor calculations, visualization, modeling algorithms, data management and data sharing capabilities, availability of GUI or programmatic access and implementation details. The success of the Web is largely due to its highly decentralized, yet sufficiently interoperable model for information access. The expected future convergence between cheminformatics and bioinformatics databases provides new challenges toward management and analysis of large data sets. The web tools in predictive toxicology will likely continue to evolve toward the right mix of flexibility, performance, scalability, interoperability, sets of unique features offered, friendly user interfaces, programmatic access for advanced users, platform independence, results reproducibility, curation and crowdsourcing utilities, collaborative sharing and secure access.

The VIDA Framework as an Education Tool: Leveraging Volcanology Data for Educational Purposes

NASA Astrophysics Data System (ADS)

Faied, D.; Sanchez, A.

2009-04-01

The VIDA Framework as an Education Tool: Leveraging Volcanology Data for Educational Purposes Dohy Faied, Aurora Sanchez (on behalf of SSP08 VAPOR Project Team) While numerous global initiatives exist to address the potential hazards posed by volcanic eruption events and assess impacts from a civil security viewpoint, there does not yet exist a single, unified, international system of early warning and hazard tracking for eruptions. Numerous gaps exist in the risk reduction cycle, from data collection, to data processing, and finally dissemination of salient information to relevant parties. As part of the 2008 International Space University's Space Studies Program, a detailed gap analysis of the state of volcano disaster risk reduction was undertaken, and this paper presents the principal results. This gap analysis considered current sensor technologies, data processing algorithms, and utilization of data products by various international organizations. Recommendations for strategies to minimize or eliminate certain gaps are also provided. In the effort to address the gaps, a framework evolved at system level. This framework, known as VIDA, is a tool to develop user requirements for civil security in hazardous contexts, and a candidate system concept for a detailed design phase. While the basic intention of VIDA is to support disaster risk reduction efforts, there are several methods of leveraging raw science data to support education across a wide demographic. Basic geophysical data could be used to educate school children about the characteristics of volcanoes, satellite mappings could support informed growth and development of societies in at-risk areas, and raw sensor data could contribute to a wide range of university-level research projects. Satellite maps, basic geophysical data, and raw sensor data are combined and accessible in a way that allows the relationships between these data types to be explored and used in a training environment. Such a resource naturally lends itself to research efforts in the subject but also research in operational tools, system architecture, and human/machine interaction in civil protection or emergency scenarios.

Developing a Science Commons for Geosciences

NASA Astrophysics Data System (ADS)

Lenhardt, W. C.; Lander, H.

2016-12-01

Many scientific communities, recognizing the research possibilities inherent in data sets, have created domain specific archives such as the Incorporated Research Institutions for Seismology (iris.edu) and ClinicalTrials.gov. Though this is an important step forward, most scientists, including geoscientists, also use a variety of software tools and at least some amount of computation to conduct their research. While the archives make it simpler for scientists to locate the required data, provisioning disk space, compute resources, and network bandwidth can still require significant efforts. This challenge exists despite the wealth of resources available to researchers, namely lab IT resources, institutional IT resources, national compute resources (XSEDE, OSG), private clouds, public clouds, and the development of cyberinfrastructure technologies meant to facilitate use of those resources. Further tasks include obtaining and installing required tools for analysis and visualization. If the research effort is a collaboration or involves certain types of data, then the partners may well have additional non-scientific tasks such as securing the data and developing secure sharing methods for the data. These requirements motivate our investigations into the "Science Commons". This paper will present a working definition of a science commons, compare and contrast examples of existing science commons, and describe a project based at RENCI to implement a science commons for risk analytics. We will then explore what a similar tool might look like for the geosciences.

Investigating the need for clinicians to use tablet computers with a newly envisioned electronic health record.

PubMed

Saleem, Jason J; Savoy, April; Etherton, Gale; Herout, Jennifer

2018-02-01

The Veterans Health Administration (VHA) has deployed a large number of tablet computers in the last several years. However, little is known about how clinicians may use these devices with a newly planned Web-based electronic health record (EHR), as well as other clinical tools. The objective of this study was to understand the types of use that can be expected of tablet computers versus desktops. Semi-structured interviews were conducted with 24 clinicians at a Veterans Health Administration (VHA) Medical Center. An inductive qualitative analysis resulted in findings organized around recurrent themes of: (1) Barriers, (2) Facilitators, (3) Current Use, (4) Anticipated Use, (5) Patient Interaction, and (6) Connection. Our study generated several recommendations for the use of tablet computers with new health information technology tools being developed. Continuous connectivity for the mobile device is essential to avoid interruptions and clinician frustration. Also, making a physical keyboard available as an option for the tablet was a clear desire from the clinicians. Larger tablets (e.g., regular size iPad as compared to an iPad mini) were preferred. Being able to use secure messaging tools with the tablet computer was another consistent finding. Finally, more simplicity is needed for accessing patient data on mobile devices, while balancing the important need for adequate security. Published by Elsevier B.V.

Transportation Security Administration in Defense of the National Aviation Infrastructure

DTIC Science & Technology

2009-02-12

evidence suggests a hole exists within our airport security process. That hole may be caused by an over-reliance on technology and a blatant disregard of...environment enables BDOs to operate with increased effectiveness.11 Technology. Three major tools sit at the airport security technology forefront...Through Covert Testing of TSA’s Passenger Screening Process, GAO‐08‐48T, 15 Nov 07, 2. 16 Orlando News, “TSA Workers Skipping Orlando Airport Security Causes

Information technology as a tool for the Italian Institute of Social Security (INPS) in the management of social security and civil disability: Pro and cons.

PubMed

Sammicheli, Michele; Scaglione, Marcella

2018-01-01

We examine, from a medical-legal perspective, the pro and cons of the information technology procedures that the Italian Institute of Social Security (INPS) has implemented to manage the provision of social disability assistance, meaning that separate from the payment of pension contributions, being welfare, anchored to an administrative requirement by way of the compulsory payment of a minimum social security contribution.

Hybrid vehicle motor alignment

DOEpatents

Levin, Michael Benjamin

2001-07-03

A rotor of an electric motor for a motor vehicle is aligned to an axis of rotation for a crankshaft of an internal combustion engine having an internal combustion engine and an electric motor. A locator is provided on the crankshaft, a piloting tool is located radially by the first locator to the crankshaft. A stator of the electric motor is aligned to a second locator provided on the piloting tool. The stator is secured to the engine block. The rotor is aligned to the crankshaft and secured thereto.

Privacy-preserving microbiome analysis using secure computation.

PubMed

Wagner, Justin; Paulson, Joseph N; Wang, Xiao; Bhattacharjee, Bobby; Corrada Bravo, Héctor

2016-06-15

Developing targeted therapeutics and identifying biomarkers relies on large amounts of research participant data. Beyond human DNA, scientists now investigate the DNA of micro-organisms inhabiting the human body. Recent work shows that an individual's collection of microbial DNA consistently identifies that person and could be used to link a real-world identity to a sensitive attribute in a research dataset. Unfortunately, the current suite of DNA-specific privacy-preserving analysis tools does not meet the requirements for microbiome sequencing studies. To address privacy concerns around microbiome sequencing, we implement metagenomic analyses using secure computation. Our implementation allows comparative analysis over combined data without revealing the feature counts for any individual sample. We focus on three analyses and perform an evaluation on datasets currently used by the microbiome research community. We use our implementation to simulate sharing data between four policy-domains. Additionally, we describe an application of our implementation for patients to combine data that allows drug developers to query against and compensate patients for the analysis. The software is freely available for download at: http://cbcb.umd.edu/∼hcorrada/projects/secureseq.html Supplementary data are available at Bioinformatics online. hcorrada@umiacs.umd.edu. © The Author 2016. Published by Oxford University Press.

National Fusion Collaboratory: Grid Computing for Simulations and Experiments

NASA Astrophysics Data System (ADS)

Greenwald, Martin

2004-05-01

The National Fusion Collaboratory Project is creating a computational grid designed to advance scientific understanding and innovation in magnetic fusion research by facilitating collaborations, enabling more effective integration of experiments, theory and modeling and allowing more efficient use of experimental facilities. The philosophy of FusionGrid is that data, codes, analysis routines, visualization tools, and communication tools should be thought of as network available services, easily used by the fusion scientist. In such an environment, access to services is stressed rather than portability. By building on a foundation of established computer science toolkits, deployment time can be minimized. These services all share the same basic infrastructure that allows for secure authentication and resource authorization which allows stakeholders to control their own resources such as computers, data and experiments. Code developers can control intellectual property, and fair use of shared resources can be demonstrated and controlled. A key goal is to shield scientific users from the implementation details such that transparency and ease-of-use are maximized. The first FusionGrid service deployed was the TRANSP code, a widely used tool for transport analysis. Tools for run preparation, submission, monitoring and management have been developed and shared among a wide user base. This approach saves user sites from the laborious effort of maintaining such a large and complex code while at the same time reducing the burden on the development team by avoiding the need to support a large number of heterogeneous installations. Shared visualization and A/V tools are being developed and deployed to enhance long-distance collaborations. These include desktop versions of the Access Grid, a highly capable multi-point remote conferencing tool and capabilities for sharing displays and analysis tools over local and wide-area networks.

Social Media - DoD’s Greatest Information Sharing Tool or Weakest Security Link?

DTIC Science & Technology

2010-04-15

porn . ―This makes us our own worst threat‖, writes one DoD network security specialist. ―There are a variety of reasons for this and most are tied to...great „toy‟ to talk to your friends and play video games. DHS Secretary Napolitano discussed the need to hire 1,000 cyber security experts over the

Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users.

PubMed

Veksler, Vladislav D; Buchler, Norbou; Hoffman, Blaine E; Cassenti, Daniel N; Sample, Char; Sugrim, Shridat

2018-01-01

Computational models of cognitive processes may be employed in cyber-security tools, experiments, and simulations to address human agency and effective decision-making in keeping computational networks secure. Cognitive modeling can addresses multi-disciplinary cyber-security challenges requiring cross-cutting approaches over the human and computational sciences such as the following: (a) adversarial reasoning and behavioral game theory to predict attacker subjective utilities and decision likelihood distributions, (b) human factors of cyber tools to address human system integration challenges, estimation of defender cognitive states, and opportunities for automation, (c) dynamic simulations involving attacker, defender, and user models to enhance studies of cyber epidemiology and cyber hygiene, and (d) training effectiveness research and training scenarios to address human cyber-security performance, maturation of cyber-security skill sets, and effective decision-making. Models may be initially constructed at the group-level based on mean tendencies of each subject's subgroup, based on known statistics such as specific skill proficiencies, demographic characteristics, and cultural factors. For more precise and accurate predictions, cognitive models may be fine-tuned to each individual attacker, defender, or user profile, and updated over time (based on recorded behavior) via techniques such as model tracing and dynamic parameter fitting.

Using Rose and Compass for Authentication

DOE Office of Scientific and Technical Information (OSTI.GOV)

White, G

2009-07-09

Many recent non-proliferation software projects include a software authentication component. In this context, 'authentication' is defined as determining that a software package performs only its intended purpose and performs that purpose correctly and reliably over many years. In addition to visual inspection by knowledgeable computer scientists, automated tools are needed to highlight suspicious code constructs both to aid the visual inspection and to guide program development. While many commercial tools are available for portions of the authentication task, they are proprietary, and have limited extensibility. An open-source, extensible tool can be customized to the unique needs of each project. ROSEmore » is an LLNL-developed robust source-to-source analysis and optimization infrastructure currently addressing large, million-line DOE applications in C, C++, and FORTRAN. It continues to be extended to support the automated analysis of binaries (x86, ARM, and PowerPC). We continue to extend ROSE to address a number of security specific requirements and apply it to software authentication for non-proliferation projects. We will give an update on the status of our work.« less

78 FR 16694 - Chemical Security Assessment Tool (CSAT)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-18

... information provided. Comments that include trade secrets, confidential commercial or financial information... secrets, confidential commercial or financial information, CVI, SSI, or PCII should be appropriately... Department make the instruments (e.g., Top-Screen, Security Vulnerability Assessment [SVA]/ Alternative...

Lawrence Livermore National Laboratory`s Computer Security Short Subjects Videos: Hidden Password, The Incident, Dangerous Games and The Mess; Computer Security Awareness Guide

DOE Office of Scientific and Technical Information (OSTI.GOV)

NONE

A video on computer security is described. Lonnie Moore, the Computer Security Manager, CSSM/CPPM at Lawrence Livermore National Laboratory (LLNL) and Gale Warshawsky, the Coordinator for Computer Security Education and Awareness at LLNL, wanted to share topics such as computer ethics, software piracy, privacy issues, and protecting information in a format that would capture and hold an audience`s attention. Four Computer Security Short Subject videos were produced which ranged from 1--3 minutes each. These videos are very effective education and awareness tools that can be used to generate discussions about computer security concerns and good computing practices.

A secure and robust password-based remote user authentication scheme using smart cards for the integrated EPR information system.

PubMed

Das, Ashok Kumar

2015-03-01

An integrated EPR (Electronic Patient Record) information system of all the patients provides the medical institutions and the academia with most of the patients' information in details for them to make corrective decisions and clinical decisions in order to maintain and analyze patients' health. In such system, the illegal access must be restricted and the information from theft during transmission over the insecure Internet must be prevented. Lee et al. proposed an efficient password-based remote user authentication scheme using smart card for the integrated EPR information system. Their scheme is very efficient due to usage of one-way hash function and bitwise exclusive-or (XOR) operations. However, in this paper, we show that though their scheme is very efficient, their scheme has three security weaknesses such as (1) it has design flaws in password change phase, (2) it fails to protect privileged insider attack and (3) it lacks the formal security verification. We also find that another recently proposed Wen's scheme has the same security drawbacks as in Lee at al.'s scheme. In order to remedy these security weaknesses found in Lee et al.'s scheme and Wen's scheme, we propose a secure and efficient password-based remote user authentication scheme using smart cards for the integrated EPR information system. We show that our scheme is also efficient as compared to Lee et al.'s scheme and Wen's scheme as our scheme only uses one-way hash function and bitwise exclusive-or (XOR) operations. Through the security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks.

Next generation tools for genomic data generation, distribution, and visualization

PubMed Central

2010-01-01

Background With the rapidly falling cost and availability of high throughput sequencing and microarray technologies, the bottleneck for effectively using genomic analysis in the laboratory and clinic is shifting to one of effectively managing, analyzing, and sharing genomic data. Results Here we present three open-source, platform independent, software tools for generating, analyzing, distributing, and visualizing genomic data. These include a next generation sequencing/microarray LIMS and analysis project center (GNomEx); an application for annotating and programmatically distributing genomic data using the community vetted DAS/2 data exchange protocol (GenoPub); and a standalone Java Swing application (GWrap) that makes cutting edge command line analysis tools available to those who prefer graphical user interfaces. Both GNomEx and GenoPub use the rich client Flex/Flash web browser interface to interact with Java classes and a relational database on a remote server. Both employ a public-private user-group security model enabling controlled distribution of patient and unpublished data alongside public resources. As such, they function as genomic data repositories that can be accessed manually or programmatically through DAS/2-enabled client applications such as the Integrated Genome Browser. Conclusions These tools have gained wide use in our core facilities, research laboratories and clinics and are freely available for non-profit use. See http://sourceforge.net/projects/gnomex/, http://sourceforge.net/projects/genoviz/, and http://sourceforge.net/projects/useq. PMID:20828407

Modernization of the Cassini Ground System

NASA Technical Reports Server (NTRS)

Razo, Gus; Fujii, Tammy J.

2014-01-01

The Cassini Spacecraft and its ground system have been operational for over 16 years. Modernization presents several challenges due to the personnel, processes, and tools already invested and embedded into the current ground system structure. Every mission's ground system has its own unique complexities and challenges, involving various organizational units. As any mission from its inception to its execution, schedules are always tight. This forces GDS engineers to implement a working ground system that is not necessarily fully optimized. Ground system challenges increase as technology evolves and cyber threats become more sophisticated. Cassini's main challenges were due to its ground system existing before many security requirements were levied on the multi-mission tools and networks. This caused a domino effect on Cassini GDS tools that relied on outdated technological features. In the aerospace industry reliable and established technology is preferred over innovative yet less proven technology. Loss of data for a spacecraft mission can be catastrophic; therefore, there is a reluctance to make changes and updates to the ground system. Nevertheless, all missions and associated teams face the need to modernize their processes and tools. Systems development methods from well-known system analysis and design principles can be applied to many missions' ground systems. Modernization should always be considered, but should be done in such a way that it does not affect flexibility nor interfere with established practices. Cassini has accomplished a secure and efficient ground data system through periodic updates. The obstacles faced while performing the modernization of the Cassini ground system will be outlined, as well as the advantages and challenges that were encountered.

Earth Observations for Early Detection of Agricultural Drought: Contributions of the Famine Early Warning Systems Network (FEWS NET)

NASA Astrophysics Data System (ADS)

Budde, M. E.; Funk, C.; Husak, G. J.; Peterson, P.; Rowland, J.; Senay, G. B.; Verdin, J. P.

2016-12-01

The U.S. Geological Survey (USGS) has a long history of supporting the use of Earth observation data for food security monitoring through its role as an implementing partner of the Famine Early Warning Systems Network (FEWS NET) program. The use of remote sensing and crop modeling to address food security threats in the form of drought, floods, pests, and changing climatic regimes has been a core activity in monitoring FEWS NET countries. In recent years, it has become a requirement that FEWS NET apply monitoring and modeling frameworks at global scales to assess emerging crises in regions that FEWS NET does not traditionally monitor. USGS FEWS NET, in collaboration with the University of California, Santa Barbara, has developed a number of new global applications of satellite observations, derived products, and efficient tools for visualization and analyses to address these requirements. (1) A 35-year quasi-global (+/- 50 degrees latitude) time series of gridded rainfall estimates, the Climate Hazards Infrared Precipitation with Stations (CHIRPS) dataset, based on infrared satellite imagery and station observations. Data are available as 5-day (pentadal) accumulations at 0.05 degree spatial resolution. (2) Global actual evapotranspiration data based on application of the Simplified Surface Energy Balance (SSEB) model using 10-day MODIS Land Surface Temperature composites at 1-km resolution. (3) Production of global expedited MODIS (eMODIS) 10-day NDVI composites updated every 5 days. (4) Development of an updated Early Warning eXplorer (EWX) tool for data visualization, analysis, and sharing. (5) Creation of stand-alone tools for enhancement of gridded rainfall data and trend analyses. (6) Establishment of an agro-climatology analysis tool and knowledge base for more than 90 countries of interest to FEWS NET. In addition to these new products and tools, FEWS NET has partnered with the GEOGLAM community to develop a Crop Monitor for Early Warning (CM4EW) which brings together global expertise in agricultural monitoring to reach consensus on growing season status of "countries at risk". Such engagements will result in enhanced capabilities for extending our monitoring efforts globally.

Detecting objects in radiographs for homeland security

NASA Astrophysics Data System (ADS)

Prasad, Lakshman; Snyder, Hans

2005-05-01

We present a general scheme for segmenting a radiographic image into polygons that correspond to visual features. This decomposition provides a vectorized representation that is a high-level description of the image. The polygons correspond to objects or object parts present in the image. This characterization of radiographs allows the direct application of several shape recognition algorithms to identify objects. In this paper we describe the use of constrained Delaunay triangulations as a uniform foundational tool to achieve multiple visual tasks, namely image segmentation, shape decomposition, and parts-based shape matching. Shape decomposition yields parts that serve as tokens representing local shape characteristics. Parts-based shape matching enables the recognition of objects in the presence of occlusions, which commonly occur in radiographs. The polygonal representation of image features affords the efficient design and application of sophisticated geometric filtering methods to detect large-scale structural properties of objects in images. Finally, the representation of radiographs via polygons results in significant reduction of image file sizes and permits the scalable graphical representation of images, along with annotations of detected objects, in the SVG (scalable vector graphics) format that is proposed by the world wide web consortium (W3C). This is a textual representation that can be compressed and encrypted for efficient and secure transmission of information over wireless channels and on the Internet. In particular, our methods described here provide an algorithmic framework for developing image analysis tools for screening cargo at ports of entry for homeland security.

Security of the Five-Round KASUMI Type Permutation

NASA Astrophysics Data System (ADS)

Iwata, Tetsu; Yagi, Tohru; Kurosawa, Kaoru

KASUMI is a blockcipher that forms the heart of the 3GPP confidentiality and integrity algorithms. In this paper, we study the security of the five-round KASUMI type permutations, and derive a highly non-trivial security bound against adversaries with adaptive chosen plaintext and chosen ciphertext attacks. To derive our security bound, we heavily use the tools from graph theory. However the result does not show its super-pseudorandomness, this gives us a strong evidence that the design of KASUMI is sound.

Promoting exercise behaviour in a secure mental health setting: Healthcare assistant perspectives.

PubMed

Kinnafick, Florence-Emilie; Papathomas, Anthony; Regoczi, Dora

2018-05-30

Individuals with severe mental illness engage in significantly less amounts of physical activity than the general population. A secure mental health setting can exacerbate barriers to exercise, and facilitate physical inactivity and sedentary behaviour. Healthcare assistants are intimately involved in the daily lives of patients and, therefore, should be considered integral to exercise promotion in secure mental health settings. Our aim was to explore healthcare assistants' perceptions of exercise and their attitudes to exercise promotion for adult patients in a secure mental health hospital. Qualitative semi-structured interviews were conducted with 11 healthcare assistants from a large UK-based secure mental health hospital. Topics included healthcare assistants' personal experiences of exercise within a secure facility, their perceptions of exercise as an effective treatment tool for mental health, and their perceived roles and responsibilities for exercise promotion. Thematic analysis was used to analyse the data. Three main themes were identified: (i) exercise is multi-beneficial to patients, (ii) perceived barriers to effective exercise promotion, and (iii) strategies for effectives exercise promotion. Healthcare assistants considered exercise to hold patient benefits. However, core organizational and individual barriers limited healthcare assistants' exercise promotion efforts. An informal approach to exercise promotion was deemed most effective to some, whereas others committed to more formal strategies including compulsory sessions. With education and organizational support, we propose healthcare assistants are well placed to identify individual needs for exercise promotion. Their consultation could lead to more efficacious, person-sensitive interventions. © 2018 Australian College of Mental Health Nurses Inc.

