Test and Evaluation for Enhanced Security: A Quantitative Method to Incorporate Expert Knowledge into Test Planning Decisions.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rizzo, Davinia; Blackburn, Mark

Complex systems are comprised of technical, social, political and environmental factors as well as the programmatic factors of cost, schedule and risk. Testing these systems for enhanced security requires expert knowledge in many different fields. It is important to test these systems to ensure effectiveness, but testing is limited to due cost, schedule, safety, feasibility and a myriad of other reasons. Without an effective decision framework for Test and Evaluation (T&E) planning that can take into consideration technical as well as programmatic factors and leverage expert knowledge, security in complex systems may not be assessed effectively. Therefore, this paper coversmore » the identification of the current T&E planning problem and an approach to include the full variety of factors and leverage expert knowledge in T&E planning through the use of Bayesian Networks (BN).« less

Investigation of Pressure Surges in Aircraft Hydraulic Systems

DTIC Science & Technology

1952-03-01

RESTRICTED Figure 2 TEST APPARATUS FOR CLOSED-END TUBE SYSTEM TESTS , r WADC TR52-37 10 SECURITY INFORMATION-RESTRICTED SECURITY INFORMATION -R ESTR ICTED...simplified circuitto--decrease the labor involved in circuit solutions by manual calculation. The circuit developed for the basic accumulator, valve

Facilitating Secure Sharing of Personal Health Data in the Cloud.

PubMed

Thilakanathan, Danan; Calvo, Rafael A; Chen, Shiping; Nepal, Surya; Glozier, Nick

2016-05-27

Internet-based applications are providing new ways of promoting health and reducing the cost of care. Although data can be kept encrypted in servers, the user does not have the ability to decide whom the data are shared with. Technically this is linked to the problem of who owns the data encryption keys required to decrypt the data. Currently, cloud service providers, rather than users, have full rights to the key. In practical terms this makes the users lose full control over their data. Trust and uptake of these applications can be increased by allowing patients to feel in control of their data, generally stored in cloud-based services. This paper addresses this security challenge by providing the user a way of controlling encryption keys independently of the cloud service provider. We provide a secure and usable system that enables a patient to share health information with doctors and specialists. We contribute a secure protocol for patients to share their data with doctors and others on the cloud while keeping complete ownership. We developed a simple, stereotypical health application and carried out security tests, performance tests, and usability tests with both students and doctors (N=15). We developed the health application as an app for Android mobile phones. We carried out the usability tests on potential participants and medical professionals. Of 20 participants, 14 (70%) either agreed or strongly agreed that they felt safer using our system. Using mixed methods, we show that participants agreed that privacy and security of health data are important and that our system addresses these issues. We presented a security protocol that enables patients to securely share their eHealth data with doctors and nurses and developed a secure and usable system that enables patients to share mental health information with doctors.

Turning Access into a web-enabled secure information system for clinical trials.

PubMed

Dongquan Chen; Chen, Wei-Bang; Soong, Mayhue; Soong, Seng-Jaw; Orthner, Helmuth F

2009-08-01

Organizations that have limited resources need to conduct clinical studies in a cost-effective, but secure way. Clinical data residing in various individual databases need to be easily accessed and secured. Although widely available, digital certification, encryption, and secure web server, have not been implemented as widely, partly due to a lack of understanding of needs and concerns over issues such as cost and difficulty in implementation. The objective of this study was to test the possibility of centralizing various databases and to demonstrate ways of offering an alternative to a large-scale comprehensive and costly commercial product, especially for simple phase I and II trials, with reasonable convenience and security. We report a working procedure to transform and develop a standalone Access database into a secure Web-based secure information system. For data collection and reporting purposes, we centralized several individual databases; developed, and tested a web-based secure server using self-issued digital certificates. The system lacks audit trails. The cost of development and maintenance may hinder its wide application. The clinical trial databases scattered in various departments of an institution could be centralized into a web-enabled secure information system. The limitations such as the lack of a calendar and audit trail can be partially addressed with additional programming. The centralized Web system may provide an alternative to a comprehensive clinical trial management system.

Design and implementation of modular home security system with short messaging system

NASA Astrophysics Data System (ADS)

Budijono, Santoso; Andrianto, Jeffri; Axis Novradin Noor, Muhammad

2014-03-01

Today we are living in 21st century where crime become increasing and everyone wants to secure they asset at their home. In that situation user must have system with advance technology so person do not worry when getting away from his home. It is therefore the purpose of this design to provide home security device, which send fast information to user GSM (Global System for Mobile) mobile device using SMS (Short Messaging System) and also activate - deactivate system by SMS. The Modular design of this Home Security System make expandable their capability by add more sensors on that system. Hardware of this system has been designed using microcontroller AT Mega 328, PIR (Passive Infra Red) motion sensor as the primary sensor for motion detection, camera for capturing images, GSM module for sending and receiving SMS and buzzer for alarm. For software this system using Arduino IDE for Arduino and Putty for testing connection programming in GSM module. This Home Security System can monitor home area that surrounding by PIR sensor and sending SMS, save images capture by camera, and make people panic by turn on the buzzer when trespassing surrounding area that detected by PIR sensor. The Modular Home Security System has been tested and succeed detect human movement.

Solar Thermal Utility-Scale Joint Venture Program (USJVP) Final Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

MANCINI,THOMAS R.

2001-04-01

Several years ago Sandia National Laboratories developed a prototype interior robot [1] that could navigate autonomously inside a large complex building to aid and test interior intrusion detection systems. Recently the Department of Energy Office of Safeguards and Security has supported the development of a vehicle that will perform limited security functions autonomously in a structured exterior environment. The goal of the first phase of this project was to demonstrate the feasibility of an exterior robotic vehicle for security applications by using converted interior robot technology, if applicable. An existing teleoperational test bed vehicle with remote driving controls was modifiedmore » and integrated with a newly developed command driving station and navigation system hardware and software to form the Robotic Security Vehicle (RSV) system. The RSV, also called the Sandia Mobile Autonomous Navigator (SANDMAN), has been successfully used to demonstrate that teleoperated security vehicles which can perform limited autonomous functions are viable and have the potential to decrease security manpower requirements and improve system capabilities.« less

OPSAID Initial Design and Testing Report.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hurd, Steven A.; Stamp, Jason Edwin; Chavez, Adrian R.

2007-11-01

Process Control System (PCS) security is critical to our national security. Yet, there are a number of technological, economic, and educational impediments to PCS owners implementing effective security on their systems. OPSAID (Open PCS Security Architecture for Interoperable Design), a project sponsored by the US Department of Energy's Office of Electricity Delivery and Reliability, aims to address this issue through developing and testing an open source architecture for PCS security. Sandia National Laboratories, along with a team of PCS vendors and owners, have developed and tested this PCS security architecture. This report describes their progress to date.2 AcknowledgementsThe authors acknowledgemore » and thank their colleagues for their assistance with the OPSAID project.Sandia National Laboratories: Alex Berry, Charles Perine, Regis Cassidy, Bryan Richardson, Laurence PhillipsTeumim Technical, LLC: Dave TeumimIn addition, the authors are greatly indebted to the invaluable help of the members of the OPSAID Core Team. Their assistance has been critical to the success and industry acceptance of the OPSAID project.Schweitzer Engineering Laboratory: Rhett Smith, Ryan Bradetich, Dennis GammelTelTone: Ori Artman Entergy: Dave Norton, Leonard Chamberlin, Mark AllenThe authors would like to acknowledge that the work that produced the results presented in this paper was funded by the U.S. Department of Energy/Office of Electricity Delivery and Energy Reliability (DOE/OE) as part of the National SCADA Test Bed (NSTB) Program. Executive SummaryProcess control systems (PCS) are very important for critical infrastructure and manufacturing operations, yet cyber security technology in PCS is generally poor. The OPSAID (Open PCS (Process Control System) Security Architecture for Interoperable Design) program is intended to address these security shortcomings by accelerating the availability and deployment of comprehensive security technology for PCS, both for existing PCS and inherently secure PCS in the future. All activities are closely linked to industry outreach and advisory efforts.Generally speaking, the OPSAID project is focused on providing comprehensive security functionality to PCS that communicate using IP. This is done through creating an interoperable PCS security architecture and developing a reference implementation, which is tested extensively for performance and reliability.This report first provides background on the PCS security problem and OPSAID, followed by goals and objectives of the project. The report also includes an overview of the results, including the OPSAID architecture and testing activities, along with results from industry outreach activities. Conclusion and recommendation sections follow. Finally, a series of appendices provide more detailed information regarding architecture and testing activities.Summarizing the project results, the OPSAID architecture was defined, which includes modular security functionality and corresponding component modules. The reference implementation, which includes the collection of component modules, was tested extensively and proved to provide more than acceptable performance in a variety of test scenarios. The primary challenge in implementation and testing was correcting initial configuration errors.OPSAID industry outreach efforts were very successful. A small group of industry partners were extensively involved in both the design and testing of OPSAID. Conference presentations resulted in creating a larger group of potential industry partners.Based upon experience implementing and testing OPSAID, as well as through collecting industry feedback, the OPSAID project has done well and is well received. Recommendations for future work include further development of advanced functionality, refinement of interoperability guidance, additional laboratory and field testing, and industry outreach that includes PCS owner education. 4 5 --This page intentionally left blank --« less

Implementation and evaluation of an efficient secure computation system using ‘R’ for healthcare statistics

PubMed Central

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-01-01

Background and objective While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Materials and methods Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software ‘R’ by effectively combining secret-sharing-based secure computation with original computation. Results Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50 000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. Discussion If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using ‘R’ that works interactively while secure computation protocols generally require a significant amount of processing time. Conclusions We propose a secure statistical analysis system using ‘R’ for medical data that effectively integrates secret-sharing-based secure computation and original computation. PMID:24763677

Implementation and evaluation of an efficient secure computation system using 'R' for healthcare statistics.

PubMed

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-10-01

While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software 'R' by effectively combining secret-sharing-based secure computation with original computation. Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50,000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using 'R' that works interactively while secure computation protocols generally require a significant amount of processing time. We propose a secure statistical analysis system using 'R' for medical data that effectively integrates secret-sharing-based secure computation and original computation. Published by the BMJ Publishing Group Limited. For permission to use (where not already granted under a licence) please go to http://group.bmj.com/group/rights-licensing/permissions.

33 CFR 104.215 - Vessel Security Officer (VSO).

Code of Federal Regulations, 2011 CFR

2011-07-01

... procedures, including scenario-based response training; (4) Crowd management and control techniques; (5) Operations of security equipment and systems; and (6) Testing and calibration of security equipment and...

SPI/U3.2. Security Profile Inspector for UNIX Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bartoletti, A.

1994-08-01

SPI/U3.2 consists of five tools used to assess and report the security posture of computers running the UNIX operating system. The tools are: Access Control Test: A rule-based system which identifies sequential dependencies in UNIX access controls. Binary Authentication Tool: Evaluates the release status of system binaries by comparing a crypto-checksum to provide table entries. Change Detection Tool: Maintains and applies a snapshot of critical system files and attributes for purposes of change detection. Configuration Query Language: Accepts CQL-based scripts (provided) to evaluate queries over the status of system files, configuration of services and many other elements of UNIX systemmore » security. Password Security Inspector: Tests for weak or aged passwords. The tools are packaged with a forms-based user interface providing on-line context-sensistive help, job scheduling, parameter management and output report management utilities. Tools may be run independent of the UI.« less

The hack attack - Increasing computer system awareness of vulnerability threats

NASA Technical Reports Server (NTRS)

Quann, John; Belford, Peter

1987-01-01

The paper discusses the issue of electronic vulnerability of computer based systems supporting NASA Goddard Space Flight Center (GSFC) by unauthorized users. To test the security of the system and increase security awareness, NYMA, Inc. employed computer 'hackers' to attempt to infiltrate the system(s) under controlled conditions. Penetration procedures, methods, and descriptions are detailed in the paper. The procedure increased the security consciousness of GSFC management to the electronic vulnerability of the system(s).

Hacking the Bell test using classical light in energy-time entanglement-based quantum key distribution.

PubMed

Jogenfors, Jonathan; Elhassan, Ashraf Mohamed; Ahrens, Johan; Bourennane, Mohamed; Larsson, Jan-Åke

2015-12-01

Photonic systems based on energy-time entanglement have been proposed to test local realism using the Bell inequality. A violation of this inequality normally also certifies security of device-independent quantum key distribution (QKD) so that an attacker cannot eavesdrop or control the system. We show how this security test can be circumvented in energy-time entangled systems when using standard avalanche photodetectors, allowing an attacker to compromise the system without leaving a trace. We reach Bell values up to 3.63 at 97.6% faked detector efficiency using tailored pulses of classical light, which exceeds even the quantum prediction. This is the first demonstration of a violation-faking source that gives both tunable violation and high faked detector efficiency. The implications are severe: the standard Clauser-Horne-Shimony-Holt inequality cannot be used to show device-independent security for energy-time entanglement setups based on Franson's configuration. However, device-independent security can be reestablished, and we conclude by listing a number of improved tests and experimental setups that would protect against all current and future attacks of this type.

Hybrid network defense model based on fuzzy evaluation.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2014-01-01

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture.

Using digital watermarking to enhance security in wireless medical image transmission.

PubMed

Giakoumaki, Aggeliki; Perakis, Konstantinos; Banitsas, Konstantinos; Giokas, Konstantinos; Tachakra, Sapal; Koutsouris, Dimitris

2010-04-01

During the last few years, wireless networks have been increasingly used both inside hospitals and in patients' homes to transmit medical information. In general, wireless networks suffer from decreased security. However, digital watermarking can be used to secure medical information. In this study, we focused on combining wireless transmission and digital watermarking technologies to better secure the transmission of medical images within and outside the hospital. We utilized an integrated system comprising the wireless network and the digital watermarking module to conduct a series of tests. The test results were evaluated by medical consultants. They concluded that the images suffered no visible quality degradation and maintained their diagnostic integrity. The proposed integrated system presented reasonable stability, and its performance was comparable to that of a fixed network. This system can enhance security during the transmission of medical images through a wireless channel.

Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hadley, Mark D.; Clements, Samuel L.

2009-01-01

Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets aremore » considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.« less

DIRECT secure messaging as a common transport layer for reporting structured and unstructured lab results to outpatient providers.

PubMed

Sujansky, Walter; Wilson, Tom

2015-04-01

This report describes a grant-funded project to explore the use of DIRECT secure messaging for the electronic delivery of laboratory test results to outpatient physicians and electronic health record systems. The project seeks to leverage the inherent attributes of DIRECT secure messaging and electronic provider directories to overcome certain barriers to the delivery of lab test results in the outpatient setting. The described system enables laboratories that generate test results as HL7 messages to deliver these results as structured or unstructured documents attached to DIRECT secure messages. The system automatically analyzes generated HL7 messages and consults an electronic provider directory to determine the appropriate DIRECT address and delivery format for each indicated recipient. The system also enables lab results delivered to providers as structured attachments to be consumed by HL7 interface engines and incorporated into electronic health record systems. Lab results delivered as unstructured attachments may be printed or incorporated into patient records as PDF files. The system receives and logs acknowledgement messages to document the status of each transmitted lab result, and a graphical interface allows searching and review of this logged information. The described system is a fully implemented prototype that has been tested in a laboratory setting. Although this approach is promising, further work is required to pilot test the system in production settings with clinical laboratories and outpatient provider organizations. Copyright © 2015 Elsevier Inc. All rights reserved.

An enhanced security solution for electronic medical records based on AES hybrid technique with SOAP/XML and SHA-1.

PubMed

Kiah, M L Mat; Nabi, Mohamed S; Zaidan, B B; Zaidan, A A

2013-10-01

This study aims to provide security solutions for implementing electronic medical records (EMRs). E-Health organizations could utilize the proposed method and implement recommended solutions in medical/health systems. Majority of the required security features of EMRs were noted. The methods used were tested against each of these security features. In implementing the system, the combination that satisfied all of the security features of EMRs was selected. Secure implementation and management of EMRs facilitate the safeguarding of the confidentiality, integrity, and availability of e-health organization systems. Health practitioners, patients, and visitors can use the information system facilities safely and with confidence anytime and anywhere. After critically reviewing security and data transmission methods, a new hybrid method was proposed to be implemented on EMR systems. This method will enhance the robustness, security, and integration of EMR systems. The hybrid of simple object access protocol/extensible markup language (XML) with advanced encryption standard and secure hash algorithm version 1 has achieved the security requirements of an EMR system with the capability of integrating with other systems through the design of XML messages.

Facilitating Secure Sharing of Personal Health Data in the Cloud

PubMed Central

Nepal, Surya; Glozier, Nick

2016-01-01

Background Internet-based applications are providing new ways of promoting health and reducing the cost of care. Although data can be kept encrypted in servers, the user does not have the ability to decide whom the data are shared with. Technically this is linked to the problem of who owns the data encryption keys required to decrypt the data. Currently, cloud service providers, rather than users, have full rights to the key. In practical terms this makes the users lose full control over their data. Trust and uptake of these applications can be increased by allowing patients to feel in control of their data, generally stored in cloud-based services. Objective This paper addresses this security challenge by providing the user a way of controlling encryption keys independently of the cloud service provider. We provide a secure and usable system that enables a patient to share health information with doctors and specialists. Methods We contribute a secure protocol for patients to share their data with doctors and others on the cloud while keeping complete ownership. We developed a simple, stereotypical health application and carried out security tests, performance tests, and usability tests with both students and doctors (N=15). Results We developed the health application as an app for Android mobile phones. We carried out the usability tests on potential participants and medical professionals. Of 20 participants, 14 (70%) either agreed or strongly agreed that they felt safer using our system. Using mixed methods, we show that participants agreed that privacy and security of health data are important and that our system addresses these issues. Conclusions We presented a security protocol that enables patients to securely share their eHealth data with doctors and nurses and developed a secure and usable system that enables patients to share mental health information with doctors. PMID:27234691

Assessment of risks of EMI for personal medical electronic devices (PMEDs) from emissions of millimeter-wave security screening systems

NASA Astrophysics Data System (ADS)

Witters, Donald; Bassen, Howard; Guag, Joshua; Addissie, Bisrat; LaSorte, Nickolas; Rafai, Hazem

2013-06-01

This paper describes research and testing of a representative group of high priority body worn and implantable personal medical electronic devices (PMEDs) for exposure to millimeter wave (MMW) advanced imaging technology (AIT) security systems used at airports. The sample PMEDs included in this study were implantable cardiac pacemakers, ICDs, neurostimulators and insulin pumps. These PMEDs are designed and tested for susceptibility to electromagnetic interference (EMI) under the present standards for medical device electromagnetic compatibility (EMC). However, the present standards for medical equipment do not address exposure to the much higher frequency fields that are emitted by MMW security systems. Initial AIT emissions measurements were performed to assess the PMED and passenger exposures. Testing protocols were developed and testing methods were tailored to the type of PMED. In addition, a novel exposure simulation system was developed to allow controlled EMC testing without the need of the MMW AIT system. Methodology, test results, and analysis are presented, along with an assessment of the human exposure and risks for PMED users. The results on this study reveal no effects on the medical devices from the exposure to the MMW security system. Furthermore, the human exposure measurements and analysis showed levels well below applicable standard, and the risks for PMED users and others we assessed to be very low. These findings apply to the types of PMEDs used in the study though these findings might suggest that the risks for other, similar PMEDs would likely be similar.

Report: Improvements Needed in Key EPA Information System Security Practices

EPA Pesticide Factsheets

Report #10-P-0146, June 15, 2010. Williams Adley found that EPA program offices lacked evidence that they planned and executed tests of information system security controls as required by federal requirements.

Creation of backdoors in quantum communications via laser damage

NASA Astrophysics Data System (ADS)

Makarov, Vadim; Bourgoin, Jean-Philippe; Chaiwongkhot, Poompong; Gagné, Mathieu; Jennewein, Thomas; Kaiser, Sarah; Kashyap, Raman; Legré, Matthieu; Minshull, Carter; Sajeed, Shihan

2016-09-01

Practical quantum communication (QC) protocols are assumed to be secure provided implemented devices are properly characterized and all known side channels are closed. We show that this is not always true. We demonstrate a laser-damage attack capable of modifying device behavior on demand. We test it on two practical QC systems for key distribution and coin tossing, and show that newly created deviations lead to side channels. This reveals that laser damage is a potential security risk to existing QC systems, and necessitates their testing to guarantee security.

Preventing Chaos.

ERIC Educational Resources Information Center

Pineda, Ernest M.

1999-01-01

Discusses ways to help resolve the Y2K problem and avoid disruptions in school security and safety. Discusses computer software testing and validation to determine its functionality after year's end, and explores system remediation of non-compliant fire and security systems. (GR)

EVALUATION REPORT SCIENCE APPLICATIONS INTERNATIONAL CORPORATION S-CAD CHEMICAL AGENT DETECTION SYSTEM

EPA Science Inventory

The USEPA's National Homeland Security Research Center (NHSRC)Technology Testing and Evaluation Program (TTEP) is carrying out performance tests on homeland security technologies. Under TTEP, Battelle recently evaluated the performance of the Science Applications International Co...

3D Imaging with Structured Illumination for Advanced Security Applications

DOE Office of Scientific and Technical Information (OSTI.GOV)

Birch, Gabriel Carisle; Dagel, Amber Lynn; Kast, Brian A.

2015-09-01

Three-dimensional (3D) information in a physical security system is a highly useful dis- criminator. The two-dimensional data from an imaging systems fails to provide target dis- tance and three-dimensional motion vector, which can be used to reduce nuisance alarm rates and increase system effectiveness. However, 3D imaging devices designed primarily for use in physical security systems are uncommon. This report discusses an architecture favorable to physical security systems; an inexpensive snapshot 3D imaging system utilizing a simple illumination system. The method of acquiring 3D data, tests to understand illumination de- sign, and software modifications possible to maximize information gathering capabilitymore » are discussed.« less

Hybrid Network Defense Model Based on Fuzzy Evaluation

PubMed Central

2014-01-01

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture. PMID:24574870

Index of cyber integrity

NASA Astrophysics Data System (ADS)

Anderson, Gustave

2014-05-01

Unfortunately, there is no metric, nor set of metrics, that are both general enough to encompass all possible types of applications yet specific enough to capture the application and attack specific details. As a result we are left with ad-hoc methods for generating evaluations of the security of our systems. Current state of the art methods for evaluating the security of systems include penetration testing and cyber evaluation tests. For these evaluations, security professionals simulate an attack from malicious outsiders and malicious insiders. These evaluations are very productive and are able to discover potential vulnerabilities resulting from improper system configuration, hardware and software flaws, or operational weaknesses. We therefore propose the index of cyber integrity (ICI), which is modeled after the index of biological integrity (IBI) to provide a holistic measure of the health of a system under test in a cyber-environment. The ICI provides a broad base measure through a collection of application and system specific metrics. In this paper, following the example of the IBI, we demonstrate how a multi-metric index may be used as a holistic measure of the health of a system under test in a cyber-environment.

Evaluating User Experiences of the Secure Messaging Tool on the Veterans Affairs’ Patient Portal System

PubMed Central

Lind, Jason D; Shimada, Stephanie L; Martin, Tracey L; Gosline, Robert M; Antinori, Nicole; Stewart, Max; Simon, Steven R

2014-01-01

Background The United States Department of Veterans Affairs has implemented an electronic asynchronous “Secure Messaging” tool within a Web-based patient portal (ie, My HealtheVet) to support patient-provider communication. This electronic resource promotes continuous and coordinated patient-centered care, but to date little research has evaluated patients’ experiences and preferences for using Secure Messaging. Objective The objectives of this mixed-methods study were to (1) characterize veterans’ experiences using Secure Messaging in the My HealtheVet portal over a 3-month period, including system usability, (2) identify barriers to and facilitators of use, and (3) describe strategies to support veterans’ use of Secure Messaging. Methods We recruited 33 veterans who had access to and had previously used the portal’s Secure Messaging tool. We used a combination of in-depth interviews, face-to-face user-testing, review of transmitted secure messages between veterans and staff, and telephone interviews three months following initial contact. We assessed participants’ computer and health literacy during initial and follow-up interviews. We used a content-analysis approach to identify dominant themes in the qualitative data. We compared inferences from each of the data sources (interviews, user-testing, and message review) to identify convergent and divergent data trends. Results The majority of veterans (27/33, 82%) reported being satisfied with Secure Messaging at initial interview; satisfaction ratings increased to 97% (31/32, 1 missing) during follow-up interviews. Veterans noted Secure Messaging to be useful for communicating with their primary care team to manage health care needs (eg, health-related questions, test requests and results, medication refills and questions, managing appointments). Four domains emerged from interviews: (1) perceived benefits of using Secure Messaging, (2) barriers to using Secure Messaging, (3) facilitators for using Secure Messaging, and (4) suggestions for improving Secure Messaging. Veterans identified and demonstrated impediments to successful system usage that can be addressed with education, skill building, and system modifications. Analysis of secure message content data provided insights to reasons for use that were not disclosed by participants during interviews, specifically sensitive health topics such as erectile dysfunction and sexually transmitted disease inquiries. Conclusions Veterans perceive Secure Messaging in the My HealtheVet patient portal as a useful tool for communicating with health care teams. However, to maximize sustained utilization of Secure Messaging, marketing, education, skill building, and system modifications are needed. Data from this study can inform a large-scale quantitative assessment of Secure Messaging users’ experiences in a representative sample to validate qualitative findings. PMID:24610454

Evaluating user experiences of the secure messaging tool on the Veterans Affairs' patient portal system.

PubMed

Haun, Jolie N; Lind, Jason D; Shimada, Stephanie L; Martin, Tracey L; Gosline, Robert M; Antinori, Nicole; Stewart, Max; Simon, Steven R

2014-03-06

The United States Department of Veterans Affairs has implemented an electronic asynchronous "Secure Messaging" tool within a Web-based patient portal (ie, My HealtheVet) to support patient-provider communication. This electronic resource promotes continuous and coordinated patient-centered care, but to date little research has evaluated patients' experiences and preferences for using Secure Messaging. The objectives of this mixed-methods study were to (1) characterize veterans' experiences using Secure Messaging in the My HealtheVet portal over a 3-month period, including system usability, (2) identify barriers to and facilitators of use, and (3) describe strategies to support veterans' use of Secure Messaging. We recruited 33 veterans who had access to and had previously used the portal's Secure Messaging tool. We used a combination of in-depth interviews, face-to-face user-testing, review of transmitted secure messages between veterans and staff, and telephone interviews three months following initial contact. We assessed participants' computer and health literacy during initial and follow-up interviews. We used a content-analysis approach to identify dominant themes in the qualitative data. We compared inferences from each of the data sources (interviews, user-testing, and message review) to identify convergent and divergent data trends. The majority of veterans (27/33, 82%) reported being satisfied with Secure Messaging at initial interview; satisfaction ratings increased to 97% (31/32, 1 missing) during follow-up interviews. Veterans noted Secure Messaging to be useful for communicating with their primary care team to manage health care needs (eg, health-related questions, test requests and results, medication refills and questions, managing appointments). Four domains emerged from interviews: (1) perceived benefits of using Secure Messaging, (2) barriers to using Secure Messaging, (3) facilitators for using Secure Messaging, and (4) suggestions for improving Secure Messaging. Veterans identified and demonstrated impediments to successful system usage that can be addressed with education, skill building, and system modifications. Analysis of secure message content data provided insights to reasons for use that were not disclosed by participants during interviews, specifically sensitive health topics such as erectile dysfunction and sexually transmitted disease inquiries. Veterans perceive Secure Messaging in the My HealtheVet patient portal as a useful tool for communicating with health care teams. However, to maximize sustained utilization of Secure Messaging, marketing, education, skill building, and system modifications are needed. Data from this study can inform a large-scale quantitative assessment of Secure Messaging users' experiences in a representative sample to validate qualitative findings.

Lemnos interoperable security project.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Halbgewachs, Ronald D.

2010-03-01

With the Lemnos framework, interoperability of control security equipment is straightforward. To obtain interoperability between proprietary security appliance units, one or both vendors must now write cumbersome 'translation code.' If one party changes something, the translation code 'breaks.' The Lemnos project is developing and testing a framework that uses widely available security functions and protocols like IPsec - to form a secure communications channel - and Syslog, to exchange security log messages. Using this model, security appliances from two or more different vendors can clearly and securely exchange information, helping to better protect the total system. Simplify regulatory compliance inmore » a complicated security environment by leveraging the Lemnos framework. As an electric utility, are you struggling to implement the NERC CIP standards and other regulations? Are you weighing the misery of multiple management interfaces against committing to a ubiquitous single-vendor solution? When vendors build their security appliances to interoperate using the Lemnos framework, it becomes practical to match best-of-breed offerings from an assortment of vendors to your specific control systems needs. The Lemnos project is developing and testing a framework that uses widely available open-source security functions and protocols like IPsec and Syslog to create a secure communications channel between appliances in order to exchange security data.« less

The Development Of An Independent Locking Securement System For Mobility Aids In Public Transportation Vehicles: Volume 2

DOT National Transportation Integrated Search

1992-12-01

The Quality Functional Deployment (QFD) method was used for the design of the Independent Locking Securement (ILS) System, developed by the Oregon State University. The project entailed the design, construction, and testing of the ILS system prototyp...

Security concept in 'MyAngelWeb' a website for the individual patient at risk of emergency.

PubMed

Pinciroli, F; Nahaissi, D; Boschini, M; Ferrari, R; Meloni, G; Camnasio, M; Spaggiari, P; Carnerone, G

2000-11-01

We describe the Security Plan for the 'MyAngelWeb' service. The different actors involved in the service are subject to different security procedures. The core of the security system is implemented at the host site by means of a DBMS and standard Information Technology tools. Hardware requirements for sustainable security are needed at the web-site construction sites. They are not needed at the emergency physician's site. At the emergency physician's site, a two-way authentication system (password and test phrase method) is implemented.

Security concept in 'MyAngelWeb((R))' a website for the individual patient at risk of emergency.

PubMed

Pinciroli; Nahaissi; Boschini; Ferrari; Meloni; Camnasio; Spaggiari; Carnerone

2000-11-01

We describe the Security Plan for the 'MyAngelWeb' service. The different actors involved in the service are subject to different security procedures. The core of the security system is implemented at the host site by means of a DBMS and standard Information Technology tools. Hardware requirements for sustainable security are needed at the web-site construction sites. They are not needed at the emergency physician's site. At the emergency physician's site, a two-way authentication system (password and test phrase method) is implemented.

EPA Science Matters Newsletter: Advancing Ways to Clean Up Drinking Water Systems (Published November 2013)

EPA Pesticide Factsheets

To advance the science and engineering of decontaminating pipe systems and safely disposing of high-volumes of contaminated water, Agency homeland security researchers are developing a Water Security Test Bed (WSTB).

Securing PCs and Data in Libraries and Schools: A Handbook with Menuing, Anti-Virus, and Other Protective Software.

ERIC Educational Resources Information Center

Benson, Allen C.

This handbook is designed to help readers identify and eliminate security risks, with sound recommendations and library-tested security software. Chapter 1 "Managing Your Facilities and Assessing Your Risks" addresses fundamental management responsibilities including planning for a secure system, organizing computer-related information, assessing…

30 CFR 75.800-4 - Testing, examination, and maintenance of circuit breakers; record.

Code of Federal Regulations, 2011 CFR

2011-07-01

... mine. (b) Record security. These records shall be made in a secure book that is not susceptible to alteration or electronically in a computer system so as to be secure and not susceptible to alteration. (c...

30 CFR 75.800-4 - Testing, examination, and maintenance of circuit breakers; record.

Code of Federal Regulations, 2012 CFR

2012-07-01

... mine. (b) Record security. These records shall be made in a secure book that is not susceptible to alteration or electronically in a computer system so as to be secure and not susceptible to alteration. (c...

30 CFR 75.800-4 - Testing, examination, and maintenance of circuit breakers; record.

Code of Federal Regulations, 2014 CFR

2014-07-01

... mine. (b) Record security. These records shall be made in a secure book that is not susceptible to alteration or electronically in a computer system so as to be secure and not susceptible to alteration. (c...

30 CFR 75.800-4 - Testing, examination, and maintenance of circuit breakers; record.

Code of Federal Regulations, 2013 CFR

2013-07-01

... mine. (b) Record security. These records shall be made in a secure book that is not susceptible to alteration or electronically in a computer system so as to be secure and not susceptible to alteration. (c...

[Development of operation patient security detection system].

PubMed

Geng, Shu-Qin; Tao, Ren-Hai; Zhao, Chao; Wei, Qun

2008-11-01

This paper describes a patient security detection system developed with two dimensional bar codes, wireless communication and removal storage technique. Based on the system, nurses and correlative personnel check code wait operation patient to prevent the defaults. The tests show the system is effective. Its objectivity and currency are more scientific and sophisticated than current traditional method in domestic hospital.

Testing and Evaluation of the Bear Medical Systems, Inc. Bear 33 Volume Ventilator System

DTIC Science & Technology

1990-12-01

approved for publication. RICHARD J. KNECHT, Lt Col, USAF, NC ROGER L STORK , Col, USAF, BSC Project Scientist Chief, Crew Systems Branch EORCHENDER...no problems. After the vibration tests, a visual inspection of the humidifier revealed that a screw and metal clip from a terminal on the incoming...hexagonal J-bolt nuts, which secure the sled to the litter, with larger wing nuts. This modification will allow the sled to be adequately secured by

TTCN-3 Based Conformance Testing of Mobile Broadcast Business Management System in 3G Networks

NASA Astrophysics Data System (ADS)

Wang, Zhiliang; Yin, Xia; Xiang, Yang; Zhu, Ruiping; Gao, Shirui; Wu, Xin; Liu, Shijian; Gao, Song; Zhou, Li; Li, Peng

Mobile broadcast service is one of the emerging most important new services in 3G networks. To better operate and manage mobile broadcast services, mobile broadcast business management system (MBBMS) should be designed and developed. Such a system, with its distributed nature, complicated XML data and security mechanism, faces many challenges in testing technology. In this paper, we study the conformance testing methodology of MBBMS, and design and implement a MBBMS protocol conformance testing tool based on TTCN-3, a standardized test description language that can be used in black-box testing of reactive and distributed system. In this methodology and testing tool, we present a semi-automatic XML test data generation method of TTCN-3 test suite and use HMSC model to help the design of test suite. In addition, we also propose an integrated testing method for hierarchical MBBMS security architecture. This testing tool has been used in industrial level’s testing.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Halbgewachs, Ronald D.; Chavez, Adrian R.

Process Control System (PCS) and Industrial Control System (ICS) security is critical to our national security. But there are a number of technological, economic, and educational impediments to PCS owners implementing effective security on their systems. Sandia National Laboratories has performed the research and development of the OPSAID (Open PCS Security Architecture for Interoperable Design), a project sponsored by the US Department of Energy Office of Electricity Delivery and Energy Reliability (DOE/OE), to address this issue. OPSAID is an open-source architecture for PCS/ICS security that provides a design basis for vendors to build add-on security devices for legacy systems, whilemore » providing a path forward for the development of inherently-secure PCS elements in the future. Using standardized hardware, a proof-of-concept prototype system was also developed. This report describes the improvements and capabilities that have been added to OPSAID since an initial report was released. Testing and validation of this architecture has been conducted in another project, Lemnos Interoperable Security Project, sponsored by DOE/OE and managed by the National Energy Technology Laboratory (NETL).« less

Good Manufacturing Practices (GMP) / Good Laboratory Practices (GLP) Review and Applicability for Chemical Security Enhancements

DOE Office of Scientific and Technical Information (OSTI.GOV)

Iveson, Steven W.

Global chemical security has been enhanced through the determined use and integration of both voluntary and legislated standards. Many popular standards contain components that specifically detail requirements for the security of materials, facilities and other vital assets. In this document we examine the roll of quality management standards and how they affect the security culture within the institutions that adopt these standards in order to conduct business within the international market place. Good manufacturing practices and good laboratory practices are two of a number of quality management systems that have been adopted as law in many nations. These standards aremore » designed to protect the quality of drugs, medicines, foods and analytical test results in order to provide the world-wide consumer with safe and affective products for consumption. These standards provide no established security protocols and yet manage to increase the security of chemicals, materials, facilities and the supply chain via the effective and complete control over the manufacturing, the global supply chains and testing processes. We discuss the means through which these systems enhance security and how nations can further improve these systems with additional regulations that deal specifically with security in the realm of these management systems. We conclude with a discussion of new technologies that may cause disruption within the industries covered by these standards and how these issues might be addressed in order to maintain or increase the level of security within the industries and nations that have adopted these standards.« less

Evaluation of a Secure Laptop-Based Testing Program in an Undergraduate Nursing Program: Students' Perspective.

PubMed

Tao, Jinyuan; Gunter, Glenda; Tsai, Ming-Hsiu; Lim, Dan

2016-01-01

Recently, the many robust learning management systems, and the availability of affordable laptops, have made secure laptop-based testing a reality on many campuses. The undergraduate nursing program at the authors' university began to implement a secure laptop-based testing program in 2009, which allowed students to use their newly purchased laptops to take quizzes and tests securely in classrooms. After nearly 5 years' secure laptop-based testing program implementation, a formative evaluation, using a mixed method that has both descriptive and correlational data elements, was conducted to seek constructive feedback from students to improve the program. Evaluation data show that, overall, students (n = 166) believed the secure laptop-based testing program helps them get hands-on experience of taking examinations on the computer and gets them prepared for their computerized NCLEX-RN. Students, however, had a lot of concerns about laptop glitches and campus wireless network glitches they experienced during testing. At the same time, NCLEX-RN first-time passing rate data were analyzed using the χ2 test, and revealed no significant association between the two testing methods (paper-and-pencil testing and the secure laptop-based testing) and students' first-time NCLEX-RN passing rate. Based on the odds ratio, however, the odds of students passing NCLEX-RN the first time was 1.37 times higher if they were taught with the secure laptop-based testing method than if taught with the traditional paper-and-pencil testing method in nursing school. It was recommended to the institution that better quality of laptops needs to be provided to future students, measures needed to be taken to further stabilize the campus wireless Internet network, and there was a need to reevaluate the Laptop Initiative Program.

Security Policy and Infrastructure in the Context of a Multi-Centeric Information System Dedicated to Autism Spectrum Disorder.

PubMed

Ben Said, Mohamed; Robel, Laurence; Golse, Bernard; Jais, Jean Philippe

2017-01-01

Autism spectrum disorders (ASD) are complex neuro-developmental disorders affecting children in their early age. The diagnosis of ASD relies on multidisciplinary investigations, in psychiatry, neurology, genetics, electrophysiology, neuro-imagery, audiology and ophthalmology. In order to support clinicians, researchers and public health decision makers, we designed an information system dedicated to ASD, called TEDIS. TEDIS was designed to manage systematic, exhaustive and continuous multi-centric patient data collection via secured Internet connections. In this paper, we present the security policy and security infrastructure we developed to protect ASD' patients' clinical data and patients' privacy. We tested our system on 359 ASD patient records in a local secured intranet environment and showed that the security system is functional, with a consistent, transparent and safe encrypting-decrypting behavior. It is ready for deployment in the nine ASD expert assessment centers in the Ile de France district.

Using cyber vulnerability testing techniques to expose undocumented security vulnerabilities in DCS and SCADA equipment

DOE Office of Scientific and Technical Information (OSTI.GOV)

Pollet, J.

2006-07-01

This session starts by providing an overview of typical DCS (Distributed Control Systems) and SCADA (Supervisory Control and Data Acquisition) architectures, and exposes cyber security vulnerabilities that vendors never admit, but are found through a comprehensive cyber testing process. A complete assessment process involves testing all of the layers and components of a SCADA or DCS environment, from the perimeter firewall all the way down to the end devices controlling the process, including what to look for when conducting a vulnerability assessment of real-time control systems. The following systems are discussed: 1. Perimeter (isolation from corporate IT or other non-criticalmore » networks) 2. Remote Access (third Party access into SCADA or DCS networks) 3. Network Architecture (switch, router, firewalls, access controls, network design) 4. Network Traffic Analysis (what is running on the network) 5. Host Operating Systems Hardening 6. Applications (how they communicate with other applications and end devices) 7. End Device Testing (PLCs, RTUs, DCS Controllers, Smart Transmitters) a. System Discovery b. Functional Discovery c. Attack Methodology i. DoS Tests (at what point does the device fail) ii. Malformed Packet Tests (packets that can cause equipment failure) iii. Session Hijacking (do anything that the operator can do) iv. Packet Injection (code and inject your own SCADA commands) v. Protocol Exploitation (Protocol Reverse Engineering / Fuzzing) This paper will provide information compiled from over five years of conducting cyber security testing on control systems hardware, software, and systems. (authors)« less

Processing multilevel secure test and evaluation information

NASA Astrophysics Data System (ADS)

Hurlburt, George; Hildreth, Bradley; Acevedo, Teresa

1994-07-01

The Test and Evaluation Community Network (TECNET) is building a Multilevel Secure (MLS) system. This system features simultaneous access to classified and unclassified information and easy access through widely available communications channels. It provides the necessary separation of classification levels, assured through the use of trusted system design techniques, security assessments and evaluations. This system enables cleared T&E users to view and manipulate classified and unclassified information resources either using a single terminal interface or multiple windows in a graphical user interface. TECNET is in direct partnership with the National Security Agency (NSA) to develop and field the MLS TECNET capability in the near term. The centerpiece of this partnership is a state-of-the-art Concurrent Systems Security Engineering (CSSE) process. In developing the MLS TECNET capability, TECNET and NSA are providing members, with various expertise and diverse backgrounds, to participate in the CSSE process. The CSSE process is founded on the concepts of both Systems Engineering and Concurrent Engineering. Systems Engineering is an interdisciplinary approach to evolve and verify an integrated and life cycle balanced set of system product and process solutions that satisfy customer needs (ASD/ENS-MIL STD 499B 1992). Concurrent Engineering is design and development using the simultaneous, applied talents of a diverse group of people with the appropriate skills. Harnessing diverse talents to support CSSE requires active participation by team members in an environment that both respects and encourages diversity.

46 CFR 61.40-3 - Design verification testing.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE ENGINEERING PERIODIC TESTS AND INSPECTIONS Design Verification and Periodic Testing of Vital System Automation § 61.40-3 Design verification testing. (a) Tests must verify that automated vital systems are designed, constructed, and operate in...

Flexible and Secure Computer-Based Assessment Using a Single Zip Disk

ERIC Educational Resources Information Center

Ko, C. C.; Cheng, C. D.

2008-01-01

Electronic examination systems, which include Internet-based system, require extremely complicated installation, configuration and maintenance of software as well as hardware. In this paper, we present the design and development of a flexible, easy-to-use and secure examination system (e-Test), in which any commonly used computer can be used as a…

Cyber-Physical System Security of a Power Grid: State-of-the-Art

DOE PAGES

Sun, Chih -Che; Liu, Chen -Ching; Xie, Jing

2016-07-14

Here, as part of the smart grid development, more and more technologies are developed and deployed on the power grid to enhance the system reliability. A primary purpose of the smart grid is to significantly increase the capability of computer-based remote control and automation. As a result, the level of connectivity has become much higher, and cyber security also becomes a potential threat to the cyber-physical systems (CPSs). In this paper, a survey of the state-of-the-art is conducted on the cyber security of the power grid concerning issues of: the structure of CPSs in a smart grid; cyber vulnerability assessment;more » cyber protection systems; and testbeds of a CPS. At Washington State University (WSU), the Smart City Testbed (SCT) has been developed to provide a platform to test, analyze and validate defense mechanisms against potential cyber intrusions. A test case is provided in this paper to demonstrate how a testbed helps the study of cyber security and the anomaly detection system (ADS) for substations.« less

Cyber-Physical System Security of a Power Grid: State-of-the-Art

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sun, Chih -Che; Liu, Chen -Ching; Xie, Jing

Here, as part of the smart grid development, more and more technologies are developed and deployed on the power grid to enhance the system reliability. A primary purpose of the smart grid is to significantly increase the capability of computer-based remote control and automation. As a result, the level of connectivity has become much higher, and cyber security also becomes a potential threat to the cyber-physical systems (CPSs). In this paper, a survey of the state-of-the-art is conducted on the cyber security of the power grid concerning issues of: the structure of CPSs in a smart grid; cyber vulnerability assessment;more » cyber protection systems; and testbeds of a CPS. At Washington State University (WSU), the Smart City Testbed (SCT) has been developed to provide a platform to test, analyze and validate defense mechanisms against potential cyber intrusions. A test case is provided in this paper to demonstrate how a testbed helps the study of cyber security and the anomaly detection system (ADS) for substations.« less

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bartoletti, T.

SPI/U3.1 consists of five tools used to assess and report the security posture of computers running the UNIX operating system. The tools are: Access Control Test: A rule-based system which identifies sequential dependencies in UNIX access controls. Binary Inspector Tool: Evaluates the release status of system binaries by comparing a crypto-checksum to provide table entries. Change Detection Tool: Maintains and applies a snapshot of critical system files and attributes for purposes of change detection. Configuration Query Language: Accepts CQL-based scripts (provided) to evaluate queries over the status of system files, configuration of services and many other elements of UNIX systemmore » security. Password Security Inspector: Tests for weak or aged passwords. The tools are packaged with a forms-based user interface providing on-line context-sensistive help, job scheduling, parameter management and output report management utilities. Tools may be run independent of the UI.« less

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bartoletti, Tony

SPI/U3.2 consists of five tools used to assess and report the security posture of computers running the UNIX operating system. The tools are: Access Control Test: A rule-based system which identifies sequential dependencies in UNIX access controls. Binary Authentication Tool: Evaluates the release status of system binaries by comparing a crypto-checksum to provide table entries. Change Detection Tool: Maintains and applies a snapshot of critical system files and attributes for purposes of change detection. Configuration Query Language: Accepts CQL-based scripts (provided) to evaluate queries over the status of system files, configuration of services and many other elements of UNIX systemmore » security. Password Security Inspector: Tests for weak or aged passwords. The tools are packaged with a forms-based user interface providing on-line context-sensistive help, job scheduling, parameter management and output report management utilities. Tools may be run independent of the UI.« less

Injection of Contaminants into a Simulated Water Distribution System Equipped with Continuous Multi-Parameter Water Monitors

EPA Science Inventory

The U.S. EPA’s Technology Testing and Evaluation Program has been charged by EPA to evaluate the performance of commercially available water security-related technologies. Multi-parameter water monitors for distributions systems have been evaluated as such a water security techn...

Software To Secure Distributed Propulsion Simulations

NASA Technical Reports Server (NTRS)

Blaser, Tammy M.

2003-01-01

Distributed-object computing systems are presented with many security threats, including network eavesdropping, message tampering, and communications middleware masquerading. NASA Glenn Research Center, and its industry partners, has taken an active role in mitigating the security threats associated with developing and operating their proprietary aerospace propulsion simulations. In particular, they are developing a collaborative Common Object Request Broker Architecture (CORBA) Security (CORBASec) test bed to secure their distributed aerospace propulsion simulations. Glenn has been working with its aerospace propulsion industry partners to deploy the Numerical Propulsion System Simulation (NPSS) object-based technology. NPSS is a program focused on reducing the cost and time in developing aerospace propulsion engines

Security Policies for Mitigating the Risk of Load Altering Attacks on Smart Grid Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ryutov, Tatyana; AlMajali, Anas; Neuman, Clifford

2015-04-01

While demand response programs implement energy efficiency and power quality objectives, they bring potential security threats to the Smart Grid. The ability to influence load in a system enables attackers to cause system failures and impacts the quality and integrity of power delivered to customers. This paper presents a security mechanism to monitor and control load according to a set of security policies during normal system operation. The mechanism monitors, detects, and responds to load altering attacks. We examined the security requirements of Smart Grid stakeholders and constructed a set of load control policies enforced by the mechanism. We implementedmore » a proof of concept prototype and tested it using the simulation environment. By enforcing the proposed policies in this prototype, the system is maintained in a safe state in the presence of load drop attacks.« less

An explosives detection system for airline security using coherent x-ray scattering technology

NASA Astrophysics Data System (ADS)

Madden, Robert W.; Mahdavieh, Jacob; Smith, Richard C.; Subramanian, Ravi

2008-08-01

L-3 Communications Security and Detection Systems (SDS) has developed a new system for automated alarm resolution in airline baggage Explosive Detection Systems (EDS) based on coherent x-ray scattering spectroscopy. The capabilities of the system were demonstrated in tests with concealed explosives at the Transportation Security Laboratory and airline passenger baggage at Orlando International Airport. The system uses x-ray image information to identify suspicious objects and performs targeted diffraction measurements to classify them. This extra layer of detection capability affords a significant reduction in the rate of false alarm objects that must presently be resolved by opening passenger bags for hand inspection.

Risk Assessment of Power System considering the CPS of Transformers

NASA Astrophysics Data System (ADS)

Zhou, Long; Peng, Zewu; Liu, Xindong; Li, Canbing; Chen, Can

2018-02-01

This paper constructs a risk assessment framework of power system for device-level information security, analyzes the typical protection configuration of power transformers, and takes transformer gas protection and differential protection as examples to put forward a method that analyzes the cyber security in electric power system, which targets transformer protection parameters. We estimate the risk of power system accounting for the cyber security of transformer through utilizing Monte Carlo method and two indexes, which are the loss of load probability and the expected demand not supplied. The proposed approach is tested with IEEE 9 bus system and IEEE 118 bus system.

Automatic Learning of Fine Operating Rules for Online Power System Security Control.

PubMed

Sun, Hongbin; Zhao, Feng; Wang, Hao; Wang, Kang; Jiang, Weiyong; Guo, Qinglai; Zhang, Boming; Wehenkel, Louis

2016-08-01

Fine operating rules for security control and an automatic system for their online discovery were developed to adapt to the development of smart grids. The automatic system uses the real-time system state to determine critical flowgates, and then a continuation power flow-based security analysis is used to compute the initial transfer capability of critical flowgates. Next, the system applies the Monte Carlo simulations to expected short-term operating condition changes, feature selection, and a linear least squares fitting of the fine operating rules. The proposed system was validated both on an academic test system and on a provincial power system in China. The results indicated that the derived rules provide accuracy and good interpretability and are suitable for real-time power system security control. The use of high-performance computing systems enables these fine operating rules to be refreshed online every 15 min.

105KE Basin Area Radiation Monitor System (ARMS) Acceptance Test Procedure

DOE Office of Scientific and Technical Information (OSTI.GOV)

KINKEL, C.C.

1999-12-14

This procedure is intended for the Area Radiation Monitoring System, ARMS, that is replacing the existing Programmable Input-Output Processing System, PIOPS, radiation monitoring system in the 105KE basin. The new system will be referred to as the 105KE ARMS, 105KE Area Radiation Monitoring System. This ATP will ensure calibration integrity of the 105KE radiation detector loops. Also, this ATP will test and document the display, printing, alarm output, alarm acknowledgement, upscale check, and security functions. This ATP test is to be performed after completion of the 105KE ARMS installation. The alarm outputs of the 105KE ARMS will be connected tomore » the basin detector alarms, basin annunciator system, and security Alarm Monitoring System, AMS, located in the 200 area Central Alarm Station (CAS).« less

Test and Evaluation Plan for the Manual Domestic Passive Profiling System (MDPPS)

DTIC Science & Technology

1994-02-01

Aviation Security (FAA/ACS) personnel and Northwest Airlines Security personnel. These elements were evaluated and refined at a Subject-Matter Expert (SME) workshop using Federal Bureau of Investigation (FBI), Immigration and Naturalization Service (INS), Customs, airline security personnel, and FAA personnel. A worksheet and scoring procedures for using the profiling elements were developed so that domestic passengers could be profiled by airline or other personnel. A field test of the feasibility of the Manual Domestic Passive Profiling (MDPP) worksheet was conducted at

The Design and Realization of Net Testing System on Campus Network

ERIC Educational Resources Information Center

Ren, Zhanying; Liu, Shijie

2005-01-01

According to the requirement of modern teaching theory and technology, based on software engineering, database theory, the technique of net information security and system integration, a net testing system on local network was designed and realized. The system benefits for dividing of testing & teaching and settles the problems of random…

Measurement-Device-Independent Quantum Key Distribution over Untrustful Metropolitan Network

NASA Astrophysics Data System (ADS)

Tang, Yan-Lin; Yin, Hua-Lei; Zhao, Qi; Liu, Hui; Sun, Xiang-Xiang; Huang, Ming-Qi; Zhang, Wei-Jun; Chen, Si-Jing; Zhang, Lu; You, Li-Xing; Wang, Zhen; Liu, Yang; Lu, Chao-Yang; Jiang, Xiao; Ma, Xiongfeng; Zhang, Qiang; Chen, Teng-Yun; Pan, Jian-Wei

2016-01-01

Quantum cryptography holds the promise to establish an information-theoretically secure global network. All field tests of metropolitan-scale quantum networks to date are based on trusted relays. The security critically relies on the accountability of the trusted relays, which will break down if the relay is dishonest or compromised. Here, we construct a measurement-device-independent quantum key distribution (MDIQKD) network in a star topology over a 200-square-kilometer metropolitan area, which is secure against untrustful relays and against all detection attacks. In the field test, our system continuously runs through one week with a secure key rate 10 times larger than previous results. Our results demonstrate that the MDIQKD network, combining the best of both worlds—security and practicality, constitutes an appealing solution to secure metropolitan communications.

Secure positioning technique based on encrypted visible light map for smart indoor service

NASA Astrophysics Data System (ADS)

Lee, Yong Up; Jung, Gillyoung

2018-03-01

Indoor visible light (VL) positioning systems for smart indoor services are negatively affected by both cochannel interference from adjacent light sources and VL reception position irregularity in the three-dimensional (3-D) VL channel. A secure positioning methodology based on a two-dimensional (2-D) encrypted VL map is proposed, implemented in prototypes of the specific positioning system, and analyzed based on performance tests. The proposed positioning technique enhances the positioning performance by more than 21.7% compared to the conventional method in real VL positioning tests. Further, the pseudonoise code is found to be the optimal encryption key for secure VL positioning for this smart indoor service.

Planning for Effective Security at Campus Special Events.

ERIC Educational Resources Information Center

Bromley, Max L.

1984-01-01

Factors to consider in assuring security for student events on campus are discussed, based on the experience of the University of South Florida, which has developed, tested, and critiqued a system of planning security. Even though special events vary significantly in type and purpose, some questions should be answered in advance, with the…

Orion EM-1 Crew Module Structural Test Article loaded onto Guppy

NASA Image and Video Library

2017-04-25

NASA's Super Guppy aircraft has been closed and secured at the Shuttle Landing Facility at NASA's Kennedy Space Center in Florida. The Orion Exploration Mission-1 (EM-1) structural test article is secured inside the Super Guppy and will be transported to Lockheed Martin's Denver facility for testing. The Orion spacecraft will launch atop NASA’s Space Launch System rocket on EM-1, its first deep space mission.

Increasing the resilience and security of the United States' power infrastructure

DOE Office of Scientific and Technical Information (OSTI.GOV)

Happenny, Sean F.

2015-08-01

The United States' power infrastructure is aging, underfunded, and vulnerable to cyber attack. Emerging smart grid technologies may take some of the burden off of existing systems and make the grid as a whole more efficient, reliable, and secure. The Pacific Northwest National Laboratory (PNNL) is funding research into several aspects of smart grid technology and grid security, creating a software simulation tool that will allow researchers to test power infrastructure control and distribution paradigms by utilizing different smart grid technologies to determine how the grid and these technologies react under different circumstances. Understanding how these systems behave in real-worldmore » conditions will lead to new ways to make our power infrastructure more resilient and secure. Demonstrating security in embedded systems is another research area PNNL is tackling. Many of the systems controlling the U.S. critical infrastructure, such as the power grid, lack integrated security and the aging networks protecting them are becoming easier to attack.« less

Fuzzy Logic Based Anomaly Detection for Embedded Network Security Cyber Sensor

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ondrej Linda; Todd Vollmer; Jason Wright

Resiliency and security in critical infrastructure control systems in the modern world of cyber terrorism constitute a relevant concern. Developing a network security system specifically tailored to the requirements of such critical assets is of a primary importance. This paper proposes a novel learning algorithm for anomaly based network security cyber sensor together with its hardware implementation. The presented learning algorithm constructs a fuzzy logic rule based model of normal network behavior. Individual fuzzy rules are extracted directly from the stream of incoming packets using an online clustering algorithm. This learning algorithm was specifically developed to comply with the constrainedmore » computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental test-bed mimicking the environment of a critical infrastructure control system.« less

Secure Embedded System Design Methodologies for Military Cryptographic Systems

DTIC Science & Technology

2016-03-31

Fault- Tree Analysis (FTA); Built-In Self-Test (BIST) Introduction Secure access-control systems restrict operations to authorized users via methods...failures in the individual software/processor elements, the question of exactly how unlikely is difficult to answer. Fault- Tree Analysis (FTA) has a...Collins of Sandia National Laboratories for years of sharing his extensive knowledge of Fail-Safe Design Assurance and Fault- Tree Analysis

A model-driven approach to information security compliance

NASA Astrophysics Data System (ADS)

Correia, Anacleto; Gonçalves, António; Teodoro, M. Filomena

2017-06-01

The availability, integrity and confidentiality of information are fundamental to the long-term survival of any organization. Information security is a complex issue that must be holistically approached, combining assets that support corporate systems, in an extended network of business partners, vendors, customers and other stakeholders. This paper addresses the conception and implementation of information security systems, conform the ISO/IEC 27000 set of standards, using the model-driven approach. The process begins with the conception of a domain level model (computation independent model) based on information security vocabulary present in the ISO/IEC 27001 standard. Based on this model, after embedding in the model mandatory rules for attaining ISO/IEC 27001 conformance, a platform independent model is derived. Finally, a platform specific model serves the base for testing the compliance of information security systems with the ISO/IEC 27000 set of standards.

46 CFR 113.05-7 - Environmental tests.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 46 Shipping 4 2010-10-01 2010-10-01 false Environmental tests. 113.05-7 Section 113.05-7 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) ELECTRICAL ENGINEERING COMMUNICATION AND ALARM SYSTEMS AND EQUIPMENT General Provisions § 113.05-7 Environmental tests. Communication, alarm system...

DICOM image secure communications with Internet protocols IPv6 and IPv4.

PubMed

Zhang, Jianguo; Yu, Fenghai; Sun, Jianyong; Yang, Yuanyuan; Liang, Chenwen

2007-01-01

Image-data transmission from one site to another through public network is usually characterized in term of privacy, authenticity, and integrity. In this paper, we first describe a general scenario about how image is delivered from one site to another through a wide-area network (WAN) with security features of data privacy, integrity, and authenticity. Second, we give the common implementation method of the digital imaging and communication in medicine (DICOM) image communication software library with IPv6/IPv4 for high-speed broadband Internet by using open-source software. Third, we discuss two major security-transmission methods, the IP security (IPSec) and the secure-socket layer (SSL) or transport-layer security (TLS), being used currently in medical-image-data communication with privacy support. Fourth, we describe a test schema of multiple-modality DICOM-image communications through TCP/IPv4 and TCP/IPv6 with different security methods, different security algorithms, and operating systems, and evaluate the test results. We found that there are tradeoff factors between choosing the IPsec and the SSL/TLS-based security implementation of IPv6/IPv4 protocols. If the WAN networks only use IPv6 such as in high-speed broadband Internet, the choice is IPsec-based security. If the networks are IPv4 or the combination of IPv6 and IPv4, it is better to use SSL/TLS security. The Linux platform has more security algorithms implemented than the Windows (XP) platform, and can achieve better performance in most experiments of IPv6 and IPv4-based DICOM-image communications. In teleradiology or enterprise-PACS applications, the Linux operating system may be the better choice as peer security gateways for both the IPsec and the SSL/TLS-based secure DICOM communications cross public networks.

46 CFR 78.17-10 - Loudspeaker system.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 46 Shipping 3 2012-10-01 2012-10-01 false Loudspeaker system. 78.17-10 Section 78.17-10 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) PASSENGER VESSELS OPERATIONS Tests, Drills, and Inspections § 78.17-10 Loudspeaker system. (a) Where fitted, the complete loudspeaker system shall be tested...

46 CFR 78.17-10 - Loudspeaker system.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 46 Shipping 3 2014-10-01 2014-10-01 false Loudspeaker system. 78.17-10 Section 78.17-10 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) PASSENGER VESSELS OPERATIONS Tests, Drills, and Inspections § 78.17-10 Loudspeaker system. (a) Where fitted, the complete loudspeaker system shall be tested...

46 CFR 78.17-10 - Loudspeaker system.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 46 Shipping 3 2013-10-01 2013-10-01 false Loudspeaker system. 78.17-10 Section 78.17-10 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) PASSENGER VESSELS OPERATIONS Tests, Drills, and Inspections § 78.17-10 Loudspeaker system. (a) Where fitted, the complete loudspeaker system shall be tested...

46 CFR 78.17-10 - Loudspeaker system.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 46 Shipping 3 2011-10-01 2011-10-01 false Loudspeaker system. 78.17-10 Section 78.17-10 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) PASSENGER VESSELS OPERATIONS Tests, Drills, and Inspections § 78.17-10 Loudspeaker system. (a) Where fitted, the complete loudspeaker system shall be tested...

46 CFR 78.17-10 - Loudspeaker system.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 46 Shipping 3 2010-10-01 2010-10-01 false Loudspeaker system. 78.17-10 Section 78.17-10 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) PASSENGER VESSELS OPERATIONS Tests, Drills, and Inspections § 78.17-10 Loudspeaker system. (a) Where fitted, the complete loudspeaker system shall be tested...

A Systematic Comprehensive Computational Model for Stake Estimation in Mission Assurance: Applying Cyber Security Econometrics System (CSES) to Mission Assurance Analysis Protocol (MAAP)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Sheldon, Frederick T; Grimaila, Michael R

2010-01-01

In earlier works, we presented a computational infrastructure that allows an analyst to estimate the security of a system in terms of the loss that each stakeholder stands to sustain as a result of security breakdowns. In this paper, we discuss how this infrastructure can be used in the subject domain of mission assurance as defined as the full life-cycle engineering process to identify and mitigate design, production, test, and field support deficiencies of mission success. We address the opportunity to apply the Cyberspace Security Econometrics System (CSES) to Carnegie Mellon University and Software Engineering Institute s Mission Assurance Analysismore » Protocol (MAAP) in this context.« less

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hauer, John F.; Mittelstadt, William; Martin, Kenneth E.

During 2005 and 2006 the Western Electricity Coordinating Council (WECC) performed three major tests of western system dynamics. These tests used a Wide Area Measurement System (WAMS) based primarily on Phasor Measurement Units (PMUs) to determine response to events including the insertion of the 1400-MW Chief Joseph braking resistor, probing signals, and ambient events. Test security was reinforced through real-time analysis of wide area effects, and high-quality data provided dynamic profiles for interarea modes across the entire western interconnection. The tests established that low-level optimized pseudo-random ±20-MW probing with the Pacific DC Intertie (PDCI) roughly doubles the apparent noise thatmore » is natural to the power system, providing sharp dynamic information with negligible interference to system operations. Such probing is an effective alternative to use of the 1400-MW Chief Joseph dynamic brake, and it is under consideration as a standard means for assessing dynamic security.« less

Secure voice for mobile satellite applications

NASA Technical Reports Server (NTRS)

Vaisnys, Arvydas; Berner, Jeff

1990-01-01

The initial system studies are described which were performed at JPL on secure voice for mobile satellite applications. Some options are examined for adapting existing Secure Telephone Unit III (STU-III) secure telephone equipment for use over a digital mobile satellite link, as well as for the evolution of a dedicated secure voice mobile earth terminal (MET). The work has included some lab and field testing of prototype equipment. The work is part of an ongoing study at JPL for the National Communications System (NCS) on the use of mobile satellites for emergency communications. The purpose of the overall task is to identify and enable the technologies which will allow the NCS to use mobile satellite services for its National Security Emergency Preparedness (NSEP) communications needs. Various other government agencies will also contribute to a mobile satellite user base, and for some of these, secure communications will be an essential feature.

46 CFR 109.211 - Testing of emergency lighting and power systems.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 46 Shipping 4 2014-10-01 2014-10-01 false Testing of emergency lighting and power systems. 109.211 Section 109.211 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS OPERATIONS Tests, Drills, and Inspections § 109.211 Testing of emergency lighting and power...

46 CFR 109.211 - Testing of emergency lighting and power systems.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 46 Shipping 4 2012-10-01 2012-10-01 false Testing of emergency lighting and power systems. 109.211 Section 109.211 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS OPERATIONS Tests, Drills, and Inspections § 109.211 Testing of emergency lighting and power...

46 CFR 109.211 - Testing of emergency lighting and power systems.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 46 Shipping 4 2011-10-01 2011-10-01 false Testing of emergency lighting and power systems. 109.211 Section 109.211 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS OPERATIONS Tests, Drills, and Inspections § 109.211 Testing of emergency lighting and power...

46 CFR 109.211 - Testing of emergency lighting and power systems.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 46 Shipping 4 2010-10-01 2010-10-01 false Testing of emergency lighting and power systems. 109.211 Section 109.211 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS OPERATIONS Tests, Drills, and Inspections § 109.211 Testing of emergency lighting and power...

46 CFR 109.211 - Testing of emergency lighting and power systems.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 46 Shipping 4 2013-10-01 2013-10-01 false Testing of emergency lighting and power systems. 109.211 Section 109.211 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS OPERATIONS Tests, Drills, and Inspections § 109.211 Testing of emergency lighting and power...

The Johnson Space Center Management Information Systems (JSCMIS). 1: Requirements Definition and Design Specifications for Versions 2.1 and 2.1.1. 2: Documented Test Scenario Environments. 3: Security Design and Specifications

NASA Technical Reports Server (NTRS)

1986-01-01

The Johnson Space Center Management Information System (JSCMIS) is an interface to computer data bases at NASA Johnson which allows an authorized user to browse and retrieve information from a variety of sources with minimum effort. This issue gives requirements definition and design specifications for versions 2.1 and 2.1.1, along with documented test scenario environments, and security object design and specifications.

An Integrative Behavioral Model of Information Security Policy Compliance

PubMed Central

Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

2014-01-01

The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing members' neutralization intention to violate information security policy should be emphasized. PMID:24971373

An integrative behavioral model of information security policy compliance.

PubMed

Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

2014-01-01

The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing members' neutralization intention to violate information security policy should be emphasized.

NASA's Plan for SDLS Testing

NASA Technical Reports Server (NTRS)

Bailey, Brandon

2015-01-01

The Space Data Link Security (SDLS) Protocol is a Consultative Committee for Space Data Systems (CCSDS) standard which extends the known Data Link protocols to secure data being sent over a space link by providing confidentiality and integrity services. This plan outlines the approach by National Aeronautics Space Administration (NASA) in performing testing of the SDLS protocol using a prototype based on an existing NASA missions simulator.

Digital Signal Processing Methods for Safety Systems Employed in Nuclear Power Industry

NASA Astrophysics Data System (ADS)

Popescu, George

Some of the major safety concerns in the nuclear power industry focus on the readiness of nuclear power plant safety systems to respond to an abnormal event, the security of special nuclear materials in used nuclear fuels, and the need for physical security to protect personnel and reactor safety systems from an act of terror. Routine maintenance and tests of all nuclear reactor safety systems are performed on a regular basis to confirm the ability of these systems to operate as expected. However, these tests do not determine the reliability of these safety systems and whether the systems will perform for the duration of an accident and whether they will perform their tasks without failure after being engaged. This research has investigated the progression of spindle asynchronous error motion determined from spindle accelerations to predict bearings failure onset. This method could be applied to coolant pumps that are essential components of emergency core cooling systems at all nuclear power plants. Recent security upgrades mandated by the Nuclear Regulatory Commission and the Department of Homeland Security have resulted in implementation of multiple physical security barriers around all of the commercial and research nuclear reactors in the United States. A second part of this research attempts to address an increased concern about illegal trafficking of Special Nuclear Materials (SNM). This research describes a multi element scintillation detector system designed for non - invasive (passive) gamma ray surveillance for concealed SNM that may be within an area or sealed in a package, vehicle or shipping container. Detection capabilities of the system were greatly enhanced through digital signal processing, which allows the combination of two very powerful techniques: 1) Compton Suppression (CS) and 2) Pulse Shape Discrimination (PSD) with less reliance on complicated analog instrumentation.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Happenny, Sean F.

The United States’ power infrastructure is aging, underfunded, and vulnerable to cyber attack. Emerging smart grid technologies may take some of the burden off of existing systems and make the grid as a whole more efficient, reliable, and secure. The Pacific Northwest National Laboratory (PNNL) is funding research into several aspects of smart grid technology and grid security, creating a software simulation tool that will allow researchers to test power distribution networks utilizing different smart grid technologies to determine how the grid and these technologies react under different circumstances. Demonstrating security in embedded systems is another research area PNNL ismore » tackling. Many of the systems controlling the U.S. critical infrastructure, such as the power grid, lack integrated security and the networks protecting them are becoming easier to breach. Providing a virtual power substation network to each student team at the National Collegiate Cyber Defense Competition, thereby supporting the education of future cyber security professionals, is another way PNNL is helping to strengthen the security of the nation’s power infrastructure.« less

Repetitive Domain-Referenced Testing Using Computers: the TITA System.

ERIC Educational Resources Information Center

Olympia, P. L., Jr.

The TITA (Totally Interactive Testing and Analysis) System algorithm for the repetitive construction of domain-referenced tests utilizes a compact data bank, is highly portable, is useful in any discipline, requires modest computer hardware, and does not present a security problem. Clusters of related keyphrases, statement phrases, and distractors…

Finding a needle in a haystack: toward a psychologically informed method for aviation security screening.

PubMed

Ormerod, Thomas C; Dando, Coral J

2015-02-01

Current aviation security systems identify behavioral indicators of deception to assess risks to flights, but they lack a strong psychological basis or empirical validation. We present a new method that tests the veracity of passenger accounts. In an in vivo double-blind randomized-control trial conducted in international airports, security agents detected 66% of deceptive passengers using the veracity test method compared with less than 5% using behavioral indicator recognition. As well as revealing advantages of veracity testing over behavioral indicator identification, the study provides the highest levels to date of deception detection in a realistic setting where the known base rate of deceptive individuals is low.

Network Penetration Testing and Research

NASA Technical Reports Server (NTRS)

Murphy, Brandon F.

2013-01-01

This paper will focus the on research and testing done on penetrating a network for security purposes. This research will provide the IT security office new methods of attacks across and against a company's network as well as introduce them to new platforms and software that can be used to better assist with protecting against such attacks. Throughout this paper testing and research has been done on two different Linux based operating systems, for attacking and compromising a Windows based host computer. Backtrack 5 and BlackBuntu (Linux based penetration testing operating systems) are two different "attacker'' computers that will attempt to plant viruses and or NASA USRP - Internship Final Report exploits on a host Windows 7 operating system, as well as try to retrieve information from the host. On each Linux OS (Backtrack 5 and BlackBuntu) there is penetration testing software which provides the necessary tools to create exploits that can compromise a windows system as well as other operating systems. This paper will focus on two main methods of deploying exploits 1 onto a host computer in order to retrieve information from a compromised system. One method of deployment for an exploit that was tested is known as a "social engineering" exploit. This type of method requires interaction from unsuspecting user. With this user interaction, a deployed exploit may allow a malicious user to gain access to the unsuspecting user's computer as well as the network that such computer is connected to. Due to more advance security setting and antivirus protection and detection, this method is easily identified and defended against. The second method of exploit deployment is the method mainly focused upon within this paper. This method required extensive research on the best way to compromise a security enabled protected network. Once a network has been compromised, then any and all devices connected to such network has the potential to be compromised as well. With a compromised network, computers and devices can be penetrated through deployed exploits. This paper will illustrate the research done to test ability to penetrate a network without user interaction, in order to retrieve personal information from a targeted host.

Full Scale Drinking Water System Decontamination at the Water Security Test Bed.

PubMed

Szabo, Jeffrey; Hall, John; Reese, Steve; Goodrich, Jim; Panguluri, Sri; Meiners, Greg; Ernst, Hiba

2018-03-20

The EPA's Water Security Test Bed (WSTB) facility is a full-scale representation of a drinking water distribution system. In collaboration with the Idaho National Laboratory (INL), EPA designed the WSTB facility to support full-scale evaluations of water infrastructure decontamination, real-time sensors, mobile water treatment systems, and decontamination of premise plumbing and appliances. The EPA research focused on decontamination of 1) Bacillus globigii (BG) spores, a non-pathogenic surrogate for Bacillus anthracis and 2) Bakken crude oil. Flushing and chlorination effectively removed most BG spores from the bulk water but BG spores still remained on the pipe wall coupons. Soluble oil components of Bakken crude oil were removed by flushing although oil components persisted in the dishwasher and refrigerator water dispenser. Using this full-scale distribution system allows EPA to 1) test contaminants without any human health or ecological risk and 2) inform water systems on effective methodologies responding to possible contamination incidents.

Using software security analysis to verify the secure socket layer (SSL) protocol

NASA Technical Reports Server (NTRS)

Powell, John D.

2004-01-01

nal Aeronautics and Space Administration (NASA) have tens of thousands of networked computer systems and applications. Software Security vulnerabilities present risks such as lost or corrupted data, information the3, and unavailability of critical systems. These risks represent potentially enormous costs to NASA. The NASA Code Q research initiative 'Reducing Software Security Risk (RSSR) Trough an Integrated Approach '' offers, among its capabilities, formal verification of software security properties, through the use of model based verification (MBV) to address software security risks. [1,2,3,4,5,6] MBV is a formal approach to software assurance that combines analysis of software, via abstract models, with technology, such as model checkers, that provide automation of the mechanical portions of the analysis process. This paper will discuss: The need for formal analysis to assure software systems with respect to software and why testing alone cannot provide it. The means by which MBV with a Flexible Modeling Framework (FMF) accomplishes the necessary analysis task. An example of FMF style MBV in the verification of properties over the Secure Socket Layer (SSL) communication protocol as a demonstration.

Enhancing the Safety, Security and Resilience of ICT and Scada Systems Using Action Research

NASA Astrophysics Data System (ADS)

Johnsen, Stig; Skramstad, Torbjorn; Hagen, Janne

This paper discusses the results of a questionnaire-based survey used to assess the safety, security and resilience of information and communications technology (ICT) and supervisory control and data acquisition (SCADA) systems used in the Norwegian oil and gas industry. The survey identifies several challenges, including the involvement of professionals with different backgrounds and expertise, lack of common risk perceptions, inadequate testing and integration of ICT and SCADA systems, poor information sharing related to undesirable incidents and lack of resilience in the design of technical systems. Action research is proposed as a process for addressing these challenges in a systematic manner and helping enhance the safety, security and resilience of ICT and SCADA systems used in oil and gas operations.

CORBASec Used to Secure Distributed Aerospace Propulsion Simulations

NASA Technical Reports Server (NTRS)

Blaser, Tammy M.

2003-01-01

The NASA Glenn Research Center and its industry partners are developing a Common Object Request Broker (CORBA) Security (CORBASec) test bed to secure their distributed aerospace propulsion simulations. Glenn has been working with its aerospace propulsion industry partners to deploy the Numerical Propulsion System Simulation (NPSS) object-based technology. NPSS is a program focused on reducing the cost and time in developing aerospace propulsion engines. It was developed by Glenn and is being managed by the NASA Ames Research Center as the lead center reporting directly to NASA Headquarters' Aerospace Technology Enterprise. Glenn is an active domain member of the Object Management Group: an open membership, not-for-profit consortium that produces and manages computer industry specifications (i.e., CORBA) for interoperable enterprise applications. When NPSS is deployed, it will assemble a distributed aerospace propulsion simulation scenario from proprietary analytical CORBA servers and execute them with security afforded by the CORBASec implementation. The NPSS CORBASec test bed was initially developed with the TPBroker Security Service product (Hitachi Computer Products (America), Inc., Waltham, MA) using the Object Request Broker (ORB), which is based on the TPBroker Basic Object Adaptor, and using NPSS software across different firewall products. The test bed has been migrated to the Portable Object Adaptor architecture using the Hitachi Security Service product based on the VisiBroker 4.x ORB (Borland, Scotts Valley, CA) and on the Orbix 2000 ORB (Dublin, Ireland, with U.S. headquarters in Waltham, MA). Glenn, GE Aircraft Engines, and Pratt & Whitney Aircraft are the initial industry partners contributing to the NPSS CORBASec test bed. The test bed uses Security SecurID (RSA Security Inc., Bedford, MA) two-factor token-based authentication together with Hitachi Security Service digital-certificate-based authentication to validate the various NPSS users. The test bed is expected to demonstrate NPSS CORBASec-specific policy functionality, confirm adequate performance, and validate the required Internet configuration in a distributed collaborative aerospace propulsion environment.

Testing large volume water treatment and crude oil ...