An improved anonymous authentication scheme for roaming in ubiquitous networks.

PubMed

Lee, Hakjun; Lee, Donghoon; Moon, Jongho; Jung, Jaewook; Kang, Dongwoo; Kim, Hyoungshick; Won, Dongho

2018-01-01

With the evolution of communication technology and the exponential increase of mobile devices, the ubiquitous networking allows people to use our data and computing resources anytime and everywhere. However, numerous security concerns and complicated requirements arise as these ubiquitous networks are deployed throughout people's lives. To meet the challenge, the user authentication schemes in ubiquitous networks should ensure the essential security properties for the preservation of the privacy with low computational cost. In 2017, Chaudhry et al. proposed a password-based authentication scheme for the roaming in ubiquitous networks to enhance the security. Unfortunately, we found that their scheme remains insecure in its protection of the user privacy. In this paper, we prove that Chaudhry et al.'s scheme is vulnerable to the stolen-mobile device and user impersonation attacks, and its drawbacks comprise the absence of the incorrect login-input detection, the incorrectness of the password change phase, and the absence of the revocation provision. Moreover, we suggest a possible way to fix the security flaw in Chaudhry et al's scheme by using the biometric-based authentication for which the bio-hash is applied in the implementation of a three-factor authentication. We prove the security of the proposed scheme with the random oracle model and formally verify its security properties using a tool named ProVerif, and analyze it in terms of the computational and communication cost. The analysis result shows that the proposed scheme is suitable for resource-constrained ubiquitous environments.

An improved anonymous authentication scheme for roaming in ubiquitous networks

PubMed Central

Lee, Hakjun; Lee, Donghoon; Moon, Jongho; Jung, Jaewook; Kang, Dongwoo; Kim, Hyoungshick

2018-01-01

With the evolution of communication technology and the exponential increase of mobile devices, the ubiquitous networking allows people to use our data and computing resources anytime and everywhere. However, numerous security concerns and complicated requirements arise as these ubiquitous networks are deployed throughout people’s lives. To meet the challenge, the user authentication schemes in ubiquitous networks should ensure the essential security properties for the preservation of the privacy with low computational cost. In 2017, Chaudhry et al. proposed a password-based authentication scheme for the roaming in ubiquitous networks to enhance the security. Unfortunately, we found that their scheme remains insecure in its protection of the user privacy. In this paper, we prove that Chaudhry et al.’s scheme is vulnerable to the stolen-mobile device and user impersonation attacks, and its drawbacks comprise the absence of the incorrect login-input detection, the incorrectness of the password change phase, and the absence of the revocation provision. Moreover, we suggest a possible way to fix the security flaw in Chaudhry et al’s scheme by using the biometric-based authentication for which the bio-hash is applied in the implementation of a three-factor authentication. We prove the security of the proposed scheme with the random oracle model and formally verify its security properties using a tool named ProVerif, and analyze it in terms of the computational and communication cost. The analysis result shows that the proposed scheme is suitable for resource-constrained ubiquitous environments. PMID:29505575

Research on offense and defense technology for iOS kernel security mechanism

NASA Astrophysics Data System (ADS)

Chu, Sijun; Wu, Hao

2018-04-01

iOS is a strong and widely used mobile device system. It's annual profits make up about 90% of the total profits of all mobile phone brands. Though it is famous for its security, there have been many attacks on the iOS operating system, such as the Trident apt attack in 2016. So it is important to research the iOS security mechanism and understand its weaknesses and put forward targeted protection and security check framework. By studying these attacks and previous jailbreak tools, we can see that an attacker could only run a ROP code and gain kernel read and write permissions based on the ROP after exploiting kernel and user layer vulnerabilities. However, the iOS operating system is still protected by the code signing mechanism, the sandbox mechanism, and the not-writable mechanism of the system's disk area. This is far from the steady, long-lasting control that attackers expect. Before iOS 9, breaking these security mechanisms was usually done by modifying the kernel's important data structures and security mechanism code logic. However, after iOS 9, the kernel integrity protection mechanism was added to the 64-bit operating system and none of the previous methods were adapted to the new versions of iOS [1]. But this does not mean that attackers can not break through. Therefore, based on the analysis of the vulnerability of KPP security mechanism, this paper implements two possible breakthrough methods for kernel security mechanism for iOS9 and iOS10. Meanwhile, we propose a defense method based on kernel integrity detection and sensitive API call detection to defense breakthrough method mentioned above. And we make experiments to prove that this method can prevent and detect attack attempts or invaders effectively and timely.

Situational Awareness Analysis Tools for Aiding Discovery of Security Events and Patterns

DTIC Science & Technology

2005-09-01

connection. If the difference in counts is greater than 20, then the connection is marked as non-p2p. If the port in question happens to be a well known p2p...comprised of the following four domains: (i) the target protected domain, BPRD (Bureau of Paranormal Research and Defense) comprising of various...has happened what actions can subsequently take place (its consequences). By placing this information with each alert, a system can match them

Comparing Two Tools for Mobile-Device Forensics

DTIC Science & Technology

2017-09-01

baseline standard. 2.4 Mobile Operating Systems "A mobile operating system is an operating system that is specifically designed to run on mobile devices... run on mobile devices" [7]. There are many different types of mobile operating systems and they are constantly changing, which means an operating...to this is that the security features make forensic analysis more difficult [11]. 2.4.2 iPhone "The iPhone runs an operating system called iOS. It is a

Verification of Triple Modular Redundancy (TMR) Insertion for Reliable and Trusted Systems

NASA Technical Reports Server (NTRS)

Berg, Melanie; LaBel, Kenneth A.

2016-01-01

We propose a method for TMR insertion verification that satisfies the process for reliable and trusted systems. If a system is expected to be protected using TMR, improper insertion can jeopardize the reliability and security of the system. Due to the complexity of the verification process, there are currently no available techniques that can provide complete and reliable confirmation of TMR insertion. This manuscript addresses the challenge of confirming that TMR has been inserted without corruption of functionality and with correct application of the expected TMR topology. The proposed verification method combines the usage of existing formal analysis tools with a novel search-detect-and-verify tool. Field programmable gate array (FPGA),Triple Modular Redundancy (TMR),Verification, Trust, Reliability,

Air Markets Program Data (AMPD)

EPA Pesticide Factsheets

The Air Markets Program Data tool allows users to search EPA data to answer scientific, general, policy, and regulatory questions about industry emissions. Air Markets Program Data (AMPD) is a web-based application that allows users easy access to both current and historical data collected as part of EPA's emissions trading programs. This site allows you to create and view reports and to download emissions data for further analysis. AMPD provides a query tool so users can create custom queries of industry source emissions data, allowance data, compliance data, and facility attributes. In addition, AMPD provides interactive maps, charts, reports, and pre-packaged datasets. AMPD does not require any additional software, plug-ins, or security controls and can be accessed using a standard web browser.

Modern Air&Space Power and political goals at war

NASA Astrophysics Data System (ADS)

Özer, Güngör.

2014-05-01

Modern AirandSpace Power is increasingly becoming a political tool. In this article, AirandSpacePower as a political tool will be discussed. The primary purpose of this article is to search how AirandSpacePower can provide contributions to security and also determine if it may reach the political goals on its own at war by SWOT Analysis Method and analysing the role of AirandSpace Power in Operation Unified Protector (Libya) as a case study. In conclusion, AirandSpacePower may not be sufficient to win the political goals on its own. However it may reach the political aims partially against the adversary on its own depending upon the situations. Moreover it can alone persuade the adversary to alter its behavior(s) in war.

Maude: A Wide Spectrum Language for Secure Active Networks

DTIC Science & Technology

2002-08-01

AFRL-IF-RS-TR-2002-197 Final Technical Report August 2002 MAUDE: A WIDE SPECTRUM LANGUAGE FOR SECURE ACTIVE NETWORKS SRI...MAUDE: A WIDE SPECTRUM FORMAL LANGUAGE FOR SECURE ACTIVE NETWORKS 6. AUTHOR(S) Jose Meseguer and Carolyn Talcott 5. FUNDING NUMBERS C...specifications to address this challenge. We also show how, using the Maude rewriting logic language and tools, active network systems, languages , and

Tribal Militias: An Effective Tool to Counter Al-Qaida and Its Affiliates?

DTIC Science & Technology

2014-11-01

Army issues affecting the national security community . The Peacekeeping and Stability Operations Institute provides subject matter expertise...implications for the Army, the Department of Defense, and the larger national security community . In addition to its studies, SSI publishes special reports on...newsletter to update the national security community on the research of our analysts, recent and forthcoming publications, and upcoming confer- ences

Health care data security: one size does not fit all.

PubMed

Krohn, R

2001-11-01

In the wake of the Internet, E-commerce, and particularly the Health Insurance Portability and Accountability Act, data security has risen to the top of health care information technology priorities. What is the correct mix of data security tools, policies, and technologies for the doctor, the hospital, the insurer, the vendor, and everyone else who does business in the health care industry?

Study of Software Tools to Support Systems Engineering Management

DTIC Science & Technology

2015-06-01

Management 15. NUMBER OF PAGES 137 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT Unclassified 18. SECURITY CLASSIFICATION OF THIS...AVAILABILITY STATEMENT Approved for public release; distribution is unlimited 12b. DISTRIBUTION CODE 13. ABSTRACT (maximum 200 words) According to a...PAGE Unclassified 19. SECURITY CLASSIFICATION OF ABSTRACT Unclassified 20. LIMITATION OF ABSTRACT UU NSN 7540–01–280–5500 Standard Form 298

Direct analysis in real time-Mass spectrometry (DART-MS) in forensic and security applications.

PubMed

Pavlovich, Matthew J; Musselman, Brian; Hall, Adam B

2018-03-01

Over the last decade, direct analysis in real time (DART) has emerged as a viable method for fast, easy, and reliable "ambient ionization" for forensic analysis. The ability of DART to generate ions from chemicals that might be present at the scene of a criminal activity, whether they are in the gas, liquid, or solid phase, with limited sample preparation has made the technology a useful analytical tool in numerous forensic applications. This review paper summarizes many of those applications, ranging from the analysis of trace evidence to security applications, with a focus on providing the forensic scientist with a resource for developing their own applications. The most common uses for DART in forensics are in studying seized drugs, drugs of abuse and their metabolites, bulk and detonated explosives, toxic chemicals, chemical warfare agents, inks and dyes, and commercial plant and animal products that have been adulterated for economic gain. This review is meant to complement recent reviews that have described the fundamentals of the ionization mechanism and the general use of DART. We describe a wide range of forensic applications beyond the field of analyzing drugs of abuse, which dominates the literature, including common experimental and data analysis methods. © 2016 Wiley Periodicals, Inc. Mass Spec Rev 37:171-187, 2018. © 2016 Wiley Periodicals, Inc.

Exploring the role of voluntary disease schemes on UK farmer bio-security behaviours: Findings from the Norfolk-Suffolk Bovine Viral Diarrhoea control scheme.

PubMed

Azbel-Jackson, Lena; Heffernan, Claire; Gunn, George; Brownlie, Joe

2018-01-01

The article describes the influence of a disease control scheme (the Norfolk-Suffolk Bovine Viral Diarrhoea Disease (BVD) Eradication scheme) on farmers' bio-security attitudes and behaviours. In 2010, a survey of 100 cattle farmers (53 scheme members vs. 47 out of scheme farmers) was undertaken among cattle farmers residing in Norfolk and Suffolk counties in the UK. A cross-sectional independent measures design was employed. The main analytical tool was content analysis. The following variables at the farmer-level were explored: the specific BVD control measures adopted, livestock disease priorities, motivation for scheme membership, wider knowledge acquisition, biosecurity behaviours employed and training course attendance. The findings suggest that participation in the BVD scheme improved farmers' perception of the scheme benefits and participation in training courses. However, no association was found between the taking part in the BVD scheme and livestock disease priorities or motivation for scheme participation, or knowledge about BVD bio-security measures employed. Equally importantly, scheme membership did appear to influence the importance accorded specific bio-security measures. Yet such ranking did not appear to reflect the actual behaviours undertaken. As such, disease control efforts alone while necessary, are insufficient. Rather, to enhance farmer bio-security behaviours significant effort must be made to address underlying attitudes to the specific disease threat involved.

Exploring the role of voluntary disease schemes on UK farmer bio-security behaviours: Findings from the Norfolk-Suffolk Bovine Viral Diarrhoea control scheme

PubMed Central

Azbel-Jackson, Lena; Heffernan, Claire; Gunn, George; Brownlie, Joe

2018-01-01

The article describes the influence of a disease control scheme (the Norfolk-Suffolk Bovine Viral Diarrhoea Disease (BVD) Eradication scheme) on farmers' bio-security attitudes and behaviours. In 2010, a survey of 100 cattle farmers (53 scheme members vs. 47 out of scheme farmers) was undertaken among cattle farmers residing in Norfolk and Suffolk counties in the UK. A cross-sectional independent measures design was employed. The main analytical tool was content analysis. The following variables at the farmer-level were explored: the specific BVD control measures adopted, livestock disease priorities, motivation for scheme membership, wider knowledge acquisition, biosecurity behaviours employed and training course attendance. The findings suggest that participation in the BVD scheme improved farmers' perception of the scheme benefits and participation in training courses. However, no association was found between the taking part in the BVD scheme and livestock disease priorities or motivation for scheme participation, or knowledge about BVD bio-security measures employed. Equally importantly, scheme membership did appear to influence the importance accorded specific bio-security measures. Yet such ranking did not appear to reflect the actual behaviours undertaken. As such, disease control efforts alone while necessary, are insufficient. Rather, to enhance farmer bio-security behaviours significant effort must be made to address underlying attitudes to the specific disease threat involved. PMID:29432435

The Great Game redux: Energy security and the emergence of tripolarity in Eurasia

NASA Astrophysics Data System (ADS)

Ozdamar, Ibrahim Ozgur

Securing energy resources has become a key aspect of foreign policy-making since the 1970s. States have used military and economic foreign policy tools to secure the supply of energy to their domestic markets. With the fall of the USSR in 1991, political and economic competition for penetration into energy-rich regions spread through Eurasia. Inspired from the nineteenth century term to describe Russian-British rivalry in the region, the current rivalry among great powers and their allies is called the "New Great Game". This project analyzes three political conflicts that are shaped by such rivalry that can threaten global energy security. Empirical results from the expected utility model (Bueno de Mesquita 1985) suggest the rivalry among the Western (i.e. EU, US) and Eastern (i.e. Russia, China) powers about the Iranian nuclear program, Nagorno-Karabakh and South Ossetia conflicts is likely to continue and shows some Cold War characteristics. I have also found out the expected outcomes of these conflicts and foreign policy tools and obvious and unseen strategic moves available to actors. The major conclusion of the study is that the EU and US should pursue a coordinated foreign policy and balance the Russian and Chinese influence in the region to secure access to energy resources. Most effective foreign policy tools to achieve such aim appear to be the use of economic relations as leverage against Russia and China and support economic and democratic developments of the newly established republics in Eurasia.

Security Information and Event Management Tools and Insider Threat Detection

DTIC Science & Technology

2013-09-01

Orebaugh, A., Scholl , M., & Stine, K. (2011, September). Information security continuous monitoring (ISCM) for federal information systems and...E., Conway, T., Keverline, S., Williams , M., Capelli, D., Willke, B., & Moore, A. (2008, January). Insider threat study: illicit cyber activity in

19 CFR 10.2020 - Accessories, spare parts, or tools.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 19 Customs Duties 1 2014-04-01 2014-04-01 false Accessories, spare parts, or tools. 10.2020 Section 10.2020 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY... Trade Promotion Agreement Rules of Origin § 10.2020 Accessories, spare parts, or tools. (a) General...

Big Data, Big Solutions

DOE Office of Scientific and Technical Information (OSTI.GOV)

Pike, Bill

Data—lots of data—generated in seconds and piling up on the internet, streaming and stored in countless databases. Big data is important for commerce, society and our nation’s security. Yet the volume, velocity, variety and veracity of data is simply too great for any single analyst to make sense of alone. It requires advanced, data-intensive computing. Simply put, data-intensive computing is the use of sophisticated computers to sort through mounds of information and present analysts with solutions in the form of graphics, scenarios, formulas, new hypotheses and more. This scientific capability is foundational to PNNL’s energy, environment and security missions. Seniormore » Scientist and Division Director Bill Pike and his team are developing analytic tools that are used to solve important national challenges, including cyber systems defense, power grid control systems, intelligence analysis, climate change and scientific exploration.« less

IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

NASA Technical Reports Server (NTRS)

Branch, Drew A.

2014-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere has heightened from airports to the communication among the military branches legionnaires. With advanced persistent threats (APT's) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning, and configuration of network devices i.e. routers and IDS's/IPS's. In addition, I will be completing security assessments on software and hardware, vulnerability assessments and reporting, and conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out the tasks stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, as well as policies and procedures.

IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

NASA Technical Reports Server (NTRS)

Branch, Drew

2013-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere was heightened from Airports to the communication among the military branches legionnaires. With advanced persistent threats (APTs) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning and configuration of network devices i.e. routers and IDSsIPSs. In addition I will be completing security assessments on software and hardware, vulnerability assessments and reporting, conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, policies and procedures.

Soil Security Assessment of Tasmania

NASA Astrophysics Data System (ADS)

Field, Damien; Kidd, Darren; McBratney, Alex

2017-04-01

The concept of soil security aligns well with the aspirational and marketing policies of the Tasmanian Government, where increased agricultural expansion through new irrigation schemes and multiple-use State managed production forests co-exists beside pristine World Heritage conservation land, a major drawcard of the economically important tourism industry . Regarding the Sustainable Development Gaols (SDG's) this could be seen as a exemplar of the emerging tool for quantification of spatial soil security to effectively protect our soil resource in terms of food (SDG 2.4, 3.9) and water security (SDG 6.4, 6.6), biodiversity maintenance and safeguarding fragile ecosystems (SDG 15.3, 15.9). The recent development and application of Digital Soil Mapping and Assessment capacities in Tasmania to stimulate agricultural production and better target appropriate soil resources has formed the foundational systems that can enable the first efforts in quantifying and mapping Tasmanian Soil Security, in particular the five Soil Security dimensions (Capability, Condition, Capital, Codification and Connectivity). However, to provide a measure of overall soil security, it was necessary to separately assess the State's three major soil uses; Agriculture, Conservation and Forestry. These products will provide an indication of where different activities are sustainable or at risk, where more soil data is needed, and provide a tool to better plan for a State requiring optimal food and fibre production, without depleting its natural soil resources and impacting on the fragile ecosystems supporting environmental benefits and the tourism industry.

A Survey of Security Tools for the Industrial Control System Environment

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hurd, Carl M.; McCarty, Michael V.

This report details the results of a survey conducted by Idaho National Laboratory (INL) to identify existing tools which could be used to prevent, detect, mitigate, or investigate a cyber-attack in an industrial control system (ICS) environment. This report compiles a list of potentially applicable tools and shows the coverage of the tools in an ICS architecture.

Intelligent cloud computing security using genetic algorithm as a computational tools

NASA Astrophysics Data System (ADS)

Razuky AL-Shaikhly, Mazin H.

2018-05-01

An essential change had occurred in the field of Information Technology which represented with cloud computing, cloud giving virtual assets by means of web yet awesome difficulties in the field of information security and security assurance. Currently main problem with cloud computing is how to improve privacy and security for cloud “cloud is critical security”. This paper attempts to solve cloud security by using intelligent system with genetic algorithm as wall to provide cloud data secure, all services provided by cloud must detect who receive and register it to create list of users (trusted or un-trusted) depend on behavior. The execution of present proposal has shown great outcome.

Conflict in Context: Understanding Local to Global Security.

ERIC Educational Resources Information Center

Mertz, Gayle; Lieber, Carol Miller

This multidisciplinary guide provides middle and high school teachers and students with inquiry-based tools to support their exploration of emerging local, national, international, and transboundary security issues. Students are introduced to critical thinking, problem solving, and peacemaking strategies that will help them better understand…

Border Cracks: Approaching Border Security From a Complexity Theory and Systems Perspective

DTIC Science & Technology

2012-12-01

The judicial system ensures the laws passed, along with the enforcement, are legal and in accordance with the Constitution . Judicial rulings are...54 4. Prohibition: The Beginning of Border Security as a Law Enforcement Tool...64 5. Law Enforcement ...............................................................................65 6

Toward Synthesis, Analysis, and Certification of Security Protocols

NASA Technical Reports Server (NTRS)

Schumann, Johann

2004-01-01

Implemented security protocols are basically pieces of software which are used to (a) authenticate the other communication partners, (b) establish a secure communication channel between them (using insecure communication media), and (c) transfer data between the communication partners in such a way that these data only available to the desired receiver, but not to anyone else. Such an implementation usually consists of the following components: the protocol-engine, which controls in which sequence the messages of the protocol are sent over the network, and which controls the assembly/disassembly and processing (e.g., decryption) of the data. the cryptographic routines to actually encrypt or decrypt the data (using given keys), and t,he interface to the operating system and to the application. For a correct working of such a security protocol, all of these components must work flawlessly. Many formal-methods based techniques for the analysis of a security protocols have been developed. They range from using specific logics (e.g.: BAN-logic [4], or higher order logics [12] to model checking [2] approaches. In each approach, the analysis tries to prove that no (or at least not a modeled intruder) can get access to secret data. Otherwise, a scenario illustrating the &tack may be produced. Despite the seeming simplicity of security protocols ("only" a few messages are sent between the protocol partners in order to ensure a secure communication), many flaws have been detected. Unfortunately, even a perfect protocol engine does not guarantee flawless working of a security protocol, as incidents show. Many break-ins and security vulnerabilities are caused by exploiting errors in the implementation of the protocol engine or the underlying operating system. Attacks using buffer-overflows are a very common class of such attacks. Errors in the implementation of exception or error handling can open up additional vulnerabilities. For example, on a website with a log-in screen: multiple tries with invalid passwords caused the expected error message (too many retries). but let the user nevertheless pass. Finally, security can be compromised by silly implementation bugs or design decisions. In a commercial VPN software, all calls to the encryption routines were incidentally replaced by stubs, probably during factory testing. The product worked nicely. and the error (an open VPN) would have gone undetected, if a team member had not inspected the low-level traffic out of curiosity. Also, the use secret proprietary encryption routines can backfire, because such algorithms often exhibit weaknesses which can be exploited easily (see e.g., DVD encoding). Summarizing, there is large number of possibilities to make errors which can compromise the security of a protocol. In today s world with short time-to-market and the use of security protocols in open and hostile networks for safety-critical applications (e.g., power or air-traffic control), such slips could lead to catastrophic situations. Thus, formal methods and automatic reasoning techniques should not be used just for the formal proof of absence of an attack, but they ought to be used to provide an end-to-end tool-supported framework for security software. With such an approach all required artifacts (code, documentation, test cases) , formal analyses, and reliable certification will be generated automatically, given a single, high level specification. By a combination of program synthesis, formal protocol analysis, certification; and proof-carrying code, this goal is within practical reach, since all the important technologies for such an approach actually exist and only need to be assembled in the right way.

Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users

PubMed Central

Veksler, Vladislav D.; Buchler, Norbou; Hoffman, Blaine E.; Cassenti, Daniel N.; Sample, Char; Sugrim, Shridat

2018-01-01

Computational models of cognitive processes may be employed in cyber-security tools, experiments, and simulations to address human agency and effective decision-making in keeping computational networks secure. Cognitive modeling can addresses multi-disciplinary cyber-security challenges requiring cross-cutting approaches over the human and computational sciences such as the following: (a) adversarial reasoning and behavioral game theory to predict attacker subjective utilities and decision likelihood distributions, (b) human factors of cyber tools to address human system integration challenges, estimation of defender cognitive states, and opportunities for automation, (c) dynamic simulations involving attacker, defender, and user models to enhance studies of cyber epidemiology and cyber hygiene, and (d) training effectiveness research and training scenarios to address human cyber-security performance, maturation of cyber-security skill sets, and effective decision-making. Models may be initially constructed at the group-level based on mean tendencies of each subject's subgroup, based on known statistics such as specific skill proficiencies, demographic characteristics, and cultural factors. For more precise and accurate predictions, cognitive models may be fine-tuned to each individual attacker, defender, or user profile, and updated over time (based on recorded behavior) via techniques such as model tracing and dynamic parameter fitting. PMID:29867661

New parsimonious simulation methods and tools to assess future food and environmental security of farm populations

PubMed Central

Antle, John M.; Stoorvogel, Jetse J.; Valdivia, Roberto O.

2014-01-01

This article presents conceptual and empirical foundations for new parsimonious simulation models that are being used to assess future food and environmental security of farm populations. The conceptual framework integrates key features of the biophysical and economic processes on which the farming systems are based. The approach represents a methodological advance by coupling important behavioural processes, for example, self-selection in adaptive responses to technological and environmental change, with aggregate processes, such as changes in market supply and demand conditions or environmental conditions as climate. Suitable biophysical and economic data are a critical limiting factor in modelling these complex systems, particularly for the characterization of out-of-sample counterfactuals in ex ante analyses. Parsimonious, population-based simulation methods are described that exploit available observational, experimental, modelled and expert data. The analysis makes use of a new scenario design concept called representative agricultural pathways. A case study illustrates how these methods can be used to assess food and environmental security. The concluding section addresses generalizations of parametric forms and linkages of regional models to global models. PMID:24535388

New parsimonious simulation methods and tools to assess future food and environmental security of farm populations.

PubMed

Antle, John M; Stoorvogel, Jetse J; Valdivia, Roberto O

2014-04-05

This article presents conceptual and empirical foundations for new parsimonious simulation models that are being used to assess future food and environmental security of farm populations. The conceptual framework integrates key features of the biophysical and economic processes on which the farming systems are based. The approach represents a methodological advance by coupling important behavioural processes, for example, self-selection in adaptive responses to technological and environmental change, with aggregate processes, such as changes in market supply and demand conditions or environmental conditions as climate. Suitable biophysical and economic data are a critical limiting factor in modelling these complex systems, particularly for the characterization of out-of-sample counterfactuals in ex ante analyses. Parsimonious, population-based simulation methods are described that exploit available observational, experimental, modelled and expert data. The analysis makes use of a new scenario design concept called representative agricultural pathways. A case study illustrates how these methods can be used to assess food and environmental security. The concluding section addresses generalizations of parametric forms and linkages of regional models to global models.

A Game-Theoretical Model to Improve Process Plant Protection from Terrorist Attacks.

PubMed

Zhang, Laobing; Reniers, Genserik

2016-12-01

The New York City 9/11 terrorist attacks urged people from academia as well as from industry to pay more attention to operational security research. The required focus in this type of research is human intention. Unlike safety-related accidents, security-related accidents have a deliberate nature, and one has to face intelligent adversaries with characteristics that traditional probabilistic risk assessment techniques are not capable of dealing with. In recent years, the mathematical tool of game theory, being capable to handle intelligent players, has been used in a variety of ways in terrorism risk assessment. In this article, we analyze the general intrusion detection system in process plants, and propose a game-theoretical model for security management in such plants. Players in our model are assumed to be rational and they play the game with complete information. Both the pure strategy and the mixed strategy solutions are explored and explained. We illustrate our model by an illustrative case, and find that in our case, no pure strategy but, instead, a mixed strategy Nash equilibrium exists. © 2016 Society for Risk Analysis.

A Study on the Security Levels of Spread-Spectrum Embedding Schemes in the WOA Framework.

PubMed

Wang, Yuan-Gen; Zhu, Guopu; Kwong, Sam; Shi, Yun-Qing

2017-08-23

Security analysis is a very important issue for digital watermarking. Several years ago, according to Kerckhoffs' principle, the famous four security levels, namely insecurity, key security, subspace security, and stego-security, were defined for spread-spectrum (SS) embedding schemes in the framework of watermarked-only attack. However, up to now there has been little application of the definition of these security levels to the theoretical analysis of the security of SS embedding schemes, due to the difficulty of the theoretical analysis. In this paper, based on the security definition, we present a theoretical analysis to evaluate the security levels of five typical SS embedding schemes, which are the classical SS, the improved SS (ISS), the circular extension of ISS, the nonrobust and robust natural watermarking, respectively. The theoretical analysis of these typical SS schemes are successfully performed by taking advantage of the convolution of probability distributions to derive the probabilistic models of watermarked signals. Moreover, simulations are conducted to illustrate and validate our theoretical analysis. We believe that the theoretical and practical analysis presented in this paper can bridge the gap between the definition of the four security levels and its application to the theoretical analysis of SS embedding schemes.

Novel technology for enhanced security and trust in communication networks

NASA Astrophysics Data System (ADS)

Milovanov, Alexander; Bukshpun, Leonid; Pradhan, Ranjit; Jannson, Tomasz

2011-06-01

A novel technology that significantly enhances security and trust in wireless and wired communication networks has been developed. It is based on integration of a novel encryption mechanism and novel data packet structure with enhanced security tools. This novel data packet structure results in an unprecedented level of security and trust, while at the same time reducing power consumption and computing/communication overhead in networks. As a result, networks are provided with protection against intrusion, exploitation, and cyber attacks and posses self-building, self-awareness, self-configuring, self-healing, and self-protecting intelligence.

The Challenges of Seeking Security While Respecting Privacy

NASA Astrophysics Data System (ADS)

Kantor, Paul B.; Lesk, Michael E.

Security is a concern for persons, organizations, and nations. For the individual members of organizations and nations, personal privacy is also a concern. The technologies for monitoring electronic communication are at the same time tools to protect security and threats to personal privacy. Participants in this workshop address the interrelation of personal privacy and national or societal security, from social, technical and legal perspectives. The participants represented industry, the academy and the United States Government. The issues addressed have become, if anything, even more pressing today than they were when the conference was held.

Reducing software security risk through an integrated approach

NASA Technical Reports Server (NTRS)

Gilliam, D.; Powell, J.; Kelly, J.; Bishop, M.

2001-01-01

The fourth quarter delivery, FY'01 for this RTOP is a Property-Based Testing (PBT), 'Tester's Assistant' (TA). The TA tool is to be used to check compiled and pre-compiled code for potential security weaknesses that could be exploited by hackers. The TA Instrumenter, implemented mostly in C++ (with a small part in Java), parsels two types of files: Java and TASPEC. Security properties to be checked are written in TASPEC. The Instrumenter is used in conjunction with the Tester's Assistant Specification (TASpec)execution monitor to verify the security properties of a given program.

Situational Awareness of Network System Roles (SANSR)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Huffer, Kelly M; Reed, Joel W

In a large enterprise it is difficult for cyber security analysts to know what services and roles every machine on the network is performing (e.g., file server, domain name server, email server). Using network flow data, already collected by most enterprises, we developed a proof-of-concept tool that discovers the roles of a system using both clustering and categorization techniques. The tool's role information would allow cyber analysts to detect consequential changes in the network, initiate incident response plans, and optimize their security posture. The results of this proof-of-concept tool proved to be quite accurate on three real data sets. Wemore » will present the algorithms used in the tool, describe the results of preliminary testing, provide visualizations of the results, and discuss areas for future work. Without this kind of situational awareness, cyber analysts cannot quickly diagnose an attack or prioritize remedial actions.« less

Establishing a Secure Data Center with Remote Access: Preprint

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gonder, J.; Burton, E.; Murakami, E.

2012-04-01

Access to existing travel data is critical for many analysis efforts that lack the time or resources to support detailed data collection. High-resolution data sets provide particular value, but also present a challenge for preserving the anonymity of the original survey participants. To address this dilemma of providing data access while preserving privacy, the National Renewable Energy Laboratory and the U.S. Department of Transportation have launched the Transportation Secure Data Center (TSDC). TSDC data sets include those from regional travel surveys and studies that increasingly use global positioning system devices. Data provided by different collecting agencies varies with respect tomore » formatting, elements included and level of processing conducted in support of the original purpose. The TSDC relies on a number of geospatial and other analysis tools to ensure data quality and to generate useful information outputs. TSDC users can access the processed data in two different ways. The first is by downloading summary results and second-by-second vehicle speed profiles (with latitude/longitude information removed) from a publicly-accessible website. The second method involves applying for a remote connection account to a controlled-access environment where spatial analysis can be conducted, but raw data cannot be removed.« less

Requirements, model and prototype for a multi-utility locational and security information hub.

DOT National Transportation Integrated Search

2015-11-01

This project lays the foundation for building an exchange hub for locational and security data and risk assessment of potential excavation work. It acts primarily at 2 stages: upstream of the mark-out process, as a decision support tool to help strea...

Flexible Energy Scheduling Tool for Integrating Variable Generation | Grid

Science.gov Websites

, security-constrained economic dispatch, and automatic generation control programs. DOWNLOAD PAPER Electric commitment, security-constrained economic dispatch, and automatic generation control sub-models. Each sub resolutions and operating strategies can be explored. FESTIV produces not only economic metrics but also

77 FR 66351 - Establishing the White House Homeland Security Partnership Council

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-02

... resources more efficiently, build on one another's expertise, drive innovation, engage in collective action... utilizing diverse perspectives, skills, tools, and resources. The National Security Strategy emphasizes the importance of partnerships, underscoring that to keep our Nation safe ``we must tap the ingenuity outside...

Data Security: Locked Down, Not out

ERIC Educational Resources Information Center

Waters, John K.

2007-01-01

The problem with traditional, perimeterbased security methods is twofold: First, they can stifle the educational mission that district networks were created to encourage. Firewalls can thwart hackers, but they can also prevent staff and students from accessing online tools or information. Second, these approaches tend to provide inadequate…

The Promise of Information and Communication Technology in Healthcare: Extracting Value From the Chaos.

PubMed

Mamlin, Burke W; Tierney, William M

2016-01-01

Healthcare is an information business with expanding use of information and communication technologies (ICTs). Current ICT tools are immature, but a brighter future looms. We examine 7 areas of ICT in healthcare: electronic health records (EHRs), health information exchange (HIE), patient portals, telemedicine, social media, mobile devices and wearable sensors and monitors, and privacy and security. In each of these areas, we examine the current status and future promise, highlighting how each might reach its promise. Steps to better EHRs include a universal programming interface, universal patient identifiers, improved documentation and improved data analysis. HIEs require federal subsidies for sustainability and support from EHR vendors, targeting seamless sharing of EHR data. Patient portals must bring patients into the EHR with better design and training, greater provider engagement and leveraging HIEs. Telemedicine needs sustainable payment models, clear rules of engagement, quality measures and monitoring. Social media needs consensus on rules of engagement for providers, better data mining tools and approaches to counter disinformation. Mobile and wearable devices benefit from a universal programming interface, improved infrastructure, more rigorous research and integration with EHRs and HIEs. Laws for privacy and security need updating to match current technologies, and data stewards should share information on breaches and standardize best practices. ICT tools are evolving quickly in healthcare and require a rational and well-funded national agenda for development, use and assessment. Copyright © 2016 Southern Society for Clinical Investigation. Published by Elsevier Inc. All rights reserved.

Vipie: web pipeline for parallel characterization of viral populations from multiple NGS samples.

PubMed

Lin, Jake; Kramna, Lenka; Autio, Reija; Hyöty, Heikki; Nykter, Matti; Cinek, Ondrej

2017-05-15

Next generation sequencing (NGS) technology allows laboratories to investigate virome composition in clinical and environmental samples in a culture-independent way. There is a need for bioinformatic tools capable of parallel processing of virome sequencing data by exactly identical methods: this is especially important in studies of multifactorial diseases, or in parallel comparison of laboratory protocols. We have developed a web-based application allowing direct upload of sequences from multiple virome samples using custom parameters. The samples are then processed in parallel using an identical protocol, and can be easily reanalyzed. The pipeline performs de-novo assembly, taxonomic classification of viruses as well as sample analyses based on user-defined grouping categories. Tables of virus abundance are produced from cross-validation by remapping the sequencing reads to a union of all observed reference viruses. In addition, read sets and reports are created after processing unmapped reads against known human and bacterial ribosome references. Secured interactive results are dynamically plotted with population and diversity charts, clustered heatmaps and a sortable and searchable abundance table. The Vipie web application is a unique tool for multi-sample metagenomic analysis of viral data, producing searchable hits tables, interactive population maps, alpha diversity measures and clustered heatmaps that are grouped in applicable custom sample categories. Known references such as human genome and bacterial ribosomal genes are optionally removed from unmapped ('dark matter') reads. Secured results are accessible and shareable on modern browsers. Vipie is a freely available web-based tool whose code is open source.

An Enhanced Biometric Based Authentication with Key-Agreement Protocol for Multi-Server Architecture Based on Elliptic Curve Cryptography

PubMed Central

Reddy, Alavalapati Goutham; Das, Ashok Kumar; Odelu, Vanga; Yoo, Kee-Young

2016-01-01

Biometric based authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in wireless technologies and associated constraints. Lu et al. recently proposed a robust biometric based authentication with key agreement protocol for a multi-server environment using smart cards. They claimed that their protocol is efficient and resistant to prominent security attacks. The careful investigation of this paper proves that Lu et al.’s protocol does not provide user anonymity, perfect forward secrecy and is susceptible to server and user impersonation attacks, man-in-middle attacks and clock synchronization problems. In addition, this paper proposes an enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography using smartcards. We proved that the proposed protocol achieves mutual authentication using Burrows-Abadi-Needham (BAN) logic. The formal security of the proposed protocol is verified using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our protocol can withstand active and passive attacks. The formal and informal security analyses and performance analysis demonstrates that the proposed protocol is robust and efficient compared to Lu et al.’s protocol and existing similar protocols. PMID:27163786

Report Central: quality reporting tool in an electronic health record.

PubMed

Jung, Eunice; Li, Qi; Mangalampalli, Anil; Greim, Julie; Eskin, Michael S; Housman, Dan; Isikoff, Jeremy; Abend, Aaron H; Middleton, Blackford; Einbinder, Jonathan S

2006-01-01

Quality reporting tools, integrated with ambulatory electronic health records, can help clinicians and administrators understand performance, manage populations, and improve quality. Report Central is a secure web report delivery tool built on Crystal Reports XItrade mark and ASP.NET technologies. Pilot evaluation of Report Central indicates that clinicians prefer a quality reporting tool that is integrated with our home-grown EHR to support clinical workflow.

[Simulation of urban ecological security pattern based on cellular automata: a case of Dongguan City, Guangdong Province of South China].

PubMed

Yang, Qing-Sheng; Qiao, Ji-Gang; Ai, Bin

2013-09-01

Taking the Dongguan City with rapid urbanization as a case, and selecting landscape ecological security level as evaluation criterion, the urbanization cellular number of 1 km x 1 km ecological security cells was obtained, and imbedded into the transition rules of cellular automata (CA) as the restraint term to control urban development, establish ecological security urban CA, and simulate ecological security urban development pattern. The results showed the integrated landscape ecological security index of the City decreased from 0.497 in 1998 to 0.395 in 2005, indicating that the ecological security at landscape scale was decreased. The CA-simulated integrated ecological security index of the City in 2005 was increased from the measured 0.395 to 0.479, showing that the simulated urban landscape ecological pressure from human became lesser, ecological security became better, and integrated landscape ecological security became higher. CA could be used as an effective tool in researching urban ecological security.

Transboundary Water: Improving Methodologies and Developing Integrated Tools to Support Water Security

NASA Technical Reports Server (NTRS)

Hakimdavar, Raha; Wood, Danielle; Eylander, John; Peters-Lidard, Christa; Smith, Jane; Doorn, Brad; Green, David; Hummel, Corey; Moore, Thomas C.

2018-01-01

River basins for which transboundary coordination and governance is a factor are of concern to US national security, yet there is often a lack of sufficient data-driven information available at the needed time horizons to inform transboundary water decision-making for the intelligence, defense, and foreign policy communities. To address this need, a two-day workshop entitled Transboundary Water: Improving Methodologies and Developing Integrated Tools to Support Global Water Security was held in August 2017 in Maryland. The committee that organized and convened the workshop (the Organizing Committee) included representatives from the National Aeronautics and Space Administration (NASA), the US Army Corps of Engineers Engineer Research and Development Center (ERDC), and the US Air Force. The primary goal of the workshop was to advance knowledge on the current US Government and partners' technical information needs and gaps to support national security interests in relation to transboundary water. The workshop also aimed to identify avenues for greater communication and collaboration among the scientific, intelligence, defense, and foreign policy communities. The discussion around transboundary water was considered in the context of the greater global water challenges facing US national security.

Strengthening Software Authentication with the ROSE Software Suite

DOE Office of Scientific and Technical Information (OSTI.GOV)

White, G

2006-06-15

Many recent nonproliferation and arms control software projects include a software authentication regime. These include U.S. Government-sponsored projects both in the United States and in the Russian Federation (RF). This trend toward requiring software authentication is only accelerating. Demonstrating assurance that software performs as expected without hidden ''backdoors'' is crucial to a project's success. In this context, ''authentication'' is defined as determining that a software package performs only its intended purpose and performs said purpose correctly and reliably over the planned duration of an agreement. In addition to visual inspections by knowledgeable computer scientists, automated tools are needed to highlightmore » suspicious code constructs, both to aid visual inspection and to guide program development. While many commercial tools are available for portions of the authentication task, they are proprietary and not extensible. An open-source, extensible tool can be customized to the unique needs of each project (projects can have both common and custom rules to detect flaws and security holes). Any such extensible tool has to be based on a complete language compiler. ROSE is precisely such a compiler infrastructure developed within the Department of Energy (DOE) and targeted at the optimization of scientific applications and user-defined libraries within large-scale applications (typically applications of a million lines of code). ROSE is a robust, source-to-source analysis and optimization infrastructure currently addressing large, million-line DOE applications in C and C++ (handling the full C, C99, C++ languages and with current collaborations to support Fortran90). We propose to extend ROSE to address a number of security-specific requirements, and apply it to software authentication for nonproliferation and arms control projects.« less

NATO Transformation and Operational Support in the Canadian Forces: Part 1: The Political Dimension

DTIC Science & Technology

2010-11-01

David Rudd; DRDC CORA TR 2010-244; R & D pour la défense Canada –CARO; Novembre 2010. Contexte: L’Organisation du Traité de l’Atlantique Nord (OTAN...Alliance as a tool through which it pursues a globalized security strategy. 13 At the 2010 Munich Conference on Security Policy, Defense Secretary... 13 National Security Strategy May 2010, p. 41. http://www.whitehouse.gov/sites/default/files

A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care.

PubMed

Das, Ashok Kumar; Goswami, Adrijit

2013-06-01

Connected health care has several applications including telecare medicine information system, personally controlled health records system, and patient monitoring. In such applications, user authentication can ensure the legality of patients. In user authentication for such applications, only the legal user/patient himself/herself is allowed to access the remote server, and no one can trace him/her according to transmitted data. Chang et al. proposed a uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care (Chang et al., J Med Syst 37:9902, 2013). Their scheme uses the user's personal biometrics along with his/her password with the help of the smart card. The user's biometrics is verified using BioHashing. Their scheme is efficient due to usage of one-way hash function and exclusive-or (XOR) operations. In this paper, we show that though their scheme is very efficient, their scheme has several security weaknesses such as (1) it has design flaws in login and authentication phases, (2) it has design flaws in password change phase, (3) it fails to protect privileged insider attack, (4) it fails to protect the man-in-the middle attack, and (5) it fails to provide proper authentication. In order to remedy these security weaknesses in Chang et al.'s scheme, we propose an improvement of their scheme while retaining the original merit of their scheme. We show that our scheme is efficient as compared to Chang et al.'s scheme. Through the security analysis, we show that our scheme is secure against possible attacks. Further, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. In addition, after successful authentication between the user and the server, they establish a secret session key shared between them for future secure communication.