EPA Pesticide Factsheets

Report EPA’s Homeland Security Research Program (HSRP) partnered with the Idaho National Laboratory (INL) to build the Water Security Test Bed (WSTB) at the INL test site outside of Idaho Falls, Idaho. The WSTB was built using an 8-inch (20 cm) diameter cement-mortar lined drinking water pipe that was previously taken out of service. The pipe was exhumed from the INL grounds and oriented in the shape of a small drinking water distribution system. Effluent from the pipe is captured in a lagoon. The WSTB can support drinking water distribution system research on a variety of drinking water treatment topics including biofilms, water quality, sensors, and homeland security related contaminants. Because the WSTB is constructed of real drinking water distribution system pipes, research can be conducted under conditions similar to those in a real drinking water system. In 2014, WSTB pipe was experimentally contaminated with Bacillus globigii spores, a non-pathogenic surrogate for the pathogenic B. anthracis, and then decontaminated using chlorine dioxide. In 2015, the WSTB was used to perform the following experiments: • Four mobile disinfection technologies were tested for their ability to disinfect large volumes of biologically contaminated “dirty” water from the WSTB. B. globigii spores acted as the biological contaminant. The four technologies evaluated included: (1) Hayward Saline C™ 6.0 Chlorination System, (2) Advanced Oxidation Process (A

Information Assurance Study

DTIC Science & Technology

1998-01-01

usually written up by Logistics or Maintenance (4790 is the Maintenance “ Bible ”). If need be, and if resources are available, one could collect all...Public domain) SATAN (System Administration Tool for Analyzing Networks) (Public Domain) STAT ( Security Test and Analysis Tool) (Harris Corporation...Service-Filtering Tools 1. TCP/IP wrapper program • Tools to Scan Hosts for Known Vulnerabilities 1. ISS (Internet Security Scanner) 2. SATAN (Security

Field test of quantum key distribution in the Tokyo QKD Network.

PubMed

Sasaki, M; Fujiwara, M; Ishizuka, H; Klaus, W; Wakui, K; Takeoka, M; Miki, S; Yamashita, T; Wang, Z; Tanaka, A; Yoshino, K; Nambu, Y; Takahashi, S; Tajima, A; Tomita, A; Domeki, T; Hasegawa, T; Sakai, Y; Kobayashi, H; Asai, T; Shimizu, K; Tokura, T; Tsurumaru, T; Matsui, M; Honjo, T; Tamaki, K; Takesue, H; Tokura, Y; Dynes, J F; Dixon, A R; Sharpe, A W; Yuan, Z L; Shields, A J; Uchikoga, S; Legré, M; Robyr, S; Trinkler, P; Monat, L; Page, J-B; Ribordy, G; Poppe, A; Allacher, A; Maurhart, O; Länger, T; Peev, M; Zeilinger, A

2011-05-23

A secure communication network with quantum key distribution in a metropolitan area is reported. Six different QKD systems are integrated into a mesh-type network. GHz-clocked QKD links enable us to demonstrate the world-first secure TV conferencing over a distance of 45km. The network includes a commercial QKD product for long-term stable operation, and application interface to secure mobile phones. Detection of an eavesdropper, rerouting into a secure path, and key relay via trusted nodes are demonstrated in this network.

Assurance: the power behind PCASSO security.

PubMed Central

Baker, D. B.; Masys, D. R.; Jones, R. L.; Barnhart, R. M.

1999-01-01

The need for security protection in Internet-based healthcare applications is generally acknowledged. Most healthcare applications that use the Internet have at least implemented some kind of encryption. Most applications also enforce user authentication and access control policies, and many audit user actions. However, most fall short on providing strong assurances that the security mechanisms are behaving as expected and that they cannot be subverted. While no system can claim to be totally "bulletproof," PCASSO provides assurance of correct operation through formal, disciplined design and development methodologies, as well as through functional and penetration testing. Through its security mechanisms, backed by strong system assurances, PCASSO is demonstrating "safe" use of public data networks for health care. PMID:10566443

A Multilayer Secure Biomedical Data Management System for Remotely Managing a Very Large Number of Diverse Personal Healthcare Devices.

PubMed

Park, KeeHyun; Lim, SeungHyeon

2015-01-01

In this paper, a multilayer secure biomedical data management system for managing a very large number of diverse personal health devices is proposed. The system has the following characteristics: the system supports international standard communication protocols to achieve interoperability. The system is integrated in the sense that both a PHD communication system and a remote PHD management system work together as a single system. Finally, the system proposed in this paper provides user/message authentication processes to securely transmit biomedical data measured by PHDs based on the concept of a biomedical signature. Some experiments, including the stress test, have been conducted to show that the system proposed/constructed in this study performs very well even when a very large number of PHDs are used. For a stress test, up to 1,200 threads are made to represent the same number of PHD agents. The loss ratio of the ISO/IEEE 11073 messages in the normal system is as high as 14% when 1,200 PHD agents are connected. On the other hand, no message loss occurs in the multilayered system proposed in this study, which demonstrates the superiority of the multilayered system to the normal system with regard to heavy traffic.

A Multilayer Secure Biomedical Data Management System for Remotely Managing a Very Large Number of Diverse Personal Healthcare Devices

PubMed Central

Lim, SeungHyeon

2015-01-01

In this paper, a multilayer secure biomedical data management system for managing a very large number of diverse personal health devices is proposed. The system has the following characteristics: the system supports international standard communication protocols to achieve interoperability. The system is integrated in the sense that both a PHD communication system and a remote PHD management system work together as a single system. Finally, the system proposed in this paper provides user/message authentication processes to securely transmit biomedical data measured by PHDs based on the concept of a biomedical signature. Some experiments, including the stress test, have been conducted to show that the system proposed/constructed in this study performs very well even when a very large number of PHDs are used. For a stress test, up to 1,200 threads are made to represent the same number of PHD agents. The loss ratio of the ISO/IEEE 11073 messages in the normal system is as high as 14% when 1,200 PHD agents are connected. On the other hand, no message loss occurs in the multilayered system proposed in this study, which demonstrates the superiority of the multilayered system to the normal system with regard to heavy traffic. PMID:26247034

SSL/TLS Vulnerability Detection Using Black Box Approach

NASA Astrophysics Data System (ADS)

Gunawan, D.; Sitorus, E. H.; Rahmat, R. F.; Hizriadi, A.

2018-03-01

Socket Secure Layer (SSL) and Transport Layer Security (TLS) are cryptographic protocols that provide data encryption to secure the communication over a network. However, in some cases, there are vulnerability found in the implementation of SSL/TLS because of weak cipher key, certificate validation error or session handling error. One of the most vulnerable SSL/TLS bugs is heartbleed. As the security is essential in data communication, this research aims to build a scanner that detect the SSL/TLS vulnerability by using black box approach. This research will focus on heartbleed case. In addition, this research also gathers information about existing SSL in the server. The black box approach is used to test the output of a system without knowing the process inside the system itself. For testing purpose, this research scanned websites and found that some of the websites still have SSL/TLS vulnerability. Thus, the black box approach can be used to detect the vulnerability without considering the source code and the process inside the application.

Test and Evaluation of the Navy Technical Information Presentation System (NTIPS) F-14A Field Test Results

DTIC Science & Technology

1988-09-01

Test and Evaluation Report Test and Evaluation of the Navy Technical Information Presentation System (NTIPS) F-14A Field Test Results by .0 Joseph J...PROGRAM PROJECT TASK WORK UNIT Washington, D.C. 20361 ELEMENT NO. NO. NO. ACCESSION NO. OMN 1820 11. TITLE (Include Security Classification) TEST AND...EVALUATION OF THE NAVY TECHNICAL INFORMATION PRESENTATION SYSTEM (NTIPS) F-14A FIELD TEST RESULTS 12. PERSONAL AUTHOR(S) Fuller, Joseph F. (DTRC) Post

A sensor monitoring system for telemedicine, safety and security applications

NASA Astrophysics Data System (ADS)

Vlissidis, Nikolaos; Leonidas, Filippos; Giovanis, Christos; Marinos, Dimitrios; Aidinis, Konstantinos; Vassilopoulos, Christos; Pagiatakis, Gerasimos; Schmitt, Nikolaus; Pistner, Thomas; Klaue, Jirka

2017-02-01

A sensor system capable of medical, safety and security monitoring in avionic and other environments (e.g. homes) is examined. For application inside an aircraft cabin, the system relies on an optical cellular network that connects each seat to a server and uses a set of database applications to process data related to passengers' health, safety and security status. Health monitoring typically encompasses electrocardiogram, pulse oximetry and blood pressure, body temperature and respiration rate while safety and security monitoring is related to the standard flight attendance duties, such as cabin preparation for take-off, landing, flight in regions of turbulence, etc. In contrast to previous related works, this article focuses on the system's modules (medical and safety sensors and associated hardware), the database applications used for the overall control of the monitoring function and the potential use of the system for security applications. Further tests involving medical, safety and security sensing performed in an real A340 mock-up set-up are also described and reference is made to the possible use of the sensing system in alternative environments and applications, such as health monitoring within other means of transport (e.g. trains or small passenger sea vessels) as well as for remotely located home users, over a wired Ethernet network or the Internet.

National Computer Security Conference (13th) Held in Washington, DC on 1-4 October, 1990. Procedings. Volume 1: Information Systems Security: Standards - The Key to the Future

DTIC Science & Technology

1990-10-04

methods Category 6: Cryptographic methods (hard/ software ) - Tested countermeasures and standard means - Acknowledgements As the number of antivirus ...Skulason), only our own antiviruses have been mentioned in the catalog. We hope to include the major antivirus packages in the future. The current...Center GTE SRI International Trusted Information Systems, Inc. Grumann Data Systems SRI International Software Engineering Institute Trusted

Test Design Document for the Technology Demonstration of the Joint Network Defence and Management System (JNDMS) Project

DTIC Science & Technology

2006-10-25

at this site: Timestamp IP Address Description Severity 2003 Sep 03 14:52:28 150.24.11.1 Security-Trojan- Sub7 18 2003 Sep 03 14:52:33...150.24.11.2 Security-Trojan- Sub7 18 2003 Sep 03 14:52:38 150.24.11.3 Security-Trojan- Sub7 18 4. The Security Analyst clicks on one of the lines in this...table: Severity Parameter Name Value Descriptive Details Location 3 HMCS Iroquois Type of Incident 2 Security-Trojan- Sub7 Asset Type 1 Workstation

HTML5 microdata as a semantic container for medical information exchange.

PubMed

Kimura, Eizen; Kobayashi, Shinji; Ishihara, Ken

2014-01-01

Achieving interoperability between clinical electronic medical records (EMR) systems and cloud computing systems is challenging because of the lack of a universal reference method as a standard for information exchange with a secure connection. Here we describe an information exchange scheme using HTML5 microdata, where the standard semantic container is an HTML document. We embed HL7 messages describing laboratory test results in the microdata. We also annotate items in the clinical research report with the microdata. We mapped the laboratory test result data into the clinical research report using an HL7 selector specified in the microdata. This scheme can provide secure cooperation between the cloud-based service and the EMR system.

33 CFR 106.210 - OCS Facility Security Officer (FSO).

Code of Federal Regulations, 2010 CFR

2010-07-01

..., testing and maintenance of security equipment and systems. (c) Responsibilities. In addition to any other... compliance with this part; (2) Ensure the maintenance of and supervision of the implementation of the FSP... of stores and industrial supplies in compliance with this part; (4) Where applicable, propose...

46 CFR 185.320 - Steering gear, controls, and communication system tests.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 46 Shipping 7 2013-10-01 2013-10-01 false Steering gear, controls, and communication system tests. 185.320 Section 185.320 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) SMALL PASSENGER VESSELS (UNDER 100 GROSS TONS) OPERATIONS Miscellaneous Operating Requirements § 185.320 Steering gear, controls, and communication system...

DOE/DHS INDUSTRIAL CONTROL SYSTEM CYBER SECURITY PROGRAMS: A MODEL FOR USE IN NUCLEAR FACILITY SAFEGUARDS AND SECURITY

DOE Office of Scientific and Technical Information (OSTI.GOV)

Robert S. Anderson; Mark Schanfein; Trond Bjornard

2011-07-01

Many critical infrastructure sectors have been investigating cyber security issues for several years especially with the help of two primary government programs. The U.S. Department of Energy (DOE) National SCADA Test Bed and the U.S. Department of Homeland Security (DHS) Control Systems Security Program have both implemented activities aimed at securing the industrial control systems that operate the North American electric grid along with several other critical infrastructure sectors (ICS). These programs have spent the last seven years working with industry including asset owners, educational institutions, standards and regulating bodies, and control system vendors. The programs common mission is tomore » provide outreach, identification of cyber vulnerabilities to ICS and mitigation strategies to enhance security postures. The success of these programs indicates that a similar approach can be successfully translated into other sectors including nuclear operations, safeguards, and security. The industry regulating bodies have included cyber security requirements and in some cases, have incorporated sets of standards with penalties for non-compliance such as the North American Electric Reliability Corporation Critical Infrastructure Protection standards. These DOE and DHS programs that address security improvements by both suppliers and end users provide an excellent model for nuclear facility personnel concerned with safeguards and security cyber vulnerabilities and countermeasures. It is not a stretch to imagine complete surreptitious collapse of protection against the removal of nuclear material or even initiation of a criticality event as witnessed at Three Mile Island or Chernobyl in a nuclear ICS inadequately protected against the cyber threat.« less

Marketing and reputation aspects of neonatal safeguards and hospital-security systems.

PubMed

Smith, Alan D

2009-01-01

Technological advancements have migrated from personal-use electronics into the healthcare setting for security enhancements. Within maternity wards and nurseries, technology was seen as one of best way to protect newborns from abduction. The present study is a focus on what systems and methods are used in neonatal security, the security arrangements, staff training, and impacts outside the control of the hospital, customer satisfaction and customer relations management. Through hypothesis-testing and exploratory analysis, gender biases and extremely high levels of security were found within a web-enabled and professional sample of 200 respondents. The factor-based constructs were found to be, in order of the greatest explained variance: security concerns, personal technology usage, work technology applications, and demographic maturity concerns, resulting in four factor-based scores with significant combined variance of 61.5%. It was found that through a better understanding on the importance and vital need for hospitals to continue to improve on their technology-based security policies significantly enhanced their reputation in the highly competitive local healthcare industry.

Hazardous material transportation safety and security field operational test beta test and baseline data report : executive summary

DOT National Transportation Integrated Search

2003-10-29

The Beta Test and Baseline Data Collection efforts ensured that the test technologies would successfully operate during the field operational test (FOT) in the designed scenario configurations. These efforts also ensured that FOT systems would succes...

Optimization of airport security lanes

NASA Astrophysics Data System (ADS)

Chen, Lin

2018-05-01

Current airport security management system is widely implemented all around the world to ensure the safety of passengers, but it might not be an optimum one. This paper aims to seek a better security system, which can maximize security while minimize inconvenience to passengers. Firstly, we apply Petri net model to analyze the steps where the main bottlenecks lie. Based on average tokens and time transition, the most time-consuming steps of security process can be found, including inspection of passengers' identification and documents, preparing belongings to be scanned and the process for retrieving belongings back. Then, we develop a queuing model to figure out factors affecting those time-consuming steps. As for future improvement, the effective measures which can be taken include transferring current system as single-queuing and multi-served, intelligently predicting the number of security checkpoints supposed to be opened, building up green biological convenient lanes. Furthermore, to test the theoretical results, we apply some data to stimulate the model. And the stimulation results are consistent with what we have got through modeling. Finally, we apply our queuing model to a multi-cultural background. The result suggests that by quantifying and modifying the variance in wait time, the model can be applied to individuals with various habits customs and habits. Generally speaking, our paper considers multiple affecting factors, employs several models and does plenty of calculations, which is practical and reliable for handling in reality. In addition, with more precise data available, we can further test and improve our models.

46 CFR 62.30-10 - Testing.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 46 Shipping 2 2014-10-01 2014-10-01 false Testing. 62.30-10 Section 62.30-10 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE ENGINEERING VITAL SYSTEM AUTOMATION Reliability and Safety... override safety trip control systems. This equipment must indicate when it is active. ...

46 CFR 62.30-10 - Testing.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 46 Shipping 2 2013-10-01 2013-10-01 false Testing. 62.30-10 Section 62.30-10 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE ENGINEERING VITAL SYSTEM AUTOMATION Reliability and Safety... override safety trip control systems. This equipment must indicate when it is active. ...

46 CFR 62.30-10 - Testing.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 46 Shipping 2 2012-10-01 2012-10-01 false Testing. 62.30-10 Section 62.30-10 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE ENGINEERING VITAL SYSTEM AUTOMATION Reliability and Safety... override safety trip control systems. This equipment must indicate when it is active. ...

46 CFR 62.30-10 - Testing.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 46 Shipping 2 2011-10-01 2011-10-01 false Testing. 62.30-10 Section 62.30-10 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE ENGINEERING VITAL SYSTEM AUTOMATION Reliability and Safety... override safety trip control systems. This equipment must indicate when it is active. ...

Generic System for Remote Testing and Calibration of Measuring Instruments: Security Architecture

NASA Astrophysics Data System (ADS)

Jurčević, M.; Hegeduš, H.; Golub, M.

2010-01-01

Testing and calibration of laboratory instruments and reference standards is a routine activity and is a resource and time consuming process. Since many of the modern instruments include some communication interfaces, it is possible to create a remote calibration system. This approach addresses a wide range of possible applications and permits to drive a number of different devices. On the other hand, remote calibration process involves a number of security issues due to recommendations specified in standard ISO/IEC 17025, since it is not under total control of the calibration laboratory personnel who will sign the calibration certificate. This approach implies that the traceability and integrity of the calibration process directly depends on the collected measurement data. The reliable and secure remote control and monitoring of instruments is a crucial aspect of internet-enabled calibration procedure.

Venipuncture and intravenous infusion access during zero-gravity flight

NASA Technical Reports Server (NTRS)

Krupa, Debra T.; Gosbee, John; Billica, Roger; Bechtle, Perry; Creager, Gerald J.; Boyce, Joey B.

1991-01-01

The purpose of this experiment is to establish the difficulty associated with securing an intravenous (IV) catheter in place in microgravity flight and the techniques applicable in training the Crew Medical Officer (CMO) for Space Station Freedom, as well as aiding in the selection of appropriate hardware and supplies for the Health Maintenance Facility (HMF). The objectives are the following: (1) to determine the difficulties associated with venipuncture in a microgravity environment; (2) to evaluate the various methods of securing an IV catheter and attached tubing for infusion with regard to the unique environment; (3) to evaluate the various materials available for securing an intravenous catheter in place; and (4) to evaluate the fluid therapy administration system when functioning in a complete system. The inflight test procedures and other aspects of the KC-135 parabolic flight test to simulate microgravity are presented.

Statistics of software vulnerability detection in certification testing

NASA Astrophysics Data System (ADS)

Barabanov, A. V.; Markov, A. S.; Tsirlov, V. L.

2018-05-01

The paper discusses practical aspects of introduction of the methods to detect software vulnerability in the day-to-day activities of the accredited testing laboratory. It presents the approval results of the vulnerability detection methods as part of the study of the open source software and the software that is a test object of the certification tests under information security requirements, including software for communication networks. Results of the study showing the allocation of identified vulnerabilities by types of attacks, country of origin, programming languages used in the development, methods for detecting vulnerability, etc. are given. The experience of foreign information security certification systems related to the detection of certified software vulnerabilities is analyzed. The main conclusion based on the study is the need to implement practices for developing secure software in the development life cycle processes. The conclusions and recommendations for the testing laboratories on the implementation of the vulnerability analysis methods are laid down.

Secure scalable disaster electronic medical record and tracking system.

PubMed

Demers, Gerard; Kahn, Christopher; Johansson, Per; Buono, Colleen; Chipara, Octav; Griswold, William; Chan, Theodore

2013-10-01

Electronic medical records (EMRs) are considered superior in documentation of care for medical practice. Current disaster medical response involves paper tracking systems and radio communication for mass-casualty incidents (MCIs). These systems are prone to errors, may be compromised by local conditions, and are labor intensive. Communication infrastructure may be impacted, overwhelmed by call volume, or destroyed by the disaster, making self-contained and secure EMR response a critical capability. Report As the prehospital disaster EMR allows for more robust content including protected health information (PHI), security measures must be instituted to safeguard these data. The Wireless Internet Information System for medicAl Response in Disasters (WIISARD) Research Group developed a handheld, linked, wireless EMR system utilizing current technology platforms. Smart phones connected to radio frequency identification (RFID) readers may be utilized to efficiently track casualties resulting from the incident. Medical information may be transmitted on an encrypted network to fellow prehospital team members, medical dispatch, and receiving medical centers. This system has been field tested in a number of exercises with excellent results, and future iterations will incorporate robust security measures. A secure prehospital triage EMR improves documentation quality during disaster drills.

Converting Hangar High Expansion Foam Systems to Prevent Cockpit Damage: Full-Scale Validation Tests

DTIC Science & Technology

2017-09-01

AFCEC-CO-TY-TR-2018-0001 CONVERTING HANGAR HIGH EXPANSION FOAM SYSTEMS TO PREVENT COCKPIT DAMAGE: FULL-SCALE VALIDATION TESTS Gerard G...REPORT NUMBER(S) 12. DISTRIBUTION/ AVAILABILITY STATEMENT 13. SUPPLEMENTARY NOTES 14. ABSTRACT 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: a. REPORT b...09-2017 Final Test Report May 2017 Converting Hangar High Expansion Foam Systems to Prevent Cockpit Damage: Full-Scale Validation Tests N00173-15-D

Effectiveness of the Civil Aviation Security Program.

DTIC Science & Technology

1982-10-26

12 IX. CIVIL AVIATION SECURITY ACTIONS . . . . . . 14 X . MPIANCE M EN4FOW . ........ 20 X . U . . . . . ... . . . . .. . . . 21 EXHIBITS 1...Screening Results 10. Weapon Detection Devices 11. X -Ray Baggage Inspection Systems 12. Basic Policies 13. Regulatory Impact 14. FAA Sponsored Explosive...WERE APPROVED FOR MORE THAN 200 AIRPORTS. D . TESTING WAS BEGUN ON A NEW C MPUTER PROGRAM FOR HE X -RAY ABSORPTION SYSTEM DEVELOPED TO DTECT BMBS IN

European Service Module-Structural Test Article Load onto Transp

NASA Image and Video Library

2017-06-21

The Orion service module structural test article for Exploration Mission-1 (EM-1), built by the European Space Agency, is prepared for shipment to Lockheed Martin's Denver facility to undergo testing. Inside the Neil Armstrong Operations and Checkout Building high bay at NASA's Kennedy Space Center in Florida, workers secure the protective covering around the module and a crane lifts the module, secured on stand, for the move to the transport truck. The Orion spacecraft will launch atop the agency's Space Launch System rocket on EM-1 in 2019.

Swatch Testing at Elevated Wind Speeds

DTIC Science & Technology

2014-07-17

closures, for improved system performance. 15. SUBJECT TERMS Swatch Testing; Individual Protective Equipment (IPE) 16. SECURITY CLASSIFICATION...new wind tunnel swatch technique allows the systematic testing IPE components, such as fasteners, seams, and closures, for improved system...protective overgarment) achieve this isolation by sealing users in a chemically impermeable garment . Heat stress becomes a major problem with this

Analyzing Risks and Vulnerabilities of Various Computer Systems and Undergoing Exploitation using Embedded Devices

NASA Technical Reports Server (NTRS)

Branch, Drew Alexander

2014-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere has heightened from airports to communication among the military branches legionnaires. With advanced persistent threats (APTs) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated, patched and secured state in a launch control system environment. Attacks on critical systems are becoming more and more relevant and frequent. Nation states are hacking into critical networks that might control electrical power grids or water dams as well as carrying out advanced persistent threat (APTs) attacks on government entities. NASA, as an organization, must protect its self from attacks from all different types of attackers with different motives. Although the International Space Station was created, there is still competition between the different space programs. With that in mind, NASA might get attacked and breached for various reasons such as espionage or sabotage. My project will provide a way for NASA to complete an in house penetration test which includes: asset discovery, vulnerability scans, exploit vulnerabilities and also provide forensic information to harden systems. Completing penetration testing is a part of the compliance requirements of the Federal Information Security Act (FISMA) and NASA NPR 2810.1 and related NASA Handbooks. This project is to demonstrate how in house penetration testing can be conducted that will satisfy all of the compliance requirements of the National Institute of Standards and Technology (NIST), as outlined in FISMA. By the end of this project, I hope to have carried out the tasks stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, as well as policies and procedures.

Compliance with HIPAA security standards in U.S. Hospitals.

PubMed

Davis, Diane; Having, Karen

2006-01-01

With the widespread use of computer networks, the amount of information stored electronically has grown exponentially, resulting in increased concern for privacy and security of information. The healthcare industry has been put to the test with the federally mandated Health Insurance Portability and Accountability Act (HIPAA) of 1996. To assess the compliance status of HIPAA security standards, a random sample of 1,000 U.S. hospitals was surveyed in January 2004, yielding a return rate of 29 percent. One year later, a follow-up survey was sent to all previous respondents, with 50 percent replying. HIPAA officers'perceptions of security compliance in 2004 and 2005 are compared in this article. The security standards achieving the highest level of compliance in both 2004 and 2005 were obtaining required business associate agreements and physical safeguards to limit access to electronic information systems. Respondents indicated least compliance both years in performing periodic evaluation of security practices governed by the Security Rule. Roadblocks, threats, problems and solutions regarding HIPAA compliance are discussed. This information may be applied to current and future strategies toward maintaining security of information systems throughout the healthcare industry.

Micro-tensile testing system

DOEpatents

Wenski, Edward G [Lenexa, KS

2007-08-21

A micro-tensile testing system providing a stand-alone test platform for testing and reporting physical or engineering properties of test samples of materials having thicknesses of approximately between 0.002 inch and 0.030 inch, including, for example, LiGA engineered materials. The testing system is able to perform a variety of static, dynamic, and cyclic tests. The testing system includes a rigid frame and adjustable gripping supports to minimize measurement errors due to deflection or bending under load; serrated grips for securing the extremely small test sample; high-speed laser scan micrometers for obtaining accurate results; and test software for controlling the testing procedure and reporting results.

Micro-tensile testing system

DOEpatents

Wenski, Edward G.

2006-01-10

A micro-tensile testing system providing a stand-alone test platform for testing and reporting physical or engineering properties of test samples of materials having thicknesses of approximately between 0.002 inch and 0.030 inch, including, for example, LiGA engineered materials. The testing system is able to perform a variety of static, dynamic, and cyclic tests. The testing system includes a rigid frame and adjustable gripping supports to minimize measurement errors due to deflection or bending under load; serrated grips for securing the extremely small test sample; high-speed laser scan micrometers for obtaining accurate results; and test software for controlling the testing procedure and reporting results.

Micro-tensile testing system

DOEpatents

Wenski, Edward G [Lenexa, KS

2007-07-17

A micro-tensile testing system providing a stand-alone test platform for testing and reporting physical or engineering properties of test samples of materials having thicknesses of approximately between 0.002 inch and 0.030 inch, including, for example, LiGA engineered materials. The testing system is able to perform a variety of static, dynamic, and cyclic tests. The testing system includes a rigid frame and adjustable gripping supports to minimize measurement errors due to deflection or bending under load; serrated grips for securing the extremely small test sample; high-speed laser scan micrometers for obtaining accurate results; and test software for controlling the testing procedure and reporting results.

Secure and Efficient Key Coordination Algorithm for Line Topology Network Maintenance for Use in Maritime Wireless Sensor Networks.

PubMed

Elgenaidi, Walid; Newe, Thomas; O'Connell, Eoin; Toal, Daniel; Dooly, Gerard

2016-12-21

There has been a significant increase in the proliferation and implementation of Wireless Sensor Networks (WSNs) in different disciplines, including the monitoring of maritime environments, healthcare systems, and industrial sectors. It has now become critical to address the security issues of data communication while considering sensor node constraints. There are many proposed schemes, including the scheme being proposed in this paper, to ensure that there is a high level of security in WSNs. This paper presents a symmetric security scheme for a maritime coastal environment monitoring WSN. The scheme provides security for travelling packets via individually encrypted links between authenticated neighbors, thus avoiding a reiteration of a global rekeying process. Furthermore, this scheme proposes a dynamic update key based on a trusted node configuration, called a leader node, which works as a trusted third party. The technique has been implemented in real time on a Waspmote test bed sensor platform and the results from both field testing and indoor bench testing environments are discussed in this paper.

Secure and Efficient Key Coordination Algorithm for Line Topology Network Maintenance for Use in Maritime Wireless Sensor Networks

PubMed Central

Elgenaidi, Walid; Newe, Thomas; O’Connell, Eoin; Toal, Daniel; Dooly, Gerard

2016-01-01

There has been a significant increase in the proliferation and implementation of Wireless Sensor Networks (WSNs) in different disciplines, including the monitoring of maritime environments, healthcare systems, and industrial sectors. It has now become critical to address the security issues of data communication while considering sensor node constraints. There are many proposed schemes, including the scheme being proposed in this paper, to ensure that there is a high level of security in WSNs. This paper presents a symmetric security scheme for a maritime coastal environment monitoring WSN. The scheme provides security for travelling packets via individually encrypted links between authenticated neighbors, thus avoiding a reiteration of a global rekeying process. Furthermore, this scheme proposes a dynamic update key based on a trusted node configuration, called a leader node, which works as a trusted third party. The technique has been implemented in real time on a Waspmote test bed sensor platform and the results from both field testing and indoor bench testing environments are discussed in this paper. PMID:28009834

Operation of remote mobile sensors for security of drinking water distribution systems.

PubMed

Perelman, By Lina; Ostfeld, Avi

2013-09-01

The deployment of fixed online water quality sensors in water distribution systems has been recognized as one of the key components of contamination warning systems for securing public health. This study proposes to explore how the inclusion of mobile sensors for inline monitoring of various water quality parameters (e.g., residual chlorine, pH) can enhance water distribution system security. Mobile sensors equipped with sampling, sensing, data acquisition, wireless transmission and power generation systems are being designed, fabricated, and tested, and prototypes are expected to be released in the very near future. This study initiates the development of a theoretical framework for modeling mobile sensor movement in water distribution systems and integrating the sensory data collected from stationary and non-stationary sensor nodes to increase system security. The methodology is applied and demonstrated on two benchmark networks. Performance of different sensor network designs are compared for fixed and combined fixed and mobile sensor networks. Results indicate that complementing online sensor networks with inline monitoring can increase detection likelihood and decrease mean time to detection. Copyright © 2013 Elsevier Ltd. All rights reserved.

Mitigating Cyber Security Risk in Satellite Ground Systems

DTIC Science & Technology

2015-04-01

because cyber security in government remains shrouded in secrecy. However, using the Defense Operational Test and Evaluation Office’s (DOT& E ) FY14...report on cybersecurity one grasps the seriousness of the problem. DOT& E reported only 85% of networks in DoD were compliant with the cyber...security regulations discussed later in this paper. Not until compliance is near 100% could DOT& E conceive with confidence that DoD networks were safe

Characterization of an Outdoor Ambient Radio Frequency Environment

DTIC Science & Technology

2016-02-16

radio frequency noise ”) prior to testing of a specific system under test (SUT). With this characterization, locations can be selected to avoid RF...spectrum analyzer, ambient RF noise floor, RF interference 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT SAR 18...environment (sometimes referred to as “radio frequency noise ”) prior to testing of a specific system under test (SUT). With this characterization

Developing an ANSI standard for image quality tools for the testing of active millimeter wave imaging systems

NASA Astrophysics Data System (ADS)

Barber, Jeffrey; Greca, Joseph; Yam, Kevin; Weatherall, James C.; Smith, Peter R.; Smith, Barry T.

2017-05-01

In 2016, the millimeter wave (MMW) imaging community initiated the formation of a standard for millimeter wave image quality metrics. This new standard, American National Standards Institute (ANSI) N42.59, will apply to active MMW systems for security screening of humans. The Electromagnetic Signatures of Explosives Laboratory at the Transportation Security Laboratory is supporting the ANSI standards process via the creation of initial prototypes for round-robin testing with MMW imaging system manufacturers and experts. Results obtained for these prototypes will be used to inform the community and lead to consensus objective standards amongst stakeholders. Images collected with laboratory systems are presented along with results of preliminary image analysis. Future directions for object design, data collection and image processing are discussed.

46 CFR 162.060-30 - Testing requirements for ballast water management system (BWMS) components.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 46 Shipping 6 2012-10-01 2012-10-01 false Testing requirements for ballast water management system (BWMS) components. 162.060-30 Section 162.060-30 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) EQUIPMENT, CONSTRUCTION, AND MATERIALS: SPECIFICATIONS AND APPROVAL ENGINEERING EQUIPMENT Ballast Water Management Systems § 162.060...

33 CFR 150.405 - How must a cargo transfer system be tested and inspected?

Code of Federal Regulations, 2013 CFR

2013-07-01

... 33 Navigation and Navigable Waters 2 2013-07-01 2013-07-01 false How must a cargo transfer system..., DEPARTMENT OF HOMELAND SECURITY (CONTINUED) DEEPWATER PORTS DEEPWATER PORTS: OPERATIONS Cargo Transfer Operations § 150.405 How must a cargo transfer system be tested and inspected? (a) No person may transfer oil...

33 CFR 150.405 - How must a cargo transfer system be tested and inspected?

Code of Federal Regulations, 2011 CFR

2011-07-01

... 33 Navigation and Navigable Waters 2 2011-07-01 2011-07-01 false How must a cargo transfer system..., DEPARTMENT OF HOMELAND SECURITY (CONTINUED) DEEPWATER PORTS DEEPWATER PORTS: OPERATIONS Cargo Transfer Operations § 150.405 How must a cargo transfer system be tested and inspected? (a) No person may transfer oil...

33 CFR 150.405 - How must a cargo transfer system be tested and inspected?

Code of Federal Regulations, 2010 CFR

2010-07-01

... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false How must a cargo transfer system..., DEPARTMENT OF HOMELAND SECURITY (CONTINUED) DEEPWATER PORTS DEEPWATER PORTS: OPERATIONS Cargo Transfer Operations § 150.405 How must a cargo transfer system be tested and inspected? (a) No person may transfer oil...

Outdoor Testing Areas | Energy Systems Integration Facility | NREL

Science.gov Websites

of engineers running tests on plug-in hybrid electric vehicles at the Medium-Voltage Outdoor Test large microgrids hub, located in the outdoor low-voltage test yard, includes underground trench access pits for full enclosure of rotating machinery under test. Key Infrastructure Secured underground pits

46 CFR 61.40-10 - Test procedure details.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 46 Shipping 2 2010-10-01 2010-10-01 false Test procedure details. 61.40-10 Section 61.40-10 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE ENGINEERING PERIODIC TESTS AND INSPECTIONS Design Verification and Periodic Testing of Vital System Automation § 61.40-10 Test procedure...

46 CFR 61.40-10 - Test procedure details.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 46 Shipping 2 2011-10-01 2011-10-01 false Test procedure details. 61.40-10 Section 61.40-10 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE ENGINEERING PERIODIC TESTS AND INSPECTIONS Design Verification and Periodic Testing of Vital System Automation § 61.40-10 Test procedure...

46 CFR 185.320 - Steering gear, controls, and communication system tests.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 46 Shipping 7 2010-10-01 2010-10-01 false Steering gear, controls, and communication system tests. 185.320 Section 185.320 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) SMALL PASSENGER VESSELS (UNDER 100 GROSS TONS) OPERATIONS Miscellaneous Operating Requirements § 185.320 Steering...

41 CFR 101-25.101-2 - Supply through storage and issue.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Management Regulations System FEDERAL PROPERTY MANAGEMENT REGULATIONS SUPPLY AND PROCUREMENT 25-GENERAL 25.1... close inspection or testing is necessary to secure quality, or where repetitive inspection and test of... distribution system does not exist to assure availability at use point. (6) Where volume purchases are...

41 CFR 101-25.101-2 - Supply through storage and issue.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Management Regulations System FEDERAL PROPERTY MANAGEMENT REGULATIONS SUPPLY AND PROCUREMENT 25-GENERAL 25.1... close inspection or testing is necessary to secure quality, or where repetitive inspection and test of... distribution system does not exist to assure availability at use point. (6) Where volume purchases are...

No information flow using statistical fluctuations and quantum cryptography

NASA Astrophysics Data System (ADS)

Larsson, Jan-Åke

2004-04-01

The communication protocol of Home and Whitaker [

46 CFR 61.40-1 - General.

Code of Federal Regulations, 2010 CFR

2010-10-01

..., DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE ENGINEERING PERIODIC TESTS AND INSPECTIONS Design Verification and Periodic Testing of Vital System Automation § 61.40-1 General. (a) All automatically or... tests and inspections to evaluate the operation and reliability of controls, alarms, safety features...

A Layered Decision Model for Cost-Effective System Security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Wei, Huaqiang; Alves-Foss, James; Soule, Terry

System security involves decisions in at least three areas: identification of well-defined security policies, selection of cost-effective defence strategies, and implementation of real-time defence tactics. Although choices made in each of these areas affect the others, existing decision models typically handle these three decision areas in isolation. There is no comprehensive tool that can integrate them to provide a single efficient model for safeguarding a network. In addition, there is no clear way to determine which particular combinations of defence decisions result in cost-effective solutions. To address these problems, this paper introduces a Layered Decision Model (LDM) for use inmore » deciding how to address defence decisions based on their cost-effectiveness. To validate the LDM and illustrate how it is used, we used simulation to test model rationality and applied the LDM to the design of system security for an e-commercial business case.« less

A Modular, Reusable Latch and Decking System for Securing Payloads During Launch and Planetary Surface Transport

NASA Technical Reports Server (NTRS)

Doggett, William R.; Dorsey, John T.; Jones, Thomas C.; King, Bruce D.; Mikulas, Martin M.

2011-01-01

Efficient handling of payloads destined for a planetary surface, such as the moon or mars, requires robust systems to secure the payloads during transport on the ground, in space and on the planetary surface. In addition, mechanisms to release the payloads need to be reliable to ensure successful transfer from one vehicle to another. An efficient payload handling strategy must also consider the devices available to support payload handling. Cranes used for overhead lifting are common to all phases of payload handling on Earth. Similarly, both recent and past studies have demonstrated that devices with comparable functionality will be needed to support lunar outpost operations. A first generation test-bed of a new high performance device that provides the capabilities of both a crane and a robotic manipulator, the Lunar Surface Manipulation System (LSMS), has been designed, built and field tested and is available for use in evaluating a system to secure payloads to transportation vehicles. A payload handling approach must address all phases of payload management including: ground transportation, launch, planetary transfer and installation in the final system. In addition, storage may be required during any phase of operations. Each of these phases requires the payload to be lifted and secured to a vehicle, transported, released and lifted in preparation for the next transportation or storage phase. A critical component of a successful payload handling approach is a latch and associated carrier system. The latch and carrier system should minimize requirements on the: payload, carrier support structure and payload handling devices as well as be able to accommodate a wide range of payload sizes. In addition, the latch should; be small and lightweight, support a method to apply preload, be reusable, integrate into a minimal set of hard-points and have manual interfaces to actuate the latch should a problem occur. A latching system which meets these requirements has been designed and fabricated and will be described in detail. This latching system works in conjunction with a payload handling device such as the LSMS, and the LSMS has been used to test first generation latch and carrier hardware. All tests have been successful during the first phase of operational evaluations. Plans for future tests of first generation latch and carrier hardware with the LSMS are also described.