Toward Interactive Scenario Analysis and Exploration

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gayle, Thomas R.; Summers, Kenneth Lee; Jungels, John

2015-01-01

As Modeling and Simulation (M&S) tools have matured, their applicability and importance have increased across many national security challenges. In particular, they provide a way to test how something may behave without the need to do real world testing. However, current and future changes across several factors including capabilities, policy, and funding are driving a need for rapid response or evaluation in ways that many M&S tools cannot address. Issues around large data, computational requirements, delivery mechanisms, and analyst involvement already exist and pose significant challenges. Furthermore, rising expectations, rising input complexity, and increasing depth of analysis will only increasemore » the difficulty of these challenges. In this study we examine whether innovations in M&S software coupled with advances in ''cloud'' computing and ''big-data'' methodologies can overcome many of these challenges. In particular, we propose a simple, horizontally-scalable distributed computing environment that could provide the foundation (i.e. ''cloud'') for next-generation M&S-based applications based on the notion of ''parallel multi-simulation''. In our context, the goal of parallel multi- simulation is to consider as many simultaneous paths of execution as possible. Therefore, with sufficient resources, the complexity is dominated by the cost of single scenario runs as opposed to the number of runs required. We show the feasibility of this architecture through a stable prototype implementation coupled with the Umbra Simulation Framework [6]. Finally, we highlight the utility through multiple novel analysis tools and by showing the performance improvement compared to existing tools.« less

[Hospital information system performance for road traffic accidents analysis in a hospital recruitment based area].

PubMed

Jannot, A-S; Fauconnier, J

2013-06-01

Road traffic accidents in France are mainly analyzed through reports completed by the security forces (police and gendarmerie). But the hospital information systems can also identify road traffic accidents via specific documentary codes of the International Classification of Diseases (ICD-10). The aim of this study was therefore to determine whether hospital stays consecutive to road traffic accident were truly identified by these documentary codes in a facility that collects data routinely and to study the consistency of results from hospital information systems and from security forces during the 2002-2008 period. We retrieved all patients for whom a documentary code for road traffic accident was entered in 2002-2008. We manually checked the concordance of documentary code for road traffic accident and trauma origin in 350 patient files. The number of accidents in the Grenoble area was then inferred by combining with hospitalization regional data and compared to the number of persons injured by traffic accidents declared by the security force. These hospital information systems successfully report road traffic accidents with 96% sensitivity (95%CI: [92%, 100%]) and 97% specificity (95%CI: [95%, 99%]). The decrease in road traffic accidents observed was significantly less than that observed was significantly lower than that observed in the data from the security force (45% for security force data against 27% for hospital data). Overall, this study shows that hospital information systems are a powerful tool for studying road traffic accidents morbidity in hospital and are complementary to security force data. Copyright © 2013 Elsevier Masson SAS. All rights reserved.

Fuelling Insecurity? Sino-Myanmar Energy Cooperation and Human Security in Myanmar

NASA Astrophysics Data System (ADS)

Botel, Gabriel

This thesis examines the relationship between energy, development and human security in Sino-Myanmar relations. Rapid economic growth and increased urbanisation have intensified China's industrial and domestic energy consumption, drastically increasing demand and overwhelming national supply capacities. Chinese foreign policy has responded by becoming more active in securing and protecting foreign energy resources and allowing Chinese companies more freedom and opportunities for investment abroad. Consequently, Chinese foreign investment and policies have become increasing sources of scrutiny and debate, typically focusing on their (presumed) intentions and the social, economic, environmental and political impacts they have on the rest of the world. Within this debate, a key issue has been China's engagement with so-called pariah states. China has frequently received substantial international criticism for its unconditional engagement with such countries, often seen as a geopolitical pursuit of strategic national (energy) interests, unconcerned with international opprobrium. In the case of Myanmar, traditional security analyses interpret this as, at best, undermining (Western) international norms and, at worst, posing a direct challenge to international security. However, traditional security analyses rely on state-centric concepts of security, and tend to over-simply Sino-Myanmar relations and the dynamics which inform it. Conversely, implications for human security are overlooked; this is in part because human security remains poorly defined and also because there are questions regarding its utility. However, human security is a critical tool in delineating between state, corporate and 'civilian' interests, and how these cleavages shape the security environment and potential for instability in the region. This thesis takes a closer look at some of the entrenched and changing security dynamics shaping this Sino-Myanmar energy cooperation, drawing on an extensive literature in human security rarely applied in this context. This includes a brief review of human security and Sino-Myanmar relations, and is grounded in an empirical analysis of Chinese investment in Myanmar's hydropower and oil and gas sectors. Ultimately, this thesis argues that, while insightful, many traditional interpretations of Sino-Myanmar energy cooperation overlook the security interests of those worst affected. Furthermore, that the worst excesses of Chinese companies in Myanmar are not unique to China, but common across all investors in the regime, Western or otherwise.

Enabling comparative effectiveness research with informatics: show me the data!

PubMed

Safdar, Nabile M; Siegel, Eliot; Erickson, Bradley J; Nagy, Paul

2011-09-01

Both outcomes researchers and informaticians are concerned with information and data. As such, some of the central challenges to conducting successful comparative effectiveness research can be addressed with informatics solutions. Specific informatics solutions which address how data in comparative effectiveness research are enriched, stored, shared, and analyzed are reviewed. Imaging data can be made more quantitative, uniform, and structured for researchers through the use of lexicons and structured reporting. Secure and scalable storage of research data is enabled through data warehouses and cloud services. There are a number of national efforts to help researchers share research data and analysis tools. There is a diverse arsenal of informatics tools designed to meet the needs of comparative effective researchers. Copyright © 2011 AUR. Published by Elsevier Inc. All rights reserved.

The Security Email Based on Smart Card

NASA Astrophysics Data System (ADS)

Lina, Zhang; Jiang, Meng Hai.

Email has become one of the most important communication tools in modern internet society, and its security is an important issue that can't be ignored. The security requirements of Email can be summarized as confidentiality, integrity, authentication and non-repudiation. Recently many researches on IBE (identify based encrypt) have been carried out to solve these security problems. However, because of IBE's fatal flaws and great advantages of PKI (Public Key Infrastructure), PKI is found to be still irreplaceable especially in the applications based on smart card. In this paper, a construction of security Email is presented, then the design of relatively cryptography algorithms and the configuration of certificates are elaborated, and finally the security for the proposed system is discussed.

76 FR 31971 - New Agency Information Collection Activity Under OMB Review: Security Program for Hazardous...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-02

... INFORMATION CONTACT: Joanna Johnson, TSA PRA Officer, Office of Information Technology (OIT), TSA-11... other forms of information technology. Information Collection Requirement Title: Security Program for... surveyor tool that is managed at TSA. Participants who attend the classroom training sessions will also be...

78 FR 69099 - Agency Information Collection Activities: Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-18

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID: FEMA-2013-0033... addressed to the Desk Officer for the Department of Homeland Security, Federal Emergency Management Agency... 089-17, RCPT Membership List. Abstract: The RCPGP is an important tool among a comprehensive set of...

78 FR 27392 - Statement of Organization, Functions, and Delegations of Authority

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-10

... Office (AMSO) provides a safe, secure, healthy, and functional workplace environment for CDC staff by... provides the tools needed for workers to be safe, work in a healthy environment, and ensures environmental... Office of Security and Emergency Preparedness (CAJJ); Office of Safety, Health and Environment (CAJP...

IT Security Support for Spaceport Command and Control System

NASA Technical Reports Server (NTRS)

McLain, Jeffrey

2013-01-01

During the fall 2013 semester, I worked at the Kennedy Space Center as an IT Security Intern in support of the Spaceport Command and Control System under the guidance of the IT Security Lead Engineer. Some of my responsibilities included assisting with security plan documentation collection, system hardware and software inventory, and malicious code and malware scanning. Throughout the semester, I had the opportunity to work on a wide range of security related projects. However, there are three projects in particular that stand out. The first project I completed was updating a large interactive spreadsheet that details the SANS Institutes Top 20 Critical Security Controls. My task was to add in all of the new commercial of the shelf (COTS) software listed on the SANS website that can be used to meet their Top 20 controls. In total, there are 153 unique security tools listed by SANS that meet one or more of their 20 controls. My second project was the creation of a database that will allow my mentor to keep track of the work done by the contractors that report to him in a more efficient manner by recording events as they occur throughout the quarter. Lastly, I expanded upon a security assessment of the Linux machines being used on center that I began last semester. To do this, I used a vulnerability and configuration tool that scans hosts remotely through the network and presents the user with an abundance of information detailing each machines configuration. The experience I gained from working on each of these projects has been invaluable, and I look forward to returning in the spring semester to continue working with the IT Security team.

Multiset singular value decomposition for joint analysis of multi-modal data: application to fingerprint analysis

NASA Astrophysics Data System (ADS)

Emge, Darren K.; Adalı, Tülay

2014-06-01

As the availability and use of imaging methodologies continues to increase, there is a fundamental need to jointly analyze data that is collected from multiple modalities. This analysis is further complicated when, the size or resolution of the images differ, implying that the observation lengths of each of modality can be highly varying. To address this expanding landscape, we introduce the multiset singular value decomposition (MSVD), which can perform a joint analysis on any number of modalities regardless of their individual observation lengths. Through simulations, the inter modal relationships across the different modalities which are revealed by the MSVD are shown. We apply the MSVD to forensic fingerprint analysis, showing that MSVD joint analysis successfully identifies relevant similarities for further analysis, significantly reducing the processing time required. This reduction, takes this technique from a laboratory method to a useful forensic tool with applications across the law enforcement and security regimes.

Changes to Quantum Cryptography

NASA Astrophysics Data System (ADS)

Sakai, Yasuyuki; Tanaka, Hidema

Quantum cryptography has become a subject of widespread interest. In particular, quantum key distribution, which provides a secure key agreement by using quantum systems, is believed to be the most important application of quantum cryptography. Quantum key distribution has the potential to achieve the “unconditionally” secure infrastructure. We also have many cryptographic tools that are based on “modern cryptography” at the present time. They are being used in an effort to guarantee secure communication over open networks such as the Internet. Unfortunately, their ultimate efficacy is in doubt. Quantum key distribution systems are believed to be close to practical and commercial use. In this paper, we discuss what we should do to apply quantum cryptography to our communications. We also discuss how quantum key distribution can be combined with or used to replace cryptographic tools based on modern cryptography.

Assessing the security vulnerabilities of correctional facilities

NASA Astrophysics Data System (ADS)

Spencer, Debra D.; Morrison, G. Steve

1998-12-01

The National Institute of Justice has tasked their satellite facility at Sandia National Laboratories and their Southeast Regional Technology Center in Charleston, South Carolina to devise new procedures and tools for helping correctional facilities to assess their security vulnerabilities. Thus, a team is visiting selected correctional facilities and performing vulnerability assessments. A vulnerability assessment helps identify the easiest paths for inmate escape, for introduction of contraband such as drugs or weapons, for unexpected intrusion from outside of the facility, and for the perpetration of violent acts on other inmates and correctional employees. In addition, the vulnerability assessment helps to quantify the security risks for the facility. From these assessments will come better procedures for performing vulnerability assessments in general at other correctional facilities, as well as the development of tools to assist with the performance of such vulnerability assessments.

INL Control System Situational Awareness Technology Annual Report 2012

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gordon Rueff; Bryce Wheeler; Todd Vollmer

The overall goal of this project is to develop an interoperable set of tools to provide a comprehensive, consistent implementation of cyber security and overall situational awareness of control and sensor network implementations. The operation and interoperability of these tools will fill voids in current technological offerings and address issues that remain an impediment to the security of control systems. This report provides an FY 2012 update on the Sophia, Mesh Mapper, Intelligent Cyber Sensor, and Data Fusion projects with respect to the year-two tasks and annual reporting requirements of the INL Control System Situational Awareness Technology report (July 2010).

Thought Leaders during Crises in Massive Social Networks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Corley, Courtney D.; Farber, Robert M.; Reynolds, William

The vast amount of social media data that can be gathered from the internet coupled with workflows that utilize both commodity systems and massively parallel supercomputers, such as the Cray XMT, open new vistas for research to support health, defense, and national security. Computer technology now enables the analysis of graph structures containing more than 4 billion vertices joined by 34 billion edges along with metrics and massively parallel algorithms that exhibit near-linear scalability according to number of processors. The challenge lies in making this massive data and analysis comprehensible to an analyst and end-users that require actionable knowledge tomore » carry out their duties. Simply stated, we have developed language and content agnostic techniques to reduce large graphs built from vast media corpora into forms people can understand. Specifically, our tools and metrics act as a survey tool to identify thought leaders' -- those members that lead or reflect the thoughts and opinions of an online community, independent of the source language.« less

Compact Microscope Imaging System Developed

NASA Technical Reports Server (NTRS)

McDowell, Mark

2001-01-01

The Compact Microscope Imaging System (CMIS) is a diagnostic tool with intelligent controls for use in space, industrial, medical, and security applications. The CMIS can be used in situ with a minimum amount of user intervention. This system, which was developed at the NASA Glenn Research Center, can scan, find areas of interest, focus, and acquire images automatically. Large numbers of multiple cell experiments require microscopy for in situ observations; this is only feasible with compact microscope systems. CMIS is a miniature machine vision system that combines intelligent image processing with remote control capabilities. The software also has a user-friendly interface that can be used independently of the hardware for post-experiment analysis. CMIS has potential commercial uses in the automated online inspection of precision parts, medical imaging, security industry (examination of currency in automated teller machines and fingerprint identification in secure entry locks), environmental industry (automated examination of soil/water samples), biomedical field (automated blood/cell analysis), and microscopy community. CMIS will improve research in several ways: It will expand the capabilities of MSD experiments utilizing microscope technology. It may be used in lunar and Martian experiments (Rover Robot). Because of its reduced size, it will enable experiments that were not feasible previously. It may be incorporated into existing shuttle orbiter and space station experiments, including glove-box-sized experiments as well as ground-based experiments.

Development and Demonstration of a Security Core Component

DOE Office of Scientific and Technical Information (OSTI.GOV)

Turke, Andy

In recent years, the convergence of a number of trends has resulted in Cyber Security becoming a much greater concern for electric utilities. A short list of these trends includes: · Industrial Control Systems (ICSs) have evolved from depending on proprietary hardware and operating software toward using standard off-the-shelf hardware and operating software. This has meant that these ICSs can no longer depend on “security through obscurity. · Similarly, these same systems have evolved toward using standard communications protocols, further reducing their ability to rely upon obscurity. · The rise of the Internet and the accompanying demand for more datamore » about virtually everything has resulted in formerly isolated ICSs becoming at least partially accessible via Internet-connected networks. · “Cyber crime” has become commonplace, whether it be for industrial espionage, reconnaissance for a possible cyber attack, theft, or because some individual or group “has something to prove.” Electric utility system operators are experts at running the power grid. The reality is, especially at small and mid-sized utilities, these SCADA operators will by default be “on the front line” if and when a cyber attack occurs against their systems. These people are not computer software, networking, or cyber security experts, so they are ill-equipped to deal with a cyber security incident. Cyber Security Manager (CSM) was conceived, designed, and built so that it can be configured to know what a utility’s SCADA/EMS/DMS system looks like under normal conditions. To do this, CSM monitors log messages from any device that uses the syslog standard. It can also monitor a variety of statistics from the computers that make up the SCADA/EMS/DMS: outputs from host-based security tools, intrusion detection systems, SCADA alarms, and real-time SCADA values – even results from a SIEM (Security Information and Event Management) system. When the system deviates from “normal,” CSM can alert the operator in language that they understand that an incident may be occurring, provide actionable intelligence, and informing them what actions to take. These alarms may be viewed on CSM’s built-in user interface, sent to a SCADA alarm list, or communicated via email, phone, pager, or SMS message. In recognition of the fact that “real world” training for cyber security events is impractical, CSM has a built-in Operator Training Simulator capability. This can be used stand alone to create simulated event scenarios for training purposes. It may also be used in conjunction with the recipient’s SCADA/EMS/DMS Operator Training Simulator. In addition to providing cyber security situational awareness for electric utility operators, CSM also provides tools for analysts and support personnel; in fact, the majority of user interface displays are designed for use in analyzing current and past security events. CSM keeps security-related information in long-term storage, as well as writing any decisions it makes to a (syslog) log for use forensic or other post-event analysis.« less

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jackson, K.A.; Neuman, M.C.; Simmonds, D.D.

An effective method for detecting computer misuse is the automatic monitoring and analysis of on-line user activity. This activity is reflected in the system audit record, in the system vulnerability posture, and in other evidence found through active testing of the system. During the last several years we have implemented an automatic misuse detection system at Los Alamos. This is the Network Anomaly Detection and Intrusion Reporter (NADIR). We are currently expanding NADIR to include processing of the Cray UNICOS operating system. This new component is called the UNICOS Realtime NADIR, or UNICORN. UNICORN summarizes user activity and system configurationmore » in statistical profiles. It compares these profiles to expert rules that define security policy and improper or suspicious behavior. It reports suspicious behavior to security auditors and provides tools to aid in follow-up investigations. The first phase of UNICORN development is nearing completion, and will be operational in late 1994.« less

Regulatory cross-cutting topics for fuel cycle facilities.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Denman, Matthew R.; Brown, Jason; Goldmann, Andrew Scott

This report overviews crosscutting regulatory topics for nuclear fuel cycle facilities for use in the Fuel Cycle Research & Development Nuclear Fuel Cycle Evaluation and Screening study. In particular, the regulatory infrastructure and analysis capability is assessed for the following topical areas: Fire Regulations (i.e., how applicable are current Nuclear Regulatory Commission (NRC) and/or International Atomic Energy Agency (IAEA) fire regulations to advance fuel cycle facilities) Consequence Assessment (i.e., how applicable are current radionuclide transportation tools to support risk-informed regulations and Level 2 and/or 3 PRA) While not addressed in detail, the following regulatory topic is also discussed: Integrated Security,more » Safeguard and Safety Requirement (i.e., how applicable are current Nuclear Regulatory Commission (NRC) regulations to future fuel cycle facilities which will likely be required to balance the sometimes conflicting Material Accountability, Security, and Safety requirements.)« less

Designing Intelligent Secure Android Application for Effective Chemical Inventory

NASA Astrophysics Data System (ADS)

Shukran, Mohd Afizi Mohd; Naim Abdullah, Muhammad; Nazri Ismail, Mohd; Maskat, Kamaruzaman; Isa, Mohd Rizal Mohd; Shahfee Ishak, Muhammad; Adib Khairuddin, Muhamad

2017-08-01

Mobile services support various situations in everyday life and with the increasing sophistication of phone functions, the daily life is much more easier and better especially in term of managing tools and apparatus. Since chemical inventory management system has been experiencing a new revolution from antiquated to an automated inventory management system, some additional features should be added in current chemical inventory system. Parallel with the modern technologies, chemical inventory application using smart phone has been developed. Several studies about current related chemical inventory management using smart phone application has been done in this paper in order to obtain an overview on recent studies in smartphone application for chemical inventory system which are needed in schools, universities or other education institutions. This paper also discuss about designing the proposed secure mobile chemical inventory system. The study of this paper can provide forceful review analysis support for the chemical inventory management system related research.

19 CFR 148.53 - Exemption for tools of trade.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 19 Customs Duties 2 2012-04-01 2012-04-01 false Exemption for tools of trade. 148.53 Section 148.53 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY (CONTINUED) PERSONAL DECLARATIONS AND EXEMPTIONS Other Exemptions § 148.53 Exemption for tools of trade. (a) Exemption. Professional...

19 CFR 148.53 - Exemption for tools of trade.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 19 Customs Duties 2 2013-04-01 2013-04-01 false Exemption for tools of trade. 148.53 Section 148.53 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY (CONTINUED) PERSONAL DECLARATIONS AND EXEMPTIONS Other Exemptions § 148.53 Exemption for tools of trade. (a) Exemption. Professional...

19 CFR 148.53 - Exemption for tools of trade.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 19 Customs Duties 2 2010-04-01 2010-04-01 false Exemption for tools of trade. 148.53 Section 148.53 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY (CONTINUED) PERSONAL DECLARATIONS AND EXEMPTIONS Other Exemptions § 148.53 Exemption for tools of trade. (a) Exemption. Professional...

19 CFR 148.53 - Exemption for tools of trade.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 19 Customs Duties 2 2011-04-01 2011-04-01 false Exemption for tools of trade. 148.53 Section 148.53 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY (CONTINUED) PERSONAL DECLARATIONS AND EXEMPTIONS Other Exemptions § 148.53 Exemption for tools of trade. (a) Exemption. Professional...

Technology. Part 1

NASA Technical Reports Server (NTRS)

1997-01-01

Session WA3 includes short reports concerning: (1) Physiolab A Cardio Vascular Laboratory; (2) MEDEX: A Flexible Modular Physiological Laboratory; (3) A Sensate Liner for Personnel Monitoring Applications; (4) Secure Remote Access to Physiological Data; (5) DARA Vestibular Equipment Onboard MIR; (6) The Kinelite Project: A New powerful Motion Analysis System for Spacelab Mission; (7) The Technical Evolution of the French Neurosciences Multipurpose Instruments Onboard the MIR Station; (8) Extended Ground-Based Research in Preparation for Life Sciences Experiments; and (9) MEDES Clinical Research Facility as a Tool to Prepare ISSA Space Flights.

Picosecond imaging of signal propagation in integrated circuits

NASA Astrophysics Data System (ADS)

Frohmann, Sven; Dietz, Enrico; Dittrich, Helmar; Hübers, Heinz-Wilhelm

2017-04-01

Optical analysis of integrated circuits (IC) is a powerful tool for analyzing security functions that are implemented in an IC. We present a photon emission microscope for picosecond imaging of hot carrier luminescence in ICs in the near-infrared spectral range from 900 to 1700 nm. It allows for a semi-invasive signal tracking in fully operational ICs on the gate or transistor level with a timing precision of approximately 6 ps. The capabilities of the microscope are demonstrated by imaging the operation of two ICs made by 180 and 60 nm process technology.