A Modular, Reusable Latch and Decking System for Securing Payloads During Launch and Planetary Surface Transport

NASA Technical Reports Server (NTRS)

Doggett, William R.; Dorsey, John T.; Jones, Thomas C.; King, Bruce D.; Mikulas, Martin M.

2010-01-01

Efficient handling of payloads destined for a planetary surface, such as the moon or Mars, requires robust systems to secure the payloads during transport on the ground, in-space and on the planetary surface. In addition, mechanisms to release the payloads need to be reliable to ensure successful transfer from one vehicle to another. An efficient payload handling strategy must also consider the devices available to support payload handling. Cranes used for overhead lifting are common to all phases of payload handling on Earth. Similarly, both recent and past studies have demonstrated that devices with comparable functionality will be needed to support lunar outpost operations. A first generation test-bed of a new high performance device that provides the capabilities of both a crane and a robotic manipulator, the Lunar Surface Manipulation System (LSMS), has been designed, built and field tested and is available for use in evaluating a system to secure payloads to transportation vehicles. National Institute of Aerospace, Hampton Va 23662 A payload handling approach must address all phases of payload management including: ground transportation, launch, planetary transfer and installation in the final system. In addition, storage may be required during any phase of operations. Each of these phases requires the payload to be lifted and secured to a vehicle, transported, released and lifted in preparation for the next transportation or storage phase. A critical component of a successful payload handling approach is a latch and associated carrier system. The latch and carrier system should minimize requirements on the: payload, carrier support structure and payload handling devices as well as be able to accommodate a wide range of payload sizes. In addition, the latch should; be small and lightweight, support a method to apply preload, be reusable, integrate into a minimal set of hard-points and have manual interfaces to actuate the latch should a problem occur. A latching system which meets these requirements has been designed and fabricated and will be described in detail. This latching system works in conjunction with a payload handling device such as the LSMS, and the LSMS has been used to test first generation latch and carrier hardware. All tests have been successful during the first phase of operational evaluations. Plans for future tests of first generation latch and carrier hardware with the LSMS are also described.

77 FR 5747 - Security Zones, Seattle's Seafair Fleet Week Moving Vessels, Puget Sound, WA

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-06

... establishment of security zones. We seek any comments or information that may lead to the discovery of a... This proposed rule would call for no new collection of information under the Paperwork Reduction Act of..., design, or operation; test methods; sampling procedures; and related management systems practices) that...

Towards Resilient Critical Infrastructures: Application of Type-2 Fuzzy Logic in Embedded Network Security Cyber Sensor

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ondrej Linda; Todd Vollmer; Jim Alves-Foss

2011-08-01

Resiliency and cyber security of modern critical infrastructures is becoming increasingly important with the growing number of threats in the cyber-environment. This paper proposes an extension to a previously developed fuzzy logic based anomaly detection network security cyber sensor via incorporating Type-2 Fuzzy Logic (T2 FL). In general, fuzzy logic provides a framework for system modeling in linguistic form capable of coping with imprecise and vague meanings of words. T2 FL is an extension of Type-1 FL which proved to be successful in modeling and minimizing the effects of various kinds of dynamic uncertainties. In this paper, T2 FL providesmore » a basis for robust anomaly detection and cyber security state awareness. In addition, the proposed algorithm was specifically developed to comply with the constrained computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental cyber-security test-bed.« less

Test Operations Procedure (TOP) 03-2-827 Test Procedures for Video Target Scoring Using Calibration Lights

DTIC Science & Technology

2016-04-04

Final 3. DATES COVERED (From - To) 4. TITLE AND SUBTITLE Test Operations Procedure (TOP) 03-2-827 Test Procedures for Video Target Scoring Using...ABSTRACT This Test Operations Procedure (TOP) describes typical equipment and procedures to setup and operate a Video Target Scoring System (VTSS) to...lights. 15. SUBJECT TERMS Video Target Scoring System, VTSS, witness screens, camera, target screen, light pole 16. SECURITY

HMM Sequential Hypothesis Tests for Intrusion Detection in MANETs Extended Abstract

DTIC Science & Technology

2003-01-01

securing the routing protocols of mobile ad hoc wireless net- works has been done in prevention. Intrusion detection systems play a complimentary...TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT 18. NUMBER OF PAGES 10 19a. NAME OF RESPONSIBLE PERSON a. REPORT unclassified...hops of A would be unable to communicate with B and vice versa [1]. 1.2 The role of intrusion detection in security In order to provide reliable

A review of physical security robotics at Sandia National Laboratories

DOE Office of Scientific and Technical Information (OSTI.GOV)

Roerig, S.C.

1990-01-01

As an outgrowth of research into physical security technologies, Sandia is investigating the role of robotics in security systems. Robotics may allow more effective utilization of guard forces, especially in scenarios where personnel would be exposed to harmful environments. Robots can provide intrusion detection and assessment functions for failed sensors or transient assets, can test existing fixed site sensors, and can gather additional intelligence and dispense delaying elements. The Robotic Security Vehicle (RSV) program for DOE/OSS is developing a fieldable prototype for an exterior physical security robot based upon a commercial four wheel drive vehicle. The RSV will be capablemore » of driving itself, being driven remotely, or being driven by an onboard operator around a site and will utilize its sensors to alert an operator to unusual conditions. The Remote Security Station (RSS) program for the Defense Nuclear Agency is developing a proof-of-principle robotic system which will be used to evaluate the role, and associated cost, of robotic technologies in exterior security systems. The RSS consists of an independent sensor pod, a mobile sensor platform and a control and display console. Sensor data fusion is used to optimize the system's intrusion detection performance. These programs are complementary, the RSV concentrates on developing autonomous mobility, while the RSS thrust is on mobile sensor employment. 3 figs.« less

Device interoperability and authentication for telemedical appliance based on the ISO/IEEE 11073 Personal Health Device (PHD) Standards.

PubMed

Caranguian, Luther Paul R; Pancho-Festin, Susan; Sison, Luis G

2012-01-01

In this study, we focused on the interoperability and authentication of medical devices in the context of telemedical systems. A recent standard called the ISO/IEEE 11073 Personal Health Device (X73-PHD) Standards addresses the device interoperability problem by defining common protocols for agent (medical device) and manager (appliance) interface. The X73-PHD standard however has not addressed security and authentication of medical devices which is important in establishing integrity of a telemedical system. We have designed and implemented a security policy within the X73-PHD standards. The policy will enable device authentication using Asymmetric-Key Cryptography and the RSA algorithm as the digital signature scheme. We used two approaches for performing the digital signatures: direct software implementation and use of embedded security modules (ESM). The two approaches were evaluated and compared in terms of execution time and memory requirement. For the standard 2048-bit RSA, ESM calculates digital signatures only 12% of the total time for the direct implementation. Moreover, analysis shows that ESM offers more security advantage such as secure storage of keys compared to using direct implementation. Interoperability with other systems was verified by testing the system with LNI Healthlink, a manager software that implements the X73-PHD standard. Lastly, security analysis was done and the system's response to common attacks on authentication systems was analyzed and several measures were implemented to protect the system against them.

Network Security Risk Assessment System Based on Attack Graph and Markov Chain

NASA Astrophysics Data System (ADS)

Sun, Fuxiong; Pi, Juntao; Lv, Jin; Cao, Tian

2017-10-01

Network security risk assessment technology can be found in advance of the network problems and related vulnerabilities, it has become an important means to solve the problem of network security. Based on attack graph and Markov chain, this paper provides a Network Security Risk Assessment Model (NSRAM). Based on the network infiltration tests, NSRAM generates the attack graph by the breadth traversal algorithm. Combines with the international standard CVSS, the attack probability of atomic nodes are counted, and then the attack transition probabilities of ones are calculated by Markov chain. NSRAM selects the optimal attack path after comprehensive measurement to assessment network security risk. The simulation results show that NSRAM can reflect the actual situation of network security objectively.

Security Data Warehouse Application

NASA Technical Reports Server (NTRS)

Vernon, Lynn R.; Hennan, Robert; Ortiz, Chris; Gonzalez, Steve; Roane, John

2012-01-01

The Security Data Warehouse (SDW) is used to aggregate and correlate all JSC IT security data. This includes IT asset inventory such as operating systems and patch levels, users, user logins, remote access dial-in and VPN, and vulnerability tracking and reporting. The correlation of this data allows for an integrated understanding of current security issues and systems by providing this data in a format that associates it to an individual host. The cornerstone of the SDW is its unique host-mapping algorithm that has undergone extensive field tests, and provides a high degree of accuracy. The algorithm comprises two parts. The first part employs fuzzy logic to derive a best-guess host assignment using incomplete sensor data. The second part is logic to identify and correct errors in the database, based on subsequent, more complete data. Host records are automatically split or merged, as appropriate. The process had to be refined and thoroughly tested before the SDW deployment was feasible. Complexity was increased by adding the dimension of time. The SDW correlates all data with its relationship to time. This lends support to forensic investigations, audits, and overall situational awareness. Another important feature of the SDW architecture is that all of the underlying complexities of the data model and host-mapping algorithm are encapsulated in an easy-to-use and understandable Perl language Application Programming Interface (API). This allows the SDW to be quickly augmented with additional sensors using minimal coding and testing. It also supports rapid generation of ad hoc reports and integration with other information systems.

46 CFR 61.40-6 - Periodic safety tests.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 46 Shipping 2 2012-10-01 2012-10-01 false Periodic safety tests. 61.40-6 Section 61.40-6 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE ENGINEERING PERIODIC TESTS AND INSPECTIONS Design Verification and Periodic Testing of Vital System Automation § 61.40-6 Periodic safety...

46 CFR 61.40-6 - Periodic safety tests.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 46 Shipping 2 2013-10-01 2013-10-01 false Periodic safety tests. 61.40-6 Section 61.40-6 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE ENGINEERING PERIODIC TESTS AND INSPECTIONS Design Verification and Periodic Testing of Vital System Automation § 61.40-6 Periodic safety...

46 CFR 61.40-6 - Periodic safety tests.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 46 Shipping 2 2011-10-01 2011-10-01 false Periodic safety tests. 61.40-6 Section 61.40-6 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE ENGINEERING PERIODIC TESTS AND INSPECTIONS Design Verification and Periodic Testing of Vital System Automation § 61.40-6 Periodic safety...

46 CFR 61.40-6 - Periodic safety tests.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 46 Shipping 2 2014-10-01 2014-10-01 false Periodic safety tests. 61.40-6 Section 61.40-6 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE ENGINEERING PERIODIC TESTS AND INSPECTIONS Design Verification and Periodic Testing of Vital System Automation § 61.40-6 Periodic safety...

46 CFR 61.40-6 - Periodic safety tests.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 46 Shipping 2 2010-10-01 2010-10-01 false Periodic safety tests. 61.40-6 Section 61.40-6 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE ENGINEERING PERIODIC TESTS AND INSPECTIONS Design Verification and Periodic Testing of Vital System Automation § 61.40-6 Periodic safety...

33 CFR 183.580 - Static pressure test for fuel tanks.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 33 Navigation and Navigable Waters 2 2012-07-01 2012-07-01 false Static pressure test for fuel... SECURITY (CONTINUED) BOATING SAFETY BOATS AND ASSOCIATED EQUIPMENT Fuel Systems Tests § 183.580 Static pressure test for fuel tanks. A fuel tank is tested by performing the following procedures in the following...

33 CFR 183.580 - Static pressure test for fuel tanks.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 33 Navigation and Navigable Waters 2 2013-07-01 2013-07-01 false Static pressure test for fuel... SECURITY (CONTINUED) BOATING SAFETY BOATS AND ASSOCIATED EQUIPMENT Fuel Systems Tests § 183.580 Static pressure test for fuel tanks. A fuel tank is tested by performing the following procedures in the following...

33 CFR 183.580 - Static pressure test for fuel tanks.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 33 Navigation and Navigable Waters 2 2014-07-01 2014-07-01 false Static pressure test for fuel... SECURITY (CONTINUED) BOATING SAFETY BOATS AND ASSOCIATED EQUIPMENT Fuel Systems Tests § 183.580 Static pressure test for fuel tanks. A fuel tank is tested by performing the following procedures in the following...

33 CFR 183.580 - Static pressure test for fuel tanks.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 33 Navigation and Navigable Waters 2 2011-07-01 2011-07-01 false Static pressure test for fuel... SECURITY (CONTINUED) BOATING SAFETY BOATS AND ASSOCIATED EQUIPMENT Fuel Systems Tests § 183.580 Static pressure test for fuel tanks. A fuel tank is tested by performing the following procedures in the following...

33 CFR 183.580 - Static pressure test for fuel tanks.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Static pressure test for fuel... SECURITY (CONTINUED) BOATING SAFETY BOATS AND ASSOCIATED EQUIPMENT Fuel Systems Tests § 183.580 Static pressure test for fuel tanks. A fuel tank is tested by performing the following procedures in the following...

Attitudes towards information system security among physicians in Croatia.

PubMed

Markota, M; Kern, J; Svab, I

2001-07-01

To examine attitudes about information system security among Croatian physicians a cross-sectional study was performed on a representative sample of 800 Croatian physicians. An anonymous questionnaire comprising 21 questions was distributed and statistical analysis was performed using a chi-square test. A 76.2% response rate was obtained. The majority of respondents (85.8%) believe that information system security is a new area in their work. In general, physicians are not informed about European directives, conventions, recommendations, etc. Only a small number of physicians use personal computers at work (29%). Those physicians who have a personal computer use it mainly for administrative reasons. Most healthcare institutions (89%) do not have a security manual and the area of information system security is left to individual interest and initiative. Only 25% of physicians who have a personal computer use any type of password. A high percentage of physicians (22%) has never thought about the problem of personal data being used by organizations (e.g. police, banks) without legal background; a small, but still significant percentage of physicians (5.6%) has even agreed with such use. Results indicate that for the vast majority of physicians, information system security is a new area in their daily work, one which is left to individual interest and initiative. They are not familiar with the ethical, technical and legal backgrounds which have been defined for that area within the Council of Europe and the European Union. New aspects: This is the first study performed in Central and Eastern Europe dealing with information system security, performed on a representative nationwide sample of all the physicians.

10 CFR 36.41 - Construction monitoring and acceptance testing.

Code of Federal Regulations, 2010 CFR

2010-01-01

... system will operate properly if offsite power is lost and shall verify that the computer has security... system to assure that the requirements in § 36.35 are met for protection of the source rack and the... protection. For panoramic irradiators, the licensee shall test the ability of the heat and smoke detectors to...

10 CFR 36.41 - Construction monitoring and acceptance testing.

Code of Federal Regulations, 2011 CFR

2011-01-01

... system will operate properly if offsite power is lost and shall verify that the computer has security... system to assure that the requirements in § 36.35 are met for protection of the source rack and the... protection. For panoramic irradiators, the licensee shall test the ability of the heat and smoke detectors to...

10 CFR 36.41 - Construction monitoring and acceptance testing.

Code of Federal Regulations, 2014 CFR

2014-01-01

... system will operate properly if offsite power is lost and shall verify that the computer has security... system to assure that the requirements in § 36.35 are met for protection of the source rack and the... protection. For panoramic irradiators, the licensee shall test the ability of the heat and smoke detectors to...

10 CFR 36.41 - Construction monitoring and acceptance testing.

Code of Federal Regulations, 2012 CFR

2012-01-01

... system will operate properly if offsite power is lost and shall verify that the computer has security... system to assure that the requirements in § 36.35 are met for protection of the source rack and the... protection. For panoramic irradiators, the licensee shall test the ability of the heat and smoke detectors to...

10 CFR 36.41 - Construction monitoring and acceptance testing.

Code of Federal Regulations, 2013 CFR

2013-01-01

... system will operate properly if offsite power is lost and shall verify that the computer has security... system to assure that the requirements in § 36.35 are met for protection of the source rack and the... protection. For panoramic irradiators, the licensee shall test the ability of the heat and smoke detectors to...

Security aspects of RFID communication systems

NASA Astrophysics Data System (ADS)

Bîndar, Valericǎ; Popescu, Mircea; Bǎrtuşicǎ, Rǎzvan; Craciunescu, Razvan; Halunga, Simona

2015-02-01

The objective of this study is to provide an overview of basic technical elements and security risks of RFID communication systems and to analyze the possible threats arising from the use of RFID systems. A number of measurements are performed on a communication system including RFID transponder and the tag reader, and it has been determined that the uplink signal level is 62 dB larger than the average value of the noise at the distance of 1m from the tag, therefore the shielding effectiveness has to exceed this threshold. Next, the card has been covered with several shielding materials and measurements were carried, under similar conditions to test the recovery of compromising signals. A very simple protection measure to prevent unauthorized reading of the data stored on the card has been proposed, and some electromagnetic shielding materials have been proposed and tested.

Resilient off-grid microgrids: Capacity planning and N-1 security

DOE PAGES

Madathil, Sreenath Chalil; Yamangil, Emre; Nagarajan, Harsha; ...

2017-06-13

Over the past century the electric power industry has evolved to support the delivery of power over long distances with highly interconnected transmission systems. Despite this evolution, some remote communities are not connected to these systems. These communities rely on small, disconnected distribution systems, i.e., microgrids to deliver power. However, as microgrids often are not held to the same reliability standards as transmission grids, remote communities can be at risk for extended blackouts. To address this issue, we develop an optimization model and an algorithm for capacity planning and operations of microgrids that include N-1 security and other practical modelingmore » features like AC power flow physics, component efficiencies and thermal limits. Lastly, we demonstrate the computational effectiveness of our approach on two test systems; a modified version of the IEEE 13 node test feeder and a model of a distribution system in a remote community in Alaska.« less

Resilient off-grid microgrids: Capacity planning and N-1 security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Madathil, Sreenath Chalil; Yamangil, Emre; Nagarajan, Harsha

Over the past century the electric power industry has evolved to support the delivery of power over long distances with highly interconnected transmission systems. Despite this evolution, some remote communities are not connected to these systems. These communities rely on small, disconnected distribution systems, i.e., microgrids to deliver power. However, as microgrids often are not held to the same reliability standards as transmission grids, remote communities can be at risk for extended blackouts. To address this issue, we develop an optimization model and an algorithm for capacity planning and operations of microgrids that include N-1 security and other practical modelingmore » features like AC power flow physics, component efficiencies and thermal limits. Lastly, we demonstrate the computational effectiveness of our approach on two test systems; a modified version of the IEEE 13 node test feeder and a model of a distribution system in a remote community in Alaska.« less

Web vulnerability study of online pharmacy sites.

PubMed

Kuzma, Joanne

2011-01-01

Consumers are increasingly using online pharmacies, but these sites may not provide an adequate level of security with the consumers' personal data. There is a gap in this research addressing the problems of security vulnerabilities in this industry. The objective is to identify the level of web application security vulnerabilities in online pharmacies and the common types of flaws, thus expanding on prior studies. Technical, managerial and legal recommendations on how to mitigate security issues are presented. The proposed four-step method first consists of choosing an online testing tool. The next steps involve choosing a list of 60 online pharmacy sites to test, and then running the software analysis to compile a list of flaws. Finally, an in-depth analysis is performed on the types of web application vulnerabilities. The majority of sites had serious vulnerabilities, with the majority of flaws being cross-site scripting or old versions of software that have not been updated. A method is proposed for the securing of web pharmacy sites, using a multi-phased approach of technical and managerial techniques together with a thorough understanding of national legal requirements for securing systems.

No information flow using statistical fluctuations and quantum cryptography

DOE Office of Scientific and Technical Information (OSTI.GOV)

Larsson, Jan-Aake

2004-04-01

The communication protocol of Home and Whitaker [Phys. Rev. A 67, 022306 (2003)] is examined in some detail, and found to work equally well using a separable state. The protocol is in fact completely classical, based on postselection of suitable experimental runs. The quantum-cryptography protocol proposed in the same publication is also examined, and this protocol uses entanglement, a strictly quantum property of the system. An individual eavesdropping attack on each qubit pair would be detected by the security test proposed in the mentioned paper. However, the key is provided by groups of qubits, and there exists a coherent attack,more » internal to these groups, that will go unnoticed in that security test. A modified test is proposed here that will ensure security, even against such a coherent attack.« less

An Innovative 6-DOF Platform for Testing a Space Robotic System to Perform Contact Tasks in Zero-Gravity Environment

DTIC Science & Technology

2013-10-21

Platform for Testing a Space Robotic System to Perform Contact Tasks in Zero- Gravity Environment 5a. CONTRACT NUMBER FA9453-11-1-0306 5b...SUBJECT TERMS Microgravity, zero gravity , test platform, simulation, gravity offloading 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT...4  3.3  Principle of Gravity Offloading

Business Testing = BT. Test and Evaluation Methodology for Business Systems

DTIC Science & Technology

2010-05-12

Not Intuitive Hard to Use Extensive Contractor Tail Stove Piped Systems Intelligence Transportation Logistics / Supply Finance Medical Human Resources...Capability 5 Politics Funding Requirements Busine s “IT” Acquisition Speed bumps Contracts Leadership Finance Testing Acquisition Engineering Security Legal... intelligent fool can make things bigger and more complex... It takes a touch of genius - and a lot of courage to move in the opposite direction

Electrically Heated Testing of the Kilowatt Reactor Using Stirling Technology (KRUSTY) Experiment Using a Depleted Uranium Core

NASA Technical Reports Server (NTRS)

Briggs, Maxwell H.; Gibson, Marc A.; Sanzi, James

2017-01-01

The Kilopower project aims to develop and demonstrate scalable fission-based power technology for systems capable of delivering 110 kW of electric power with a specific power ranging from 2.5 - 6.5 Wkg. This technology could enable high power science missions or could be used to provide surface power for manned missions to the Moon or Mars. NASA has partnered with the Department of Energys National Nuclear Security Administration, Los Alamos National Labs, and Y-12 National Security Complex to develop and test a prototypic reactor and power system using existing facilities and infrastructure. This technology demonstration, referred to as the Kilowatt Reactor Using Stirling TechnologY (KRUSTY), will undergo nuclear ground testing in the summer of 2017 at the Nevada Test Site. The 1 kWe variation of the Kilopower system was chosen for the KRUSTY demonstration. The concept for the 1 kWe flight system consist of a 4 kWt highly enriched Uranium-Molybdenum reactor operating at 800 degrees Celsius coupled to sodium heat pipes. The heat pipes deliver heat to the hot ends of eight 125 W Stirling convertors producing a net electrical output of 1 kW. Waste heat is rejected using titanium-water heat pipes coupled to carbon composite radiator panels. The KRUSTY test, based on this design, uses a prototypic highly enriched uranium-molybdenum core coupled to prototypic sodium heat pipes. The heat pipes transfer heat to two Advanced Stirling Convertors (ASC-E2s) and six thermal simulators, which simulate the thermal draw of full scale power conversion units. Thermal simulators and Stirling engines are gas cooled. The most recent project milestone was the completion of non-nuclear system level testing using an electrically heated depleted uranium (non-fissioning) reactor core simulator. System level testing at the Glenn Research Center (GRC) has validated performance predictions and has demonstrated system level operation and control in a test configuration that replicates the one to be used at the Device Assembly Facility (DAF) at the Nevada National Security Site. Fabrication, assembly, and testing of the depleted uranium core has allowed for higher fidelity system level testing at GRC, and has validated the fabrication methods to be used on the highly enriched uranium core that will supply heat for the DAF KRUSTY demonstration.

46 CFR 16.500 - Management Information System requirements.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 46 Shipping 1 2010-10-01 2010-10-01 false Management Information System requirements. 16.500 Section 16.500 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN CHEMICAL TESTING Management Information System § 16.500 Management Information System requirements. (a...

46 CFR 16.500 - Management Information System requirements.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 46 Shipping 1 2013-10-01 2013-10-01 false Management Information System requirements. 16.500 Section 16.500 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN CHEMICAL TESTING Management Information System § 16.500 Management Information System requirements. (a...

46 CFR 16.500 - Management Information System requirements.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 46 Shipping 1 2011-10-01 2011-10-01 false Management Information System requirements. 16.500 Section 16.500 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN CHEMICAL TESTING Management Information System § 16.500 Management Information System requirements. (a...

46 CFR 16.500 - Management Information System requirements.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 46 Shipping 1 2014-10-01 2014-10-01 false Management Information System requirements. 16.500 Section 16.500 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN CHEMICAL TESTING Management Information System § 16.500 Management Information System requirements. (a...

46 CFR 16.500 - Management Information System requirements.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 46 Shipping 1 2012-10-01 2012-10-01 false Management Information System requirements. 16.500 Section 16.500 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN CHEMICAL TESTING Management Information System § 16.500 Management Information System requirements. (a...

Fast, Parallel and Secure Cryptography Algorithm Using Lorenz's Attractor

NASA Astrophysics Data System (ADS)

Marco, Anderson Gonçalves; Martinez, Alexandre Souto; Bruno, Odemir Martinez

A novel cryptography method based on the Lorenz's attractor chaotic system is presented. The proposed algorithm is secure and fast, making it practical for general use. We introduce the chaotic operation mode, which provides an interaction among the password, message and a chaotic system. It ensures that the algorithm yields a secure codification, even if the nature of the chaotic system is known. The algorithm has been implemented in two versions: one sequential and slow and the other, parallel and fast. Our algorithm assures the integrity of the ciphertext (we know if it has been altered, which is not assured by traditional algorithms) and consequently its authenticity. Numerical experiments are presented, discussed and show the behavior of the method in terms of security and performance. The fast version of the algorithm has a performance comparable to AES, a popular cryptography program used commercially nowadays, but it is more secure, which makes it immediately suitable for general purpose cryptography applications. An internet page has been set up, which enables the readers to test the algorithm and also to try to break into the cipher.

Computer-Based Testing: Test Site Security.

ERIC Educational Resources Information Center

Rosen, Gerald A.

Computer-based testing places great burdens on all involved parties to ensure test security. A task analysis of test site security might identify the areas of protecting the test, protecting the data, and protecting the environment as essential issues in test security. Protecting the test involves transmission of the examinations, identifying the…

Orion Underway Recovery Test 5 (URT-5)

NASA Image and Video Library

2016-10-26

A test version of the Orion crew module is secured in the well deck of the USS San Diego for Underway Recovery Test 5 in the Pacific Ocean off the coast of California. In view is the winch system that will be used to help retrieve the crew module during a series of tests in open waters. NASA's Ground Systems Development and Operations Program and the U.S. Navy will practice retrieving and securing the crew module in the well deck of the ship using a set of tethers and the winch system to prepare for recovery of Orion on its return from deep space missions. The testing will allow the team to demonstrate and evaluate recovery processes, procedures, hardware and personnel in open waters. Orion is the exploration spacecraft designed to carry astronauts to destinations not yet explored by humans, including an asteroid and NASA's Journey to Mars. It will have emergency abort capability, sustain the crew during space travel and provide safe re-entry from deep space return velocities. Orion is scheduled to launch on NASA's Space Launch System in late 2018. For more information, visit http://www.nasa.gov/orion.

Secure Video Surveillance System (SVSS) for unannounced safeguards inspections.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Galdoz, Erwin G.; Pinkalla, Mark

2010-09-01

The Secure Video Surveillance System (SVSS) is a collaborative effort between the U.S. Department of Energy (DOE), Sandia National Laboratories (SNL), and the Brazilian-Argentine Agency for Accounting and Control of Nuclear Materials (ABACC). The joint project addresses specific requirements of redundant surveillance systems installed in two South American nuclear facilities as a tool to support unannounced inspections conducted by ABACC and the International Atomic Energy Agency (IAEA). The surveillance covers the critical time (as much as a few hours) between the notification of an inspection and the access of inspectors to the location in facility where surveillance equipment is installed.more » ABACC and the IAEA currently use the EURATOM Multiple Optical Surveillance System (EMOSS). This outdated system is no longer available or supported by the manufacturer. The current EMOSS system has met the project objective; however, the lack of available replacement parts and system support has made this system unsustainable and has increased the risk of an inoperable system. A new system that utilizes current technology and is maintainable is required to replace the aging EMOSS system. ABACC intends to replace one of the existing ABACC EMOSS systems by the Secure Video Surveillance System. SVSS utilizes commercial off-the shelf (COTS) technologies for all individual components. Sandia National Laboratories supported the system design for SVSS to meet Safeguards requirements, i.e. tamper indication, data authentication, etc. The SVSS consists of two video surveillance cameras linked securely to a data collection unit. The collection unit is capable of retaining historical surveillance data for at least three hours with picture intervals as short as 1sec. Images in .jpg format are available to inspectors using various software review tools. SNL has delivered two SVSS systems for test and evaluation at the ABACC Safeguards Laboratory. An additional 'proto-type' system remains at SNL for software and hardware testing. This paper will describe the capabilities of the new surveillance system, application and requirements, and the design approach.« less

Meeting the security requirements of electronic medical records in the ERA of high-speed computing.

PubMed

Alanazi, H O; Zaidan, A A; Zaidan, B B; Kiah, M L Mat; Al-Bakri, S H

2015-01-01

This study has two objectives. First, it aims to develop a system with a highly secured approach to transmitting electronic medical records (EMRs), and second, it aims to identify entities that transmit private patient information without permission. The NTRU and the Advanced Encryption Standard (AES) cryptosystems are secured encryption methods. The AES is a tested technology that has already been utilized in several systems to secure sensitive data. The United States government has been using AES since June 2003 to protect sensitive and essential information. Meanwhile, NTRU protects sensitive data against attacks through the use of quantum computers, which can break the RSA cryptosystem and elliptic curve cryptography algorithms. A hybrid of AES and NTRU is developed in this work to improve EMR security. The proposed hybrid cryptography technique is implemented to secure the data transmission process of EMRs. The proposed security solution can provide protection for over 40 years and is resistant to quantum computers. Moreover, the technique provides the necessary evidence required by law to identify disclosure or misuse of patient records. The proposed solution can effectively secure EMR transmission and protect patient rights. It also identifies the source responsible for disclosing confidential patient records. The proposed hybrid technique for securing data managed by institutional websites must be improved in the future.

Quantum cryptography with entangled photons

PubMed

Jennewein; Simon; Weihs; Weinfurter; Zeilinger

2000-05-15

By realizing a quantum cryptography system based on polarization entangled photon pairs we establish highly secure keys, because a single photon source is approximated and the inherent randomness of quantum measurements is exploited. We implement a novel key distribution scheme using Wigner's inequality to test the security of the quantum channel, and, alternatively, realize a variant of the BB84 protocol. Our system has two completely independent users separated by 360 m, and generates raw keys at rates of 400-800 bits/s with bit error rates around 3%.

Usability Assessment of Secure Messaging for Clinical Document Sharing between Health Care Providers and Patients.

PubMed

Jahn, Michelle A; Porter, Brian W; Patel, Himalaya; Zillich, Alan J; Simon, Steven R; Russ, Alissa L

2018-04-01

 Web-based patient portals feature secure messaging systems that enable health care providers and patients to communicate information. However, little is known about the usability of these systems for clinical document sharing.  This article evaluates the usability of a secure messaging system for providers and patients in terms of its ability to support sharing of electronic clinical documents.  We conducted usability testing with providers and patients in a human-computer interaction laboratory at a Midwestern U.S. hospital. Providers sent a medication list document to a fictitious patient via secure messaging. Separately, patients retrieved the clinical document from a secure message and returned it to a fictitious provider. We collected use errors, task completion, task time, and satisfaction.  Twenty-nine individuals participated: 19 providers (6 physicians, 6 registered nurses, and 7 pharmacists) and 10 patients. Among providers, 11 (58%) attached and sent the clinical document via secure messaging without requiring assistance, in a median (range) of 4.5 (1.8-12.7) minutes. No patients completed tasks without moderator assistance. Patients accessed the secure messaging system within 3.6 (1.2-15.0) minutes; retrieved the clinical document within 0.8 (0.5-5.7) minutes; and sent the attached clinical document in 6.3 (1.5-18.1) minutes. Although median satisfaction ratings were high, with 5.8 for providers and 6.0 for patients (scale, 0-7), we identified 36 different use errors. Physicians and pharmacists requested additional features to support care coordination via health information technology, while nurses requested features to support efficiency for their tasks.  This study examined the usability of clinical document sharing, a key feature of many secure messaging systems. Our results highlight similarities and differences between provider and patient end-user groups, which can inform secure messaging design to improve learnability and efficiency. The observations suggest recommendations for improving the technical aspects of secure messaging for clinical document sharing. Schattauer GmbH Stuttgart.

eBiometrics: an enhanced multi-biometrics authentication technique for real-time remote applications on mobile devices

NASA Astrophysics Data System (ADS)

Kuseler, Torben; Lami, Ihsan; Jassim, Sabah; Sellahewa, Harin

2010-04-01

The use of mobile communication devices with advance sensors is growing rapidly. These sensors are enabling functions such as Image capture, Location applications, and Biometric authentication such as Fingerprint verification and Face & Handwritten signature recognition. Such ubiquitous devices are essential tools in today's global economic activities enabling anywhere-anytime financial and business transactions. Cryptographic functions and biometric-based authentication can enhance the security and confidentiality of mobile transactions. Using Biometric template security techniques in real-time biometric-based authentication are key factors for successful identity verification solutions, but are venerable to determined attacks by both fraudulent software and hardware. The EU-funded SecurePhone project has designed and implemented a multimodal biometric user authentication system on a prototype mobile communication device. However, various implementations of this project have resulted in long verification times or reduced accuracy and/or security. This paper proposes to use built-in-self-test techniques to ensure no tampering has taken place on the verification process prior to performing the actual biometric authentication. These techniques utilises the user personal identification number as a seed to generate a unique signature. This signature is then used to test the integrity of the verification process. Also, this study proposes the use of a combination of biometric modalities to provide application specific authentication in a secure environment, thus achieving optimum security level with effective processing time. I.e. to ensure that the necessary authentication steps and algorithms running on the mobile device application processor can not be undermined or modified by an imposter to get unauthorized access to the secure system.

Implementation of Rivest Shamir Adleman Algorithm (RSA) and Vigenere Cipher In Web Based Information System

NASA Astrophysics Data System (ADS)

Aryanti, Aryanti; Mekongga, Ikhthison

2018-02-01

Data security and confidentiality is one of the most important aspects of information systems at the moment. One attempt to secure data such as by using cryptography. In this study developed a data security system by implementing the cryptography algorithm Rivest, Shamir Adleman (RSA) and Vigenere Cipher. The research was done by combining Rivest, Shamir Adleman (RSA) and Vigenere Cipher cryptographic algorithms to document file either word, excel, and pdf. This application includes the process of encryption and decryption of data, which is created by using PHP software and my SQL. Data encryption is done on the transmit side through RSA cryptographic calculations using the public key, then proceed with Vigenere Cipher algorithm which also uses public key. As for the stage of the decryption side received by using the Vigenere Cipher algorithm still use public key and then the RSA cryptographic algorithm using a private key. Test results show that the system can encrypt files, decrypt files and transmit files. Tests performed on the process of encryption and decryption of files with different file sizes, file size affects the process of encryption and decryption. The larger the file size the longer the process of encryption and decryption.

46 CFR 56.97-35 - Pneumatic tests (replaces 137.5).

Code of Federal Regulations, 2012 CFR

2012-10-01

... 46 Shipping 2 2012-10-01 2012-10-01 false Pneumatic tests (replaces 137.5). 56.97-35 Section 56.97-35 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE ENGINEERING PIPING SYSTEMS AND APPURTENANCES Pressure Tests § 56.97-35 Pneumatic tests (replaces 137.5). (a) General Requirements. When a pneumatic test is performed, it...

Design and evaluation of the ReKon : an integrated detection and assessment perimeter system.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dabling, Jeffrey Glenn; Andersen, Jason Jann; McLaughlin, James O.

2013-02-01

Kontek Industries (Kannapolis, NC) and their subsidiary, Stonewater Control Systems (Kannapolis, NC), have entered into a cooperative research and development agreement with Sandia to jointly develop and evaluate an integrated perimeter security system solution, one that couples access delay with detection and assessment. This novel perimeter solution was designed to be configurable for use at facilities ranging from high-security military sites to commercial power plants, to petro/chemical facilities of various kinds. A prototype section of the perimeter has been produced and installed at the Sandia Test and Evaluation Center in Albuquerque, NM. This prototype system integrated fiber optic break sensors,more » active infrared sensors, fence disturbance sensors, video motion detection, and ground sensors. This report documents the design, testing, and performance evaluation of the developed ReKon system. The ability of the system to properly detect pedestrian or vehicle attempts to bypass, breach, or otherwise defeat the system is characterized, as well as the Nuisance Alarm Rate.« less

Accelerators for Discovery Science and Security applications

NASA Astrophysics Data System (ADS)

Todd, A. M. M.; Bluem, H. P.; Jarvis, J. D.; Park, J. H.; Rathke, J. W.; Schultheiss, T. J.

2015-05-01

Several Advanced Energy Systems (AES) accelerator projects that span applications in Discovery Science and Security are described. The design and performance of the IR and THz free electron laser (FEL) at the Fritz-Haber-Institut der Max-Planck-Gesellschaft in Berlin that is now an operating user facility for physical chemistry research in molecular and cluster spectroscopy as well as surface science, is highlighted. The device was designed to meet challenging specifications, including a final energy adjustable in the range of 15-50 MeV, low longitudinal emittance (<50 keV-psec) and transverse emittance (<20 π mm-mrad), at more than 200 pC bunch charge with a micropulse repetition rate of 1 GHz and a macropulse length of up to 15 μs. Secondly, we will describe an ongoing effort to develop an ultrafast electron diffraction (UED) source that is scheduled for completion in 2015 with prototype testing taking place at the Brookhaven National Laboratory (BNL) Accelerator Test Facility (ATF). This tabletop X-band system will find application in time-resolved chemical imaging and as a resource for drug-cell interaction analysis. A third active area at AES is accelerators for security applications where we will cover some top-level aspects of THz and X-ray systems that are under development and in testing for stand-off and portal detection.

78 FR 23116 - Basis Reporting by Securities Brokers and Basis Determination for Debt Instruments and Options...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-18

... in the burden on Form 1099-B, ``Proceeds from Broker and Barter Exchange Transactions,'' when revised... not provide them sufficient time to build and test the systems required to implement the reporting... to allow brokers to test and refine their reporting systems. In response to these comments, as was...

EU-US standards harmonization task group report : testing for ITS security.

DOT National Transportation Integrated Search

1996-03-01

THE INVEHICLE SAFETY ADVISORY AND WARNING SYSTEM (IVSAWS) IS A FEDERAL HIGHWAY ADMINISTRATION EFFORT TO DEVELOP' A NATIONWIDE VEHICULAR INFORMATION SYSTEM THAT PROVIDES DRIVERS WITH ADVANCE, SUPPLEMENTAL NOTIFICATION OF DANGEROUS ROAD CONDITIONS USIN...

46 CFR 133.45 - Tests and inspections of lifesaving equipment and arrangements.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 46 Shipping 4 2012-10-01 2012-10-01 false Tests and inspections of lifesaving equipment and arrangements. 133.45 Section 133.45 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) OFFSHORE SUPPLY VESSELS LIFESAVING SYSTEMS General § 133.45 Tests and inspections of lifesaving equipment and...

46 CFR 133.40 - Evaluation, testing and approval of lifesaving appliances and arrangements.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 46 Shipping 4 2014-10-01 2014-10-01 false Evaluation, testing and approval of lifesaving appliances and arrangements. 133.40 Section 133.40 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) OFFSHORE SUPPLY VESSELS LIFESAVING SYSTEMS General § 133.40 Evaluation, testing and approval of...

46 CFR 133.40 - Evaluation, testing and approval of lifesaving appliances and arrangements.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 46 Shipping 4 2012-10-01 2012-10-01 false Evaluation, testing and approval of lifesaving appliances and arrangements. 133.40 Section 133.40 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) OFFSHORE SUPPLY VESSELS LIFESAVING SYSTEMS General § 133.40 Evaluation, testing and approval of...

46 CFR 133.45 - Tests and inspections of lifesaving equipment and arrangements.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 46 Shipping 4 2014-10-01 2014-10-01 false Tests and inspections of lifesaving equipment and arrangements. 133.45 Section 133.45 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) OFFSHORE SUPPLY VESSELS LIFESAVING SYSTEMS General § 133.45 Tests and inspections of lifesaving equipment and...

Binary Hypothesis Testing With Byzantine Sensors: Fundamental Tradeoff Between Security and Efficiency

NASA Astrophysics Data System (ADS)

Ren, Xiaoqiang; Yan, Jiaqi; Mo, Yilin

2018-03-01

This paper studies binary hypothesis testing based on measurements from a set of sensors, a subset of which can be compromised by an attacker. The measurements from a compromised sensor can be manipulated arbitrarily by the adversary. The asymptotic exponential rate, with which the probability of error goes to zero, is adopted to indicate the detection performance of a detector. In practice, we expect the attack on sensors to be sporadic, and therefore the system may operate with all the sensors being benign for extended period of time. This motivates us to consider the trade-off between the detection performance of a detector, i.e., the probability of error, when the attacker is absent (defined as efficiency) and the worst-case detection performance when the attacker is present (defined as security). We first provide the fundamental limits of this trade-off, and then propose a detection strategy that achieves these limits. We then consider a special case, where there is no trade-off between security and efficiency. In other words, our detection strategy can achieve the maximal efficiency and the maximal security simultaneously. Two extensions of the secure hypothesis testing problem are also studied and fundamental limits and achievability results are provided: 1) a subset of sensors, namely "secure" sensors, are assumed to be equipped with better security countermeasures and hence are guaranteed to be benign, 2) detection performance with unknown number of compromised sensors. Numerical examples are given to illustrate the main results.

Software Assurance Curriculum Project Volume 2: Undergraduate Course Outlines

DTIC Science & Technology

2010-08-01

Contents Acknowledgments iii Abstract v 1 An Undergraduate Curriculum Focus on Software Assurance 1 2 Computer Science I 7 3 Computer Science II...confidence that can be integrated into traditional software development and acquisition process models . Thus, in addition to a technology focus...testing throughout the software development life cycle ( SDLC ) AP Security and complexity—system development challenges: security failures

Secure Control Systems for the Energy Sector

DOE Office of Scientific and Technical Information (OSTI.GOV)

Smith, Rhett; Campbell, Jack; Hadley, Mark

2012-03-31

Schweitzer Engineering Laboratories (SEL) will conduct the Hallmark Project to address the need to reduce the risk of energy disruptions because of cyber incidents on control systems. The goals is to develop solutions that can be both applied to existing control systems and designed into new control systems to add the security measures needed to mitigate energy network vulnerabilities. The scope of the Hallmark Project contains four primary elements: 1. Technology transfer of the Secure Supervisory Control and Data Acquisition (SCADA) Communications Protocol (SSCP) from Pacific Northwest National Laboratories (PNNL) to Schweitzer Engineering Laboratories (SEL). The project shall use thismore » technology to develop a Federal Information Processing Standard (FIPS) 140-2 compliant original equipment manufacturer (OEM) module to be called a Cryptographic Daughter Card (CDC) with the ability to directly connect to any PC enabling that computer to securely communicate across serial to field devices. Validate the OEM capabilities with another vendor. 2. Development of a Link Authenticator Module (LAM) using the FIPS 140-2 validated Secure SCADA Communications Protocol (SSCP) CDC module with a central management software kit. 3. Validation of the CDC and Link Authenticator modules via laboratory and field tests. 4. Creation of documents that record the impact of the Link Authenticator to the operators of control systems and on the control system itself. The information in the documents can assist others with technology deployment and maintenance.« less

Strengthening Data Confidentiality and Integrity Protection in the Context of a Multi-Centric Information System Dedicated to Autism Spectrum Disorder.

PubMed

Ben Said, Mohamed; Robel, Laurence; Golse, Bernard; Jais, Jean Philippe

2017-01-01

Autism spectrum disorders (ASD) are complex neuro-developmental disorders affecting children in early age. Diagnosis relies on multidisciplinary investigations, in psychiatry, neurology, genetics, electrophysiology, neuro-imagery, audiology, and ophthalmology. To support clinicians, researchers, and public health decision makers, we developed an information system dedicated to ASD, called TEDIS. It was designed to manage systematic, exhaustive and continuous multi-centric patient data collection via secured internet connections. TEDIS will be deployed in nine ASD expert assessment centers in Ile-DeFrance district. We present security policy and infrastructure developed in context of TEDIS to protect patient privacy and clinical information. TEDIS security policy was organized around governance, ethical and organisational chart-agreement, patients consents, controlled user access, patients' privacy protection, constrained patients' data access. Security infrastructure was enriched by further technical solutions to reinforce ASD patients' privacy protection. Solutions were tested on local secured intranet environment and showed fluid functionality with consistent, transparent and safe encrypting-decrypting results.

Secure Remote Access Issues in a Control Center Environment

NASA Technical Reports Server (NTRS)

Pitts, Lee; McNair, Ann R. (Technical Monitor)

2002-01-01

The ISS finally reached an operational state and exists for local and remote users. Onboard payload systems are managed by the Huntsville Operations Support Center (HOSC). Users access HOSC systems by internet protocols in support of daily operations, preflight simulation, and test. In support of this diverse user community, a modem security architecture has been implemented. The architecture has evolved over time from an isolated but open system to a system which supports local and remote access to the ISS over broad geographic regions. This has been accomplished through the use of an evolved security strategy, PKI, and custom design. Through this paper, descriptions of the migration process and the lessons learned are presented. This will include product decision criteria, rationale, and the use of commodity products in the end architecture. This paper will also stress the need for interoperability of various products and the effects of seemingly insignificant details.

Secure Payload Access to the International Space Station

NASA Technical Reports Server (NTRS)

Pitts, R. Lee; Reid, Chris

2002-01-01

The ISS finally reached an operational state and exists for local and remote users. Onboard payload systems are managed by the Huntsville Operations Support Center (HOSC). Users access HOSC systems by internet protocols in support of daily operations, preflight simulation, and test. In support of this diverse user community, a modem security architecture has been implemented. The architecture has evolved over time from an isolated but open system to a system which supports local and remote access to the ISS over broad geographic regions. This has been accomplished through the use of an evolved security strategy, PKI, and custom design. Through this paper, descriptions of the migration process and the lessons learned are presented. This will include product decision criteria, rationale, and the use of commodity products in the end architecture. This paper will also stress the need for interoperability of various products and the effects of seemingly insignificant details.

Kilopower: Small and Affordable Fission Power Systems for Space

NASA Technical Reports Server (NTRS)

Mason, Lee; Palac, Don; Gibson, Marc

2017-01-01

The Nuclear Systems Kilopower Project was initiated by NASA's Space Technology Mission Directorate Game Changing Development Program in fiscal year 2015 to demonstrate subsystem-level technology readiness of small space fission power in a relevant environment (Technology Readiness Level 5) for space science and human exploration power needs. The Nuclear Systems Kilopower Project centerpiece is the Kilopower Reactor Using Stirling Technology (KRUSTY) test, which consists of the development and testing of a fission ground technology demonstrator of a 1 kWe-class fission power system. The technologies to be developed and validated by KRUSTY are extensible to space fission power systems from 1 to 10 kWe, which can enable higher power future potential deep space science missions, as well as modular surface fission power systems for exploration. The Kilopower Project is cofounded by NASA and the Department of Energy National Nuclear Security Administration (NNSA).KRUSTY include the reactor core, heat pipes to transfer the heat from the core to the power conversion system, and the power conversion system. Los Alamos National Laboratory leads the design of the reactor, and the Y-12 National Security Complex is fabricating it. NASA Glenn Research Center (GRC) has designed, built, and demonstrated the balance of plant heat transfer and power conversion portions of the KRUSTY experiment. NASA MSFC developed an electrical reactor simulator for non-nuclear testing, and the design of the reflector and shielding for nuclear testing. In 2016, an electrically heated non-fissionable Depleted Uranium (DU) core was tested at GRC in a configuration identical to the planned nuclear test. Once the reactor core has been fabricated and shipped to the Device Assembly Facility at the NNSAs Nevada National Security Site, the KRUSTY nuclear experiment will be assembled and tested. Completion of the KRUSTY experiment will validate the readiness of 1 to 10 kWe space fission technology for NASAs future requirements for sunlight-independent space power. An early opportunity for demonstration of In-Situ Resource Utilization (ISRU) capability on the surface of Mars is currently being considered for 2026 launch. Since a space fission system is the leading option for power generation for the first Mars human outpost, a smaller version of a planetary surface fission power system could be built to power the ISRU demonstration and ensure its end-to-end validity. Planning is underway to start the hardware development of this subscale flight demonstrator in 2018.

Laboratory Information Management System Chain of Custody: Reliability and Security

PubMed Central

Tomlinson, J. J.; Elliott-Smith, W.; Radosta, T.

2006-01-01

A chain of custody (COC) is required in many laboratories that handle forensics, drugs of abuse, environmental, clinical, and DNA testing, as well as other laboratories that want to assure reliability of reported results. Maintaining a dependable COC can be laborious, but with the recent establishment of the criteria for electronic records and signatures by US regulatory agencies, laboratory information management systems (LIMSs) are now being developed to fully automate COCs. The extent of automation and of data reliability can vary, and FDA- and EPA-compliant electronic signatures and system security are rare. PMID:17671623

Runflat Testing

DTIC Science & Technology

2015-09-09

guidance and procedures for testing the performance characteristics of runflat tires as equipped on ground vehicles. 15. SUBJECT TERMS runflat... tire assembly tread life combat flat central tire inflation system (CTIS) 16. SECURITY CLASSIFICATION OF: 17. LIMITATION...3 3.4 Tire Assemblies ..................................................................... 3 3.5 Environmental

Verifying the secure setup of UNIX client/servers and detection of network intrusion

NASA Astrophysics Data System (ADS)

Feingold, Richard; Bruestle, Harry R.; Bartoletti, Tony; Saroyan, R. A.; Fisher, John M.

1996-03-01

This paper describes our technical approach to developing and delivering Unix host- and network-based security products to meet the increasing challenges in information security. Today's global `Infosphere' presents us with a networked environment that knows no geographical, national, or temporal boundaries, and no ownership, laws, or identity cards. This seamless aggregation of computers, networks, databases, applications, and the like store, transmit, and process information. This information is now recognized as an asset to governments, corporations, and individuals alike. This information must be protected from misuse. The Security Profile Inspector (SPI) performs static analyses of Unix-based clients and servers to check on their security configuration. SPI's broad range of security tests and flexible usage options support the needs of novice and expert system administrators alike. SPI's use within the Department of Energy and Department of Defense has resulted in more secure systems, less vulnerable to hostile intentions. Host-based information protection techniques and tools must also be supported by network-based capabilities. Our experience shows that a weak link in a network of clients and servers presents itself sooner or later, and can be more readily identified by dynamic intrusion detection techniques and tools. The Network Intrusion Detector (NID) is one such tool. NID is designed to monitor and analyze activity on the Ethernet broadcast Local Area Network segment and product transcripts of suspicious user connections. NID's retrospective and real-time modes have proven invaluable to security officers faced with ongoing attacks to their systems and networks.

Energy Systems Integration News | Energy Systems Integration Facility |

Science.gov Websites

-matter experts to develop cyber-physical systems security testing methodologies and resilience best the Energy Systems Integration Facility as part of NREL's work with SolarCity and the Hawaiian Electric Companies. Photo by Amy Glickson, NREL Welcome to Energy Systems Integration News, NREL's monthly

Cyber Security Research Frameworks For Coevolutionary Network Defense

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rush, George D.; Tauritz, Daniel Remy

Several architectures have been created for developing and testing systems used in network security, but most are meant to provide a platform for running cyber security experiments as opposed to automating experiment processes. In the first paper, we propose a framework termed Distributed Cyber Security Automation Framework for Experiments (DCAFE) that enables experiment automation and control in a distributed environment. Predictive analysis of adversaries is another thorny issue in cyber security. Game theory can be used to mathematically analyze adversary models, but its scalability limitations restrict its use. Computational game theory allows us to scale classical game theory to larger,more » more complex systems. In the second paper, we propose a framework termed Coevolutionary Agent-based Network Defense Lightweight Event System (CANDLES) that can coevolve attacker and defender agent strategies and capabilities and evaluate potential solutions with a custom network defense simulation. The third paper is a continuation of the CANDLES project in which we rewrote key parts of the framework. Attackers and defenders have been redesigned to evolve pure strategy, and a new network security simulation is devised which specifies network architecture and adds a temporal aspect. We also add a hill climber algorithm to evaluate the search space and justify the use of a coevolutionary algorithm.« less

Design and develop a video conferencing framework for real-time telemedicine applications using secure group-based communication architecture.

PubMed

Mat Kiah, M L; Al-Bakri, S H; Zaidan, A A; Zaidan, B B; Hussain, Muzammil

2014-10-01

One of the applications of modern technology in telemedicine is video conferencing. An alternative to traveling to attend a conference or meeting, video conferencing is becoming increasingly popular among hospitals. By using this technology, doctors can help patients who are unable to physically visit hospitals. Video conferencing particularly benefits patients from rural areas, where good doctors are not always available. Telemedicine has proven to be a blessing to patients who have no access to the best treatment. A telemedicine system consists of customized hardware and software at two locations, namely, at the patient's and the doctor's end. In such cases, the video streams of the conferencing parties may contain highly sensitive information. Thus, real-time data security is one of the most important requirements when designing video conferencing systems. This study proposes a secure framework for video conferencing systems and a complete management solution for secure video conferencing groups. Java Media Framework Application Programming Interface classes are used to design and test the proposed secure framework. Real-time Transport Protocol over User Datagram Protocol is used to transmit the encrypted audio and video streams, and RSA and AES algorithms are used to provide the required security services. Results show that the encryption algorithm insignificantly increases the video conferencing computation time.

A Secure, Intelligent, and Smart-Sensing Approach for Industrial System Automation and Transmission over Unsecured Wireless Networks

PubMed Central

Shahzad, Aamir; Lee, Malrey; Xiong, Neal Naixue; Jeong, Gisung; Lee, Young-Keun; Choi, Jae-Young; Mahesar, Abdul Wheed; Ahmad, Iftikhar

2016-01-01

In Industrial systems, Supervisory control and data acquisition (SCADA) system, the pseudo-transport layer of the distributed network protocol (DNP3) performs the functions of the transport layer and network layer of the open systems interconnection (OSI) model. This study used a simulation design of water pumping system, in-which the network nodes are directly and wirelessly connected with sensors, and are monitored by the main controller, as part of the wireless SCADA system. This study also intends to focus on the security issues inherent in the pseudo-transport layer of the DNP3 protocol. During disassembly and reassembling processes, the pseudo-transport layer keeps track of the bytes sequence. However, no mechanism is available that can verify the message or maintain the integrity of the bytes in the bytes received/transmitted from/to the data link layer or in the send/respond from the main controller/sensors. To properly and sequentially keep track of the bytes, a mechanism is required that can perform verification while bytes are received/transmitted from/to the lower layer of the DNP3 protocol or the send/respond to/from field sensors. For security and byte verification purposes, a mechanism needs to be proposed for the pseudo-transport layer, by employing cryptography algorithm. A dynamic choice security buffer (SB) is designed and employed during the security development. To achieve the desired goals of the proposed study, a pseudo-transport layer stack model is designed using the DNP3 protocol open library and the security is deployed and tested, without changing the original design. PMID:26950129

A Secure, Intelligent, and Smart-Sensing Approach for Industrial System Automation and Transmission over Unsecured Wireless Networks.

PubMed

Shahzad, Aamir; Lee, Malrey; Xiong, Neal Naixue; Jeong, Gisung; Lee, Young-Keun; Choi, Jae-Young; Mahesar, Abdul Wheed; Ahmad, Iftikhar

2016-03-03

In Industrial systems, Supervisory control and data acquisition (SCADA) system, the pseudo-transport layer of the distributed network protocol (DNP3) performs the functions of the transport layer and network layer of the open systems interconnection (OSI) model. This study used a simulation design of water pumping system, in-which the network nodes are directly and wirelessly connected with sensors, and are monitored by the main controller, as part of the wireless SCADA system. This study also intends to focus on the security issues inherent in the pseudo-transport layer of the DNP3 protocol. During disassembly and reassembling processes, the pseudo-transport layer keeps track of the bytes sequence. However, no mechanism is available that can verify the message or maintain the integrity of the bytes in the bytes received/transmitted from/to the data link layer or in the send/respond from the main controller/sensors. To properly and sequentially keep track of the bytes, a mechanism is required that can perform verification while bytes are received/transmitted from/to the lower layer of the DNP3 protocol or the send/respond to/from field sensors. For security and byte verification purposes, a mechanism needs to be proposed for the pseudo-transport layer, by employing cryptography algorithm. A dynamic choice security buffer (SB) is designed and employed during the security development. To achieve the desired goals of the proposed study, a pseudo-transport layer stack model is designed using the DNP3 protocol open library and the security is deployed and tested, without changing the original design.

Secure positioning technique based on the encrypted visible light map

NASA Astrophysics Data System (ADS)

Lee, Y. U.; Jung, G.

2017-01-01

For overcoming the performance degradation problems of the conventional visible light (VL) positioning system, which are due to the co-channel interference by adjacent light and the irregularity of the VL reception position in the three dimensional (3-D) VL channel, the secure positioning technique based on the two dimensional (2-D) encrypted VL map is proposed, implemented as the prototype for the specific embedded positioning system, and verified by performance tests in this paper. It is shown from the test results that the proposed technique achieves the performance enhancement over 21.7% value better than the conventional one in the real positioning environment, and the well known PN code is the optimal stream encryption key for the good VL positioning.

IMIRSEL: a secure music retrieval testing environment

NASA Astrophysics Data System (ADS)

Downie, John S.

2004-10-01

The Music Information Retrieval (MIR) and Music Digital Library (MDL) research communities have long noted the need for formal evaluation mechanisms. Issues concerning the unavailability of freely-available music materials have greatly hindered the creation of standardized test collections with which these communities could scientifically assess the strengths and weaknesses of their various music retrieval techniques. The International Music Information Retrieval Systems Evaluation Laboratory (IMIRSEL) is being developed at the University of Illinois at Urbana-Champaign (UIUC) specifically to overcome this hindrance to the scientific evaluation of MIR/MDL systems. Together with its subsidiary Human Use of Music Information Retrieval Systems (HUMIRS) project, IMIRSEL will allow MIR/MDL researchers access to the standardized large-scale collection of copyright-sensitive music materials and standardized test queries being housed at UIUC's National Center for Supercomputing Applications (NCSA). Virtual Research Labs (VRL), based upon NCSA's Data-to-Knowledge (D2K) tool set, are being developed through which MIR/MDL researchers will interact with the music materials under a "trusted code" security model.

Power system security enhancement through direct non-disruptive load control

NASA Astrophysics Data System (ADS)

Ramanathan, Badri Narayanan

The transition to a competitive market structure raises significant concerns regarding reliability of the power grid. A need to build tools for security assessment that produce operating limit boundaries for both static and dynamic contingencies is recognized. Besides, an increase in overall uncertainty in operating conditions makes corrective actions at times ineffective leaving the system vulnerable to instability. The tools that are in place for stability enhancement are mostly corrective and suffer from lack of robustness to operating condition changes. They often pose serious coordination challenges. With deregulation, there have also been ownership and responsibility issues associated with stability controls. However, the changing utility business model and the developments in enabling technologies such as two-way communication, metering, and control open up several new possibilities for power system security enhancement. This research proposes preventive modulation of selected loads through direct control for power system security enhancement. Two main contributions of this research are the following: development of an analysis framework and two conceptually different analysis approaches for load modulation to enhance oscillatory stability, and the development and study of algorithms for real-time modulation of thermostatic loads. The underlying analysis framework is based on the Structured Singular Value (SSV or mu) theory. Based on the above framework, two fundamentally different approaches towards analysis of the amount of load modulation for desired stability performance have been developed. Both the approaches have been tested on two different test systems: CIGRE Nordic test system and an equivalent of the Western Electric Coordinating Council test system. This research also develops algorithms for real-time modulation of thermostatic loads that use the results of the analysis. In line with some recent load management programs executed by utilities, two different algorithms based on dynamic programming are proposed for air-conditioner loads, while a decision-tree based algorithm is proposed for water-heater loads. An optimization framework has been developed employing the above algorithms. Monte Carlo simulations have been performed using this framework with the objective of studying the impact of different parameters and constraints on the effectiveness as well as the effect of control. The conclusions drawn from this research strongly advocate direct load control for stability enhancement from the perspectives of robustness and coordination, as well as economic viability and the developments towards availability of the institutional framework for load participation in providing system reliability services.

78 FR 4536 - Self-Regulatory Organizations; The NASDAQ Stock Market LLC; Notice of Filing and Immediate...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-22

... and test these significant changes to their systems by January 15, 2013. The Exchange has received... member firms adequate time to program and test their systems to use the Market Maker Peg Order \\6\\ or... Market Maker Peg Order, which is designed to replace AQR. See Securities Exchange Act Release No. 67584...

An objectively-analyzed method for measuring the useful penetration of x-ray imaging systems.

PubMed

Glover, Jack L; Hudson, Lawrence T

2016-06-01

The ability to detect wires is an important capability of the cabinet x-ray imaging systems that are used in aviation security as well as the portable x-ray systems that are used by domestic law enforcement and military bomb squads. A number of national and international standards describe methods for testing this capability using the so called useful penetration test metric, where wires are imaged behind different thicknesses of blocking material. Presently, these tests are scored based on human judgments of wire visibility, which are inherently subjective. We propose a new method in which the useful penetration capabilities of an x-ray system are objectively evaluated by an image processing algorithm operating on digital images of a standard test object. The algorithm advantageously applies the Radon transform for curve parameter detection that reduces the problem of wire detection from two dimensions to one. The sensitivity of the wire detection method is adjustable and we demonstrate how the threshold parameter can be set to give agreement with human-judged results. The method was developed to be used in technical performance standards and is currently under ballot for inclusion in a US national aviation security standard.

An objectively-analyzed method for measuring the useful penetration of x-ray imaging systems

PubMed Central

Glover, Jack L.; Hudson, Lawrence T.

2016-01-01

The ability to detect wires is an important capability of the cabinet x-ray imaging systems that are used in aviation security as well as the portable x-ray systems that are used by domestic law enforcement and military bomb squads. A number of national and international standards describe methods for testing this capability using the so called useful penetration test metric, where wires are imaged behind different thicknesses of blocking material. Presently, these tests are scored based on human judgments of wire visibility, which are inherently subjective. We propose a new method in which the useful penetration capabilities of an x-ray system are objectively evaluated by an image processing algorithm operating on digital images of a standard test object. The algorithm advantageously applies the Radon transform for curve parameter detection that reduces the problem of wire detection from two dimensions to one. The sensitivity of the wire detection method is adjustable and we demonstrate how the threshold parameter can be set to give agreement with human-judged results. The method was developed to be used in technical performance standards and is currently under ballot for inclusion in a US national aviation security standard. PMID:27499586

An objectively-analyzed method for measuring the useful penetration of x-ray imaging systems

NASA Astrophysics Data System (ADS)

Glover, Jack L.; Hudson, Lawrence T.

2016-06-01

The ability to detect wires is an important capability of the cabinet x-ray imaging systems that are used in aviation security as well as the portable x-ray systems that are used by domestic law enforcement and military bomb squads. A number of national and international standards describe methods for testing this capability using the so called useful penetration test metric, where wires are imaged behind different thicknesses of blocking material. Presently, these tests are scored based on human judgments of wire visibility, which are inherently subjective. We propose a new method in which the useful penetration capabilities of an x-ray system are objectively evaluated by an image processing algorithm operating on digital images of a standard test object. The algorithm advantageously applies the Radon transform for curve parameter detection that reduces the problem of wire detection from two dimensions to one. The sensitivity of the wire detection method is adjustable and we demonstrate how the threshold parameter can be set to give agreement with human-judged results. The method was developed to be used in technical performance standards and is currently under ballot for inclusion in an international aviation security standard.

Surveillance systems for intermodal transportation

NASA Astrophysics Data System (ADS)

Jakovlev, Sergej; Voznak, Miroslav; Andziulis, Arunas

2015-05-01

Intermodal container monitoring is considered a major security issue in many major logistic companies and countries worldwide. Current representation of the problem, we face today, originated in 2002, right after the 9/11 attacks. Then, a new worldwide Container Security Initiative (CSI, 2002) was considered that shaped the perception of the transportation operations. Now more than 80 larger ports all over the world contribute to its further development and integration into everyday transportation operations and improve the regulations for the developing regions. Although, these new improvements allow us to feel safer and secure, constant management of transportation operations has become a very difficult problem for conventional data analysis methods and information systems. The paper deals with a proposal of a whole new concept for the improvement of the Containers Security Initiative (CSI) by virtually connecting safety, security processes and systems. A conceptual middleware approach with deployable intelligent agent modules is proposed to be used with possible scenarios and a testbed is used to test the solution. Middleware examples are visually programmed using National Instruments LabView software packages and Wireless sensor network hardware modules. An experimental software is used to evaluate he solution. This research is a contribution to the intermodal transportation and is intended to be used as a means or the development of intelligent transport systems.

A preliminary cyber-physical security assessment of the Robot Operating System (ROS)

NASA Astrophysics Data System (ADS)

McClean, Jarrod; Stull, Christopher; Farrar, Charles; Mascareñas, David

2013-05-01

Over the course of the last few years, the Robot Operating System (ROS) has become a highly popular software framework for robotics research. ROS has a very active developer community and is widely used for robotics research in both academia and government labs. The prevalence and modularity of ROS cause many people to ask the question: "What prevents ROS from being used in commercial or government applications?" One of the main problems that is preventing this increased use of ROS in these applications is the question of characterizing its security (or lack thereof). In the summer of 2012, a crowd sourced cyber-physical security contest was launched at the cyber security conference DEF CON 20 to begin the process of characterizing the security of ROS. A small-scale, car-like robot was configured as a cyber-physical security "honeypot" running ROS. DEFFCON-20 attendees were invited to find exploits and vulnerabilities in the robot while network traffic was collected. The results of this experiment provided some interesting insights and opened up many security questions pertaining to deployed robotic systems. The Federal Aviation Administration is tasked with opening up the civil airspace to commercial drones by September 2015 and driverless cars are already legal for research purposes in a number of states. Given the integration of these robotic devices into our daily lives, the authors pose the following question: "What security exploits can a motivated person with little-to-no experience in cyber security execute, given the wide availability of free cyber security penetration testing tools such as Metasploit?" This research focuses on applying common, low-cost, low-overhead, cyber-attacks on a robot featuring ROS. This work documents the effectiveness of those attacks.

The design of automatic software testing module for civil aviation information system

NASA Astrophysics Data System (ADS)

Qi, Qi; Sun, Yang

2018-05-01

In this paper, the practical innovation design is carried out according to the urgent needs of the automatic testing module of civil aviation information system. Firstly, the background and significance of the automatic testing module of civil aviation information system is expounded, and the current research status of automatic testing module and the advantages and disadvantages of related software are analyzed. Then, from the three aspects of macro demand, module functional requirement and module nonfunctional demand, we further study the needs of automatic testing module of civil aviation information system. Finally, from the four aspects of module structure, module core function, database and security, we have made an innovative plan for the automatic testing module of civil aviation information system.

Improving Cyber-Security of Smart Grid Systems via Anomaly Detection and Linguistic Domain Knowledge

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ondrej Linda; Todd Vollmer; Milos Manic

The planned large scale deployment of smart grid network devices will generate a large amount of information exchanged over various types of communication networks. The implementation of these critical systems will require appropriate cyber-security measures. A network anomaly detection solution is considered in this work. In common network architectures multiple communications streams are simultaneously present, making it difficult to build an anomaly detection solution for the entire system. In addition, common anomaly detection algorithms require specification of a sensitivity threshold, which inevitably leads to a tradeoff between false positives and false negatives rates. In order to alleviate these issues, thismore » paper proposes a novel anomaly detection architecture. The designed system applies the previously developed network security cyber-sensor method to individual selected communication streams allowing for learning accurate normal network behavior models. Furthermore, the developed system dynamically adjusts the sensitivity threshold of each anomaly detection algorithm based on domain knowledge about the specific network system. It is proposed to model this domain knowledge using Interval Type-2 Fuzzy Logic rules, which linguistically describe the relationship between various features of the network communication and the possibility of a cyber attack. The proposed method was tested on experimental smart grid system demonstrating enhanced cyber-security.« less

Creation of security engineering programs by the Southwest Surety Institute

NASA Astrophysics Data System (ADS)

Romero, Van D.; Rogers, Bradley; Winfree, Tim; Walsh, Dan; Garcia, Mary Lynn

1998-12-01

The Southwest Surety Institute includes Arizona State University (ASU), Louisiana State University (LSU), New Mexico Institute of Mining and Technology (NM Tech), New Mexico State University (NMSU), and Sandia National Laboratories (SNL). The universities currently offer a full spectrum of post-secondary programs in security system design and evaluation, including an undergraduate minor, a graduate program, and continuing education programs. The programs are based on the methodology developed at Sandia National Laboratories over the past 25 years to protect critical nuclear assets. The programs combine basic concepts and principles from business, criminal justice, and technology to create an integrated performance-based approach to security system design and analysis. Existing university capabilities in criminal justice (NMSU), explosives testing and technology (NM Tech and LSU), and engineering technology (ASU) are leveraged to provide unique science-based programs that will emphasize the use of performance measures and computer analysis tools to prove the effectiveness of proposed systems in the design phase. Facility managers may then balance increased protection against the cost of implementation and risk mitigation, thereby enabling effective business decisions. Applications expected to benefit from these programs include corrections, law enforcement, counter-terrorism, critical infrastructure protection, financial and medical care fraud, industrial security, and border security.

46 CFR 62.30-10 - Testing.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 46 Shipping 2 2010-10-01 2010-10-01 false Testing. 62.30-10 Section 62.30-10 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE ENGINEERING VITAL SYSTEM AUTOMATION Reliability and Safety... accordance with subpart 61.40 of this chapter. (b) On-line built-in test equipment must not lock out or...

Effective Electronic Security: Process for the Development and Validation from Requirements to Testing

DTIC Science & Technology

2013-06-01

ABBREVIATIONS ANSI American National Standards Institute ASIS American Society of Industrial Security CCTV Closed Circuit Television CONOPS...is globally recognized for the development and maintenance of standards. ASTM defines a specification as an explicit set of requirements...www.rkb.us/saver/. One of the SAVER reports titled CCTV Technology Handbook has a chapter on system design. The report uses terms like functional

Dopaminergic, Serotonergic, and Oxytonergic Candidate Genes Associated with Infant Attachment Security and Disorganization? In Search of Main and Interaction Effects

ERIC Educational Resources Information Center

Luijk, Maartje P. C. M.; Roisman, Glenn I.; Haltigan, John D.; Tiemeier, Henning; Booth-LaForce, Cathryn; van IJzendoorn, Marinus H.; Belsky, Jay; Uitterlinden, Andre G.; Jaddoe, Vincent W. V.; Hofman, Albert; Verhulst, Frank C.; Tharner, Anne; Bakermans-Kranenburg, Marian J.

2011-01-01

Background and methods: In two birth cohort studies with genetic, sensitive parenting, and attachment data of more than 1,000 infants in total, we tested main and interaction effects of candidate genes involved in the dopamine, serotonin, and oxytocin systems ("DRD4", "DRD2", "COMT", "5-HTT", "OXTR") on attachment security and disorganization.…

Statistical Requirements For Pass-Fail Testing Of Contraband Detection Systems

NASA Astrophysics Data System (ADS)

Gilliam, David M.

2011-06-01

Contraband detection systems for homeland security applications are typically tested for probability of detection (PD) and probability of false alarm (PFA) using pass-fail testing protocols. Test protocols usually require specified values for PD and PFA to be demonstrated at a specified level of statistical confidence CL. Based on a recent more theoretical treatment of this subject [1], this summary reviews the definition of CL and provides formulas and spreadsheet functions for constructing tables of general test requirements and for determining the minimum number of tests required. The formulas and tables in this article may be generally applied to many other applications of pass-fail testing, in addition to testing of contraband detection systems.

A new approach for willingness test in biometric systems

NASA Astrophysics Data System (ADS)

Yang, Kai; Du, Yingzi; Zhou, Zhi

2011-06-01

Biometrics identifies/verifies a person using his/her physiological or behavioral characteristics. It is becoming an important ally for law enforcement and homeland security. However, there are some safety and privacy concerns: biometric based systems can be accessed when users are under threat, reluctant or even unconscious states. In this paper, we introduce a new method which can identify a person and detect his/her willingness. Our experimental results show that the new approach can enhance the security by checking the consent signature while achieving very high recognition accuracy.

Security-Enhanced Autonomous Network Management

NASA Technical Reports Server (NTRS)

Zeng, Hui

2015-01-01

Ensuring reliable communication in next-generation space networks requires a novel network management system to support greater levels of autonomy and greater awareness of the environment and assets. Intelligent Automation, Inc., has developed a security-enhanced autonomous network management (SEANM) approach for space networks through cross-layer negotiation and network monitoring, analysis, and adaptation. The underlying technology is bundle-based delay/disruption-tolerant networking (DTN). The SEANM scheme allows a system to adaptively reconfigure its network elements based on awareness of network conditions, policies, and mission requirements. Although SEANM is generically applicable to any radio network, for validation purposes it has been prototyped and evaluated on two specific networks: a commercial off-the-shelf hardware test-bed using Institute of Electrical Engineers (IEEE) 802.11 Wi-Fi devices and a military hardware test-bed using AN/PRC-154 Rifleman Radio platforms. Testing has demonstrated that SEANM provides autonomous network management resulting in reliable communications in delay/disruptive-prone environments.

46 CFR 169.829 - Emergency lighting and power systems.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 169.829 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) NAUTICAL SCHOOLS SAILING SCHOOL VESSELS Operations Tests, Drills, and Inspections § 169.829 Emergency lighting and power systems... and performance of the apparatus must be noted in the official logbook. ...

48 CFR 3017.9000 - Clauses (USCG).

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 7 2010-10-01 2010-10-01 false Clauses (USCG). 3017.9000 Section 3017.9000 Federal Acquisition Regulations System DEPARTMENT OF HOMELAND SECURITY, HOMELAND... and acceptance tests will afford full protection to the Government in ascertaining conformance to...

Analysis of key technologies for virtual instruments metrology

NASA Astrophysics Data System (ADS)

Liu, Guixiong; Xu, Qingui; Gao, Furong; Guan, Qiuju; Fang, Qiang

2008-12-01

Virtual instruments (VIs) require metrological verification when applied as measuring instruments. Owing to the software-centered architecture, metrological evaluation of VIs includes two aspects: measurement functions and software characteristics. Complexity of software imposes difficulties on metrological testing of VIs. Key approaches and technologies for metrology evaluation of virtual instruments are investigated and analyzed in this paper. The principal issue is evaluation of measurement uncertainty. The nature and regularity of measurement uncertainty caused by software and algorithms can be evaluated by modeling, simulation, analysis, testing and statistics with support of powerful computing capability of PC. Another concern is evaluation of software features like correctness, reliability, stability, security and real-time of VIs. Technologies from software engineering, software testing and computer security domain can be used for these purposes. For example, a variety of black-box testing, white-box testing and modeling approaches can be used to evaluate the reliability of modules, components, applications and the whole VI software. The security of a VI can be assessed by methods like vulnerability scanning and penetration analysis. In order to facilitate metrology institutions to perform metrological verification of VIs efficiently, an automatic metrological tool for the above validation is essential. Based on technologies of numerical simulation, software testing and system benchmarking, a framework for the automatic tool is proposed in this paper. Investigation on implementation of existing automatic tools that perform calculation of measurement uncertainty, software testing and security assessment demonstrates the feasibility of the automatic framework advanced.

Marshall Space Flight Center Test Capabilities

NASA Technical Reports Server (NTRS)

Hamilton, Jeffrey T.

2005-01-01

The Test Laboratory at NASA's Marshall Space Flight Center has over 50 facilities across 400+ acres inside a secure, fenced facility. The entire Center is located inside the boundaries of Redstone Arsenal, a 40,000 acre military reservation. About 150 Government and 250 contractor personnel operate facilities capable of all types of propulsion and structural testing, from small components to engine systems and structural strength, structural dynamic and environmental testing. We have tremendous engineering expertise in research, evaluation, analysis, design and development, and test of space transportation systems, subsystems, and components.

46 CFR 196.15-30 - Emergency lighting and power systems.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 46 Shipping 7 2010-10-01 2010-10-01 false Emergency lighting and power systems. 196.15-30 Section 196.15-30 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) OCEANOGRAPHIC RESEARCH VESSELS OPERATIONS Test, Drills, and Inspections § 196.15-30 Emergency lighting and power systems. (a...

Development of automated testing tools for traffic control signals and devices (NTCIP and Security) phase 2.

DOT National Transportation Integrated Search

2015-02-01

Through a coordinated effort among the electrical engineering research team of the Florida State : University (FSU) and key Florida Department of Transportation (FDOT) personnel, an NTCIP-based : automated testing system for NTCIP-compliant ASC has b...

Joint image encryption and compression scheme based on IWT and SPIHT

NASA Astrophysics Data System (ADS)

Zhang, Miao; Tong, Xiaojun

2017-03-01

A joint lossless image encryption and compression scheme based on integer wavelet transform (IWT) and set partitioning in hierarchical trees (SPIHT) is proposed to achieve lossless image encryption and compression simultaneously. Making use of the properties of IWT and SPIHT, encryption and compression are combined. Moreover, the proposed secure set partitioning in hierarchical trees (SSPIHT) via the addition of encryption in the SPIHT coding process has no effect on compression performance. A hyper-chaotic system, nonlinear inverse operation, Secure Hash Algorithm-256(SHA-256), and plaintext-based keystream are all used to enhance the security. The test results indicate that the proposed methods have high security and good lossless compression performance.