The Promise of Whole Genome Pathogen Sequencing for the Molecular Epidemiology of Emerging Aquaculture Pathogens

PubMed Central

Bayliss, Sion C.; Verner-Jeffreys, David W.; Bartie, Kerry L.; Aanensen, David M.; Sheppard, Samuel K.; Adams, Alexandra; Feil, Edward J.

2017-01-01

Aquaculture is the fastest growing food-producing sector, and the sustainability of this industry is critical both for global food security and economic welfare. The management of infectious disease represents a key challenge. Here, we discuss the opportunities afforded by whole genome sequencing of bacterial and viral pathogens of aquaculture to mitigate disease emergence and spread. We outline, by way of comparison, how sequencing technology is transforming the molecular epidemiology of pathogens of public health importance, emphasizing the importance of community-oriented databases and analysis tools. PMID:28217117

Measuring relational security in forensic mental health services

PubMed Central

Chester, Verity; Alexander, Regi T.; Morgan, Wendy

2017-01-01

Aims and method Relational security is an important component of care and risk assessment in mental health services, but the utility of available measures remains under-researched. This study analysed the psychometric properties of two relational security tools, the See Think Act (STA) scale and the Relational Security Explorer (RSE). Results The STA scale had good internal consistency and could highlight differences between occupational groups, whereas the RSE did not perform well as a psychometric measure. Clinical implications The measures provide unique and complimentary perspectives on the quality of relational security within secure services, but have some limitations. Use of the RSE should be restricted to its intended purpose; to guide team discussions about relational security, and services should refrain from collecting and aggregating this data. Until further research validates their use, relational security measurement should be multidimensional and form part of a wider process of service quality assessment. PMID:29234515

Measuring relational security in forensic mental health services.

PubMed

Chester, Verity; Alexander, Regi T; Morgan, Wendy

2017-12-01

Aims and method Relational security is an important component of care and risk assessment in mental health services, but the utility of available measures remains under-researched. This study analysed the psychometric properties of two relational security tools, the See Think Act (STA) scale and the Relational Security Explorer (RSE). Results The STA scale had good internal consistency and could highlight differences between occupational groups, whereas the RSE did not perform well as a psychometric measure. Clinical implications The measures provide unique and complimentary perspectives on the quality of relational security within secure services, but have some limitations. Use of the RSE should be restricted to its intended purpose; to guide team discussions about relational security, and services should refrain from collecting and aggregating this data. Until further research validates their use, relational security measurement should be multidimensional and form part of a wider process of service quality assessment.

Report Central: Quality Reporting Tool in an Electronic Health Record

PubMed Central

Jung, Eunice; Li, Qi; Mangalampalli, Anil; Greim, Julie; Eskin, Michael S.; Housman, Dan; Isikoff, Jeremy; Abend, Aaron H.; Middleton, Blackford; Einbinder, Jonathan S.

2006-01-01

Quality reporting tools, integrated with ambulatory electronic health records, can help clinicians and administrators understand performance, manage populations, and improve quality. Report Central is a secure web report delivery tool built on Crystal Reports XI™ and ASP.NET technologies. Pilot evaluation of Report Central indicates that clinicians prefer a quality reporting tool that is integrated with our home-grown EHR to support clinical workflow. PMID:17238590

When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: A cybersecurity risk assessment checklist.

PubMed

Blanke, Sandra J; McGrady, Elizabeth

2016-07-01

Health care stakeholders are concerned about the growing risk of protecting sensitive patient health information from breaches. The Federal Emergency Management Agency (FEMA) has identified cyber attacks as an emerging concern, and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) have increased security requirements and are enforcing compliance through stiff financial penalties. The purpose of this study is to describe health care breaches of protected information, analyze the hazards and vulnerabilities of reported breach cases, and prescribe best practices of managing risk through security controls and countermeasures. Prescriptive findings were used to construct a checklist tool to assess and monitor common risks. This research uses a case methodology to describe specific examples of the 3 major types of cyber breach hazards: portable device, insider, and physical breaches. We utilize a risk management framework to prescribe preventative actions that organizations can take to assess, analyze, and mitigate these risks. The health care sector has the largest number of reported breaches, with 3 major types: portable device, insider, and physical breaches. Analysis of actual cases indicates security gaps requiring prescriptive fixes based on "best practices." Our research culminates in a 25-item checklist that organizations can use to assess existing practices and identify security gaps requiring improvement. © 2016 American Society for Healthcare Risk Management of the American Hospital Association.

Efficient Aviation Security: Strengthening the Analytic Foundation for Making Air Transportation Security Decisions

DTIC Science & Technology

2012-01-01

Martin B. Zimmerman, “Market Incentives for Safe Commercial Airline Operation,” American Economic Review, Vol. 78, No. 5, 1988, pp. 913–935. Bosch...Modeling,” in Stuart Johnson, Martin C. Libicki, and Gregory F. Treverton, eds., New Challenges, New Tools for Defense Decisionmaking, Santa Monica, Calif...677–725. Persico, Nicola, and Petra E. Todd, “Passenger Profiling, Imperfect Screening, and Airport Security,” American Economic Review, Vol. 95

A Dedicated Computational Platform for Cellular Monte Carlo T-CAD Software Tools

DTIC Science & Technology

2015-07-14

computer that establishes an encrypted Virtual Private Network ( OpenVPN [44]) based on the Secure Socket Layer (SSL) paradigm. Each user is given a...security certificate for each device used to connect to the computing nodes. Stable OpenVPN clients are available for Linux, Microsoft Windows, Apple OSX...platform is granted by an encrypted connection base on the Secure Socket Layer (SSL) protocol, and implemented in the OpenVPN Virtual Personal Network

Sensor Based Framework for Secure Multimedia Communication in VANET

PubMed Central

Rahim, Aneel; Khan, Zeeshan Shafi; Bin Muhaya, Fahad T.; Sher, Muhammad; Kim, Tai-Hoon

2010-01-01

Secure multimedia communication enhances the safety of passengers by providing visual pictures of accidents and danger situations. In this paper we proposed a framework for secure multimedia communication in Vehicular Ad-Hoc Networks (VANETs). Our proposed framework is mainly divided into four components: redundant information, priority assignment, malicious data verification and malicious node verification. The proposed scheme jhas been validated with the help of the NS-2 network simulator and the Evalvid tool. PMID:22163462

Security Broker—A Complementary Tool for SOA Security

NASA Astrophysics Data System (ADS)

Kamatchi, R.; Rakshit, Atanu

2011-09-01

The Service Oriented Architecture along with web services is providing a new dimension to the world of reusability and resource sharing. The services developed by a creator can be used by any service consumers from anywhere despite of their platforms used. This open nature of the SOA architecture is also raising the issues of security at various levels of usage. This is paper is discussing on the implementation benefits of a service broker with the Service Oriented Architecture.

MDA-based EHR application security services.

PubMed

Blobel, Bernd; Pharow, Peter

2004-01-01

Component-oriented, distributed, virtual EHR systems have to meet enhanced security and privacy requirements. In the context of advanced architectural paradigms such as component-orientation, model-driven, and knowledge-based, standardised security services needed have to be specified and implemented in an integrated way following the same paradigm. This concerns the deployment of formal models, meta-languages, reference models such as the ISO RM-ODP, and development as well as implementation tools. International projects' results presented proceed on that streamline.

The Enterprise 2.0 Concept: Challenges on Data and Information Security

NASA Astrophysics Data System (ADS)

Silva, Ana; Moreira, Fernando; Varajão, João

The Web 2.0 wave has "hit" businesses all over the world, with companies taking advantage of the 2.0 concept and new applications stimulating collaboration between employees, and also with external partners (suppliers, contractors, universities, R&D organizations and others). However, the use of Web 2.0 applications inside organizations has created additional security challenges, especially regarding data and information security. Companies need to be aware of these risks when deploying the 2.0 concept and take a proactive approach on security. In this paper are identified and discussed some of the challenges and risks of the use of Web 2.0 tools, namely when it comes to securing companies' intellectual property.

A data mining approach to intelligence operations

NASA Astrophysics Data System (ADS)

Memon, Nasrullah; Hicks, David L.; Harkiolakis, Nicholas

2008-03-01

In this paper we examine the latest thinking, approaches and methodologies in use for finding the nuggets of information and subliminal (and perhaps intentionally hidden) patterns and associations that are critical to identify criminal activity and suspects to private and government security agencies. An emphasis in the paper is placed on Social Network Analysis and Investigative Data Mining, and the use of these technologies in the counterterrorism domain. Tools and techniques from both areas are described, along with the important tasks for which they can be used to assist with the investigation and analysis of terrorist organizations. The process of collecting data about these organizations is also considered along with the inherent difficulties that are involved.

Human and climate impact on global riverine water and sediment fluxes - a distributed analysis

NASA Astrophysics Data System (ADS)

Cohen, S.; Kettner, A.; Syvitski, J. P.

2013-05-01

Understanding riverine water and sediment dynamics is an important undertaking for both socially-relevant issues such as agriculture, water security and infrastructure management and for scientific analysis of climate, landscapes, river ecology, oceanography and other disciplines. Providing good quantitative and predictive tools in therefore timely particularly in light of predicted climate and landuse changes. The intensity and dynamics between man-made and climatic factors vary widely across the globe and are therefore hard to predict. Using sophisticated numerical models is therefore warranted. Here we use a distributed global riverine sediment and water discharge model (WBMsed) to simulate human and climate effect on our planet's large rivers.

Geospatial analysis based on GIS integrated with LADAR.

PubMed

Fetterman, Matt R; Freking, Robert; Fernandez-Cull, Christy; Hinkle, Christopher W; Myne, Anu; Relyea, Steven; Winslow, Jim

2013-10-07

In this work, we describe multi-layered analyses of a high-resolution broad-area LADAR data set in support of expeditionary activities. High-level features are extracted from the LADAR data, such as the presence and location of buildings and cars, and then these features are used to populate a GIS (geographic information system) tool. We also apply line-of-sight (LOS) analysis to develop a path-planning module. Finally, visualization is addressed and enhanced with a gesture-based control system that allows the user to navigate through the enhanced data set in a virtual immersive experience. This work has operational applications including military, security, disaster relief, and task-based robotic path planning.

NASA Blue Team: Determining Operational Security Posture of Critical Systems and Networks

NASA Technical Reports Server (NTRS)

Alley, Adam David

2016-01-01

Emergence of Cybersecurity has increased the focus on security risks to Information Technology (IT) assets going beyond traditional Information Assurance (IA) concerns: More sophisticated threats have emerged from increasing sources as advanced hacker tools and techniques have emerged and proliferated to broaden the attack surface available across globally interconnected networks.

Command Inspections - A Self-Evaluation Approach

DTIC Science & Technology

1988-03-30

Tool in the Air Force," Air Wa’ Collg •e Report go. AV-A C-85J174, Air University, United States Air Force, Maxwell AFB, Alabama, Kay 1985, r)p. 1-40...Safety and Fire Prevention 3. Physical Security and Crime Prevention 4. Information and Personnel Security 5, Operations 6. Training 7. Nuclear

I-WASTE: EPA’s Suite of Homeland Security Decision Support Tools for the Waste and Disaster Debris Management and Disposal

EPA Science Inventory

In the U.S., a single comprehensive approach to all-hazards domestic incident management has been established by the Department of Homeland Security through the National Response Framework. This helps prevent, prepare for, respond to, and recover from terrorist attacks, major di...

Android Based Mobile Apps for Information Security Hands-On Education

ERIC Educational Resources Information Center

Trabelsi, Zouheir; Al Matrooshi, Mohammed; Al Bairaq, Saeed; Ibrahim, Walid; Masud, Mohammad M.

2017-01-01

As mobile devices grow increasingly in popularity within the student community, novel educational activities and tools, as well as learning approaches can be developed to get benefit from this prevalence of mobile devices (e.g. mobility and closeness to students' daily lives). Particularly, information security education should reflect the current…

Reliability, Compliance, and Security in Web-Based Course Assessments

ERIC Educational Resources Information Center

Bonham, Scott

2008-01-01

Pre- and postcourse assessment has become a very important tool for education research in physics and other areas. The web offers an attractive alternative to in-class paper administration, but concerns about web-based administration include reliability due to changes in medium, student compliance rates, and test security, both question leakage…

Situated Usability Testing for Security Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Greitzer, Frank L.

2011-03-02

While usability testing is well established, assessing the usability of security software, tools, or methods deserves more careful consideration. It has been argued that dealing with security has become too difficult for individuals or organizations to manage effectively or to use conveniently. As difficult as it is for system administrators and developers to deal with, security is even more challenging for casual users. Indeed, it is much too easy for casual/home users to configure the security of their systems in non-optimal ways that leave their systems inadvertently insecure. This is exacerbated by the fact that casual users are focused onmore » matters other than security, and likely would prefer not even to think about security. This brief report argues that when security and/or privacy are part of the equation, traditional methods for usability testing should be re-considered. The purpose of this brief report is to argue for and outline a method associated with a new approach to usability testing for examining usable security issues.« less

I-WASTE: EPA's Suite of Homeland Security Decision Support ...

EPA Pesticide Factsheets

In the U.S., a single comprehensive approach to all-hazards domestic incident management has been established by the Department of Homeland Security through the National Response Framework. This helps prevent, prepare for, respond to, and recover from terrorist attacks, major disasters, and other emergencies. A significant component of responding to and recovering from wide-area or isolated events, whether natural, accidental, or intentional, is the management of waste resulting from the incident itself or from activities cleaning up after the incident. To facilitate the proper management of incident-derived waste, EPA developed the Incident Waste Assessment and Tonnage Estimator (I-WASTE). I-WASTE was developed by the U.S. EPA’s Homeland Security Research Program in partnership with EPA program and regional offices, other U.S. government agencies, industry, and state and local emergency response programs. Presenting the disaster waste tool at the ORD Tools Café held in EPA Region 7th on Dec 9th.

19 CFR 145.34 - Personal and household effects and tools of trade.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 19 Customs Duties 2 2011-04-01 2011-04-01 false Personal and household effects and tools of trade. 145.34 Section 145.34 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY (CONTINUED) MAIL IMPORTATIONS Special Classes of Merchandise § 145.34 Personal and household effects and tools of...

19 CFR 145.34 - Personal and household effects and tools of trade.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 19 Customs Duties 2 2010-04-01 2010-04-01 false Personal and household effects and tools of trade. 145.34 Section 145.34 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY (CONTINUED) MAIL IMPORTATIONS Special Classes of Merchandise § 145.34 Personal and household effects and tools of...

19 CFR 145.34 - Personal and household effects and tools of trade.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 19 Customs Duties 2 2012-04-01 2012-04-01 false Personal and household effects and tools of trade. 145.34 Section 145.34 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY (CONTINUED) MAIL IMPORTATIONS Special Classes of Merchandise § 145.34 Personal and household effects and tools of...

19 CFR 145.34 - Personal and household effects and tools of trade.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 19 Customs Duties 2 2013-04-01 2013-04-01 false Personal and household effects and tools of trade. 145.34 Section 145.34 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY (CONTINUED) MAIL IMPORTATIONS Special Classes of Merchandise § 145.34 Personal and household effects and tools of...

3D Face Generation Tool Candide for Better Face Matching in Surveillance Video

DTIC Science & Technology

2014-07-01

Safety and Security Program (CSSP) which is led by Defence Research and Development Canada’s Centre for Security Science, in partnership with Public ...by the Minister of National Defence, 2014 © Sa Majesté la Reine (en droit du Canada), telle que représentée par le ministre de la Défense nationale... public safety and security practitioners to achieve specific objectives; 4. Threats/Hazards F – Major trans-border criminal activity – e.g. smuggling

Believing Your Eyes: Strengthening the Reliability of Tags and Seals

DOE Office of Scientific and Technical Information (OSTI.GOV)

Brim, Cornelia P.; Denlinger, Laura S.

2013-07-01

NNSA’s Office of Nonproliferation and International Security (NIS) is working together with scientific experts at the DOE national laboratories to develop the tools needed to safeguard and secure nuclear material from diversion, theft, and sabotage--tasks critical to support future arms control treaties that may involve the new challenge of monitoring nuclear weapons dismantlement. Use of optically stimulated luminescent material is one method to enhance the security and robustness of existing tamper indicating devices such as tags and seals.

A web-based information system for management and analysis of patient data after refractive eye surgery.

PubMed

Zuberbuhler, Bruno; Galloway, Peter; Reddy, Aravind; Saldana, Manuel; Gale, Richard

2007-12-01

The aim was to develop a software tool for refractive surgeons using a standard user-friendly web-based interface, providing the user with a secure environment to protect large volumes of patient data. The software application was named "Internet-based refractive analysis" (IBRA), and was programmed with the computer languages PHP, HTML and JavaScript, attached to the opensource MySQL database. IBRA facilitated internationally accepted presentation methods including the stability chart, the predictability chart and the safety chart; it was able to perform vector analysis for the course of a single patient or for group data. With the integrated nomogram calculation, treatment could be customised to reduce the postoperative refractive error. Multicenter functions permitted quality-control comparisons between different surgeons and laser units.

Use of application containers and workflows for genomic data analysis.

PubMed

Schulz, Wade L; Durant, Thomas J S; Siddon, Alexa J; Torres, Richard

2016-01-01

The rapid acquisition of biological data and development of computationally intensive analyses has led to a need for novel approaches to software deployment. In particular, the complexity of common analytic tools for genomics makes them difficult to deploy and decreases the reproducibility of computational experiments. Recent technologies that allow for application virtualization, such as Docker, allow developers and bioinformaticians to isolate these applications and deploy secure, scalable platforms that have the potential to dramatically increase the efficiency of big data processing. While limitations exist, this study demonstrates a successful implementation of a pipeline with several discrete software applications for the analysis of next-generation sequencing (NGS) data. With this approach, we significantly reduced the amount of time needed to perform clonal analysis from NGS data in acute myeloid leukemia.

Design, implementation and migration of security systems as an extreme project.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Scharmer, Carol; Trujillo, David

2010-08-01

Decision Trees, algorithms, software code, risk management, reports, plans, drawings, change control, presentations, and analysis - all useful tools and efforts but time consuming, resource intensive, and potentially costly for projects that have absolute schedule and budget constraints. What are necessary and prudent efforts when a customer calls with a major security problem that needs to be fixed with a proven, off-the-approval-list, multi-layered integrated system with high visibility and limited funding and expires at the end of the Fiscal Year? Whether driven by budget cycles, safety, or by management decree, many such projects begin with generic scopes and funding allocatedmore » based on a rapid management 'guestimate.' Then a Project Manager (PM) is assigned a project with a predefined and potentially limited scope, compressed schedule, and potentially insufficient funding. The PM is tasked to rapidly and cost effectively coordinate a requirements-based design, implementation, test, and turnover of a fully operational system to the customer, all while the customer is operating and maintaining an existing security system. Many project management manuals call this an impossible project that should not be attempted. However, security is serious business and the reality is that rapid deployment of proven systems via an 'Extreme Project' is sometimes necessary. Extreme Projects can be wildly successful but require a dedicated team of security professionals lead by an experienced project manager using a highly-tailored and agile project management process with management support at all levels, all combined with significant interface with the customer. This paper does not advocate such projects or condone eliminating the valuable analysis and project management techniques. Indeed, having worked on a well-planned project provides the basis for experienced team members to complete Extreme Projects. This paper does, however, provide insight into what it takes for projects to be successfully implemented and accepted when completed under extreme conditions.« less

Design implementation and migration of security systems as an extreme project.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Scharmer, Carol

2010-10-01

Decision Trees, algorithms, software code, risk management, reports, plans, drawings, change control, presentations, and analysis - all useful tools and efforts but time consuming, resource intensive, and potentially costly for projects that have absolute schedule and budget constraints. What are necessary and prudent efforts when a customer calls with a major security problem that needs to be fixed with a proven, off-the-approval-list, multi-layered integrated system with high visibility and limited funding and expires at the end of the Fiscal Year? Whether driven by budget cycles, safety, or by management decree, many such projects begin with generic scopes and funding allocatedmore » based on a rapid management 'guestimate.' Then a Project Manager (PM) is assigned a project with a predefined and potentially limited scope, compressed schedule, and potentially insufficient funding. The PM is tasked to rapidly and cost effectively coordinate a requirements-based design, implementation, test, and turnover of a fully operational system to the customer, all while the customer is operating and maintaining an existing security system. Many project management manuals call this an impossible project that should not be attempted. However, security is serious business and the reality is that rapid deployment of proven systems via an 'Extreme Project' is sometimes necessary. Extreme Projects can be wildly successful but require a dedicated team of security professionals lead by an experienced project manager using a highly-tailored and agile project management process with management support at all levels, all combined with significant interface with the customer. This paper does not advocate such projects or condone eliminating the valuable analysis and project management techniques. Indeed, having worked on a well-planned project provides the basis for experienced team members to complete Extreme Projects. This paper does, however, provide insight into what it takes for projects to be successfully implemented and accepted when completed under extreme conditions.« less

Numerical Propulsion System Simulation

NASA Technical Reports Server (NTRS)

Naiman, Cynthia

2006-01-01

The NASA Glenn Research Center, in partnership with the aerospace industry, other government agencies, and academia, is leading the effort to develop an advanced multidisciplinary analysis environment for aerospace propulsion systems called the Numerical Propulsion System Simulation (NPSS). NPSS is a framework for performing analysis of complex systems. The initial development of NPSS focused on the analysis and design of airbreathing aircraft engines, but the resulting NPSS framework may be applied to any system, for example: aerospace, rockets, hypersonics, power and propulsion, fuel cells, ground based power, and even human system modeling. NPSS provides increased flexibility for the user, which reduces the total development time and cost. It is currently being extended to support the NASA Aeronautics Research Mission Directorate Fundamental Aeronautics Program and the Advanced Virtual Engine Test Cell (AVETeC). NPSS focuses on the integration of multiple disciplines such as aerodynamics, structure, and heat transfer with numerical zooming on component codes. Zooming is the coupling of analyses at various levels of detail. NPSS development includes capabilities to facilitate collaborative engineering. The NPSS will provide improved tools to develop custom components and to use capability for zooming to higher fidelity codes, coupling to multidiscipline codes, transmitting secure data, and distributing simulations across different platforms. These powerful capabilities extend NPSS from a zero-dimensional simulation tool to a multi-fidelity, multidiscipline system-level simulation tool for the full development life cycle.