[Ecological security early-warning in Zhoushan Islands based on variable weight model].

PubMed

Zhou, Bin; Zhong, Lin-sheng; Chen, Tian; Zhou, Rui

2015-06-01

Ecological security early warning, as an important content of ecological security research, is of indicating significance in maintaining regional ecological security. Based on driving force, pressure, state, impact and response (D-P-S-I-R) framework model, this paper took Zhoushan Islands in Zhejiang Province as an example to construct the ecological security early warning index system, test degrees of ecological security early warning of Zhoushan Islands from 2000 to 2012 by using the method of variable weight model, and forecast ecological security state of 2013-2018 by Markov prediction method. The results showed that the variable weight model could meet the study needs of ecological security early warning of Zhoushan Islands. There was a fluctuant rising ecological security early warning index from 0.286 to 0.484 in Zhoushan Islands between year 2000 and 2012, in which the security grade turned from "serious alert" into " medium alert" and the indicator light turned from "orange" to "yellow". The degree of ecological security warning was "medium alert" with the light of "yellow" for Zhoushan Islands from 2013 to 2018. These findings could provide a reference for ecological security maintenance of Zhoushan Islands.

46 CFR 56.97-30 - Hydrostatic tests (modifies 137.4).

Code of Federal Regulations, 2012 CFR

2012-10-01

... 46 Shipping 2 2012-10-01 2012-10-01 false Hydrostatic tests (modifies 137.4). 56.97-30 Section 56.97-30 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE ENGINEERING PIPING SYSTEMS AND APPURTENANCES Pressure Tests § 56.97-30 Hydrostatic tests (modifies 137.4). (a) Provision of air vents at high points. Vents must be...

Secure and robust cloud computing for high-throughput forensic microsatellite sequence analysis and databasing.

PubMed

Bailey, Sarah F; Scheible, Melissa K; Williams, Christopher; Silva, Deborah S B S; Hoggan, Marina; Eichman, Christopher; Faith, Seth A

2017-11-01

Next-generation Sequencing (NGS) is a rapidly evolving technology with demonstrated benefits for forensic genetic applications, and the strategies to analyze and manage the massive NGS datasets are currently in development. Here, the computing, data storage, connectivity, and security resources of the Cloud were evaluated as a model for forensic laboratory systems that produce NGS data. A complete front-to-end Cloud system was developed to upload, process, and interpret raw NGS data using a web browser dashboard. The system was extensible, demonstrating analysis capabilities of autosomal and Y-STRs from a variety of NGS instrumentation (Illumina MiniSeq and MiSeq, and Oxford Nanopore MinION). NGS data for STRs were concordant with standard reference materials previously characterized with capillary electrophoresis and Sanger sequencing. The computing power of the Cloud was implemented with on-demand auto-scaling to allow multiple file analysis in tandem. The system was designed to store resulting data in a relational database, amenable to downstream sample interpretations and databasing applications following the most recent guidelines in nomenclature for sequenced alleles. Lastly, a multi-layered Cloud security architecture was tested and showed that industry standards for securing data and computing resources were readily applied to the NGS system without disadvantageous effects for bioinformatic analysis, connectivity or data storage/retrieval. The results of this study demonstrate the feasibility of using Cloud-based systems for secured NGS data analysis, storage, databasing, and multi-user distributed connectivity. Copyright © 2017 Elsevier B.V. All rights reserved.

Proactive Security Testing and Fuzzing

NASA Astrophysics Data System (ADS)

Takanen, Ari

Software is bound to have security critical flaws, and no testing or code auditing can ensure that software is flaw-less. But software security testing requirements have improved radically during the past years, largely due to criticism from security conscious consumers and Enterprise customers. Whereas in the past, security flaws were taken for granted (and patches were quietly and humbly installed), they now are probably one of the most common reasons why people switch vendors or software providers. The maintenance costs from security updates often add to become one of the biggest cost items to large Enterprise users. Fortunately test automation techniques have also improved. Techniques like model-based testing (MBT) enable efficient generation of security tests that reach good confidence levels in discovering zero-day mistakes in software. This technique is called fuzzing.

Feasibility studies on explosive detection and homeland security applications using a neutron and x-ray combined computed tomography system

NASA Astrophysics Data System (ADS)

Sinha, V.; Srivastava, A.; Lee, H. K.; Liu, X.

2013-05-01

The successful creation and operation of a neutron and X-ray combined computed tomography (NXCT) system has been demonstrated by researchers at the Missouri University of Science and Technology. The NXCT system has numerous applications in the field of material characterization and object identification in materials with a mixture of atomic numbers represented. Presently, the feasibility studies have been performed for explosive detection and homeland security applications, particularly in concealed material detection and determination of the light atomic number materials. These materials cannot be detected using traditional X-ray imaging. The new system has the capability to provide complete structural and compositional information due to the complementary nature of X-ray and neutron interactions with materials. The design of the NXCT system facilitates simultaneous and instantaneous imaging operation, promising enhanced detection capabilities of explosive materials, low atomic number materials and illicit materials for homeland security applications. In addition, a sample positioning system allowing the user to remotely and automatically manipulate the sample makes the system viable for commercial applications. Several explosives and weapon simulants have been imaged and the results are provided. The fusion algorithms which combine the data from the neutron and X-ray imaging produce superior images. This paper is a compete overview of the NXCT system for feasibility studies of explosive detection and homeland security applications. The design of the system, operation, algorithm development, and detection schemes are provided. This is the first combined neutron and X-ray computed tomography system in operation. Furthermore, the method of fusing neutron and X-ray images together is a new approach which provides high contrast images of the desired object. The system could serve as a standardized tool in nondestructive testing of many applications, especially in explosives detection and homeland security research.

Orion Splashdown Recovery

NASA Image and Video Library

2014-12-05

NASA's Orion spacecraft floats in the Pacific Ocean after splashdown from its first flight test in Earth orbit. The USS Anchorage is nearby. NASA, the U.S. Navy and Lockheed Martin are coordinating efforts to recover Orion and secure the spacecraft in the well deck of the USS Anchorage. Orion completed a two-orbit, four-and-a-half hour mission, to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program is leading the recovery efforts.

Investigative Operations: Use of Covert Testing to Identify Security Vulnerabilities and Fraud, Waste, and Abuse

DTIC Science & Technology

2007-11-14

including evaluations of controls over radioactive materials and security at America’s borders, airport security , sales of sensitive and surplus...officers. The details of this March 2006 report are classified; however, TSA has authorized this limited discussion. Airport Security Testing Sale of...of covert security vulnerability testing of numerous airports across the country. During these covert tests, our investigators passed through airport

Metrics for the National SCADA Test Bed Program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Craig, Philip A.; Mortensen, J.; Dagle, Jeffery E.

2008-12-05

The U.S. Department of Energy Office of Electricity Delivery and Energy Reliability (DOE-OE) National SCADA Test Bed (NSTB) Program is providing valuable inputs into the electric industry by performing topical research and development (R&D) to secure next generation and legacy control systems. In addition, the program conducts vulnerability and risk analysis, develops tools, and performs industry liaison, outreach and awareness activities. These activities will enhance the secure and reliable delivery of energy for the United States. This report will describe metrics that could be utilized to provide feedback to help enhance the effectiveness of the NSTB Program.

A secure mobile multimedia system to assist emergency response teams.

PubMed

Belala, Yacine; Issa, Omneya; Gregoire, Jean-Charles; Wong, James

2008-08-01

Long wait times after injury and greater distances to travel between accident scenes and medical facilities contribute to increased, possibly unnecessary deaths. This paper describes a mobile emergency system aimed at reducing mortality by improving the readiness of hospital personnel, therefore allowing for more efficient treatment procedures to be performed when the victim arrives. The system is designed to provide a secure transmission of voice, medical data, and video in real-time over third-generation cellular networks. Test results obtained on a commercial network under real-life conditions demonstrate the ability to effectively transmit medical data over 3G networks, making them a viable option available to healthcare professionals.

Underwater magnetic gradiometer for magnetic anomaly detection, localization, and tracking

NASA Astrophysics Data System (ADS)

Kumar, S.; Sulzberger, G.; Bono, J.; Skvoretz, D.; Allen, G. I.; Clem, T. R.; Ebbert, M.; Bennett, S. L.; Ostrom, R. K.; Tzouris, A.

2007-04-01

GE Security and the Naval Surface Warfare Center, Panama City (NSWC-PC) have collaborated to develop a magnetic gradiometer, called the Real-time Tracking Gradiometer or RTG that is mounted inside an unmanned underwater vehicle (UUV). The RTG is part of a buried mine hunting platform being developed by the United States Navy. The RTG has been successfully used to make test runs on mine-like targets buried off the coast of Florida. We will present a general description of the system and latest results describing system performance. This system can be also potentially used for other applications including those in the area of Homeland Security.

Analysis of ISO NE Balancing Requirements: Uncertainty-based Secure Ranges for ISO New England Dynamic Inerchange Adjustments

DOE Office of Scientific and Technical Information (OSTI.GOV)

Etingov, Pavel V.; Makarov, Yuri V.; Wu, Di

The document describes detailed uncertainty quantification (UQ) methodology developed by PNNL to estimate secure ranges of potential dynamic intra-hour interchange adjustments in the ISO-NE system and provides description of the dynamic interchange adjustment (DINA) tool developed under the same contract. The overall system ramping up and down capability, spinning reserve requirements, interchange schedules, load variations and uncertainties from various sources that are relevant to the ISO-NE system are incorporated into the methodology and the tool. The DINA tool has been tested by PNNL and ISO-NE staff engineers using ISO-NE data.

Intelligent pump test system based on virtual instrument

NASA Astrophysics Data System (ADS)

Ma, Jungong; Wang, Shifu; Wang, Zhanlin

2003-09-01

The intelligent pump system is the key component of the aircraft hydraulic system that can solve the problem, such as the temperature sharply increasing. As the performance of the intelligent pump directly determines that of the aircraft hydraulic system and seriously affects fly security and reliability. So it is important to test all kinds of performance parameters of intelligent pump during design and development, while the advanced, reliable and complete test equipments are the necessary instruments for achieving the goal. In this paper, the application of virtual instrument and computer network technology in aircraft intelligent pump test is presented. The composition of the hardware, software, hydraulic circuit in this system are designed and implemented.

Electronic intermodal supply chain manifest freight ITS operational test evaluation.

DOT National Transportation Integrated Search

2002-12-01

This report presents the results of a 2.5 year freight Intelligent Transportation System (ITS) evaluation of an air cargo security and logistics system which was deployed at O'Hare and JFK international airports. In September 1999, the Federal Highwa...

46 CFR Appendix A - [Reserved

Code of Federal Regulations, 2010 CFR

2010-10-01

... 46 Shipping 1 2010-10-01 2010-10-01 false [Reserved] A Appendix A Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN CHEMICAL TESTING Management Information System Management Information System requirements. Appendix A [Reserved] 46 CFR Ch. I (10-1-10 Edition...

30 CFR 57.6501 - Nonelectric initiation systems.

Code of Federal Regulations, 2014 CFR

2014-07-01

... nonelectric initiation system uses shock tube— (1) Connections with other initiation devices shall be secured... which detonation is to proceed; (5) Connections between blastholes shall not be made until immediately... use gas tube, continuity of the circuit shall be tested prior to blasting. ...

30 CFR 57.6501 - Nonelectric initiation systems.

Code of Federal Regulations, 2010 CFR

2010-07-01

... nonelectric initiation system uses shock tube— (1) Connections with other initiation devices shall be secured... which detonation is to proceed; (5) Connections between blastholes shall not be made until immediately... use gas tube, continuity of the circuit shall be tested prior to blasting. ...

30 CFR 57.6501 - Nonelectric initiation systems.

Code of Federal Regulations, 2013 CFR

2013-07-01

... nonelectric initiation system uses shock tube— (1) Connections with other initiation devices shall be secured... which detonation is to proceed; (5) Connections between blastholes shall not be made until immediately... use gas tube, continuity of the circuit shall be tested prior to blasting. ...

30 CFR 57.6501 - Nonelectric initiation systems.

Code of Federal Regulations, 2012 CFR

2012-07-01

... nonelectric initiation system uses shock tube— (1) Connections with other initiation devices shall be secured... which detonation is to proceed; (5) Connections between blastholes shall not be made until immediately... use gas tube, continuity of the circuit shall be tested prior to blasting. ...

30 CFR 57.6501 - Nonelectric initiation systems.

Code of Federal Regulations, 2011 CFR

2011-07-01

... nonelectric initiation system uses shock tube— (1) Connections with other initiation devices shall be secured... which detonation is to proceed; (5) Connections between blastholes shall not be made until immediately... use gas tube, continuity of the circuit shall be tested prior to blasting. ...

Verifying the secure setup of Unix client/servers and detection of network intrusion

DOE Office of Scientific and Technical Information (OSTI.GOV)

Feingold, R.; Bruestle, H.R.; Bartoletti, T.

1995-07-01

This paper describes our technical approach to developing and delivering Unix host- and network-based security products to meet the increasing challenges in information security. Today`s global ``Infosphere`` presents us with a networked environment that knows no geographical, national, or temporal boundaries, and no ownership, laws, or identity cards. This seamless aggregation of computers, networks, databases, applications, and the like store, transmit, and process information. This information is now recognized as an asset to governments, corporations, and individuals alike. This information must be protected from misuse. The Security Profile Inspector (SPI) performs static analyses of Unix-based clients and servers to checkmore » on their security configuration. SPI`s broad range of security tests and flexible usage options support the needs of novice and expert system administrators alike. SPI`s use within the Department of Energy and Department of Defense has resulted in more secure systems, less vulnerable to hostile intentions. Host-based information protection techniques and tools must also be supported by network-based capabilities. Our experience shows that a weak link in a network of clients and servers presents itself sooner or later, and can be more readily identified by dynamic intrusion detection techniques and tools. The Network Intrusion Detector (NID) is one such tool. NID is designed to monitor and analyze activity on an Ethernet broadcast Local Area Network segment and produce transcripts of suspicious user connections. NID`s retrospective and real-time modes have proven invaluable to security officers faced with ongoing attacks to their systems and networks.« less

Considerations When Including Students with Disabilities in Test Security Policies. NCEO Policy Directions. Number 23

ERIC Educational Resources Information Center

Lazarus, Sheryl; Thurlow, Martha

2015-01-01

Sound test security policies and procedures are needed to ensure test security and confidentiality, and to help prevent cheating. In this era when cheating on tests draws regular media attention, there is a need for thoughtful consideration of the ways in which possible test security measures may affect accessibility for some students with…

Semaphore network encryption report

NASA Astrophysics Data System (ADS)

Johnson, Karen L.

1994-03-01

This paper documents the results of a preliminary assessment performed on the commercial off-the-shelf (COTS) Semaphore Communications Corporation (SCC) Network Security System (NSS). The Semaphore NSS is a family of products designed to address important network security concerns, such as network source address authentication and data privacy. The assessment was performed in the INFOSEC Core Integration Laboratory, and its scope was product usability focusing on interoperability and system performance in an existing operational network. Included in this paper are preliminary findings. Fundamental features and functionality of the Semaphore NSS are identified, followed by details of the assessment, including test descriptions and results. A summary of test results and future plans are also included. These findings will be useful to those investigating the use of commercially available solutions to network authentication and data privacy.

46 CFR 111.60-21 - Cable insulation tests.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 46 Shipping 4 2010-10-01 2010-10-01 false Cable insulation tests. 111.60-21 Section 111.60-21 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) ELECTRICAL ENGINEERING ELECTRIC SYSTEMS... electric power and lighting and associated equipment must be checked for proper insulation resistance to...

46 CFR 111.60-21 - Cable insulation tests.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 46 Shipping 4 2014-10-01 2014-10-01 false Cable insulation tests. 111.60-21 Section 111.60-21 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) ELECTRICAL ENGINEERING ELECTRIC SYSTEMS... electric power and lighting and associated equipment must be checked for proper insulation resistance to...

46 CFR 111.60-21 - Cable insulation tests.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 46 Shipping 4 2012-10-01 2012-10-01 false Cable insulation tests. 111.60-21 Section 111.60-21 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) ELECTRICAL ENGINEERING ELECTRIC SYSTEMS... electric power and lighting and associated equipment must be checked for proper insulation resistance to...

46 CFR 111.60-21 - Cable insulation tests.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 46 Shipping 4 2011-10-01 2011-10-01 false Cable insulation tests. 111.60-21 Section 111.60-21 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) ELECTRICAL ENGINEERING ELECTRIC SYSTEMS... electric power and lighting and associated equipment must be checked for proper insulation resistance to...

46 CFR 111.60-21 - Cable insulation tests.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 46 Shipping 4 2013-10-01 2013-10-01 false Cable insulation tests. 111.60-21 Section 111.60-21 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) ELECTRICAL ENGINEERING ELECTRIC SYSTEMS... electric power and lighting and associated equipment must be checked for proper insulation resistance to...

78 FR 53466 - Modification of Two National Customs Automation Program (NCAP) Tests Concerning Automated...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-29

... DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection Modification of Two National Customs Automation Program (NCAP) Tests Concerning Automated Commercial Environment (ACE) Document Image System (DIS) and Simplified Entry (SE); Correction AGENCY: U.S. Customs and Border Protection, Department...

Lincoln Laboratory Journal. Volume 22, Number 1, 2016

DTIC Science & Technology

2016-06-09

needs cyber ranges and other infrastructure to conduct scal- able, repeatable, scientific, realistic and inexpensive testing, training, and mission...support this mission, infrastructure is being upgraded to make it more efficient and secure. In “Secur- ing the U.S. Transportation Command,” Jeff...using the Electronic Key Management System (EKMS) or over a digital network by using the Key Manage- ment Infrastructure (KMI). The units must then

Metrinome: Continuous Monitoring and Security Validation of Distributed Systems

DTIC Science & Technology

2014-03-01

Integration into the SDLC ( Software Development Life Cycle), Retrieved Nov 06 2013, https://www.owasp.org/ images/f/f6/Integration_into_the_SDLC.ppt [2...assessment as part of the software development life cycle, current approaches suffer from a number of shortcomings that limit their application in...with assessing security and correct functionality. Second, integrated and end-to-end testing and experimentation is often postponed until software

DNA EMP Awareness Course Notes. Supplement to Third Edition.

DTIC Science & Technology

1978-07-31

UNCLASSIFIED SECURITY CLASSIFICATION OF THIS PAGE (When Data Entered) REPORT DOCUMENTATION PAGE READ INSTRUCTIONS BEFORE COMPLETING FORM I REPORT...the environment through system design and testing. FORM 143 E,,N F’NOV 65 IS OBSOLETE DD JAN73 1473 EDITION OF UNCLASSIFIED SECURITY CLASSIFICATION OF...fields generated tems mission and deployment factors by the prompt gammas. Other forms of EMP, where these environments should be con- such as

A Security Monitoring Framework For Virtualization Based HEP Infrastructures

NASA Astrophysics Data System (ADS)

Gomez Ramirez, A.; Martinez Pedreira, M.; Grigoras, C.; Betev, L.; Lara, C.; Kebschull, U.; ALICE Collaboration

2017-10-01

High Energy Physics (HEP) distributed computing infrastructures require automatic tools to monitor, analyze and react to potential security incidents. These tools should collect and inspect data such as resource consumption, logs and sequence of system calls for detecting anomalies that indicate the presence of a malicious agent. They should also be able to perform automated reactions to attacks without administrator intervention. We describe a novel framework that accomplishes these requirements, with a proof of concept implementation for the ALICE experiment at CERN. We show how we achieve a fully virtualized environment that improves the security by isolating services and Jobs without a significant performance impact. We also describe a collected dataset for Machine Learning based Intrusion Prevention and Detection Systems on Grid computing. This dataset is composed of resource consumption measurements (such as CPU, RAM and network traffic), logfiles from operating system services, and system call data collected from production Jobs running in an ALICE Grid test site and a big set of malware samples. This malware set was collected from security research sites. Based on this dataset, we will proceed to develop Machine Learning algorithms able to detect malicious Jobs.

Three-pass protocol scheme for bitmap image security by using vernam cipher algorithm

NASA Astrophysics Data System (ADS)

Rachmawati, D.; Budiman, M. A.; Aulya, L.

2018-02-01

Confidentiality, integrity, and efficiency are the crucial aspects of data security. Among the other digital data, image data is too prone to abuse of operation like duplication, modification, etc. There are some data security techniques, one of them is cryptography. The security of Vernam Cipher cryptography algorithm is very dependent on the key exchange process. If the key is leaked, security of this algorithm will collapse. Therefore, a method that minimizes key leakage during the exchange of messages is required. The method which is used, is known as Three-Pass Protocol. This protocol enables message delivery process without the key exchange. Therefore, the sending messages process can reach the receiver safely without fear of key leakage. The system is built by using Java programming language. The materials which are used for system testing are image in size 200×200 pixel, 300×300 pixel, 500×500 pixel, 800×800 pixel and 1000×1000 pixel. The result of experiments showed that Vernam Cipher algorithm in Three-Pass Protocol scheme could restore the original image.

Online fingerprint verification.

PubMed

Upendra, K; Singh, S; Kumar, V; Verma, H K

2007-01-01

As organizations search for more secure authentication methods for user access, e-commerce, and other security applications, biometrics is gaining increasing attention. With an increasing emphasis on the emerging automatic personal identification applications, fingerprint based identification is becoming more popular. The most widely used fingerprint representation is the minutiae based representation. The main drawback with this representation is that it does not utilize a significant component of the rich discriminatory information available in the fingerprints. Local ridge structures cannot be completely characterized by minutiae. Also, it is difficult quickly to match two fingerprint images containing different number of unregistered minutiae points. In this study filter bank based representation, which eliminates these weakness, is implemented and the overall performance of the developed system is tested. The results have shown that this system can be used effectively for secure online verification applications.

40 CFR Appendix II to Subpart S of... - As-Received Testing Vehicle Rejection Criteria

Code of Federal Regulations, 2010 CFR

2010-07-01

... manufacturer may request a vehicle be rejected because of the addition of an aftermarket security system if the... inoperative, has been replaced, or the indicated mileage is outside the target range. 2. The emission system... transmission, a modified exhaust system, (headers, side pipes, aftermarket catalysts, etc) or an exhaust system...

Final Technical Report. Project Boeing SGS

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bell, Thomas E.

Boeing and its partner, PJM Interconnection, teamed to bring advanced “defense-grade” technologies for cyber security to the US regional power grid through demonstration in PJM’s energy management environment. Under this cooperative project with the Department of Energy, Boeing and PJM have developed and demonstrated a host of technologies specifically tailored to the needs of PJM and the electric sector as a whole. The team has demonstrated to the energy industry a combination of processes, techniques and technologies that have been successfully implemented in the commercial, defense, and intelligence communities to identify, mitigate and continuously monitor the cyber security of criticalmore » systems. Guided by the results of a Cyber Security Risk-Based Assessment completed in Phase I, the Boeing-PJM team has completed multiple iterations through the Phase II Development and Phase III Deployment phases. Multiple cyber security solutions have been completed across a variety of controls including: Application Security, Enhanced Malware Detection, Security Incident and Event Management (SIEM) Optimization, Continuous Vulnerability Monitoring, SCADA Monitoring/Intrusion Detection, Operational Resiliency, Cyber Range simulations and hands on cyber security personnel training. All of the developed and demonstrated solutions are suitable for replication across the electric sector and/or the energy sector as a whole. Benefits identified include; Improved malware and intrusion detection capability on critical SCADA networks including behavioral-based alerts resulting in improved zero-day threat protection; Improved Security Incident and Event Management system resulting in better threat visibility, thus increasing the likelihood of detecting a serious event; Improved malware detection and zero-day threat response capability; Improved ability to systematically evaluate and secure in house and vendor sourced software applications; Improved ability to continuously monitor and maintain secure configuration of network devices resulting in reduced vulnerabilities for potential exploitation; Improved overall cyber security situational awareness through the integration of multiple discrete security technologies into a single cyber security reporting console; Improved ability to maintain the resiliency of critical systems in the face of a targeted cyber attack of other significant event; Improved ability to model complex networks for penetration testing and advanced training of cyber security personnel« less

Statistical Requirements For Pass-Fail Testing Of Contraband Detection Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gilliam, David M.

2011-06-01

Contraband detection systems for homeland security applications are typically tested for probability of detection (PD) and probability of false alarm (PFA) using pass-fail testing protocols. Test protocols usually require specified values for PD and PFA to be demonstrated at a specified level of statistical confidence CL. Based on a recent more theoretical treatment of this subject [1], this summary reviews the definition of CL and provides formulas and spreadsheet functions for constructing tables of general test requirements and for determining the minimum number of tests required. The formulas and tables in this article may be generally applied to many othermore » applications of pass-fail testing, in addition to testing of contraband detection systems.« less

Orion Washdown & Arrival at LASF

NASA Image and Video Library

2014-12-18

NASA's Orion spacecraft arrives inside the Launch Abort System Facility at Kennedy Space Center in Florida. The spacecraft was transported 2,700 miles overland from Naval Base San Diego in California, on a flatbed truck secured in its crew module transportation fixture for the trip. During its first flight test, Orion completed a two-orbit, four-and-a-half hour mission Dec. 5 to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program led the recovery, offload and transportation efforts.

Orion Washdown & Arrival at LASF

NASA Image and Video Library

2014-12-18

NASA's Orion spacecraft arrives at the Launch Abort System Facility at Kennedy Space Center in Florida. The spacecraft was transported 2,700 miles overland from Naval Base San Diego in California, on a flatbed truck secured in its crew module transportation fixture for the trip. During its first flight test, Orion completed a two-orbit, four-and-a-half hour mission Dec. 5 to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program led the recovery, offload and transportation efforts.

48 CFR 31.205-34 - Recruitment costs.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 1 2011-10-01 2011-10-01 false Recruitment costs. 31.205-34 Section 31.205-34 Federal Acquisition Regulations System FEDERAL ACQUISITION REGULATION GENERAL... secure and maintain an adequate labor force. (3) Costs of operating an aptitude and educational testing...

48 CFR 31.205-34 - Recruitment costs.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 1 2014-10-01 2014-10-01 false Recruitment costs. 31.205-34 Section 31.205-34 Federal Acquisition Regulations System FEDERAL ACQUISITION REGULATION GENERAL... secure and maintain an adequate labor force. (3) Costs of operating an aptitude and educational testing...

48 CFR 31.205-34 - Recruitment costs.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 1 2013-10-01 2013-10-01 false Recruitment costs. 31.205-34 Section 31.205-34 Federal Acquisition Regulations System FEDERAL ACQUISITION REGULATION GENERAL... secure and maintain an adequate labor force. (3) Costs of operating an aptitude and educational testing...

48 CFR 31.205-34 - Recruitment costs.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 1 2012-10-01 2012-10-01 false Recruitment costs. 31.205-34 Section 31.205-34 Federal Acquisition Regulations System FEDERAL ACQUISITION REGULATION GENERAL... secure and maintain an adequate labor force. (3) Costs of operating an aptitude and educational testing...

System Security And Monitoring On Smart Home Using Android

NASA Astrophysics Data System (ADS)

Romadhon, A. S.

2018-01-01

Home security system is needed for homeowners who have a lot of activities, as a result, they often leave the house without locking the door and even leave the house in a state of lights that are not lit. In order to overcome this case, a system that can control and can monitor the state of the various devices contained in the house or smart home system is urgently required. The working principle of this smart home using android is when the homeowner sends a certain command using android, the command will be forwarded to the microcontroller and then it will be executed based on the parameters that have been determined. For example, it can turn off and on the light using android app. In this study, testing was conducted to a smart home prototype which is equipped with light bulbs, odour sensors, heat sensors, ultrasonic sensors, LDR, buzzer and camera. The test results indicate that the application has been able to control all the sensors of home appliances well.

Thundercloud: Domain specific information security training for the smart grid

NASA Astrophysics Data System (ADS)

Stites, Joseph

In this paper, we describe a cloud-based virtual smart grid test bed: ThunderCloud, which is intended to be used for domain-specific security training applicable to the smart grid environment. The test bed consists of virtual machines connected using a virtual internal network. ThunderCloud is remotely accessible, allowing students to undergo educational exercises online. We also describe a series of practical exercises that we have developed for providing the domain-specific training using ThunderCloud. The training exercises and attacks are designed to be realistic and to reflect known vulnerabilities and attacks reported in the smart grid environment. We were able to use ThunderCloud to offer practical domain-specific security training for smart grid environment to computer science students at little or no cost to the department and no risk to any real networks or systems.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Smartt, Heidi A.; Romero, Juan A.; Custer, Joyce Olsen

Containment/Surveillance (C/S) measures are critical to any verification regime in order to maintain Continuity of Knowledge (CoK). The Ceramic Seal project is research into the next generation technologies to advance C/S, in particular improving security and efficiency. The Ceramic Seal is a small form factor loop seal with improved tamper-indication including a frangible seal body, tamper planes, external coatings, and electronic monitoring of the seal body integrity. It improves efficiency through a self-securing wire and in-situ verification with a handheld reader. Sandia National Laboratories (SNL) and Savannah River National Laboratory (SRNL), under sponsorship from the U.S. National Nuclear Security Administrationmore » (NNSA) Office of Defense Nuclear Nonproliferation Research and Development (DNN R&D), have previously designed and have now fabricated and tested Ceramic Seals. Tests have occurred at both SNL and SRNL, with different types of tests occurring at each facility. This interim report will describe the Ceramic Seal prototype, the design and development of a handheld standalone reader and an interface to a data acquisition system, fabrication of the seals, and results of initial testing.« less

Random Vibration and Torque Tests of Fasteners Secured With Locking Cable, Room Temperature Vulcanized (RTV) Rubber, and Closed Cell Foam to Support the Launch of STS-82

NASA Technical Reports Server (NTRS)

Yost, V. H.

1997-01-01

During a walkdown of the Space Transportation System (STS) orbiter for the 82nd Space Shuttle flight (STS-82), technicians found several safety cables for bolts with missing or loose ferrules. Typically, two or three bolts are secured with a cable which passes through one of the holes in the head of each bolt and a ferrule is crimped on each end of the cable to prevent it from coming out of the holes. The purpose of the cable is to prevent bolts from rotating should they become untightened. Other bolts are secured with either a locking cable or wire which is covered with RTV and foam. The RTV and foam would have to be removed to inspect for missing or loose ferrules. To determine whether this was necessary, vibration and torque test fixtures and tests were made to determine whether or not bolts with missing or loose ferrules would unloosen. These tests showed they would not, and the RTV and foam was not removed.

Experiments of 10 Gbit/sec quantum stream cipher applicable to optical Ethernet and optical satellite link

NASA Astrophysics Data System (ADS)

Hirota, Osamu; Ohhata, Kenichi; Honda, Makoto; Akutsu, Shigeto; Doi, Yoshifumi; Harasawa, Katsuyoshi; Yamashita, Kiichi

2009-08-01

The security issue for the next generation optical network which realizes Cloud Computing System Service with data center" is urgent problem. In such a network, the encryption by physical layer which provide super security and small delay should be employed. It must provide, however, very high speed encryption because the basic link is operated at 2.5 Gbit/sec or 10 Gbit/sec. The quantum stream cipher by Yuen-2000 protocol (Y-00) is a completely new type random cipher so called Gauss-Yuen random cipher, which can break the Shannon limit for the symmetric key cipher. We develop such a cipher which has good balance of the security, speed and cost performance. In SPIE conference on quantum communication and quantum imaging V, we reported a demonstration of 2.5 Gbit/sec system for the commercial link and proposed how to improve it to 10 Gbit/sec. This paper reports a demonstration of the Y-00 cipher system which works at 10 Gbit/sec. A transmission test in a laboratory is tried to get the basic data on what parameters are important to operate in the real commercial networks. In addition, we give some theoretical results on the security. It is clarified that the necessary condition to break the Shannon limit requires indeed the quantum phenomenon, and that the full information theoretically secure system is available in the satellite link application.

46 CFR 111.12-5 - Construction and testing of generators.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 46 Shipping 4 2011-10-01 2011-10-01 false Construction and testing of generators. 111.12-5 Section 111.12-5 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) ELECTRICAL ENGINEERING ELECTRIC SYSTEMS-GENERAL REQUIREMENTS Generator Construction and Circuits § 111.12-5 Construction and...

46 CFR 111.12-5 - Construction and testing of generators.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 46 Shipping 4 2014-10-01 2014-10-01 false Construction and testing of generators. 111.12-5 Section 111.12-5 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) ELECTRICAL ENGINEERING ELECTRIC SYSTEMS-GENERAL REQUIREMENTS Generator Construction and Circuits § 111.12-5 Construction and...

46 CFR 111.12-5 - Construction and testing of generators.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 46 Shipping 4 2012-10-01 2012-10-01 false Construction and testing of generators. 111.12-5 Section 111.12-5 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) ELECTRICAL ENGINEERING ELECTRIC SYSTEMS-GENERAL REQUIREMENTS Generator Construction and Circuits § 111.12-5 Construction and...

46 CFR 111.12-5 - Construction and testing of generators.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 46 Shipping 4 2013-10-01 2013-10-01 false Construction and testing of generators. 111.12-5 Section 111.12-5 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) ELECTRICAL ENGINEERING ELECTRIC SYSTEMS-GENERAL REQUIREMENTS Generator Construction and Circuits § 111.12-5 Construction and...

46 CFR 111.12-5 - Construction and testing of generators.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 46 Shipping 4 2010-10-01 2010-10-01 false Construction and testing of generators. 111.12-5 Section 111.12-5 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) ELECTRICAL ENGINEERING ELECTRIC SYSTEMS-GENERAL REQUIREMENTS Generator Construction and Circuits § 111.12-5 Construction and...

Adapter assembly prevents damage to tubing during high pressure tests

NASA Technical Reports Server (NTRS)

Stinett, L. L.

1965-01-01

Portable adapter assembly prevents damage to tubing and injury to personnel when pressurizing a system or during high pressure tests. The assembly is capable of withstanding high pressure. It is securely attached to the tubing stub end and may be removed without brazing, cutting or cleaning the tube.

Orion EFT-1 Heat Shield Move from LASF to VAB Highbay 2

NASA Image and Video Library

2017-04-26

The Orion heat shield from Exploration Flight Test-1, secured on a transporter, arrives at the Vehicle Assembly Building (VAB) at NASA's Kennedy Space Center in Florida. The heat shield was moved from the Launch Abort System Facility. The heat shield is being transferred from the Orion Program to the Ground Systems Development and Operations Program, Landing and Recovery Operations. In the VAB, the heat shield will be integrated with the Orion ground test article and used for future underway recovery testing.

Orion EFT-1 Heat Shield Move from LASF to VAB Highbay 2

NASA Image and Video Library

2017-04-26

Inside the Launch Abort System Facility at NASA's Kennedy Space Center in Florida, the Orion heat shield from Exploration Flight Test-1 is secured on a transporter and ready for its move to the Vehicle Assembly Building (VAB). The heat shield is being transferred from the Orion Program to the Ground Systems Development and Operations Program, Landing and Recovery Operations. In the VAB, the heat shield will be integrated with the Orion ground test article and used for future underway recovery testing.

Orion EFT-1 Heat Shield Move from LASF to VAB Highbay 2

NASA Image and Video Library

2017-04-26

The Orion heat shield from Exploration Flight Test-1, secured on a transporter, departs the Launch Abort System Facility at NASA's Kennedy Space Center in Florida, for its move to the Vehicle Assembly Building (VAB). The heat shield is being transferred from the Orion Program to the Ground Systems Development and Operations Program, Landing and Recovery Operations. In the VAB, the heat shield will be integrated with the Orion ground test article and used for future underway recovery testing.

Human Operator Interface with FLIR Displays.

DTIC Science & Technology

1980-03-01

model (Ratches, et al., 1976) used to evaluate FUIR system performanmce. SECURITY CLASSIFICATION OF THIS PAOE(When Does Bntoff. PREFACE The research...the minimum resolv- able temperature (MRT) paradigm to test two modeled FLIR systems. Twelve male subjects with 20/20 uncorrected vision served as...varying iv levels of size, contrast, noise, and MTF. The test results were compared with the NVL predictive model (Ratches, et al., 1975) used to

Controlling multiple security robots in a warehouse environment

NASA Technical Reports Server (NTRS)

Everett, H. R.; Gilbreath, G. A.; Heath-Pastore, T. A.; Laird, R. T.

1994-01-01

The Naval Command Control and Ocean Surveillance Center (NCCOSC) has developed an architecture to provide coordinated control of multiple autonomous vehicles from a single host console. The multiple robot host architecture (MRHA) is a distributed multiprocessing system that can be expanded to accommodate as many as 32 robots. The initial application will employ eight Cybermotion K2A Navmaster robots configured as remote security platforms in support of the Mobile Detection Assessment and Response System (MDARS) Program. This paper discusses developmental testing of the MRHA in an operational warehouse environment, with two actual and four simulated robotic platforms.

Test security in medicolegal cases: proposed guidelines for attorneys utilizing neuropsychology practice.

PubMed

Morel, Kenneth R

2009-11-01

In the context of forensic neuropsychological assessments, the professional interaction of law and psychology is viewed primarily as one where the retaining attorney or court dictates its needs to psychologists when resolving legal disputes. While this perspective is conceptually accurate, the positive and practical collaboration of law and psychology also relies on attorneys adhering to basic protections of sensitive psychological assessment procedures and tests. Objective testing is undermined when a practitioner of law engages in actions prior to, during, or following a neuropsychological examination in a manner that threatens the test security. An appreciation among practitioners of law and psychology regarding the necessity of test security is essential. This article reviews attorney actions that can affect test security, proposes a distinction by psychology between appropriate and problematic client preparation for a neuropsychological examination, integrates the available legal precedent regarding test security, and suggests productive measures to protect test security in medicolegal settings.

Using K-12 Lessons Learned about How to Balance Accessibility and Test Security to Inform Licensure, Credentialing, and Certification Exam Policies

ERIC Educational Resources Information Center

Lazarus, Sheryl S.; van den Heuvel, Jill R.; Thurlow, Martha L.