Can trainees design and deliver a national audit of epistaxis management? A pilot of a secure web-based audit tool and research trainee collaboratives.

PubMed

Mehta, N; Williams, R J; Smith, M E; Hall, A; Hardman, J C; Cheung, L; Ellis, M P; Fussey, J M; Lakhani, R; McLaren, O; Nankivell, P C; Sharma, N; Yeung, W; Carrie, S; Hopkins, C

2017-06-01

To investigate the feasibility of a national audit of epistaxis management led and delivered by a multi-region trainee collaborative using a web-based interface to capture patient data. Six trainee collaboratives across England nominated one site each and worked together to carry out this pilot. An encrypted data capture tool was adapted and installed within the infrastructure of a university secure server. Site-lead feedback was assessed through questionnaires. Sixty-three patients with epistaxis were admitted over a two-week period. Site leads reported an average of 5 minutes to complete questionnaires and described the tool as easy to use. Data quality was high, with little missing data. Site-lead feedback showed high satisfaction ratings for the project (mean, 4.83 out of 5). This pilot showed that trainee collaboratives can work together to deliver an audit using an encrypted data capture tool cost-effectively, whilst maintaining the highest levels of data quality.

Coping with terrorism

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kerr, D.M.

1985-01-01

Terrorism has emerged as a tool of low-intensity conflict used to undermine Western and moderate governments. There is evidence that the US faces a new threshold of terrorist threat both at home and abroad because the tools are available, media attention is global and often undisciplined, and the motives for terrorist attack span a wide spectrum. The US has no internal consensus of how to respond to acts of terrorism. The goal of the terrorists is to erode faith in the government and the democratic system. The author analyzes the threat and examines opportunities for an adequate response. Among hismore » recommendations are to make infrastructure networks more robust and less vulnerable, the use of new technologies that enhance security, clear guidelines for intelligence gathering and analysis, specially trained response forces, and political moderation and cooperation.« less

Monte Carlo Simulation Tool Installation and Operation Guide

DOE Office of Scientific and Technical Information (OSTI.GOV)

Aguayo Navarrete, Estanislao; Ankney, Austin S.; Berguson, Timothy J.

2013-09-02

This document provides information on software and procedures for Monte Carlo simulations based on the Geant4 toolkit, the ROOT data analysis software and the CRY cosmic ray library. These tools have been chosen for its application to shield design and activation studies as part of the simulation task for the Majorana Collaboration. This document includes instructions for installation, operation and modification of the simulation code in a high cyber-security computing environment, such as the Pacific Northwest National Laboratory network. It is intended as a living document, and will be periodically updated. It is a starting point for information collection bymore » an experimenter, and is not the definitive source. Users should consult with one of the authors for guidance on how to find the most current information for their needs.« less

Embossing of optical document security devices

NASA Astrophysics Data System (ADS)

Muke, Sani

2004-06-01

Embossing in the transparent window area of polymer banknotes, such as those seen on the Australian, New Zealand and Romanian currencies, have enormous potential for the development of novel optical security devices. The intaglio printing process can provide an efficient means for embossing of optical security structures such as micro lenses. Embossed micro lens arrays in the transparent window of a polymer banknote can be folded over a corresponding printed image array elsewhere on the note to reveal a series of moire magnified images. Analysis of samples of embossed micro lenses showed that the engraving side and impression side had a similar embossed profile. The embossed micro lens profiles were modelled using Optalix-LX commercial optical ray tracing software in order to determine the focal length of the lenses and compare with the focal length of desired embossed lenses. A fundamental understanding of how the polymer deforms during the embossing process is critical towards developing a micro lens embossing tool which can achieve the desired embossed micro lenses. This work also looks at extending the early research of the Intaglio Research Group (IRG) to better understand the embossibility of polymer substrates such as biaxially oriented polypropylene (BOPP).

Competition in the domain of wireless networks security

NASA Astrophysics Data System (ADS)

Bednarczyk, Mariusz

2017-04-01

Wireless networks are very popular and have found wide spread usage amongst various segments, also in military environment. The deployment of wireless infrastructures allow to reduce the time it takes to install and dismantle communications networks. With wireless, users are more mobile and can easily get access to the network resources all the time. However, wireless technologies like WiFi or Bluetooth have security issues that hackers have extensively exploited over the years. In the paper several serious security flaws in wireless technologies are presented. Most of them enable to get access to the internal networks and easily carry out man-in-the-middle attacks. Very often, they are used to launch massive denial of service attacks that target the physical infrastructure as well as the RF spectrum. For instance, there are well known instances of Bluetooth connection spoofing in order to steal WiFi password stored in the mobile device. To raise the security awareness and protect wireless networks against an adversary attack, an analysis of attack methods and tools over time is presented in the article. The particular attention is paid to the severity, possible targets as well as the ability to persist in the context of protective measures. Results show that an adversary can take complete control of the victims' mobile device features if the users forget to use simple safety principles.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Baker, Arnold Barry; Backus, George A.; Romig, Alton Dale, Jr.

Climate change is a long-term process that will trigger a range of multi-dimensional demographic, economic, geopolitical, and national security issues with many unknowns and significant uncertainties. At first glance, climate-change-related national security dimensions seem far removed from today's major national security threats. Yet climate change has already set in motion forces that will require U.S. attention and preparedness. The extent and uncertainty associated with these situations necessitate a move away from conventional security practices, toward a small but flexible portfolio of assets to maintain U.S. interests. Thoughtful action is required now if we are to acquire the capabilities, tools, systems,more » and institutions needed to meet U.S. national security requirements as they evolve with the emerging stresses and shifts of climate change.« less

Review of July 2013 Nuclear Security Insider Threat Exercise November 2013

DOE Office of Scientific and Technical Information (OSTI.GOV)

Pederson, Ann C.; Snow, Catherine L.; Townsend, Jeremy

2013-11-01

This document is a review of the Nuclear Security Insider Threat Exercise which was hosted at ORNL in July 2013. Nuclear security culture and the insider threat are best learned through experience. Culture is inherently difficult to teach, and as such is best learned through modeled behaviors and learning exercise. This TTX, NSITE, is a tool that strives to aid students in learning what an effective (and ineffective) nuclear security culture might look like by simulating dynamic events that strengthen or weaken the nuclear security regime. The goals of NSITE are to stimulate complex thought and discussion and assist decisionmore » makers and management in determining the most effective policies and procedures for their country or facility.« less

Epiviz: a view inside the design of an integrated visual analysis software for genomics

PubMed Central

2015-01-01

Background Computational and visual data analysis for genomics has traditionally involved a combination of tools and resources, of which the most ubiquitous consist of genome browsers, focused mainly on integrative visualization of large numbers of big datasets, and computational environments, focused on data modeling of a small number of moderately sized datasets. Workflows that involve the integration and exploration of multiple heterogeneous data sources, small and large, public and user specific have been poorly addressed by these tools. In our previous work, we introduced Epiviz, which bridges the gap between the two types of tools, simplifying these workflows. Results In this paper we expand on the design decisions behind Epiviz, and introduce a series of new advanced features that further support the type of interactive exploratory workflow we have targeted. We discuss three ways in which Epiviz advances the field of genomic data analysis: 1) it brings code to interactive visualizations at various different levels; 2) takes the first steps in the direction of collaborative data analysis by incorporating user plugins from source control providers, as well as by allowing analysis states to be shared among the scientific community; 3) combines established analysis features that have never before been available simultaneously in a genome browser. In our discussion section, we present security implications of the current design, as well as a series of limitations and future research steps. Conclusions Since many of the design choices of Epiviz are novel in genomics data analysis, this paper serves both as a document of our own approaches with lessons learned, as well as a start point for future efforts in the same direction for the genomics community. PMID:26328750

Revolving drug funds: a step towards health security.

PubMed Central

Umenai, T.; Narula, I. S.

1999-01-01

The establishment of a revolving drug fund project in Viet Nam is described and the factors responsible for its success are considered. As well as being a tool for cost recovery a revolving drug fund can serve as an entry point for strengthening health care and improving health security at local and district level. PMID:10083717

Banana MaMADS transcription factors are necessary for fruit ripening and molecular tools to promote shelf-life and food security

USDA-ARS?s Scientific Manuscript database

Genetic solutions to postharvest crop loss can reduce cost and energy inputs while increasing food security, especially for banana (Musa acuminata), which is a significant component of worldwide food commerce. We have functionally characterized two banana E class (SEPALLATA3 [SEP3]) MADS box genes, ...

A systems science perspective and transdisciplinary models for food and nutrition security

PubMed Central

Hammond, Ross A.; Dubé, Laurette

2012-01-01

We argue that food and nutrition security is driven by complex underlying systems and that both research and policy in this area would benefit from a systems approach. We present a framework for such an approach, examine key underlying systems, and identify transdisciplinary modeling tools that may prove especially useful. PMID:22826247

3D Digital Legos for Teaching Security Protocols

ERIC Educational Resources Information Center

Yu, Li; Harrison, L.; Lu, Aidong; Li, Zhiwei; Wang, Weichao

2011-01-01

We have designed and developed a 3D digital Lego system as an education tool for teaching security protocols effectively in Information Assurance courses (Lego is a trademark of the LEGO Group. Here, we use it only to represent the pieces of a construction set.). Our approach applies the pedagogical methods learned from toy construction sets by…

Using History to Save Our Nation

ERIC Educational Resources Information Center

Bryant, James A., Jr.

2005-01-01

In this article, the author presents how the tools and skills of a historian has made it possible to hold accountable the executive branch of the federal government in the 9/11 terrorist attacks in New York City and Washington DC. Historian Philip Zelig made it possible to secure the testimony of National Security Advisor Condoleeza Rice--a…

Visual analysis of online social media to open up the investigation of stance phenomena

PubMed Central

Kucher, Kostiantyn; Schamp-Bjerede, Teri; Kerren, Andreas; Paradis, Carita; Sahlgren, Magnus

2015-01-01

Online social media are a perfect text source for stance analysis. Stance in human communication is concerned with speaker attitudes, beliefs, feelings and opinions. Expressions of stance are associated with the speakers' view of what they are talking about and what is up for discussion and negotiation in the intersubjective exchange. Taking stance is thus crucial for the social construction of meaning. Increased knowledge of stance can be useful for many application fields such as business intelligence, security analytics, or social media monitoring. In order to process large amounts of text data for stance analyses, linguists need interactive tools to explore the textual sources as well as the processed data based on computational linguistics techniques. Both original texts and derived data are important for refining the analyses iteratively. In this work, we present a visual analytics tool for online social media text data that can be used to open up the investigation of stance phenomena. Our approach complements traditional linguistic analysis techniques and is based on the analysis of utterances associated with two stance categories: sentiment and certainty. Our contributions include (1) the description of a novel web-based solution for analyzing the use and patterns of stance meanings and expressions in human communication over time; and (2) specialized techniques used for visualizing analysis provenance and corpus overview/navigation. We demonstrate our approach by means of text media on a highly controversial scandal with regard to expressions of anger and provide an expert review from linguists who have been using our tool. PMID:29249903

Visual analysis of online social media to open up the investigation of stance phenomena.

PubMed

Kucher, Kostiantyn; Schamp-Bjerede, Teri; Kerren, Andreas; Paradis, Carita; Sahlgren, Magnus

2016-04-01

Online social media are a perfect text source for stance analysis. Stance in human communication is concerned with speaker attitudes, beliefs, feelings and opinions. Expressions of stance are associated with the speakers' view of what they are talking about and what is up for discussion and negotiation in the intersubjective exchange. Taking stance is thus crucial for the social construction of meaning. Increased knowledge of stance can be useful for many application fields such as business intelligence, security analytics, or social media monitoring. In order to process large amounts of text data for stance analyses, linguists need interactive tools to explore the textual sources as well as the processed data based on computational linguistics techniques. Both original texts and derived data are important for refining the analyses iteratively. In this work, we present a visual analytics tool for online social media text data that can be used to open up the investigation of stance phenomena. Our approach complements traditional linguistic analysis techniques and is based on the analysis of utterances associated with two stance categories: sentiment and certainty. Our contributions include (1) the description of a novel web-based solution for analyzing the use and patterns of stance meanings and expressions in human communication over time; and (2) specialized techniques used for visualizing analysis provenance and corpus overview/navigation. We demonstrate our approach by means of text media on a highly controversial scandal with regard to expressions of anger and provide an expert review from linguists who have been using our tool.

77 FR 33227 - Assessment Questionnaire-IP Sector Specific Agency Risk Self Assessment Tool (IP-SSARSAT)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-05

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0069] Assessment Questionnaire--IP Sector Specific Agency Risk Self Assessment Tool (IP-SSARSAT) AGENCY: National Protection and Programs Directorate...), Office of Infrastructure Protection (IP), Sector Outreach and Programs Division (SOPD), previously named...

76 FR 81955 - Assessment Questionnaire-IP Sector Specific Agency Risk Self Assessment Tool (IP-SSARSAT)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-29

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0069] Assessment Questionnaire--IP Sector Specific Agency Risk Self Assessment Tool (IP-SSARSAT) AGENCY: National Protection and Programs Directorate...), Office of Infrastructure Protection (IP), Sector Specific Agency Executive Management Office (SSA EMO...

Health services analysis as a tool for evidence-based policy decisions: the case of the Ministry of Health and Social Security in Mexico.

PubMed

Kroeger, Axel; Hernandez, Juan Manuel

2003-12-01

To describe the strengths and weaknesses of two Mexican health care providers for poor populations [Ministry of Health (MoH) and Social Security (SS)] in order to facilitate policy decisions about the future of the two systems. In four Mexican states we conducted (i) a household interview survey in 10 724 households; (ii) a user satisfaction survey in 1319 households; (iii) a satisfaction survey of 236 health workers; (iv) in-depth interviews with 190 health workers; (v) 188 focus-group discussions with different population groups; (vi) a document analysis. Both systems serve populations with similar characteristics of poverty. The availability of resources was better in the MoH system; SS care was better concerning process indicators (family planning, antenatal care; in-service delivery of drugs, staff productivity, user satisfaction and staff motivation), efficiency and effectiveness (reduction of morbidity and mortality). Possible explanatory factors for the better performance of the SS system were strong supervision, regular communication, joint data analysis and annual population surveys. Better service organization makes a difference regarding efficiency and effectiveness. Policy-makers, deciding on which kind of health services are best for the poor, should take into account health services' analyses.

Use of Emerging Grid Computing Technologies for the Analysis of LIGO Data

NASA Astrophysics Data System (ADS)

Koranda, Scott

2004-03-01

The LIGO Scientific Collaboration (LSC) today faces the challenge of enabling analysis of terabytes of LIGO data by hundreds of scientists from institutions all around the world. To meet this challenge the LSC is developing tools, infrastructure, applications, and expertise leveraging Grid Computing technologies available today, and making available to LSC scientists compute resources at sites across the United States and Europe. We use digital credentials for strong and secure authentication and authorization to compute resources and data. Building on top of products from the Globus project for high-speed data transfer and information discovery we have created the Lightweight Data Replicator (LDR) to securely and robustly replicate data to resource sites. We have deployed at our computing sites the Virtual Data Toolkit (VDT) Server and Client packages, developed in collaboration with our partners in the GriPhyN and iVDGL projects, providing uniform access to distributed resources for users and their applications. Taken together these Grid Computing technologies and infrastructure have formed the LSC DataGrid--a coherent and uniform environment across two continents for the analysis of gravitational-wave detector data. Much work, however, remains in order to scale current analyses and recent lessons learned need to be integrated into the next generation of Grid middleware.

Simple protocols for oblivious transfer and secure identification in the noisy-quantum-storage model

DOE Office of Scientific and Technical Information (OSTI.GOV)

Schaffner, Christian

2010-09-15

We present simple protocols for oblivious transfer and password-based identification which are secure against general attacks in the noisy-quantum-storage model as defined in R. Koenig, S. Wehner, and J. Wullschleger [e-print arXiv:0906.1030]. We argue that a technical tool from Koenig et al. suffices to prove security of the known protocols. Whereas the more involved protocol for oblivious transfer from Koenig et al. requires less noise in storage to achieve security, our ''canonical'' protocols have the advantage of being simpler to implement and the security error is easier control. Therefore, our protocols yield higher OT rates for many realistic noise parameters.more » Furthermore, a proof of security of a direct protocol for password-based identification against general noisy-quantum-storage attacks is given.« less

Application of telecom planar lightwave circuits for homeland security sensing

NASA Astrophysics Data System (ADS)

Veldhuis, Gert J.; Elders, Job; van Weerden, Harm; Amersfoort, Martin

2004-03-01

Over the past decade, a massive effort has been made in the development of planar lightwave circuits (PLCs) for application in optical telecommunications. Major advances have been made, on both the technological and functional performance front. Highly sophisticated software tools that are used to tailor designs to required functional performance support these developments. In addition extensive know-how in the field of packaging, testing, and failure mode and effects analysis (FMEA) has been built up in the struggle for meeting the stringent Telcordia requirements that apply to telecom products. As an example, silica-on-silicon is now a mature technology available at several industrial foundries around the world, where, on the performance front, the arrayed-waveguide grating (AWG) has evolved into an off-the-shelf product. The field of optical chemical-biological (CB) sensors for homeland security application can greatly benefit from the advances as described above. In this paper we discuss the currently available technologies, device concepts, and modeling tools that have emerged from the telecommunications arena and that can effectively be applied to the field of homeland security. Using this profound telecom knowledge base, standard telecom components can readily be tailored for detecting CB agents. Designs for telecom components aim at complete isolation from the environment to exclude impact of environmental parameters on optical performance. For sensing applications, the optical path must be exposed to the measurand, in this area additional development is required beyond what has already been achieved in telecom development. We have tackled this problem, and are now in a position to apply standard telecom components for CB sensing. As an example, the application of an AWG as a refractometer is demonstrated, and its performance evaluated.

Interpreting User's Choice of Technologies: A Quantitative Research on Choosing the Best Web-Based Communication Tools

ERIC Educational Resources Information Center

Adebiaye, Richmond

2010-01-01

The proliferation of web-based communication tools like email clients vis-a-vis Yahoo mail, Gmail, and Hotmail have led to new innovations in web-based communication. Email users benefit greatly from this technology, but lack of security of these tools can put users at risk of loss of privacy, including identity theft, corporate espionage, and…

The Development and Pilot Testing of the Marijuana Retail Surveillance Tool (MRST): Assessing Marketing and Point-of-Sale Practices among Recreational Marijuana Retailers

ERIC Educational Resources Information Center

Berg, Carla J.; Henriksen, Lisa; Cavazos-Rehg, Patricia; Schauer, Gillian L.; Freisthler, Bridget

2017-01-01

As recreational marijuana expands, it is critical to develop standardized surveillance measures to study the retail environment. To this end, our research team developed and piloted a tool assessing recreational marijuana retailers in a convenience sample of 20 Denver retailers in 2016. The tool assesses: (i) compliance and security (e.g.…

LabKey Server NAb: A tool for analyzing, visualizing and sharing results from neutralizing antibody assays

PubMed Central

2011-01-01

Background Multiple types of assays allow sensitive detection of virus-specific neutralizing antibodies. For example, the extent of antibody neutralization of HIV-1, SIV and SHIV can be measured in the TZM-bl cell line through the degree of luciferase reporter gene expression after infection. In the past, neutralization curves and titers for this standard assay have been calculated using an Excel macro. Updating all instances of such a macro with new techniques can be unwieldy and introduce non-uniformity across multi-lab teams. Using Excel also poses challenges in centrally storing, sharing and associating raw data files and results. Results We present LabKey Server's NAb tool for organizing, analyzing and securely sharing data, files and results for neutralizing antibody (NAb) assays, including the luciferase-based TZM-bl NAb assay. The customizable tool supports high-throughput experiments and includes a graphical plate template designer, allowing researchers to quickly adapt calculations to new plate layouts. The tool calculates the percent neutralization for each serum dilution based on luminescence measurements, fits a range of neutralization curves to titration results and uses these curves to estimate the neutralizing antibody titers for benchmark dilutions. Results, curve visualizations and raw data files are stored in a database and shared through a secure, web-based interface. NAb results can be integrated with other data sources based on sample identifiers. It is simple to make results public after publication by updating folder security settings. Conclusions Standardized tools for analyzing, archiving and sharing assay results can improve the reproducibility, comparability and reliability of results obtained across many labs. LabKey Server and its NAb tool are freely available as open source software at http://www.labkey.com under the Apache 2.0 license. Many members of the HIV research community can also access the LabKey Server NAb tool without installing the software by using the Atlas Science Portal (https://atlas.scharp.org). Atlas is an installation of LabKey Server. PMID:21619655

Analyzing remotely sensed datasets for improved characterization of field-scale interventions for food security

NASA Astrophysics Data System (ADS)

Limaye, A. S.; Ellenburg, W. L., II; Coffee, K.; Ashmall, W.; Stanton, K.; Burks, J.; Irwin, D.

2017-12-01

Agriculture interventions such as irrigation, improved fertilization, and advanced cultivars have the potential to increase food security and ensure climate resilience. However, in order broaden the support of activities like these, environmental managers must be able to assess their impact. Often field data are difficult to obtain and decisions are made with limited information. Satellite products can provide relevant information at field and village wide scales that can assist in this process. SERVIR is taking an aim of helping connect the space-based products to help the efficacy of village scale interventions through a couple of web-based tools, called ClimateSERV and AgriSERV. ClimateSERV has been active since 2014, and has increased in the data holdings and access points. Currently, ClimateSERV enables users to create geographic regions of their choosing and to compute key statistics for those regions. Rainfall (GPM IMERG, CHIRPS), vegetation indices (eMODIS Normalized Difference Vegetation Index - NDVI; Evaporative Stress Index), and North American Multi-model Ensemble-based seasonal climate forecasts of rainfall and temperature. ClimateSERV can also query the Google Earth Engine holdings for datasets, currently, ClimateSERV provides access to the daytime MODIS Land Surface Temperature (LST). Our first such derived product is a monthly rainfall analysis feature which combines CHIRPS historic rainfall with seasonal forecast models AgriSERV is a derived web-based tool based on the ClimateSERV data holdings. It is designed to provide easy to interpret analysis, based NDVI and rainfall. This tool allows users to draw two areas of interest, one control with no intervention and another that has experienced intervention. An on-demand comparative analysis is performed and the user is presented with side-by-side charts and summary data that highlight the differences of the two areas in terms of vegetation health, derived growing season lengths and rainfall. The analysis is based on an area-weighted average of the gridded NDVI and rainfall data. The users can download the summary data table as well as the full dataset for the period specified. This presentation is intended to showcase the utility of the intervention programs and to provide an objective rationale for expansion of those intervention programs.

Cyber Incidents Involving Control Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Robert J. Turk

2005-10-01

The Analysis Function of the US-CERT Control Systems Security Center (CSSC) at the Idaho National Laboratory (INL) has prepared this report to document cyber security incidents for use by the CSSC. The description and analysis of incidents reported herein support three CSSC tasks: establishing a business case; increasing security awareness and private and corporate participation related to enhanced cyber security of control systems; and providing informational material to support model development and prioritize activities for CSSC. The stated mission of CSSC is to reduce vulnerability of critical infrastructure to cyber attack on control systems. As stated in the Incident Managementmore » Tool Requirements (August 2005) ''Vulnerability reduction is promoted by risk analysis that tracks actual risk, emphasizes high risk, determines risk reduction as a function of countermeasures, tracks increase of risk due to external influence, and measures success of the vulnerability reduction program''. Process control and Supervisory Control and Data Acquisition (SCADA) systems, with their reliance on proprietary networks and hardware, have long been considered immune to the network attacks that have wreaked so much havoc on corporate information systems. New research indicates this confidence is misplaced--the move to open standards such as Ethernet, Transmission Control Protocol/Internet Protocol, and Web technologies is allowing hackers to take advantage of the control industry's unawareness. Much of the available information about cyber incidents represents a characterization as opposed to an analysis of events. The lack of good analyses reflects an overall weakness in reporting requirements as well as the fact that to date there have been very few serious cyber attacks on control systems. Most companies prefer not to share cyber attack incident data because of potential financial repercussions. Uniform reporting requirements will do much to make this information available to Department of Homeland Security (DHS) and others who require it. This report summarizes the rise in frequency of cyber attacks, describes the perpetrators, and identifies the means of attack. This type of analysis, when used in conjunction with vulnerability analyses, can be used to support a proactive approach to prevent cyber attacks. CSSC will use this document to evolve a standardized approach to incident reporting and analysis. This document will be updated as needed to record additional event analyses and insights regarding incident reporting. This report represents 120 cyber security incidents documented in a number of sources, including: the British Columbia Institute of Technology (BCIT) Industrial Security Incident Database, the 2003 CSI/FBI Computer Crime and Security Survey, the KEMA, Inc., Database, Lawrence Livermore National Laboratory, the Energy Incident Database, the INL Cyber Incident Database, and other open-source data. The National Memorial Institute for the Prevention of Terrorism (MIPT) database was also interrogated but, interestingly, failed to yield any cyber attack incidents. The results of this evaluation indicate that historical evidence provides insight into control system related incidents or failures; however, that the limited available information provides little support to future risk estimates. The documented case history shows that activity has increased significantly since 1988. The majority of incidents come from the Internet by way of opportunistic viruses, Trojans, and worms, but a surprisingly large number are directed acts of sabotage. A substantial number of confirmed, unconfirmed, and potential events that directly or potentially impact control systems worldwide are also identified. Twelve selected cyber incidents are presented at the end of this report as examples of the documented case studies (see Appendix B).« less

Retail E-Commerce Security Status among Fortune 500 Corporations

ERIC Educational Resources Information Center

Zhao, Jensen J.; Zhao, Sherry Y.

2012-01-01

The authors assessed the "Fortune 500" corporations' retail e-commerce security to identify their strengths and weaknesses for improvement. They used online content analysis, information security auditing, and network security mapping for data collection and analysis. The findings indicate that most sites posted security policies; however, only…

Cheating in Middle School and High School

ERIC Educational Resources Information Center

Strom, Paris S.; Strom, Robert D.

2007-01-01

There is increasing concern about cheating in the secondary schools. This article describes the prevalence of dishonesty in testing, motivation for student cheating, new forms of deception using technology tools, initiatives to protect security of tests, methods students use to obtain papers without crediting the original source, tools for…

The University of Minnesota's Internet Gopher System: A Tool for Accessing Network-Based Electronic Information.

ERIC Educational Resources Information Center

Wiggins, Rich

1993-01-01

Describes the Gopher system developed at the University of Minnesota for accessing information on the Internet. Highlights include the need for navigation tools; Gopher clients; FTP (File Transfer Protocol); campuswide information systems; navigational enhancements; privacy and security issues; electronic publishing; multimedia; and future…

Minimizing Security Vulnerabilities in High-Tech Classrooms

ERIC Educational Resources Information Center

Ozkan, Betul C.; Gunay, Vedat

2004-01-01

Emerging technologies are quickly becoming part of daily learning and teaching endeavors in academia. Due to the access to certain high-tech tools educators must learn how to integrate these tools in educational settings. However, many also encounter problems and weaknesses in the same high-tech environment that uses and delivers information…

19 CFR 10.600 - Accessories, spare parts, or tools.

Code of Federal Regulations, 2010 CFR

2010-04-01

...-Central America-United States Free Trade Agreement Rules of Origin § 10.600 Accessories, spare parts, or... 10.600 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT... of the good's standard accessories, spare parts, or tools will be treated as originating goods if the...

Building a Dashboard of the Planet with Google Earth and Earth Engine

NASA Astrophysics Data System (ADS)

Moore, R. T.; Hancher, M.

2016-12-01

In 2005 Google Earth, a popular 3-D virtual globe, was first released. Scientists immediately recognized how it could be used to tell stories about the Earth. From 2006 to 2009, the "Virtual Globes" sessions of AGU included innovative examples of scientists and educators using Google Earth, and since that time it has become a commonplace tool for communicating scientific results. In 2009 Google Earth Engine, a cloud-based platform for planetary-scale geospatial analysis, was first announced. Earth Engine was initially used to extract information about the world's forests from raw Landsat data. Since then, the platform has proven highly effective for general analysis of georeferenced data, and users have expanded the list of use cases to include high-impact societal issues such as conservation, drought, disease, food security, water management, climate change and environmental monitoring. To support these use cases, the platform has continuously evolved with new datasets, analysis functions, and user interface tools. This talk will give an overview of the latest Google Earth and Earth Engine functionality that allow partners to understand, monitor and tell stories about of our living, breathing Earth. https://earth.google.com https://earthengine.google.com

Beyond engagement in working with children in eight Nairobi slums to address safety, security, and housing: Digital tools for policy and community dialogue.

PubMed

Mitchell, Claudia; Chege, Fatuma; Maina, Lucy; Rothman, Margot

2016-01-01

This article studies the ways in which researchers working in the area of health and social research and using participatory visual methods might extend the reach of participant-generated creations such as photos and drawings to engage community leaders and policy-makers. Framed as going 'beyond engagement', the article explores the idea of the production of researcher-led digital dialogue tools, focusing on one example, based on a series of visual arts-based workshops with children from eight slums in Nairobi addressing issues of safety, security, and well-being in relation to housing. The authors conclude that there is a need for researchers to embark upon the use of visual tools to expand the life and use of visual productions, and in particular to ensure meaningful participation of communities in social change.

Science and technology in the stockpile stewardship program, S & TR reprints

DOE Office of Scientific and Technical Information (OSTI.GOV)

Storm, E

This document reports on these topics: Computer Simulations in Support of National Security; Enhanced Surveillance of Aging Weapons; A New Precision Cutting Tool: The Femtosecond Laser; Superlasers as a Tool of Stockpile Stewardship; Nova Laser Experiments and Stockpile Stewardship; Transforming Explosive Art into Science; Better Flash Radiography Using the FXR; Preserving Nuclear Weapons Information; Site 300Õs New Contained Firing Facility; The Linear Electric Motor: Instability at 1,000 gÕs; A Powerful New Tool to Detect Clandestine Nuclear Tests; High Explosives in Stockpile Surveillance Indicate Constancy; Addressing a Cold War Legacy with a New Way to Produce TATB; JumpinÕ Jupiter! Metallic Hydrogen;more » Keeping the Nuclear Stockpile Safe, Secure, and Reliable; The Multibeam FabryÐPerot Velocimeter: Efficient Measurements of High Velocities; Theory and Modeling in Material Science; The Diamond Anvil Cell; Gamma-Ray Imaging Spectrometry; X-Ray Lasers and High-Density Plasma« less

The Intersection of National Security and Climate Change

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hund, Gretchen; Fankhauser, Jana G.; Kurzrok, Andrew J.

On June 4, 2014, the Henry M. Jackson Foundation and the Pacific Northwest National Laboratory hosted a groundbreaking symposium in Seattle, Washington, that brought together 36 leaders from federal agencies, state and local governments, NGOs, business, and academia. The participants examined approaches and tools to help decision makers make informed choices about the climate and security risks they face. The following executive summary is based on the day’s discussions and examines the problem of climate change and its impact on national security, the responses to date, and future considerations.

Developing a Defense Sector Assessment Rating Tool

DTIC Science & Technology

2010-01-01

JUSTICE EDUCATION ENERGY AND ENVIRONMENT HEALTH AND HEALTH CARE INTERNATIONAL AFFAIRS NATIONAL SECURITY POPULATION AND AGING PUBLIC SAFETY SCIENCE AND...Cathryn Quantic Thurston, and Gregory F. Treverton (MG-863-OSD). • Making Liberia Safe: Transformation of the National Security Sector, by David C...Cathryn Quantic Thurston, and Gregory F. Treverton, A Framework to Assess Programs for Building Partnerships, Santa Monica, Calif.: RAND Corporation

New Resources for Computer-Aided Legal Research: An Assessment of the Usefulness of the DIALOG System in Securities Regulation Studies.

ERIC Educational Resources Information Center

Gruner, Richard; Heron, Carol E.

1984-01-01

Examines usefulness of DIALOG as legal research tool through use of DIALOG's DIALINDEX database to identify those databases among almost 200 available that contain large numbers of records related to federal securities regulation. Eight databases selected for further study are detailed. Twenty-six footnotes, database statistics, and samples are…

Global Positioning System : significant challenges in sustaining and upgrading widely used capabilities : report to the Subcommittee on National Security and Foreign Affairs, Committee on Oversight and Government Reform, House of Representatives.

DOT National Transportation Integrated Search

2009-04-01

The Global Positioning System (GPS), which provides positioning, navigation, and timing data to users worldwide, has become essential to U.S. national security and a key tool in an expanding array of public service and commercial applications at home...

The Security of Machine Learning

DTIC Science & Technology

2008-04-24

Machine learning has become a fundamental tool for computer security, since it can rapidly evolve to changing and complex situations. That...adaptability is also a vulnerability: attackers can exploit machine learning systems. We present a taxonomy identifying and analyzing attacks against machine ...We use our framework to survey and analyze the literature of attacks against machine learning systems. We also illustrate our taxonomy by showing

The Virtual Desktop: Options and Challenges in Selecting a Secure Desktop Infrastructure Based on Virtualization

DTIC Science & Technology

2011-10-01

Fortunately, some products offer centralized management and deployment tools for local desktop implementation . Figure 5 illustrates the... implementation of a secure desktop infrastructure based on virtualization. It includes an overview of desktop virtualization, including an in-depth...environment in the data centre, whereas LHVD places it on the endpoint itself. Desktop virtualization implementation considerations and potential

A Security Monitoring Framework For Virtualization Based HEP Infrastructures

NASA Astrophysics Data System (ADS)

Gomez Ramirez, A.; Martinez Pedreira, M.; Grigoras, C.; Betev, L.; Lara, C.; Kebschull, U.; ALICE Collaboration

2017-10-01

High Energy Physics (HEP) distributed computing infrastructures require automatic tools to monitor, analyze and react to potential security incidents. These tools should collect and inspect data such as resource consumption, logs and sequence of system calls for detecting anomalies that indicate the presence of a malicious agent. They should also be able to perform automated reactions to attacks without administrator intervention. We describe a novel framework that accomplishes these requirements, with a proof of concept implementation for the ALICE experiment at CERN. We show how we achieve a fully virtualized environment that improves the security by isolating services and Jobs without a significant performance impact. We also describe a collected dataset for Machine Learning based Intrusion Prevention and Detection Systems on Grid computing. This dataset is composed of resource consumption measurements (such as CPU, RAM and network traffic), logfiles from operating system services, and system call data collected from production Jobs running in an ALICE Grid test site and a big set of malware samples. This malware set was collected from security research sites. Based on this dataset, we will proceed to develop Machine Learning algorithms able to detect malicious Jobs.

Hand and Power Tools

DTIC Science & Technology

1998-01-01

equipped with a constant- pressure switch or control: drills; tappers; fastener drivers; horizontal, vertical, and angle grinders with wheels more than...hand-held power tools must be equipped with either a positive “on-off” control switch, a constant pressure switch , or a “lock-on” control: disc sanders...percussion tools with no means of holding accessories securely, must be equipped with a constant- pressure switch that will shut off the power when the

A Critical Review of Options for Tool and Workpiece Sensing

DTIC Science & Technology

1989-06-02

Tool Temperature Control ." International Machine Tool Design Res., Vol. 7, pp. 465-75, 1967. 5. Cook, N. H., Subramanian, K., and Basile, S. A...if necessury and identify by block riumber) FIELD GROUP SUB-GROUP 1. Detectors 3. Control Equipment 1 08 2. Sensor Characteristics 4. Process Control ...will provide conceptual designs and recommend a system (Continued) 20. DISTRIBUTION/AVAILABILITY OF ABSTRACT 21 ABSTRACT SECURITY CLASSIFICATION 0

IT Data Mining Tool Uses in Aerospace

NASA Technical Reports Server (NTRS)

Monroe, Gilena A.; Freeman, Kenneth; Jones, Kevin L.

2012-01-01

Data mining has a broad spectrum of uses throughout the realms of aerospace and information technology. Each of these areas has useful methods for processing, distributing, and storing its corresponding data. This paper focuses on ways to leverage the data mining tools and resources used in NASA's information technology area to meet the similar data mining needs of aviation and aerospace domains. This paper details the searching, alerting, reporting, and application functionalities of the Splunk system, used by NASA's Security Operations Center (SOC), and their potential shared solutions to address aircraft and spacecraft flight and ground systems data mining requirements. This paper also touches on capacity and security requirements when addressing sizeable amounts of data across a large data infrastructure.

Instantiating the art of war for effects-based operations

NASA Astrophysics Data System (ADS)

Burns, Carla L.

2002-07-01

Effects-Based Operations (EBO) is a mindset, a philosophy and an approach for planning, executing and assessing military operations for the effects they produce rather than the targets or even objectives they deal with. An EBO approach strives to provide economy of force, dynamic tasking, and reduced collateral damage. The notion of EBO is not new. Military Commanders certainly have desired effects in mind when conducting military operations. However, to date EBO has been an art of war that lacks automated techniques and tools that enable effects-based analysis and assessment. Modeling and simulation is at the heart of this challenge. The Air Force Research Laboratory (AFRL) EBO Program is developing modeling techniques and corresponding tool capabilities that can be brought to bear against the challenges presented by effects-based analysis and assessment. Effects-based course-of-action development, center of gravity/target system analysis, and wargaming capabilities are being developed and integrated to help give Commanders the information decision support required to achieve desired national security objectives. This paper presents an introduction to effects-based operations, discusses the benefits of an EBO approach, and focuses on modeling and analysis for effects-based strategy development. An overview of modeling and simulation challenges for EBO is presented, setting the stage for the detailed technical papers in the subject session.

International Scavenging for First Responder Guidance and Tools: IAEA Products

DOE Office of Scientific and Technical Information (OSTI.GOV)

Stern, W.; Berthelot, L.; Bachner, K.

In fiscal years (FY) 2016 and 2017, with support from the U.S. Department of Homeland Security (DHS), Brookhaven National Laboratory (BNL) examined the International Atomic Energy Agency (IAEA) radiological emergency response and preparedness products (guidance and tools) to determine which of these products could be useful to U.S. first responders. The IAEA Incident and Emergency Centre (IEC), which is responsible for emergency preparedness and response, offers a range of tools and guidance documents for responders in recognizing, responding to, and recovering from radiation emergencies and incidents. In order to implement this project, BNL obtained all potentially relevant tools and productsmore » produced by the IAEA IEC and analyzed these materials to determine their relevance to first responders in the U.S. Subsequently, BNL organized and hosted a workshop at DHS National Urban Security Technology Laboratory (NUSTL) for U.S. first responders to examine and evaluate IAEA products to consider their applicability to the United States. This report documents and describes the First Responder Product Evaluation Workshop, and provides recommendations on potential steps the U.S. federal government could take to make IAEA guidance and tools useful to U.S. responders.« less

Use of application containers and workflows for genomic data analysis

PubMed Central

Schulz, Wade L.; Durant, Thomas J. S.; Siddon, Alexa J.; Torres, Richard

2016-01-01

Background: The rapid acquisition of biological data and development of computationally intensive analyses has led to a need for novel approaches to software deployment. In particular, the complexity of common analytic tools for genomics makes them difficult to deploy and decreases the reproducibility of computational experiments. Methods: Recent technologies that allow for application virtualization, such as Docker, allow developers and bioinformaticians to isolate these applications and deploy secure, scalable platforms that have the potential to dramatically increase the efficiency of big data processing. Results: While limitations exist, this study demonstrates a successful implementation of a pipeline with several discrete software applications for the analysis of next-generation sequencing (NGS) data. Conclusions: With this approach, we significantly reduced the amount of time needed to perform clonal analysis from NGS data in acute myeloid leukemia. PMID:28163975

Geothopica and the interactive analysis and visualization of the updated Italian National Geothermal Database

NASA Astrophysics Data System (ADS)

Trumpy, Eugenio; Manzella, Adele

2017-02-01

The Italian National Geothermal Database (BDNG), is the largest collection of Italian Geothermal data and was set up in the 1980s. It has since been updated both in terms of content and management tools: information on deep wells and thermal springs (with temperature > 30 °C) are currently organized and stored in a PostgreSQL relational database management system, which guarantees high performance, data security and easy access through different client applications. The BDNG is the core of the Geothopica web site, whose webGIS tool allows different types of user to access geothermal data, to visualize multiple types of datasets, and to perform integrated analyses. The webGIS tool has been recently improved by two specially designed, programmed and implemented visualization tools to display data on well lithology and underground temperatures. This paper describes the contents of the database and its software and data update, as well as the webGIS tool including the new tools for data lithology and temperature visualization. The geoinformation organized in the database and accessible through Geothopica is of use not only for geothermal purposes, but also for any kind of georesource and CO2 storage project requiring the organization of, and access to, deep underground data. Geothopica also supports project developers, researchers, and decision makers in the assessment, management and sustainable deployment of georesources.

Open Source GIS based integrated watershed management

NASA Astrophysics Data System (ADS)

Byrne, J. M.; Lindsay, J.; Berg, A. A.

2013-12-01

Optimal land and water management to address future and current resource stresses and allocation challenges requires the development of state-of-the-art geomatics and hydrological modelling tools. Future hydrological modelling tools should be of high resolution, process based with real-time capability to assess changing resource issues critical to short, medium and long-term enviromental management. The objective here is to merge two renowned, well published resource modeling programs to create an source toolbox for integrated land and water management applications. This work will facilitate a much increased efficiency in land and water resource security, management and planning. Following an 'open-source' philosophy, the tools will be computer platform independent with source code freely available, maximizing knowledge transfer and the global value of the proposed research. The envisioned set of water resource management tools will be housed within 'Whitebox Geospatial Analysis Tools'. Whitebox, is an open-source geographical information system (GIS) developed by Dr. John Lindsay at the University of Guelph. The emphasis of the Whitebox project has been to develop a user-friendly interface for advanced spatial analysis in environmental applications. The plugin architecture of the software is ideal for the tight-integration of spatially distributed models and spatial analysis algorithms such as those contained within the GENESYS suite. Open-source development extends knowledge and technology transfer to a broad range of end-users and builds Canadian capability to address complex resource management problems with better tools and expertise for managers in Canada and around the world. GENESYS (Generate Earth Systems Science input) is an innovative, efficient, high-resolution hydro- and agro-meteorological model for complex terrain watersheds developed under the direction of Dr. James Byrne. GENESYS is an outstanding research and applications tool to address challenging resource management issues in industry, government and nongovernmental agencies. Current research and analysis tools were developed to manage meteorological, climatological, and land and water resource data efficiently at high resolution in space and time. The deliverable for this work is a Whitebox-GENESYS open-source resource management capacity with routines for GIS based watershed management including water in agriculture and food production. We are adding urban water management routines through GENESYS in 2013-15 with an engineering PhD candidate. Both Whitebox-GAT and GENESYS are already well-established tools. The proposed research will combine these products to create an open-source geomatics based water resource management tool that is revolutionary in both capacity and availability to a wide array of Canadian and global users

Survey of Machine Learning Methods for Database Security

NASA Astrophysics Data System (ADS)

Kamra, Ashish; Ber, Elisa

Application of machine learning techniques to database security is an emerging area of research. In this chapter, we present a survey of various approaches that use machine learning/data mining techniques to enhance the traditional security mechanisms of databases. There are two key database security areas in which these techniques have found applications, namely, detection of SQL Injection attacks and anomaly detection for defending against insider threats. Apart from the research prototypes and tools, various third-party commercial products are also available that provide database activity monitoring solutions by profiling database users and applications. We present a survey of such products. We end the chapter with a primer on mechanisms for responding to database anomalies.