2017-01-01

This paper explores how to balance test security and accessibility on licensure, credentialing, and certification exams. It examines K-12 test security policies related to educational assessments across states to discover lessons learned about how to meet accessibility needs of individuals with disabilities while minimizing test security risks. It…

Consumers Are Ready to Accept the Transition to Online and Electronic Records If They Can Be Assured of the Security Measures

PubMed Central

Chhanabhai, Prajesh; Holt, Alec

2007-01-01

Background Healthcare has entered the electronic domain. This domain has improved data collection and storage abilities while allowing almost instantaneous access and results to data queries. Furthermore, it allows direct communication between healthcare providers and health consumers. The development of privacy, confidentiality, and security principles are necessary to protect consumers' interests against inappropriate access. Studies have shown that the health consumer is the important stakeholder in this process. With the international push toward electronic health records (EHRs), this article presents the importance of secure EHR systems from the public's perspective. Objective To examine the public's perception of the security of electronic systems and report on how their perceptions can shape the building of stronger systems. Methods A cross-sectional survey (September-November 2005) of people attending healthcare providers (n = 400) was conducted in the 4 major cities in New Zealand. Participants were surveyed on computer use, knowledge of EHR-proposed benefits and issues, security issues, and demographics. Results A total of 300 surveys were completed and returned (a 75% response rate), with 180 (60%) being women. One hundred eighty-eight (62.6%) had not heard of EHRs, with those who had heard of them indicating that they were a positive innovation in the health sector. However, 202 (73.3%) participants were highly concerned about the security and privacy of their health records. This feeling was further accentuated when participants were asked about security of electronic systems. Participants were worried about hackers (79.4%), vendor access (72.7%), and malicious software (68%). Participants were also introduced to various security systems, and in each case, over 80% of participants believed that these would make EHR systems more secure. A number of chi-square tests were carried out with each variable, and it was found that there were strong relationships between age, location, computer use, EHR knowledge, and the concern for privacy and the security of medical records (P < .05). The survey also showed that there was a very small difference (9.8%) between health consumers who believed that paper records are more secure than EHRs and those who believed otherwise. Conclusions The findings showed that for the EHR to be fully integrating in the health sector, there are 2 main issues that need to be addressed: The security of the EHR system has to be of the highest level, and needs to be constantly monitored and updated.The involvement of the health consumer in the ownership and maintenance of their health record needs to be more proactive. The EHR aims to collect information to allow for “cradle to the grave” treatment; thus, the health consumer has to be seen as a major player in ensuring that this can happen correctly. The results from this study indicated that the consumer is ready to accept the transition, as long as one can be assured of the security of the system. PMID:17435617

Consumers are ready to accept the transition to online and electronic records if they can be assured of the security measures.

PubMed

Chhanabhai, Prajesh; Holt, Alec

2007-01-11

Healthcare has entered the electronic domain. This domain has improved data collection and storage abilities while allowing almost instantaneous access and results to data queries. Furthermore, it allows direct communication between healthcare providers and health consumers. The development of privacy, confidentiality, and security principles are necessary to protect consumers' interests against inappropriate access. Studies have shown that the health consumer is the important stakeholder in this process. With the international push toward electronic health records (EHRs), this article presents the importance of secure EHR systems from the public's perspective. To examine the public's perception of the security of electronic systems and report on how their perceptions can shape the building of stronger systems. A cross-sectional survey (September-November 2005) of people attending healthcare providers (n = 400) was conducted in the 4 major cities in New Zealand. Participants were surveyed on computer use, knowledge of EHR-proposed benefits and issues, security issues, and demographics. A total of 300 surveys were completed and returned (a 75% response rate), with 180 (60%) being women. One hundred eighty-eight (62.6%) had not heard of EHRs, with those who had heard of them indicating that they were a positive innovation in the health sector. However, 202 (73.3%) participants were highly concerned about the security and privacy of their health records. This feeling was further accentuated when participants were asked about security of electronic systems. Participants were worried about hackers (79.4%), vendor access (72.7%), and malicious software (68%). Participants were also introduced to various security systems, and in each case, over 80% of participants believed that these would make EHR systems more secure. A number of chi-square tests were carried out with each variable, and it was found that there were strong relationships between age, location, computer use, EHR knowledge, and the concern for privacy and the security of medical records (P < .05). The survey also showed that there was a very small difference (9.8%) between health consumers who believed that paper records are more secure than EHRs and those who believed otherwise. The findings showed that for the EHR to be fully integrating in the health sector, there are 2 main issues that need to be addressed: The security of the EHR system has to be of the highest level, and needs to be constantly monitored and updated. The involvement of the health consumer in the ownership and maintenance of their health record needs to be more proactive. The EHR aims to collect information to allow for "cradle to the grave" treatment; thus, the health consumer has to be seen as a major player in ensuring that this can happen correctly. The results from this study indicated that the consumer is ready to accept the transition, as long as one can be assured of the security of the system.

Sandia National Laboratories: Fabrication, Testing and Validation

Science.gov Websites

; Technology Defense Systems & Assessments About Defense Systems & Assessments Program Areas safe, secure, reliable, and can fully support the Nation's deterrence policy. Employing only the most support of this mission, Sandia National Laboratories has a significant role in advancing the "state

7 CFR 1730.21 - Inspections and tests.

Code of Federal Regulations, 2010 CFR

2010-01-01

... reliability and security of the electric power grid, cause significant risk to the safety and health of the... AGRICULTURE ELECTRIC SYSTEM OPERATIONS AND MAINTENANCE Operations and Maintenance Requirements § 1730.21... parts of its electric system, annually exercise its ERP, and maintain records of such inspections and...

DOE Office of Scientific and Technical Information (OSTI.GOV)

Cabrera-Palmer, Belkis

Predicting the performance of radiation detection systems at field sites based on measured performance acquired under controlled conditions at test locations, e.g., the Nevada National Security Site (NNSS), remains an unsolved and standing issue within DNDO’s testing methodology. Detector performance can be defined in terms of the system’s ability to detect and/or identify a given source or set of sources, and depends on the signal generated by the detector for the given measurement configuration (i.e., source strength, distance, time, surrounding materials, etc.) and on the quality of the detection algorithm. Detector performance is usually evaluated in the performance and operationalmore » testing phases, where the measurement configurations are selected to represent radiation source and background configurations of interest to security applications.« less

29 CFR 801.14 - Exemption for employers providing security services.

Code of Federal Regulations, 2012 CFR

2012-07-01

... general prohibition against polygraph tests for certain armored car, security alarm, and security guard..., 801.24, 801.25, 801.26, and 801.35 of this part, section 7(e) permits the use of polygraph tests on... administration of polygraph tests only to prospective employees. However, security service employers may...

29 CFR 801.14 - Exemption for employers providing security services.

Code of Federal Regulations, 2013 CFR

2013-07-01

... general prohibition against polygraph tests for certain armored car, security alarm, and security guard..., 801.24, 801.25, 801.26, and 801.35 of this part, section 7(e) permits the use of polygraph tests on... administration of polygraph tests only to prospective employees. However, security service employers may...

29 CFR 801.14 - Exemption for employers providing security services.

Code of Federal Regulations, 2014 CFR

2014-07-01

... general prohibition against polygraph tests for certain armored car, security alarm, and security guard..., 801.24, 801.25, 801.26, and 801.35 of this part, section 7(e) permits the use of polygraph tests on... administration of polygraph tests only to prospective employees. However, security service employers may...

Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations.

PubMed

Brubaker, Chad; Jana, Suman; Ray, Baishakhi; Khurshid, Sarfraz; Shmatikov, Vitaly

2014-01-01

Modern network security rests on the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. Distributed systems, mobile and desktop applications, embedded devices, and all of secure Web rely on SSL/TLS for protection against network attacks. This protection critically depends on whether SSL/TLS clients correctly validate X.509 certificates presented by servers during the SSL/TLS handshake protocol. We design, implement, and apply the first methodology for large-scale testing of certificate validation logic in SSL/TLS implementations. Our first ingredient is "frankencerts," synthetic certificates that are randomly mutated from parts of real certificates and thus include unusual combinations of extensions and constraints. Our second ingredient is differential testing: if one SSL/TLS implementation accepts a certificate while another rejects the same certificate, we use the discrepancy as an oracle for finding flaws in individual implementations. Differential testing with frankencerts uncovered 208 discrepancies between popular SSL/TLS implementations such as OpenSSL, NSS, CyaSSL, GnuTLS, PolarSSL, MatrixSSL, etc. Many of them are caused by serious security vulnerabilities. For example, any server with a valid X.509 version 1 certificate can act as a rogue certificate authority and issue fake certificates for any domain, enabling man-in-the-middle attacks against MatrixSSL and GnuTLS. Several implementations also accept certificate authorities created by unauthorized issuers, as well as certificates not intended for server authentication. We also found serious vulnerabilities in how users are warned about certificate validation errors. When presented with an expired, self-signed certificate, NSS, Safari, and Chrome (on Linux) report that the certificate has expired-a low-risk, often ignored error-but not that the connection is insecure against a man-in-the-middle attack. These results demonstrate that automated adversarial testing with frankencerts is a powerful methodology for discovering security flaws in SSL/TLS implementations.

Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations

PubMed Central

Brubaker, Chad; Jana, Suman; Ray, Baishakhi; Khurshid, Sarfraz; Shmatikov, Vitaly

2014-01-01

Modern network security rests on the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. Distributed systems, mobile and desktop applications, embedded devices, and all of secure Web rely on SSL/TLS for protection against network attacks. This protection critically depends on whether SSL/TLS clients correctly validate X.509 certificates presented by servers during the SSL/TLS handshake protocol. We design, implement, and apply the first methodology for large-scale testing of certificate validation logic in SSL/TLS implementations. Our first ingredient is “frankencerts,” synthetic certificates that are randomly mutated from parts of real certificates and thus include unusual combinations of extensions and constraints. Our second ingredient is differential testing: if one SSL/TLS implementation accepts a certificate while another rejects the same certificate, we use the discrepancy as an oracle for finding flaws in individual implementations. Differential testing with frankencerts uncovered 208 discrepancies between popular SSL/TLS implementations such as OpenSSL, NSS, CyaSSL, GnuTLS, PolarSSL, MatrixSSL, etc. Many of them are caused by serious security vulnerabilities. For example, any server with a valid X.509 version 1 certificate can act as a rogue certificate authority and issue fake certificates for any domain, enabling man-in-the-middle attacks against MatrixSSL and GnuTLS. Several implementations also accept certificate authorities created by unauthorized issuers, as well as certificates not intended for server authentication. We also found serious vulnerabilities in how users are warned about certificate validation errors. When presented with an expired, self-signed certificate, NSS, Safari, and Chrome (on Linux) report that the certificate has expired—a low-risk, often ignored error—but not that the connection is insecure against a man-in-the-middle attack. These results demonstrate that automated adversarial testing with frankencerts is a powerful methodology for discovering security flaws in SSL/TLS implementations. PMID:25404868

Evaluating the effectiveness of biometric access control systems

NASA Astrophysics Data System (ADS)

Lively, Valerie M.

2005-05-01

This paper describes the contribution by the National Safe Skies Alliance (Safe Skies) in operational testing of biometric access control systems under the guidance of the Transportation Security Administration (TSA). Safe Skies has been conducting operational tests of biometric access control systems on behalf of the TSA for approximately four years. The majority of this testing has occurred at the McGhee Tyson Airport (TYS) in Knoxville, Tennessee. Twelve separate biometric devices - eight fingerprint, facial, iris, hand geometry, and fingerprint and iris, have been tested to date. Tests were conducted at a TYS administrative door and different airports to evaluate the access control device under normal, abnormal, and attempt-to-defeat conditions.

49 CFR 659.23 - System security plan: contents.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 7 2010-10-01 2010-10-01 false System security plan: contents. 659.23 Section 659... State Oversight Agency § 659.23 System security plan: contents. The system security plan must, at a... system security plan; and (e) Document the rail transit agency's process for making its system security...

DOE Office of Scientific and Technical Information (OSTI.GOV)

Christoph, G.G; Jackson, K.A.; Neuman, M.C.

An effective method for detecting computer misuse is the automatic auditing and analysis of on-line user activity. This activity is reflected in the system audit record, by changes in the vulnerability posture of the system configuration, and in other evidence found through active testing of the system. In 1989 we started developing an automatic misuse detection system for the Integrated Computing Network (ICN) at Los Alamos National Laboratory. Since 1990 this system has been operational, monitoring a variety of network systems and services. We call it the Network Anomaly Detection and Intrusion Reporter, or NADIR. During the last year andmore » a half, we expanded NADIR to include processing of audit and activity records for the Cray UNICOS operating system. This new component is called the UNICOS Real-time NADIR, or UNICORN. UNICORN summarizes user activity and system configuration information in statistical profiles. In near real-time, it can compare current activity to historical profiles and test activity against expert rules that express our security policy and define improper or suspicious behavior. It reports suspicious behavior to security auditors and provides tools to aid in follow-up investigations. UNICORN is currently operational on four Crays in Los Alamos` main computing network, the ICN.« less

KSC-2014-2246

NASA Image and Video Library

2014-04-16

CAPE CANAVERAL, Fla. - The first set of two Ogive panels for the Orion Launch Abort System was uncrated inside the Launch Abort System Facility, or LASF, at NASA’s Kennedy Space Center in Florida. One of the panels is secured on a storage stand at the other end of the facility. Technicians monitor the progress as the second panel is being moved to join the first panel on the storage stand. To the right is the Launch Abort system secured on a work stand. During processing, the panels will be secured around the Orion crew module and attached to the Launch Abort System. Orion is the exploration spacecraft designed to carry astronauts to destinations not yet explored by humans, including an asteroid and Mars. It will have emergency abort capability, sustain the crew during space travel and provide safe re-entry from deep space return velocities. The first unpiloted test flight of Orion is scheduled to launch in 2014 atop a Delta IV rocket and in 2017 on NASA’s Space Launch System rocket. For more information, visit www.nasa.gov/orion. Photo credit: Dan Casper

Modernization of B-2 Data, Video, and Control Systems Infrastructure

NASA Technical Reports Server (NTRS)

Cmar, Mark D.; Maloney, Christian T.; Butala, Vishal D.

2012-01-01

The National Aeronautics and Space Administration (NASA) Glenn Research Center (GRC) Plum Brook Station (PBS) Spacecraft Propulsion Research Facility, commonly referred to as B-2, is NASA s third largest thermal-vacuum facility with propellant systems capability. B-2 has completed a modernization effort of its facility legacy data, video and control systems infrastructure to accommodate modern integrated testing and Information Technology (IT) Security requirements. Integrated systems tests have been conducted to demonstrate the new data, video and control systems functionality and capability. Discrete analog signal conditioners have been replaced by new programmable, signal processing hardware that is integrated with the data system. This integration supports automated calibration and verification of the analog subsystem. Modern measurement systems analysis (MSA) tools are being developed to help verify system health and measurement integrity. Legacy hard wired digital data systems have been replaced by distributed Fibre Channel (FC) network connected digitizers where high speed sampling rates have increased to 256,000 samples per second. Several analog video cameras have been replaced by digital image and storage systems. Hard-wired analog control systems have been replaced by Programmable Logic Controllers (PLC), fiber optic networks (FON) infrastructure and human machine interface (HMI) operator screens. New modern IT Security procedures and schemes have been employed to control data access and process control flows. Due to the nature of testing possible at B-2, flexibility and configurability of systems has been central to the architecture during modernization.

Modernization of B-2 Data, Video, and Control Systems Infrastructure

NASA Technical Reports Server (NTRS)

Cmar, Mark D.; Maloney, Christian T.; Butala, Vishal D.

2012-01-01

The National Aeronautics and Space Administration (NASA) Glenn Research Center (GRC) Plum Brook Station (PBS) Spacecraft Propulsion Research Facility, commonly referred to as B-2, is NASA's third largest thermal-vacuum facility with propellant systems capability. B-2 has completed a modernization effort of its facility legacy data, video and control systems infrastructure to accommodate modern integrated testing and Information Technology (IT) Security requirements. Integrated systems tests have been conducted to demonstrate the new data, video and control systems functionality and capability. Discrete analog signal conditioners have been replaced by new programmable, signal processing hardware that is integrated with the data system. This integration supports automated calibration and verification of the analog subsystem. Modern measurement systems analysis (MSA) tools are being developed to help verify system health and measurement integrity. Legacy hard wired digital data systems have been replaced by distributed Fibre Channel (FC) network connected digitizers where high speed sampling rates have increased to 256,000 samples per second. Several analog video cameras have been replaced by digital image and storage systems. Hard-wired analog control systems have been replaced by Programmable Logic Controllers (PLC), fiber optic networks (FON) infrastructure and human machine interface (HMI) operator screens. New modern IT Security procedures and schemes have been employed to control data access and process control flows. Due to the nature of testing possible at B-2, flexibility and configurability of systems has been central to the architecture during modernization.

Emergency Warning Systems. Part 2. Warning Systems - Evaluation Guidelines.

DTIC Science & Technology

1983-07-01

ELEMENT. PROJECT. TASK AREA A WORK UNIT NUMBERS PRC Voorhees Work Unit 2234G 1500 Planning Research Drive McLean, Virginia 22102 ___ 11. CONTROLLING ...different from Controlling Office) IS. SECURITY CLASS. (of this report) Unclassified 15a. DECLASSIFICATION/DOWNGRADING SCHEDULE 16. DISTRIBUTION...systems that control these warning systems are discussed. Test results of several warning systems are included along with a discussion of sound

Finalizing the CCSDS Space-Data Link Layer Security Protocol: Setup and Execution of the Interoperability Testing

NASA Technical Reports Server (NTRS)

Fischer, Daniel; Aguilar-Sanchez, Ignacio; Saba, Bruno; Moury, Gilles; Biggerstaff, Craig; Bailey, Brandon; Weiss, Howard; Pilgram, Martin; Richter, Dorothea

2015-01-01

The protection of data transmitted over the space-link is an issue of growing importance also for civilian space missions. Through the Consultative Committee for Space Data Systems (CCSDS), space agencies have reacted to this need by specifying the Space Data-Link Layer Security (SDLS) protocol which provides confidentiality and integrity services for the CCSDS Telemetry (TM), Telecommand (TC) and Advanced Orbiting Services (AOS) space data-link protocols. This paper describes the approach of the CCSDS SDLS working group to specify and execute the necessary interoperability tests. It first details the individual SDLS implementations that have been produced by ESA, NASA, and CNES and then the overall architecture that allows the interoperability tests between them. The paper reports on the results of the interoperability tests and identifies relevant aspects for the evolution of the test environment.

Orion EM-1 Crew Module Structural Test Article loaded onto Guppy

NASA Image and Video Library

2017-04-25

The Orion Exploration Mission-1 (EM-1) structural test article, inside its transport container, is secured in NASA's Super Guppy aircraft at the Shuttle Landing Facility at NASA's Kennedy Space Center in Florida. The test article will be transported to Lockheed Martin's Denver facility for testing. The Orion spacecraft will launch atop NASA’s Space Launch System rocket on EM-1, its first deep space mission.

Orion EM-1 Crew Module Structural Test Article loaded onto Guppy

NASA Image and Video Library

2017-04-25

The Orion Exploration Mission-1 (EM-1) structural test article, secured inside its transport container, is loaded into NASA's Super Guppy aircraft at the Shuttle Landing Facility at NASA's Kennedy Space Center in Florida. The test article will be transported to Lockheed Martin's Denver facility for testing. The Orion spacecraft will launch atop NASA’s Space Launch System rocket on EM-1, its first deep space mission.

Advanced Computational Methods for Security Constrained Financial Transmission Rights

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kalsi, Karanjit; Elbert, Stephen T.; Vlachopoulou, Maria

Financial Transmission Rights (FTRs) are financial insurance tools to help power market participants reduce price risks associated with transmission congestion. FTRs are issued based on a process of solving a constrained optimization problem with the objective to maximize the FTR social welfare under power flow security constraints. Security constraints for different FTR categories (monthly, seasonal or annual) are usually coupled and the number of constraints increases exponentially with the number of categories. Commercial software for FTR calculation can only provide limited categories of FTRs due to the inherent computational challenges mentioned above. In this paper, first an innovative mathematical reformulationmore » of the FTR problem is presented which dramatically improves the computational efficiency of optimization problem. After having re-formulated the problem, a novel non-linear dynamic system (NDS) approach is proposed to solve the optimization problem. The new formulation and performance of the NDS solver is benchmarked against widely used linear programming (LP) solvers like CPLEX™ and tested on both standard IEEE test systems and large-scale systems using data from the Western Electricity Coordinating Council (WECC). The performance of the NDS is demonstrated to be comparable and in some cases is shown to outperform the widely used CPLEX algorithms. The proposed formulation and NDS based solver is also easily parallelizable enabling further computational improvement.« less

Airborne and Ground-Based Optical Characterization of Legacy Underground Nuclear Test Sites

NASA Astrophysics Data System (ADS)

Vigil, S.; Craven, J.; Anderson, D.; Dzur, R.; Schultz-Fellenz, E. S.; Sussman, A. J.

2015-12-01

Detecting, locating, and characterizing suspected underground nuclear test sites is a U.S. security priority. Currently, global underground nuclear explosion monitoring relies on seismic and infrasound sensor networks to provide rapid initial detection of potential underground nuclear tests. While seismic and infrasound might be able to generally locate potential underground nuclear tests, additional sensing methods might be required to further pinpoint test site locations. Optical remote sensing is a robust approach for site location and characterization due to the ability it provides to search large areas relatively quickly, resolve surface features in fine detail, and perform these tasks non-intrusively. Optical remote sensing provides both cultural and surface geological information about a site, for example, operational infrastructure, surface fractures. Surface geological information, when combined with known or estimated subsurface geologic information, could provide clues concerning test parameters. We have characterized two legacy nuclear test sites on the Nevada National Security Site (NNSS), U20ak and U20az using helicopter-, ground- and unmanned aerial system-based RGB imagery and light detection and ranging (lidar) systems. The multi-faceted information garnered from these different sensing modalities has allowed us to build a knowledge base of how a nuclear test site might look when sensed remotely, and the standoff distances required to resolve important site characteristics.

17 CFR 39.36 - Risk management for systemically important derivatives clearing organizations and subpart C...

Code of Federal Regulations, 2014 CFR

2014-04-01

...) Establish procedures for: (i) Reporting stress test results to its risk management committee or board of... 17 Commodity and Securities Exchanges 1 2014-04-01 2014-04-01 false Risk management for....36 Risk management for systemically important derivatives clearing organizations and subpart C...

Environmental Technology Verification Report for Private Pallet Security Systems, LLC. MultiTrack™ Layered Tracking Systems

EPA Science Inventory

This test simulated shipments of hazardous waste contained in polyethylene (poly) drums, metal drums, and corrugated boxes through routine land transportation routes and across international ports of entry in the El Paso/Ciudad Juarez trade area. RFID tags were attached to four ...

49 CFR 383.73 - State procedures.

Code of Federal Regulations, 2013 CFR

2013-10-01

... endorsement knowledge tests; (iv) Allow only a group-specific passenger (P) and school bus (S) endorsement and... must verify the name, date of birth, and Social Security Number provided by the applicant with the...-domiciled CDL. (n) Computer system controls. The State must establish computer system controls that will: (1...

Hazardous material transportation safety and security field operational test final detailed test plans : executive summary

DOT National Transportation Integrated Search

2003-09-16

The objective of this Hazardous Material (HazMat) Transportation Safety and Security Field Operational Test (FOT) Final Detailed Test Plans evaluation is to measure the impact of technology solutions on the safety, security, and operational efficienc...

A Method of Retrospective Computerized System Validation for Drug Manufacturing Software Considering Modifications

NASA Astrophysics Data System (ADS)

Takahashi, Masakazu; Fukue, Yoshinori

This paper proposes a Retrospective Computerized System Validation (RCSV) method for Drug Manufacturing Software (DMSW) that relates to drug production considering software modification. Because DMSW that is used for quality management and facility control affects big impact to quality of drugs, regulatory agency required proofs of adequacy for DMSW's functions and performance based on developed documents and test results. Especially, the work that explains adequacy for previously developed DMSW based on existing documents and operational records is called RCSV. When modifying RCSV conducted DMSW, it was difficult to secure consistency between developed documents and test results for modified DMSW parts and existing documents and operational records for non-modified DMSW parts. This made conducting RCSV difficult. In this paper, we proposed (a) definition of documents architecture, (b) definition of descriptive items and levels in the documents, (c) management of design information using database, (d) exhaustive testing, and (e) integrated RCSV procedure. As a result, we could conduct adequate RCSV securing consistency.

49 CFR 232.607 - Inspection and testing requirements.

Code of Federal Regulations, 2013 CFR

2013-10-01

... car in a train has traveled since receiving a Class I brake test by a qualified mechanical inspector... restricts access to the train and provides sufficient security to deter vandalism. (c) Cars added en route. (1) Each freight car equipped with an ECP brake system that is added to a freight train operating in...

49 CFR 232.607 - Inspection and testing requirements.

Code of Federal Regulations, 2014 CFR

2014-10-01

... car in a train has traveled since receiving a Class I brake test by a qualified mechanical inspector... restricts access to the train and provides sufficient security to deter vandalism. (c) Cars added en route. (1) Each freight car equipped with an ECP brake system that is added to a freight train operating in...

49 CFR 232.607 - Inspection and testing requirements.

Code of Federal Regulations, 2012 CFR

2012-10-01

... car in a train has traveled since receiving a Class I brake test by a qualified mechanical inspector... restricts access to the train and provides sufficient security to deter vandalism. (c) Cars added en route. (1) Each freight car equipped with an ECP brake system that is added to a freight train operating in...

49 CFR 232.607 - Inspection and testing requirements.

Code of Federal Regulations, 2010 CFR

2010-10-01

... car in a train has traveled since receiving a Class I brake test by a qualified mechanical inspector... restricts access to the train and provides sufficient security to deter vandalism. (c) Cars added en route. (1) Each freight car equipped with an ECP brake system that is added to a freight train operating in...

49 CFR 232.607 - Inspection and testing requirements.

Code of Federal Regulations, 2011 CFR

2011-10-01

... car in a train has traveled since receiving a Class I brake test by a qualified mechanical inspector... restricts access to the train and provides sufficient security to deter vandalism. (c) Cars added en route. (1) Each freight car equipped with an ECP brake system that is added to a freight train operating in...

Trust Management and Security in Satellite Telecommand Processing

DTIC Science & Technology

2011-03-24

include XREP, NICE, and P- Grid . These systems aggregate the perception of entities in the system to calculate a local reputation value for a specific...peripheral used is a Universal Asynchronous Receiver Transmitter ( UART ) which is connected to a Recommended Standard 232 (RS232) transceiver onboard [49...satellite, a logic analyzer was connected to monitor UART signals on the test board. The logic analyzer used for this testing was a USBee ZX module

The Exon-Florio National Security Test for Foreign Investment

DTIC Science & Technology

2010-02-04

CRS Report for Congress Prepared for Members and Committees of Congress The Exon- Florio National Security Test for Foreign Investment...04 FEB 2010 2. REPORT TYPE 3. DATES COVERED 00-00-2010 to 00-00-2010 4. TITLE AND SUBTITLE The Exon- Florio National Security Test for Foreign...ANSI Std Z39-18 The Exon- Florio National Security Test for Foreign Investment Congressional Research Service Summary The Exon- Florio provision

Joint image encryption and compression scheme based on a new hyperchaotic system and curvelet transform

NASA Astrophysics Data System (ADS)

Zhang, Miao; Tong, Xiaojun

2017-07-01

This paper proposes a joint image encryption and compression scheme based on a new hyperchaotic system and curvelet transform. A new five-dimensional hyperchaotic system based on the Rabinovich system is presented. By means of the proposed hyperchaotic system, a new pseudorandom key stream generator is constructed. The algorithm adopts diffusion and confusion structure to perform encryption, which is based on the key stream generator and the proposed hyperchaotic system. The key sequence used for image encryption is relation to plain text. By means of the second generation curvelet transform, run-length coding, and Huffman coding, the image data are compressed. The joint operation of compression and encryption in a single process is performed. The security test results indicate the proposed methods have high security and good compression effect.

Design and evaluation of security multimedia warnings for children's smartphones

NASA Astrophysics Data System (ADS)

Menzel, Wiebke; Tuchscheerer, Sven; Fruth, Jana; Kraetzer, Christian; Dittmann, Jana

2012-02-01

This article describes primarily the development and empiric validation of a design for security warning messages on smartphones for primary school children (7-10 years old). Our design approach for security warnings for children uses a specific character and is based on recommendations of a paediatrician expert. The design criteria are adapted to children's skills, e.g. their visual, acoustic, and haptic perception and their literacy. The developed security warnings are prototypically implemented in an iOS application (on the iPhone 3G/4G) where children are warned by a simulated anti-malware background service, while they are busy with another task. For the evaluation we select methods for empiric validation of the design approach from the field of usability testing ("think aloud" test, questionnaires, log-files, etc.). Our security warnings prototype is evaluated in an empiric user study with 13 primary school children, aged between 8 and 9 years and of different gender (5 girls, 8 boys). The evaluation analysis shows, that nearly all children liked the design of our security warnings. Surprisingly, on several security warning messages most of the children react in the right way after reading the warning, although the meaning couldn't be interpreted in the right way. Another interesting result is, that several children relate specific information, e.g. update, to a specific character. Furthermore, it could be seen that most of the primary school test candidates have little awareness of security threats on smartphones. It is a very strong argument to develop e.g. tutorials or websites in order to raise awareness and teach children how to recognize security threats and how to react to them. Our design approach of security warnings for children's smartphones can be a basis for warning on other systems or applications like tutorials, which are used by children. In a second investigation, we focus on webpages, designed for children since smartphones and webpages (the services behind) are more and more interconnected. From this point of view those services should continue the securityapproaches for children's smartphones. The webservices were evaluated among different criteria, e.g. data protection. The results of a first investigation are reported in this paper.

Secure key storage and distribution

DOEpatents

Agrawal, Punit

2015-06-02

This disclosure describes a distributed, fault-tolerant security system that enables the secure storage and distribution of private keys. In one implementation, the security system includes a plurality of computing resources that independently store private keys provided by publishers and encrypted using a single security system public key. To protect against malicious activity, the security system private key necessary to decrypt the publication private keys is not stored at any of the computing resources. Rather portions, or shares of the security system private key are stored at each of the computing resources within the security system and multiple security systems must communicate and share partial decryptions in order to decrypt the stored private key.

Smashing the Stovepipe: Leveraging the GMSEC Open Architecture and Advanced IT Automation to Rapidly Prototype, Develop and Deploy Next-Generation Multi-Mission Ground Systems

NASA Technical Reports Server (NTRS)

Swenson, Paul

2017-01-01

Satellite/Payload Ground Systems - Typically highly-customized to a specific mission's use cases - Utilize hundreds (or thousands!) of specialized point-to-point interfaces for data flows / file transfers Documentation and tracking of these complex interfaces requires extensive time to develop and extremely high staffing costs Implementation and testing of these interfaces are even more cost-prohibitive, and documentation often lags behind implementation resulting in inconsistencies down the road With expanding threat vectors, IT Security, Information Assurance and Operational Security have become key Ground System architecture drivers New Federal security-related directives are generated on a daily basis, imposing new requirements on current / existing ground systems - These mandated activities and data calls typically carry little or no additional funding for implementation As a result, Ground System Sustaining Engineering groups and Information Technology staff continually struggle to keep up with the rolling tide of security Advancing security concerns and shrinking budgets are pushing these large stove-piped ground systems to begin sharing resources - I.e. Operational / SysAdmin staff, IT security baselines, architecture decisions or even networks / hosting infrastructure Refactoring these existing ground systems into multi-mission assets proves extremely challenging due to what is typically very tight coupling between legacy components As a result, many "Multi-Mission" ops. environments end up simply sharing compute resources and networks due to the difficulty of refactoring into true multi-mission systems Utilizing continuous integration / rapid system deployment technologies in conjunction with an open architecture messaging approach allows System Engineers and Architects to worry less about the low-level details of interfaces between components and configuration of systems GMSEC messaging is inherently designed to support multi-mission requirements, and allows components to aggregate data across multiple homogeneous or heterogeneous satellites or payloads - The highly-successful Goddard Science and Planetary Operations Control Center (SPOCC) utilizes GMSEC as the hub for it's automation and situational awareness capability Shifts focus towards getting GS to a final configuration-managed baseline, as well as multi-mission / big-picture capabilities that help increase situational awareness, promote cross-mission sharing and establish enhanced fleet management capabilities across all levels of the enterprise.

Implementing secure laptop-based testing in an undergraduate nursing program: a case study.

PubMed

Tao, Jinyuan; Lorentz, B Chris; Hawes, Stacey; Rugless, Fely; Preston, Janice

2012-07-01

This article presents the implementation of secure laptop-based testing in an undergraduate nursing program. Details on how to design, develop, implement, and secure tests are discussed. Laptop-based testing mode is also compared with the computer-laboratory-based testing model. Five elements of the laptop-based testing model are illustrated: (1) it simulates the national board examination, (2) security is achievable, (3) it is convenient for both instructors and students, (4) it provides students hands-on practice, (5) continuous technical support is the key.

Systems Security Engineering

DTIC Science & Technology

2010-08-22

Commission (IEC). “Information technology — Security techniques — Code of practice for information security management ( ISO /IEC 27002 ...Information technology — Security techniques — Information security management systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security...was a draft ISO standard on Systems and software engineering, Systems and software assurance [18]. Created by systems engineers for systems

TERROR 2000: The Future Face of Terrorism

DTIC Science & Technology

1994-06-24

defused a crude bomb planted near the local office of Ameri- can Airlines. In the other, two men attacked a Malaysian security guard stationed on the...Security system will be reformed. Those reforms will include means testing and taxation of benefits. 4. Rural land is being colonized by suburbs and...its present liabilities in the U.S. to become a major source of energy. .64 2018 57.43 US 4. Electric cars, augmented by solar panels, become available

Development of a Procedure to Increase Awareness and Reporting of Counterintelligence and Terrorism Indicators: Personal Acknowledgment of Staff Security (PASS)

DTIC Science & Technology

2013-02-27

signed certification by supervisors that they understand and intend to comply with reporting policy. Recent psychological research suggests that the...intend to comply with reporting policy. Recent psychological research suggests that the additional step of requiring a signed acknowledgment may make...prepared by the Defense Personnel Security Research Center (PERSEREC) as part of an effort to design and pilot test the proposed system. This report was

A Decision Framework for Enhancing Mobile Ad Hoc Network Stability and Security

DTIC Science & Technology

2008-06-01

www.selfless-security.org/papers/addendum.php#ivt, accessed: March 2008. [10] Berners - Lee , T., Hendler, J., and O. Lassila, "The Semantic Web," in...study under her mentorship. Professor Tim Levin consistently offered his time and expertise throughout my time at NPS. Watching and listening to...Senge, "Tests for Building Confidence in System Dynamics Models," in TIMS Studies in the Management Sciences, Vol. 14, pp. 209-228, 1980. [40

Performance evaluation of secured DICOM image communication with next generation internet protocol IPv6

NASA Astrophysics Data System (ADS)

Yu, Fenghai; Zhang, Jianguo; Chen, Xiaomeng; Huang, H. K.

2005-04-01

Next Generation Internet (NGI) technology with new communication protocol IPv6 emerges as a potential solution for low-cost and high-speed networks for image data transmission. IPv6 is designed to solve many of the problems of the current version of IP (known as IPv4) with regard to address depletion, security, autoconfiguration, extensibility, and more. We choose CTN (Central Test Node) DICOM software developed by The Mallinckrodt Institute of Radiology to implement IPv6/IPv4 enabled DICOM communication software on different operating systems (Windows/Linux), and used this DICOM software to evaluate the performance of the IPv6/IPv4 enabled DICOM image communication with different security setting and environments. We compared the security communications of IPsec with SSL/TLS on different TCP/IP protocols (IPv6/IPv4), and find that there are some trade-offs to choose security solution between IPsec and SSL/TLS in the security implementation of IPv6/IPv4 communication networks.

Network Intrusion Detection and Visualization using Aggregations in a Cyber Security Data Warehouse

DOE Office of Scientific and Technical Information (OSTI.GOV)

Czejdo, Bogdan; Ferragut, Erik M; Goodall, John R

2012-01-01

The challenge of achieving situational understanding is a limiting factor in effective, timely, and adaptive cyber-security analysis. Anomaly detection fills a critical role in network assessment and trend analysis, both of which underlie the establishment of comprehensive situational understanding. To that end, we propose a cyber security data warehouse implemented as a hierarchical graph of aggregations that captures anomalies at multiple scales. Each node of our pro-posed graph is a summarization table of cyber event aggregations, and the edges are aggregation operators. The cyber security data warehouse enables domain experts to quickly traverse a multi-scale aggregation space systematically. We describemore » the architecture of a test bed system and a summary of results on the IEEE VAST 2012 Cyber Forensics data.« less

An Analysis of Test And Evaluation in Rapid Acquisition Programs

DTIC Science & Technology

2015-12-01

program manager is assigned the requirement and allocated resources to carry out with an acquisition plan. 2. Role of Test and Evaluation Test and...Manual, verify the Maintenance Allocation Chart, and ensure the completeness of the System Support Package. The Maintainability Demonstration measured...additional outside personnel that require additional logistics support, such as security, facilitates, and berthing placing additional strain on units. CLS

A Secure Test Technique for Pipelined Advanced Encryption Standard

NASA Astrophysics Data System (ADS)

Shi, Youhua; Togawa, Nozomu; Yanagisawa, Masao; Ohtsuki, Tatsuo

In this paper, we presented a Design-for-Secure-Test (DFST) technique for pipelined AES to guarantee both the security and the test quality during testing. Unlike previous works, the proposed method can keep all the secrets inside and provide high test quality and fault diagnosis ability as well. Furthermore, the proposed DFST technique can significantly reduce test application time, test data volume, and test generation effort as additional benefits.

Personal medical electronic devices and walk-through metal detector security systems: assessing electromagnetic interference effects.

PubMed

Guag, Joshua; Addissie, Bisrat; Witters, Donald

2017-03-20

There have been concerns that Electromagnetic security systems such as walk-through metal detectors (WTMDs) can potentially cause electromagnetic interference (EMI) in certain active medical devices including implantable cardiac pacemakers and implantable neurostimulators. Incidents of EMI between WTMDs and active medical devices also known as personal medical electronic devices (PMED) continue to be reported. This paper reports on emission measurements of sample WTMDs and testing of 20 PMEDs in a WTMD simulation system. Magnetic fields from sample WTMD systems were characterized for emissions and exposure of certain PMEDs. A WTMD simulator system designed and evaluated by FDA in previous studies was used to mimic the PMED exposures to the waveform from sample WTMDs. The simulation system allows for controlled PMED exposure enabling careful study with adjustable magnetic field strengths and exposure duration, and provides flexibility for PMED exposure at elevated levels in order to study EMI effects on the PMED. The PMED samples consisted of six implantable cardiac pacemakers, six implantable cardioverter defibrillators (ICD), five implantable neurostimulators, and three insulin pumps. Each PMED was exposed in the simulator to the sample WTMD waveforms using methods based on appropriate consensus test standards for each of the device type. Testing the sample PMEDs using the WTMD simulator revealed EMI effects on two implantable pacemakers and one implantable neurostimulator for exposure field strength comparable to actual WTMD field strength. The observed effects were transient and the PMEDs returned to pre-exposure operation within a few seconds after removal from the simulated WTMD exposure fields. No EMI was observed for the sample ICDs or insulin pumps. The findings are consistent with earlier studies where certain sample PMEDs exhibited EMI effects. Clinical implications were not addressed in this study. Additional studies are needed to evaluate potential PMED EMI susceptibilities over a broader range of security systems.