Conceptual framework to ensure water security in Ukraine

NASA Astrophysics Data System (ADS)

Gadzalo, Yaroslav; Romashchenko, Mykhailo; Yatsiuk, Mykhailo

2018-02-01

As a result of global climate change against the background of natural water supply deterioration and river water content reductions, nowadays Ukraine is facing the problem of environmental degradation of river basins. In light of this, we suggest that achieving an acceptable level of water security in Ukraine should be defined as the strategic objective of national water policy. The state of national water security should be evaluated by its progress in certain sectors. The basic principles of the new water policy of Ukraine are supposed to be represented in Water Strategy of Ukraine. Integrated water management by the basin principle should serve as the main tool for achieving the objectives of water security.

Development of quantitative security optimization approach for the picture archives and carrying system between a clinic and a rehabilitation center

NASA Astrophysics Data System (ADS)

Haneda, Kiyofumi; Kajima, Toshio; Koyama, Tadashi; Muranaka, Hiroyuki; Dojo, Hirofumi; Aratani, Yasuhiko

2002-05-01

The target of our study is to analyze the level of necessary security requirements, to search for suitable security measures and to optimize security distribution to every portion of the medical practice. Quantitative expression must be introduced to our study, if possible, to enable simplified follow-up security procedures and easy evaluation of security outcomes or results. Using fault tree analysis (FTA), system analysis showed that system elements subdivided into groups by details result in a much more accurate analysis. Such subdivided composition factors greatly depend on behavior of staff, interactive terminal devices, kinds of services provided, and network routes. Security measures were then implemented based on the analysis results. In conclusion, we identified the methods needed to determine the required level of security and proposed security measures for each medical information system, and the basic events and combinations of events that comprise the threat composition factors. Methods for identifying suitable security measures were found and implemented. Risk factors for each basic event, a number of elements for each composition factor, and potential security measures were found. Methods to optimize the security measures for each medical information system were proposed, developing the most efficient distribution of risk factors for basic events.

The Impact of Pro-Government Militias on State and Human Security: A Comparative Analysis of the Afghan Local Police and the Janjaweed

DTIC Science & Technology

2018-03-01

GOVERNMENT MILITIAS ON STATE AND HUMAN SECURITY: A COMPARATIVE ANALYSIS OF THE AFGHAN LOCAL POLICE AND THE JANJAWEED by Mark D. Phelps March...MILITIAS ON STATE AND HUMAN SECURITY: A COMPARATIVE ANALYSIS OF THE AFGHAN LOCAL POLICE AND THE JANJAWEED 5. FUNDING NUMBERS 6. AUTHOR(S) Mark D...human security. This thesis examines the relationship and impact of pro-government militias on state and human security by conducting a comparative

Effects of Security actions

NASA Astrophysics Data System (ADS)

Bergman, Ramona; Andersson-Sköld, Yvonne; Nyberg, Lars; Johansson, Magnus

2010-05-01

In a project funded by the Swedish Civil Contingencies Agency, the effort and work to reduce different kinds of accidents are being evaluated. The project wants to illuminate the links between actions and outcome, so we can learn from today's performance and in the future select more effective measures and overall deal with accidents more efficiently. The project ESS covers the field of frequent accidents such as sliding accidents at home, in house fires and less common accidents such as chemical and land fill accidents up to even more rare accidents such as natural accidents and hazards. In the ESS project SGI (Swedish geotechnical institute) will evaluate the work and effort concerning various natural hazards limited to landslides, erosion and flooding. The aim is to investigate how municipalities handle, especially prevention, of such natural disasters today. The project includes several aspects such as: • which are the driving forces for risk analysis in a municipality • do one use risk mapping (and what type) in municipal risk analysis • which aspects are most important when selecting preventive measures • in which way do one learn from past accidents • and from previous accidents elsewhere, by for example use existing databases • etc There are many aspects that play a role in a well-functioning safety promotion work. The overall goal is to examine present work and activities, highlight what is well functioning and identify weak points. The aim is to find out where more resources are needed and give suggestions for a more efficient security work. This includes identification of the most efficient "tools" in use or needed. Such tools can be education, directives, funding, more easily available maps and information regarding previous accidents and preventive measures etc. The project will result in recommendations for more effective ways to deal with landslides, erosion and flooding. Since different kinds of problems can occur depending on level of authority the investigation of the security work will be done with authorities on both regional and local scale. At the moment the investigation process are in progress and preliminary results will be presented.

Advanced Simulation and Computing Business Plan

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rummel, E.

To maintain a credible nuclear weapons program, the National Nuclear Security Administration’s (NNSA’s) Office of Defense Programs (DP) needs to make certain that the capabilities, tools, and expert staff are in place and are able to deliver validated assessments. This requires a complete and robust simulation environment backed by an experimental program to test ASC Program models. This ASC Business Plan document encapsulates a complex set of elements, each of which is essential to the success of the simulation component of the Nuclear Security Enterprise. The ASC Business Plan addresses the hiring, mentoring, and retaining of programmatic technical staff responsiblemore » for building the simulation tools of the nuclear security complex. The ASC Business Plan describes how the ASC Program engages with industry partners—partners upon whom the ASC Program relies on for today’s and tomorrow’s high performance architectures. Each piece in this chain is essential to assure policymakers, who must make decisions based on the results of simulations, that they are receiving all the actionable information they need.« less

Examining National Public Health Law to Realize the Global Health Security Agenda.

PubMed

Meier, Benjamin Mason; Tureski, Kara; Bockh, Emily; Carr, Derek; Ayala, Ana; Roberts, Anna; Cloud, Lindsay; Wilhelm, Nicolas; Burris, Scott

2017-05-01

Where the Global Health Security Agenda (GHSA) seeks to accelerate progress toward a world safe and secure from public health emergencies, the realization of GHSA 'Action Packages' will require national governments to establish necessary legal frameworks to prevent, detect, and respond to infectious disease. By analyzing the scope and content of existing national legislation in each of the GHSA Action Packages, this comparative cross-national research has developed a framework that disaggregates the legal domains necessary to meet each Action Package target. Based upon these legal domains, this study developed an assessment tool that can identify specific attributes of national legislation. This article applies this tool to assess the legal environment in twenty Sub-Saharan African countries, examining the content of laws across the GHSA Action Packages, analyzing the legal domains necessary to implement each Action Package, and highlighting specific national laws that reflect attributes of each legal domain. © The Author 2017. Published by Oxford University Press; all rights reserved. For Permissions, please email: journals.permissions@oup.com.

Trust and Privacy Solutions Based on Holistic Service Requirements.

PubMed

Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio

2015-12-24

The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens' information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing.

Joint External Evaluation—Development and Scale-Up of Global Multisectoral Health Capacity Evaluation Process

PubMed Central

Bell, Elizabeth; Ijaz, Kashef; Bartee, Maureen; Fernandez, Jose; Burris, Hannah; Sliter, Karen; Nikkari, Simo; Chungong, Stella; Rodier, Guenael; Jafari, Hamid

2017-01-01

The Joint External Evaluation (JEE), a consolidation of the World Health Organization (WHO) International Health Regulations 2005 (IHR 2005) Monitoring and Evaluation Framework and the Global Health Security Agenda country assessment tool, is an objective, voluntary, independent peer-to-peer multisectoral assessment of a country’s health security preparedness and response capacity across 19 IHR technical areas. WHO approved the standardized JEE tool in February 2016. The JEE process is wholly transparent; countries request a JEE and are encouraged to make its findings public. Donors (e.g., member states, public and private partners, and other public health institutions) can support countries in addressing identified JEE gaps, and implementing country-led national action plans for health security. Through July 2017, 52 JEEs were completed, and 25 more countries were scheduled across WHO’s 6 regions. JEEs facilitate progress toward IHR 2005 implementation, thereby building trust and mutual accountability among countries to detect and respond to public health threats. PMID:29155678

Trust and Privacy Solutions Based on Holistic Service Requirements

PubMed Central

Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio

2015-01-01

The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens’ information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing. PMID:26712752

Putting food on the public health table: Making food security relevant to regional health authorities.

PubMed

Rideout, Karen; Seed, Barbara; Ostry, Aleck

2006-01-01

Food security is emerging as an increasingly important public health issue. The purpose of this paper is to describe a conceptual model and five classes of food security indicators for regional health authorities (RHAs): direct, indirect, consequence, process, and supra-regional. The model was developed after a review of the food security literature and interviews with British Columbia community nutritionists and public health officials. We offer this conceptual model as a practical tool to help RHAs develop a comprehensive framework and use specific indicators, in conjunction with public health nutritionists and other community stakeholders. We recommend using all five classes of indicator together to ensure a complete assessment of the full breadth of food security. This model will be useful for Canadian health authorities wishing to take a holistic community-based approach to public health nutrition to develop more effective policies and programs to maximize food security. The model and indicators offer a rational process that could be useful for collaborative multi-stakeholder initiatives to improve food security.

Whole system analysis of second generation bioenergy production and Ecosystem Services in Europe

NASA Astrophysics Data System (ADS)

Henner, Dagmar; Smith, Pete; Davies, Christian; McNamara, Niall

2017-04-01

Bioenergy crops are an important source of renewable energy and are a possible mechanism to mitigate global climate warming, by replacing fossil fuel energy that has higher greenhouse gas emissions. There is, however, uncertainty about the impacts of the growth of bioenergy crops on ecosystem services. This uncertainty is further enhanced by current climate change. It is important to establish how second generation bioenergy crops (Miscanthus, SRC willow and poplar) can contribute by closing the gap between reducing fossil fuel use and increasing the use of other renewable sources in a sustainable way. The project builds on models of energy crop production, biodiversity, soil impacts, greenhouse gas emissions and other ecosystem services, and on work undertaken in the UK on the ETI-funded ELUM project (www.elum.ac.uk). We will present estimated yields for the above named crops in Europe using the ECOSSE, DayCent, SalixFor and MiscanFor models. These yields will be brought into context with a whole system analysis, detailing trade-offs and synergies for land use change, food security, GHG emissions and soil and water security. Methods like water footprint tools, tourism value maps and ecosystem valuation tools and models (e.g. InVest, TEEB database, GREET LCA Model, World Business Council for Sustainable Development corporate ecosystem valuation, Millennium Ecosystem Assessment and the Ecosystem Services Framework) will be used to estimate and visualise the impacts of increased use of second generation bioenergy crops on the above named ecosystem services. The results will be linked to potential yields to generate "inclusion or exclusion areas" in Europe in order to establish suitable areas for bioenergy crop production and the extent of use possible. Policy is an important factor for using second generation bioenergy crops in a sustainable way. We will present how whole system analysis can be used to create scenarios for countries or on a continental scale. As an example, we will present two scenarios for the whole system on a country basis, based on current renewable energy policy, to visualise the impact of changing policy on the use of bioenergy crops. This will include the economic implications which are directly linked to renewable energy policy, best practice management recommendations, impacts on land use change and food security as well as synergies and trade-offs on other ecosystem services (GHG emission, soil C, nitrogen, water and air security). The aim is to show how second generation bioenergy crops can be used sustainably and what is needed to do this successfully on a large scale. The results can form a basis for future policy development in order to reach the goals of the Paris 2015 agreement.

Generation and detection of pulsed T-rays for use in the study of biological and bioterrorism issues

NASA Astrophysics Data System (ADS)

Jedju, Thomas M.; Bosacchi, Bruno; Warren, Warren S.; Nahata, Ajay; Kuenstner, Todd

2004-09-01

Terahertz (T-rays) spectroscopy has recently emerged as a powerful method to access a heretofore barely explored region of the electromagnetic spectrum where fundamental molecular resonances occur. Besides their importance for fundamental research, these resonances could be used as signatures in the identification of molecular species and as sensitive probes in a wide variety of molecular processes. In this paper we consider the potential of THz spectroscopy in the application to relevant biomedical and homeland security problems such as the analysis of normal and diseased tissues and the detection of toxic biomolecules. As examples, we present preliminary experimental data which suggest that THz spectroscopy: 1) can discriminate between cancerous and normal tissue, and 2) can reveal the presence of foreign substances hidden in an envelope and even allow their specific identification. This capability is of particular relevance as a straightforward homeland security tool for the detection of anthrax and other biotoxic molecules.

Fully device-independent conference key agreement

NASA Astrophysics Data System (ADS)

Ribeiro, Jérémy; Murta, Gláucia; Wehner, Stephanie

2018-02-01

We present a security analysis of conference key agreement (CKA) in the most adversarial model of device independence (DI). Our protocol can be implemented by any experimental setup that is capable of performing Bell tests [specifically, the Mermin-Ardehali-Belinskii-Klyshko (MABK) inequality], and security can in principle be obtained for any violation of the MABK inequality that detects genuine multipartite entanglement among the N parties involved in the protocol. As our main tool, we derive a direct physical connection between the N -partite MABK inequality and the Clauser-Horne-Shimony-Holt (CHSH) inequality, showing that certain violations of the MABK inequality correspond to a violation of the CHSH inequality between one of the parties and the other N -1 . We compare the asymptotic key rate for device-independent conference key agreement (DICKA) to the case where the parties use N -1 device-independent quantum key distribution protocols in order to generate a common key. We show that for some regime of noise the DICKA protocol leads to better rates.

Measurement of the dimensions of food insecurity in developed countries: a systematic literature review.

PubMed

Ashby, Stephanie; Kleve, Suzanne; McKechnie, Rebecca; Palermo, Claire

2016-11-01

Food insecurity is a salient health issue comprised of four dimensions - food access, availability, utilization and stability over time. The aim of the present study was to conduct a systematic literature review to identify all multi-item tools that measure food insecurity and explore which of the dimensions they assess. Five databases were searched (CENTRAL, CINAHL plus, EMBASE, MEDLINE, TRIP) for studies published in English since 1999. Inclusion criteria included human studies using multi-item tools to measure food security and studies conducted in developed countries. Manuscripts describing the US Department of Agriculture Food Security Survey Module, that measures 'food access', were excluded due to wide acceptance of the validity and reliability of this instrument. Two authors extracted data and assessed the quality of the included studies. Data were summarized against the dimensions of food insecurity. A systematic review of the literature. The majority of tools were developed in the USA and had been used in different age groups and cultures. Eight multi-item tools were identified. All of the tools assessed the 'food access' dimension and two partially assessed the dimensions 'food utilization' and 'stability over time', respectively. 'Food availability' was not assessed by existing tools. Current tools available for measuring food insecurity are subjective, limited in scope, with a majority assessing only one dimension of food insecurity (access). To more accurately assess the true burden of food insecurity, tools should be adapted or developed to assess all four dimensions of food insecurity.

An Overview of Public Access Computer Software Management Tools for Libraries

ERIC Educational Resources Information Center

Wayne, Richard

2004-01-01

An IT decision maker gives an overview of public access PC software that's useful in controlling session length and scheduling, Internet access, print output, security, and the latest headaches: spyware and adware. In this article, the author describes a representative sample of software tools in several important categories such as setup…

[Development of sample pretreatment techniques-rapid detection coupling methods for food security analysis].

PubMed

Huang, Yichun; Ding, Weiwei; Zhang, Zhuomin; Li, Gongke

2013-07-01

This paper summarizes the recent developments of the rapid detection methods for food security, such as sensors, optical techniques, portable spectral analysis, enzyme-linked immunosorbent assay, portable gas chromatograph, etc. Additionally, the applications of these rapid detection methods coupled with sample pretreatment techniques in real food security analysis are reviewed. The coupling technique has the potential to provide references to establish the selective, precise and quantitative rapid detection methods in food security analysis.

Changes in Exercise Data Management

NASA Technical Reports Server (NTRS)

Buxton, R. E.; Kalogera, K. L.; Hanson, A. M.

2018-01-01

The suite of exercise hardware aboard the International Space Station (ISS) generates an immense amount of data. The data collected from the treadmill, cycle ergometer, and resistance strength training hardware are basic exercise parameters (time, heart rate, speed, load, etc.). The raw data are post processed in the laboratory and more detailed parameters are calculated from each exercise data file. Updates have recently been made to how this valuable data are stored, adding an additional level of data security, increasing data accessibility, and resulting in overall increased efficiency of medical report delivery. Questions regarding exercise performance or how exercise may influence other variables of crew health frequently arise within the crew health care community. Inquiries over the health of the exercise hardware often need quick analysis and response to ensure the exercise system is operable on a continuous basis. Consolidating all of the exercise system data in a single repository enables a quick response to both the medical and engineering communities. A SQL server database is currently in use, and provides a secure location for all of the exercise data starting at ISS Expedition 1 - current day. The database has been structured to update derived metrics automatically, making analysis and reporting available within minutes of dropping the inflight data it into the database. Commercial tools were evaluated to help aggregate and visualize data from the SQL database. The Tableau software provides manageable interface, which has improved the laboratory's output time of crew reports by 67%. Expansion of the SQL database to be inclusive of additional medical requirement metrics, addition of 'app-like' tools for mobile visualization, and collaborative use (e.g. operational support teams, research groups, and International Partners) of the data system is currently being explored.

Implementing Information Assurance - Beyond Process

DTIC Science & Technology

2009-01-01

disabled or properly configured. Tools and scripts are available to expedite the configuration process on some platforms, For example, approved Windows...in the System Security Plan (SSP) or Information Security Plan (lSP). Any PPSs not required for operation by the system must be disabled , This...Services must be disabled , Implementing an 1M capability within the boundary carries many policy and documentation requirements. Usemame and passwords

Joint Combined Exchange Training Evaluation Framework: A Crucial Tool in Security Cooperation Assessment

DTIC Science & Technology

2015-12-01

DOD, joint, or armed service component’s manuals , and other publications . Obviously, JCETs fall under the broader spectrum of security cooperation...NAVAL POSTGRADUATE SCHOOL MONTEREY, CALIFORNIA THESIS Approved for public release; distribution is unlimited JOINT COMBINED...No. 0704–0188 Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing

Near-Real-Time Cloud Auditing for Rapid Response

DTIC Science & Technology

2013-10-01

cloud auditing , which provides timely evaluation results and rapid response, is the key to assuring the cloud. In this paper, we discuss security and...providers with possible automation of the audit , assertion, assessment, and assurance of their services. The Cloud Security Alliance (CSA [15]) was formed...monitoring tools, research literature, standards, and other resources related to IA (Information Assurance ) metrics and IT auditing . In the following

Leveraging Knowledge Management Tools to Support Security Risk Management in the Department of Homeland Security

DTIC Science & Technology

2011-12-01

34 Figure 7. NASA Knowledge Management Environment (From Holm, 2009, p. 5). ......36 x...sharing That are not able to show measurable benefits Loose management support without demonstrating effectiveness Because users do not perceive value...explore KM in one form or another. Both are large agencies with annual budgets in the billions and manage multi -billion dollar projects, whose

Multiuser Transmit Beamforming for Maximum Sum Capacity in Tactical Wireless Multicast Networks

DTIC Science & Technology

2006-08-01

commonly used extended Kalman filter . See [2, 5, 6] for recent tutorial overviews. In particle filtering , continuous distributions are approximated by...signals (using and developing associated particle filtering tools). Our work on these topics has been reported in seven (IEEE, SIAM) journal papers and...multidimensional scaling, tracking, intercept, particle filters . 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT 18. SECURITY CLASSIFICATION OF

Competitive Strategies

DTIC Science & Technology

1988-05-27

Competitive Strategies Individual Essay 6. PERFORMING ORG. REPORT NUMBER 7. AUTHOR(@) S. CONTRACT OR GRANT NUMBER( e ) Robert M. Davis, LTC, AD S...DO FOe 1473 emIotN or, Nov es IS OBSOLETE -JA I Unclassifi fed SECURITY CLASSIFICATION OF THIS PA7. E (Whrn Does Entered) Unclassified SECURITY...focus within the Department of Defense to provide technical and tactical leverage over the Soviets. Competitive Strategies are a management tool which

Implementing Network Video for Traditional Security and Innovative Applications: Best Practices and Uses for Network Video in K-12 Schools

ERIC Educational Resources Information Center

Wren, Andrew

2008-01-01

Administrators are constantly seeking ways to cost-effectively and adequately increase security and improve efficiency in K-12 schools. While video is not a new tool to schools, the shift from analog to network technology has increased the accessibility and usability in a variety of applications. Properly installed and used, video is a powerful…

Collimator with attachment mechanism and system

DOEpatents

Kross, Brian J [Yorktown, VA; McKisson, John [Hampton, VA; Stolin, Aleksandr [Morgantown, WV; Weisenberger, Andrew G [Yorktown, VA; Zorn, Carl [Yorktown, VA

2012-07-10

A self-aligning collimator for a radiation imaging device that is secured and aligned through the use of a plurality of small magnets. The collimator allows for the rapid exchange, removal, or addition of collimators for the radiation imaging device without the need for tools. The accompanying method discloses the use of magnets and accompanying magnetic fields to align and secure collimators in a radiation imaging assembly.

Development of the Rice Convection Model as a Space Weather Tool

DTIC Science & Technology

2015-05-31

coupled to the ionosphere that is suitable for both scientific studies as well as a prediction tool. We are able to run the model faster than “real...of work by finding ways to fund a more systematic effort in making the RCM a space weather prediction tool for magnetospheric and ionospheric studies...convection electric field, total electron content, TEC, ionospheric convection, plasmasphere 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT

Material Protection, Accounting, and Control Technologies (MPACT): Modeling and Simulation Roadmap

DOE Office of Scientific and Technical Information (OSTI.GOV)

Cipiti, Benjamin; Dunn, Timothy; Durbin, Samual

The development of sustainable advanced nuclear fuel cycles is a long-term goal of the Office of Nuclear Energy’s (DOE-NE) Fuel Cycle Technologies program. The Material Protection, Accounting, and Control Technologies (MPACT) campaign is supporting research and development (R&D) of advanced instrumentation, analysis tools, and integration methodologies to meet this goal. This advanced R&D is intended to facilitate safeguards and security by design of fuel cycle facilities. The lab-scale demonstration of a virtual facility, distributed test bed, that connects the individual tools being developed at National Laboratories and university research establishments, is a key program milestone for 2020. These tools willmore » consist of instrumentation and devices as well as computer software for modeling. To aid in framing its long-term goal, during FY16, a modeling and simulation roadmap is being developed for three major areas of investigation: (1) radiation transport and sensors, (2) process and chemical models, and (3) shock physics and assessments. For each area, current modeling approaches are described, and gaps and needs are identified.« less