Large-Scale Cryogen Systems and Test Facilities

NASA Technical Reports Server (NTRS)

Johnson, R. G.; Sass, J. P.; Hatfield, W. H.

2007-01-01

NASA has completed initial construction and verification testing of the Integrated Systems Test Facility (ISTF) Cryogenic Testbed. The ISTF is located at Complex 20 at Cape Canaveral Air Force Station, Florida. The remote and secure location is ideally suited for the following functions: (1) development testing of advanced cryogenic component technologies, (2) development testing of concepts and processes for entire ground support systems designed for servicing large launch vehicles, and (3) commercial sector testing of cryogenic- and energy-related products and systems. The ISTF Cryogenic Testbed consists of modular fluid distribution piping and storage tanks for liquid oxygen/nitrogen (56,000 gal) and liquid hydrogen (66,000 gal). Storage tanks for liquid methane (41,000 gal) and Rocket Propellant 1 (37,000 gal) are also specified for the facility. A state-of-the-art blast proof test command and control center provides capability for remote operation, video surveillance, and data recording for all test areas.

31 CFR 356.4 - What are the book-entry systems in which auctioned Treasury securities may be issued?

Code of Federal Regulations, 2010 CFR

2010-07-01

... in which auctioned Treasury securities may be issued? There are three book-entry securities systems... marketable Treasury securities. We maintain and transfer securities in these three book-entry systems at... inflation. Securities may be transferred from one system to the other, unless the securities are not...

Application of NEPA to nuclear weapons production, storage, and testing Weinberger v. Catholic Action of Hawaii/Peace Education Project

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sauber, A.J.

The National Environmental Policy Act (NEPA) requirement of environmental impact statements for the testing of military equipment, specifically nuclear weapons, conflicts with national security objectives. The author examines NEPA and the Freedom of Information Act (FOIA) in terms of the environmental effects of weapons testing and the relevant case law. The Supreme Court's decision in Catholic Action of Hawaii/Peace Education Project sought to resolve the conflict by distinguishing between a project which is contemplated and one which is proposed. The classification scheme embodied in the FOIA exemption for national security may cause unwarranted frustration of NEPA's goals. The author outlinesmore » a new classification system and review mechanism that could curb military abuse in this area.« less

A Guide to Understanding Security Testing and Test Documentation in Trusted Systems, Version 1

DTIC Science & Technology

1993-07-01

necessary to allow the testing of access with all other types of objects. The above test data also provide partial coverage because they de not include...two types of assurance are needed. They are life-cycle assurance and operational assurance. "Life-cycle assurance refers to steps taken by an...procedures depends to a certain extent on the nature of the TCB interface under test. For example, for most TCB-primitive tests that require the same type

Orion is Taken From Ship & Put in Shipping Container

NASA Image and Video Library

2014-12-10

The Orion crew module has been lowered and secured in the crew module transportation fixture at the Mole Pier at Naval Base San Diego in California. The fixture has been secured on the back of a flatbed truck and the cover is being lowered over the spacecraft. Orion is being prepared for the overland trip back to NASA's Kennedy Space Center in Florida. Orion was recovered from the Pacific Ocean after completing a two-orbit, four-and-a-half hour mission Dec. 5 to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. NASA, the U.S. Navy and Lockheed Martin coordinated efforts to recover Orion. The Ground Systems Development and Operations Program led the recovery, offload and pre-transportation efforts.

Orion is Taken From Ship & Put in Shipping Container

NASA Image and Video Library

2014-12-10

The Orion crew module has been secured in the crew module transportation fixture at the Mole Pier at Naval Base San Diego in California. The fixture has been secured on the back of a flatbed truck and the cover has been lowered over the spacecraft. Orion is being prepared for the overland trip back to NASA's Kennedy Space Center in Florida. Orion was recovered from the Pacific Ocean after completing a two-orbit, four-and-a-half hour mission Dec. 5 to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. NASA, the U.S. Navy and Lockheed Martin coordinated efforts to recover Orion. The Ground Systems Development and Operations Program led the recovery, offload and pre-transportation efforts.

Maximum capacity model of grid-connected multi-wind farms considering static security constraints in electrical grids

NASA Astrophysics Data System (ADS)

Zhou, W.; Qiu, G. Y.; Oodo, S. O.; He, H.

2013-03-01

An increasing interest in wind energy and the advance of related technologies have increased the connection of wind power generation into electrical grids. This paper proposes an optimization model for determining the maximum capacity of wind farms in a power system. In this model, generator power output limits, voltage limits and thermal limits of branches in the grid system were considered in order to limit the steady-state security influence of wind generators on the power system. The optimization model was solved by a nonlinear primal-dual interior-point method. An IEEE-30 bus system with two wind farms was tested through simulation studies, plus an analysis conducted to verify the effectiveness of the proposed model. The results indicated that the model is efficient and reasonable.

Use of IPsec by Manned Space Missions

NASA Technical Reports Server (NTRS)

Pajevski, Michael J.

2009-01-01

NASA's Constellation Program is developing its next generation manned space systems for missions to the International Space Station (ISS) and the Moon. The Program is embarking on a path towards standards based Internet Protocol (IP) networking for space systems communication. The IP based communications will be paired with industry standard security mechanisms such as Internet Protocol Security (IPsec) to ensure the integrity of information exchanges and prevent unauthorized release of sensitive information in-transit. IPsec has been tested in simulations on the ground and on at least one Earth orbiting satellite, but the technology is still unproven in manned space mission situations and significant obstacles remain.

Sensor-enabled chem/bio contamination detection system dedicated to situational awareness of water distribution security status

NASA Astrophysics Data System (ADS)

Ginsberg, Mark D.; Smith, Eddy D.; VanBlaricum, Vicki; Hock, Vincent F.; Kroll, Dan; Russell, Kevin J.

2010-04-01

Both real events and models have proven that drinking water systems are vulnerable to deliberate and/or accidental contamination. Additionally, homeland security initiatives and modeling efforts have determined that it is relatively easy to orchestrate the contamination of potable water supplies. Such contamination can be accomplished with classic and non-traditional chemical agents, toxic industrial chemicals (TICs), and/or toxic industrial materials (TIMs). Subsequent research and testing has developed a proven network for detection and response to these threats. The method uses offthe- shelf, broad-spectrum analytical instruments coupled with advanced interpretive algorithms. The system detects and characterizes any backflow events involving toxic contaminants by employing unique chemical signature (fingerprint) response data. This instrumentation has been certified by the Office of Homeland Security for detecting deliberate and/or accidental contamination of critical water infrastructure. The system involves integration of several mature technologies (sensors, SCADA, dynamic models, and the HACH HST Guardian Blue instrumentation) into a complete, real-time, management system that also can be used to address other water distribution concerns, such as corrosion. This paper summarizes the reasons and results for installing such a distribution-based detection and protection system.

Correlation Research of Medical Security Management System Network Platform in Medical Practice

NASA Astrophysics Data System (ADS)

Jie, Wang; Fan, Zhang; Jian, Hao; Li-nong, Yu; Jun, Fei; Ping, Hao; Ya-wei, Shen; Yue-jin, Chang

Objective-The related research of medical security management system network in medical practice. Methods-Establishing network platform of medical safety management system, medical security network host station, medical security management system(C/S), medical security management system of departments and sections, comprehensive query, medical security disposal and examination system. Results-In medical safety management, medical security management system can reflect the hospital medical security problem, and can achieve real-time detection and improve the medical security incident detection rate. Conclusion-The application of the research in the hospital management implementation, can find hospital medical security hidden danger and the problems of medical disputes, and can help in resolving medical disputes in time and achieve good work efficiency, which is worth applying in the hospital practice.

Orion EM-1 Crew Module Structural Test Article loaded onto Guppy

NASA Image and Video Library

2017-04-25

On the tarmac at the Shuttle Landing Facility at NASA's Kennedy Space Center in Florida, the Orion Exploration Mission-1 (EM-1) structural test article, secured in its transport container, is loaded into the agency's Super Guppy aircraft. The test article will be transported to Lockheed Martin's Denver facility for testing. The Orion spacecraft will launch atop NASA’s Space Launch System rocket on EM-1, its first deep space mission.

Orion EM-1 Crew Module Structural Test Article loaded onto Guppy

NASA Image and Video Library

2017-04-25

On the tarmac at the Shuttle Landing Facility at NASA's Kennedy Space Center in Florida, the agency's Super Guppy aircraft closes after the Orion Exploration Mission-1 (EM-1) structural test article, in its transport container, is secured inside. The test article will be transported to Lockheed Martin's Denver facility for testing. The Orion spacecraft will launch atop NASA’s Space Launch System rocket on EM-1, its first deep space mission.

Orion EM-1 Crew Module Structural Test Article loaded onto Guppy

NASA Image and Video Library

2017-04-25

The Orion Exploration Mission-1 (EM-1) structural test article, secured inside its transport container, arrives at the Shuttle Landing Facility at NASA's Kennedy Space Center in Florida. The test article will be loaded into NASA's Super Guppy aircraft, in view at left, and transported to Lockheed Martin's Denver facility for testing. The Orion spacecraft will launch atop NASA’s Space Launch System rocket on EM-1, its first deep space mission.

NEPP Update of Independent Single Event Upset Field Programmable Gate Array Testing

NASA Technical Reports Server (NTRS)

Berg, Melanie; Label, Kenneth; Campola, Michael; Pellish, Jonathan

2017-01-01

This presentation provides a NASA Electronic Parts and Packaging (NEPP) Program update of independent Single Event Upset (SEU) Field Programmable Gate Array (FPGA) testing including FPGA test guidelines, Microsemi RTG4 heavy-ion results, Xilinx Kintex-UltraScale heavy-ion results, Xilinx UltraScale+ single event effect (SEE) test plans, development of a new methodology for characterizing SEU system response, and NEPP involvement with FPGA security and trust.

Security in Intelligent Transport Systems for Smart Cities: From Theory to Practice.

PubMed

Javed, Muhammad Awais; Ben Hamida, Elyes; Znaidi, Wassim

2016-06-15

Connecting vehicles securely and reliably is pivotal to the implementation of next generation ITS applications of smart cities. With continuously growing security threats, vehicles could be exposed to a number of service attacks that could put their safety at stake. To address this concern, both US and European ITS standards have selected Elliptic Curve Cryptography (ECC) algorithms to secure vehicular communications. However, there is still a lack of benchmarking studies on existing security standards in real-world settings. In this paper, we first analyze the security architecture of the ETSI ITS standard. We then implement the ECC based digital signature and encryption procedures using an experimental test-bed and conduct an extensive benchmark study to assess their performance which depends on factors such as payload size, processor speed and security levels. Using network simulation models, we further evaluate the impact of standard compliant security procedures in dense and realistic smart cities scenarios. Obtained results suggest that existing security solutions directly impact the achieved quality of service (QoS) and safety awareness of vehicular applications, in terms of increased packet inter-arrival delays, packet and cryptographic losses, and reduced safety awareness in safety applications. Finally, we summarize the insights gained from the simulation results and discuss open research challenges for efficient working of security in ITS applications of smart cities.

Risk to Water Security on Small Islands

NASA Astrophysics Data System (ADS)

Holding, S. T.; Allen, D. M.

2013-12-01

The majority of fresh water available on small islands is shallow groundwater that forms a freshwater lens. Freshwater lenses are generally limited in extent and as such are vulnerable to many stressors that impact water security. These include stressors related to climate change, such as sea level rise, as well as those related to human impacts, such as contamination. Traditionally, water security assessments have focussed on indicators that provide a snapshot of the current condition. However, recent work suggests that in order to effectively manage the water system, it is also important to consider uncertain future impacts to the system by evaluating how different stressors might impact water security. In this study, a framework for assessing risk to water security was developed and tested on Andros Island in The Bahamas. The assessment comprises two main components that characterise the water system: numerical modelling studies and a hazard survey. A baseline numerical model of the freshwater lens throughout Andros Island was developed to simulate the morphology of the freshwater lens and estimate the freshwater resources currently available. The model was prepared using SEAWAT, a density-dependent flow and solute transport code. Various stressors were simulated in the model to evaluate the response of the freshwater lens to predicted future shifts in climate patterns, sea level rise, and changes in water use. A hazard survey was also conducted on the island to collect information related to the storage of contaminants, sanitation infrastructure, waste disposal practices and groundwater abstraction rates. The results of the survey form a geo-spatial database of the location and associated hazards to the freshwater lens. The resulting risk framework provides a ranking of overall risk to water security based on information from the numerical modelling and hazard survey. The risk framework is implemented in a Geographic Information System (GIS) and provides a map of the risk to water security throughout Andros Island. It evaluates risk to water security for current and future scenarios and will enable water resource managers to effectively adapt to future impacts on water security.

A Model Based Security Testing Method for Protocol Implementation

PubMed Central

Fu, Yu Long; Xin, Xiao Long

2014-01-01

The security of protocol implementation is important and hard to be verified. Since the penetration testing is usually based on the experience of the security tester and the specific protocol specifications, a formal and automatic verification method is always required. In this paper, we propose an extended model of IOLTS to describe the legal roles and intruders of security protocol implementations, and then combine them together to generate the suitable test cases to verify the security of protocol implementation. PMID:25105163

A model based security testing method for protocol implementation.

PubMed

Fu, Yu Long; Xin, Xiao Long

2014-01-01

The security of protocol implementation is important and hard to be verified. Since the penetration testing is usually based on the experience of the security tester and the specific protocol specifications, a formal and automatic verification method is always required. In this paper, we propose an extended model of IOLTS to describe the legal roles and intruders of security protocol implementations, and then combine them together to generate the suitable test cases to verify the security of protocol implementation.

Secure VM for Monitoring Industrial Process Controllers

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dasgupta, Dipankar; Ali, Mohammad Hassan; Abercrombie, Robert K

2011-01-01

In this paper, we examine the biological immune system as an autonomic system for self-protection, which has evolved over millions of years probably through extensive redesigning, testing, tuning and optimization process. The powerful information processing capabilities of the immune system, such as feature extraction, pattern recognition, learning, memory, and its distributive nature provide rich metaphors for its artificial counterpart. Our study focuses on building an autonomic defense system, using some immunological metaphors for information gathering, analyzing, decision making and launching threat and attack responses. In order to detection Stuxnet like malware, we propose to include a secure VM (or dedicatedmore » host) to the SCADA Network to monitor behavior and all software updates. This on-going research effort is not to mimic the nature but to explore and learn valuable lessons useful for self-adaptive cyber defense systems.« less

Control and Communication for a Secure and Reconfigurable Power Distribution System

NASA Astrophysics Data System (ADS)

Giacomoni, Anthony Michael

A major transformation is taking place throughout the electric power industry to overlay existing electric infrastructure with advanced sensing, communications, and control system technologies. This transformation to a smart grid promises to enhance system efficiency, increase system reliability, support the electrification of transportation, and provide customers with greater control over their electricity consumption. Upgrading control and communication systems for the end-to-end electric power grid, however, will present many new security challenges that must be dealt with before extensive deployment and implementation of these technologies can begin. In this dissertation, a comprehensive systems approach is taken to minimize and prevent cyber-physical disturbances to electric power distribution systems using sensing, communications, and control system technologies. To accomplish this task, an intelligent distributed secure control (IDSC) architecture is presented and validated in silico for distribution systems to provide greater adaptive protection, with the ability to proactively reconfigure, and rapidly respond to disturbances. Detailed descriptions of functionalities at each layer of the architecture as well as the whole system are provided. To compare the performance of the IDSC architecture with that of other control architectures, an original simulation methodology is developed. The simulation model integrates aspects of cyber-physical security, dynamic price and demand response, sensing, communications, intermittent distributed energy resources (DERs), and dynamic optimization and reconfiguration. Applying this comprehensive systems approach, performance results for the IEEE 123 node test feeder are simulated and analyzed. The results show the trade-offs between system reliability, operational constraints, and costs for several control architectures and optimization algorithms. Additional simulation results are also provided. In particular, the advantages of an IDSC architecture are highlighted when an intermittent DER is present on the system.

76 FR 58786 - Privacy Act of 1974; Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-22

... National Security Agency/Central Security System systems of records notices subject to the Privacy Act of... inquiries to the National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act...; Systems of Records AGENCY: National Security Agency/Central Security Service, Department of Defense (DoD...

31 CFR 306.23 - Securities eligible to be held in the Legacy Treasury Direct® Book-entry Securities System.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Legacy Treasury Direct® Book-entry Securities System. 306.23 Section 306.23 Money and Finance: Treasury... Securities eligible to be held in the Legacy Treasury Direct® Book-entry Securities System. (a) Eligible... book-entry securities system. (b) Conversion of Registered Security to book-entry form to be held in...

LIS–lnterlink—connecting laboratory information systems to remote primary health–care centres via the Internet

PubMed Central

Clark, Barry; Wachowiak, Bartosz; Crawford, Ewan W.; Jakubowski, Zenon; Kabata, Janusz

1998-01-01

A pilot study was performed to evaluate the feasibility of using the Internet to securely deliver patient laboratory results, and the system has subsequently gone into routine use in Poland. The system went from design to pilot and then to live implementation within a four-month period, resulting in the LIS-Interlink software product. Test results are retrieved at regular intervals from the BioLinkTM LIS (Laboratory Information System), encrypted and transferred to a secure area on the Web server. The primary health-care centres dial into the Internet using a local-cell service provided by Polish Telecom (TP), obtain a TCP/IP address using the TP DHCP server, and perform HTTP ‘get’ and ‘post’ operations to obtain the files by secure handshaking. The data are then automatically inserted into a local SQL database (with optional printing of incoming reports)for cumulative reporting and searching functions. The local database is fully multi-user and can be accessed from different clinics within the centres by a variety of networking protocols. PMID:18924820

LIS-lnterlink-connecting laboratory information systems to remote primary health-care centres via the Internet.

PubMed

Clark, B; Wachowiak, B; Crawford, E W; Jakubowski, Z; Kabata, J

1998-01-01

A pilot study was performed to evaluate the feasibility of using the Internet to securely deliver patient laboratory results, and the system has subsequently gone into routine use in Poland. The system went from design to pilot and then to live implementation within a four-month period, resulting in the LIS-Interlink software product. Test results are retrieved at regular intervals from the BioLink(TM) LIS (Laboratory Information System), encrypted and transferred to a secure area on the Web server. The primary health-care centres dial into the Internet using a local-cell service provided by Polish Telecom (TP), obtain a TCP/IP address using the TP DHCP server, and perform HTTP 'get' and 'post' operations to obtain the files by secure handshaking. The data are then automatically inserted into a local SQL database (with optional printing of incoming reports)for cumulative reporting and searching functions. The local database is fully multi-user and can be accessed from different clinics within the centres by a variety of networking protocols.

OCGen Module Mooring Project

DOE Office of Scientific and Technical Information (OSTI.GOV)

McEntee, Jarlath

Ocean Renewable Power Company's OCGen Module Mooring Project provided an extensive research, design, development, testing and data collection effort and analysis conducted with respect to a positively buoyant, submerged MHK device secured to the seabed using a tensioned mooring system. Different analytic tools were evaluated for their utility in the design of submerged systems and their moorings. Deployment and testing of a prototype OCGen® system provided significant data related to mooring line loads and system attitude and station keeping. Mooring line loads were measured in situ and reported against flow speeds. The Project made a significant step in the developmentmore » of designs, methodologies and practices related to floating and mooring of marine hydrokinetic (MHK) devices. Importantly for Ocean Renewable Power Company, the Project provided a sound basis for advancing a technically and commercially viable OCGen® Power System. The OCGen® Power System is unique in the MHK industry and, in itself, offers distinct advantages of MHK devices that are secured to the seabed using fixed structural frames. Foremost among these advantages are capital and operating cost reductions and increased power extraction by allowing the device to be placed at the most energetic level of the water column.« less

49 CFR 571.225 - Standard No. 225; Child restraint anchorage systems.

Code of Federal Regulations, 2011 CFR

2011-10-01

... N of preload prior to the test. The strap is fitted at one end with a high strength steel tether... systems to ensure their proper location and strength for the effective securing of child restraints, to... manufactured on or after September 1, 1999, shall comply with the configuration, location, marking and strength...

Integration of the SSPM and STAGE with the MPACT Virtual Facility Distributed Test Bed.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Cipiti, Benjamin B.; Shoman, Nathan

The Material Protection Accounting and Control Technologies (MPACT) program within DOE NE is working toward a 2020 milestone to demonstrate a Virtual Facility Distributed Test Bed. The goal of the Virtual Test Bed is to link all MPACT modeling tools, technology development, and experimental work to create a Safeguards and Security by Design capability for fuel cycle facilities. The Separation and Safeguards Performance Model (SSPM) forms the core safeguards analysis tool, and the Scenario Toolkit and Generation Environment (STAGE) code forms the core physical security tool. These models are used to design and analyze safeguards and security systems and generatemore » performance metrics. Work over the past year has focused on how these models will integrate with the other capabilities in the MPACT program and specific model changes to enable more streamlined integration in the future. This report describes the model changes and plans for how the models will be used more collaboratively. The Virtual Facility is not designed to integrate all capabilities into one master code, but rather to maintain stand-alone capabilities that communicate results between codes more effectively.« less

31 CFR 357.0 - Book-entry systems.

Code of Federal Regulations, 2014 CFR

2014-07-01

... General Information § 357.0 Book-entry systems. (a) Treasury securities. Treasury securities are...-entry system is the book-entry system in which Treasury securities are held in a tiered system through securities intermediaries such as financial institutions or brokerage firms. A Treasury security is...

31 CFR 357.0 - Book-entry systems.

Code of Federal Regulations, 2012 CFR

2012-07-01

... General Information § 357.0 Book-entry systems. (a) Treasury securities. Treasury securities are...-entry system is the book-entry system in which Treasury securities are held in a tiered system through securities intermediaries such as financial institutions or brokerage firms. A Treasury security is...

31 CFR 357.0 - Book-entry systems.

Code of Federal Regulations, 2011 CFR

2011-07-01

... General Information § 357.0 Book-entry systems. (a) Treasury securities. Treasury securities are...-entry system is the book-entry system in which Treasury securities are held in a tiered system through securities intermediaries such as financial institutions or brokerage firms. A Treasury security is...

31 CFR 357.0 - Book-entry systems.

Code of Federal Regulations, 2013 CFR

2013-07-01

... General Information § 357.0 Book-entry systems. (a) Treasury securities. Treasury securities are...-entry system is the book-entry system in which Treasury securities are held in a tiered system through securities intermediaries such as financial institutions or brokerage firms. A Treasury security is...

An evaluation index system of water security in China based on macroeconomic data from 2000 to 2012

NASA Astrophysics Data System (ADS)

Li, X. S.; Peng, Z. Y.; Li, T. T.

2016-08-01

This paper establishes an evaluation index system of water security. The index system employs 5 subsystems (water circulation security, water environment security, water ecology security, water society security and water economy security) and has 39 indicators. Using the AHP method, each indicator is given a relative weight to integrate within the whole system. With macroeconomic data from 2000 to 2012, a model of water security evaluation is applied to assess the state of water security in China. The results show an improving trend in the overall state of China's water security. In particular, the cycle of water security is at a high and low fluctuation. Water environment security presents an upward trend on the whole; however, this trend is unsteady and has shown a descending tendency in some years. Yet, water ecology security, water society security, and water economy security are basically on the rise. However, the degree of coordination of China's water security system remains in need of consolidation.

16 CFR 1203.15 - Positional stability test (roll-off resistance).

Code of Federal Regulations, 2010 CFR

2010-01-01

... any slack. (3) Suspend the dynamic impact system from the helmet by positioning the flexible strap... positions. (3) Dynamic impact apparatus. A dynamic impact apparatus shall be used to apply a shock load to a helmet secured to the test headform. The dynamic impact apparatus shall allow a 4-kg (8.8-lb) drop weight...

46 CFR 61.15-10 - Liquefied-petroleum-gas piping for heating and cooking.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 46 Shipping 2 2011-10-01 2011-10-01 false Liquefied-petroleum-gas piping for heating and cooking. 61.15-10 Section 61.15-10 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE ENGINEERING PERIODIC TESTS AND INSPECTIONS Periodic Tests of Piping Systems § 61.15-10 Liquefied-petroleum-gas...

Vehicle Characteristics

DTIC Science & Technology

2008-02-14

g. Material. 5.1.7 Wheel Geometry. a. Camber angle. b. Caster angle. c. Pivot angle. d. Static toe-in. e. Turning angles...the vehicle characteristics to be obtained during testing of wheeled and tracked vehicles and their components. Physical characterization of test...frontal area Characteristic data sheet Power train Suspention Wheel geometry Vehicle clearance angles Armament Gun control systems 16. SECURITY

Safety and Security Interface Technology Initiative

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dr. Michael A. Lehto; Kevin J. Carroll; Dr. Robert Lowrie

Safety and Security Interface Technology Initiative Mr. Kevin J. Carroll Dr. Robert Lowrie, Dr. Micheal Lehto BWXT Y12 NSC Oak Ridge, TN 37831 865-576-2289/865-241-2772 carrollkj@y12.doe.gov Work Objective. Earlier this year, the Energy Facility Contractors Group (EFCOG) was asked to assist in developing options related to acceleration deployment of new security-related technologies to assist meeting design base threat (DBT) needs while also addressing the requirements of 10 CFR 830. NNSA NA-70, one of the working group participants, designated this effort the Safety and Security Interface Technology Initiative (SSIT). Relationship to Workshop Theme. “Supporting Excellence in Operations Through Safety Analysis,” (workshop theme)more » includes security and safety personnel working together to ensure effective and efficient operations. One of the specific workshop elements listed in the call for papers is “Safeguards/Security Integration with Safety.” This paper speaks directly to this theme. Description of Work. The EFCOG Safety Analysis Working Group (SAWG) and the EFCOG Security Working Group formed a core team to develop an integrated process involving both safety basis and security needs allowing achievement of the DBT objectives while ensuring safety is appropriately considered. This effort garnered significant interest, starting with a two day breakout session of 30 experts at the 2006 Safety Basis Workshop. A core team was formed, and a series of meetings were held to develop that process, including safety and security professionals, both contractor and federal personnel. A pilot exercise held at Idaho National Laboratory (INL) in mid-July 2006 was conducted as a feasibility of concept review. Work Results. The SSIT efforts resulted in a topical report transmitted from EFCOG to DOE/NNSA in August 2006. Elements of the report included: Drivers and Endstate, Control Selections Alternative Analysis Process, Terminology Crosswalk, Safety Basis/Security Documentation Integration, Configuration Control, and development of a shared ‘tool box’ of information/successes. Specific Benefits. The expectation or end state resulting from the topical report and associated implementation plan includes: (1) A recommended process for handling the documentation of the security and safety disciplines, including an appropriate change control process and participation by all stakeholders. (2) A means to package security systems with sufficient information to help expedite the flow of that system through the process. In addition, a means to share successes among sites, to include information and safety basis to the extent such information is transportable. (3) Identification of key security systems and associated essential security elements being installed and an arrangement for the sites installing these systems to host an appropriate team to review a specific system and determine what information is exportable. (4) Identification of the security systems’ essential elements and appropriate controls required for testing of these essential elements in the facility. (5) The ability to help refine and improve an agreed to control set at the manufacture stage.« less

Descriptive Model of Generic WAMS

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hauer, John F.; DeSteese, John G.

The Department of Energy’s (DOE) Transmission Reliability Program is supporting the research, deployment, and demonstration of various wide area measurement system (WAMS) technologies to enhance the reliability of the Nation’s electrical power grid. Pacific Northwest National Laboratory (PNNL) was tasked by the DOE National SCADA Test Bed Program to conduct a study of WAMS security. This report represents achievement of the milestone to develop a generic WAMS model description that will provide a basis for the security analysis planned in the next phase of this study.

Ffuzz: Towards full system high coverage fuzz testing on binary executables.

PubMed

Zhang, Bin; Ye, Jiaxi; Bi, Xing; Feng, Chao; Tang, Chaojing

2018-01-01

Bugs and vulnerabilities in binary executables threaten cyber security. Current discovery methods, like fuzz testing, symbolic execution and manual analysis, both have advantages and disadvantages when exercising the deeper code area in binary executables to find more bugs. In this paper, we designed and implemented a hybrid automatic bug finding tool-Ffuzz-on top of fuzz testing and selective symbolic execution. It targets full system software stack testing including both the user space and kernel space. Combining these two mainstream techniques enables us to achieve higher coverage and avoid getting stuck both in fuzz testing and symbolic execution. We also proposed two key optimizations to improve the efficiency of full system testing. We evaluated the efficiency and effectiveness of our method on real-world binary software and 844 memory corruption vulnerable programs in the Juliet test suite. The results show that Ffuzz can discover software bugs in the full system software stack effectively and efficiently.

DOE Office of Scientific and Technical Information (OSTI.GOV)

B. Gardiner; L.Graton; J.Longo

Classified removable electronic media (CREM) are tracked in several different ways at the Laboratory. To ensure greater security for CREM, we are creating a single, Laboratory-wide system to track CREM. We are researching technology that can be used to electronically tag and detect CREM, designing a database to track the movement of CREM, and planning to test the system at several locations around the Laboratory. We focus on affixing ''smart tags'' to items we want to track and installing gates at pedestrian portals to detect the entry or exit of tagged items. By means of an enterprise database, the systemmore » will track the entry and exit of tagged items into and from CREM storage vaults, vault-type rooms, access corridors, or boundaries of secure areas, as well as the identity of the person carrying an item. We are considering several options for tracking items that can give greater security, but at greater expense.« less

Dragon Stream Cipher for Secure Blackbox Cockpit Voice Recorder

NASA Astrophysics Data System (ADS)

Akmal, Fadira; Michrandi Nasution, Surya; Azmi, Fairuz

2017-11-01

Aircraft blackbox is a device used to record all aircraft information, which consists of Flight Data Recorder (FDR) and Cockpit Voice Recorder (CVR). Cockpit Voice Recorder contains conversations in the aircraft during the flight.Investigations on aircraft crashes usually take a long time, because it is difficult to find the aircraft blackbox. Then blackbox should have the ability to send information to other places. Aircraft blackbox must have a data security system, data security is a very important part at the time of information exchange process. The system in this research is to perform the encryption and decryption process on Cockpit Voice Recorder by people who are entitled by using Dragon Stream Cipher algorithm. The tests performed are time of data encryption and decryption, and avalanche effect. Result in this paper show us time encryption and decryption are 0,85 seconds and 1,84 second for 30 seconds Cockpit Voice Recorder data witn an avalanche effect 48,67 %.

Realization and optimization of AES algorithm on the TMS320DM6446 based on DaVinci technology

NASA Astrophysics Data System (ADS)

Jia, Wen-bin; Xiao, Fu-hai

2013-03-01

The application of AES algorithm in the digital cinema system avoids video data to be illegal theft or malicious tampering, and solves its security problems. At the same time, in order to meet the requirements of the real-time, scene and transparent encryption of high-speed data streams of audio and video in the information security field, through the in-depth analysis of AES algorithm principle, based on the hardware platform of TMS320DM6446, with the software framework structure of DaVinci, this paper proposes the specific realization methods of AES algorithm in digital video system and its optimization solutions. The test results show digital movies encrypted by AES128 can not play normally, which ensures the security of digital movies. Through the comparison of the performance of AES128 algorithm before optimization and after, the correctness and validity of improved algorithm is verified.

In the Loop: The Organization of Team-Based Communication in a Patient-Centered Clinical Collaboration System.

PubMed

Kurahashi, Allison M; Weinstein, Peter B; Jamieson, Trevor; Stinson, Jennifer N; Cafazzo, Joseph A; Lokuge, Bhadra; Morita, Plinio P; Cohen, Eyal; Rapoport, Adam; Bezjak, Andrea; Husain, Amna

2016-03-24

We describe the development and evaluation of a secure Web-based system for the purpose of collaborative care called Loop. Loop assembles the team of care with the patient as an integral member of the team in a secure space. The objectives of this paper are to present the iterative design of the separate views for health care providers (HCPs) within each patient's secure space and examine patients', caregivers', and HCPs' perspectives on this separate view for HCP-only communication. The overall research program includes cycles of ethnography, prototyping, usability testing, and pilot testing. This paper describes the usability testing phase that directly informed development. A descriptive qualitative approach was used to analyze participant perspectives that emerged during usability testing. During usability testing, we sampled 89 participants from three user groups: 23 patients, 19 caregivers, and 47 HCPs. Almost all perspectives from the three user groups supported the need for an HCP-only communication view. In an earlier prototype, the visual presentation caused confusion among HCPs when reading and composing messages about whether a message was visible to the patient. Usability testing guided us to design a more deliberate distinction between posting in the Patient and Team view and the Health Care Provider Only view at the time of composing a message, which once posted is distinguished by an icon. The team made a decision to incorporate an HCP-only communication view based on findings during earlier phases of work. During usability testing we tested the separate communication views, and all groups supported this partition. We spent considerable effort designing the partition; however, preliminary findings from the next phase of evaluation, pilot testing, show that the Patient and Team communication is predominantly being used. This demonstrates the importance of a subsequent phase of the clinical trial of Loop to validate the concept and design.

47 CFR 80.277 - Ship Security Alert System (SSAS).

Code of Federal Regulations, 2010 CFR

2010-10-01

... 47 Telecommunication 5 2010-10-01 2010-10-01 false Ship Security Alert System (SSAS). 80.277... Security Alert System (SSAS). (a) Vessels equipped with a Ship Security Alert System pursuant to the Safety..., “RTCM Standard 11020.0—Ship Security Alert Systems (SSAS) using the Cospas-Sarsat System,” Version 1.0...

12 CFR 652.40 - Stress tests for mortgage securities.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Stress tests for mortgage securities. 652.40... MORTGAGE CORPORATION FUNDING AND FISCAL AFFAIRS Investment Management § 652.40 Stress tests for mortgage securities. (a) You must perform stress tests to determine how interest rate changes will affect the cashflow...

12 CFR 652.40 - Stress tests for mortgage securities.

Code of Federal Regulations, 2012 CFR

2012-01-01

... MORTGAGE CORPORATION FUNDING AND FISCAL AFFAIRS Investment Management § 652.40 Stress tests for mortgage securities. (a) You must perform stress tests to determine how interest rate changes will affect the cashflow... 12 Banks and Banking 7 2012-01-01 2012-01-01 false Stress tests for mortgage securities. 652.40...

12 CFR 652.40 - Stress tests for mortgage securities.

Code of Federal Regulations, 2011 CFR

2011-01-01

... MORTGAGE CORPORATION FUNDING AND FISCAL AFFAIRS Investment Management § 652.40 Stress tests for mortgage securities. (a) You must perform stress tests to determine how interest rate changes will affect the cashflow... 12 Banks and Banking 6 2011-01-01 2011-01-01 false Stress tests for mortgage securities. 652.40...

12 CFR 652.40 - Stress tests for mortgage securities.

Code of Federal Regulations, 2013 CFR

2013-01-01

... MORTGAGE CORPORATION FUNDING AND FISCAL AFFAIRS Investment Management § 652.40 Stress tests for mortgage securities. (a) You must perform stress tests to determine how interest rate changes will affect the cashflow... 12 Banks and Banking 7 2013-01-01 2013-01-01 false Stress tests for mortgage securities. 652.40...

Orion Splashdown Recovery

NASA Image and Video Library

2014-12-05

NASA's Orion spacecraft floats in the Pacific Ocean after splashdown from its first flight test in Earth orbit. An H60-S Seahawk helicopter hovers above to communicate the spacecraft's location back to the USS Anchorage, in the distance. NASA, the U.S. Navy and Lockheed Martin are coordinating efforts to recover Orion and secure the spacecraft in the well deck of the USS Anchorage. Orion completed a two-orbit, four-and-a-half hour mission, to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program is leading the recovery efforts.

Orion Splashdown Recovery

NASA Image and Video Library

2014-12-05

NASA's Orion spacecraft floats in the Pacific Ocean after splashdown from its first flight test in Earth orbit. An H60-S Seahawk helicopter hovers above to communicate the spacecraft's location back to the USS Anchorage. NASA, the U.S. Navy and Lockheed Martin are coordinating efforts to recover Orion and secure the spacecraft in the well deck of the USS Anchorage. Orion completed a two-orbit, four-and-a-half hour mission, to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program is leading the recovery efforts.

Orion Splashdown Recovery

NASA Image and Video Library

2014-12-05

NASA's Orion spacecraft floats in the Pacific Ocean after splashdown from its first flight test in Earth orbit. The spacecraft completed a two-orbit, four-and-a-half-hour mission in Earth orbit. NASA, the U.S. Navy and Lockheed Martin are coordinating efforts to recover Orion, the forward bay cover and main parachutes. Orion will be towed in and secure in the well deck of the nearby USS Anchorage. Orion's mission tested systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program is leading the recovery efforts.

Orion Splashdown Recovery

NASA Image and Video Library

2014-12-05

U.S. Navy personnel aboard the USS Anchorage prepare for recovery of NASA's Orion spacecraft from the Pacific Ocean about 600 miles off the coast of San Diego, California. Orion splashed down after its first flight test in Earth orbit. NASA, the U.S. Navy and Lockheed Martin are coordinating efforts to recover Orion and secure the spacecraft in the well deck of the USS Anchorage. Orion completed a two-orbit, four-and-a-half hour mission, to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program is leading the recovery efforts.

KSC-2014-4773

NASA Image and Video Library

2014-12-05

SAN DIEGO, Calif. -- NASA's Orion spacecraft floats in the Pacific Ocean after splashdown from its first flight test in Earth orbit. The USS Anchorage is nearby. NASA, the U.S. Navy and Lockheed Martin are coordinating efforts to recover Orion and secure the spacecraft in the well deck of the USS Anchorage. Orion completed a two-orbit, four-and-a-half hour mission, to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program is leading the recovery efforts. For more information, visit www.nasa.gov/orion Photo credit: NASA/Tony Gray

Orion Splashdown Recovery

NASA Image and Video Library

2014-12-05

U.S. Navy personnel aboard a rigid hull inflatable boat help recover NASA's Orion spacecraft following its splashdown in the Pacific Ocean after its first flight test in Earth orbit. The USS Anchorage is in the background. NASA, the U.S. Navy and Lockheed Martin are coordinating efforts to recover Orion and secure the spacecraft in the well deck of the USS Anchorage. Orion completed a two-orbit, four-and-a-half hour mission, to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program is leading the recovery efforts.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jackson, K.A.; Neuman, M.C.; Simmonds, D.D.

An effective method for detecting computer misuse is the automatic monitoring and analysis of on-line user activity. This activity is reflected in the system audit record, in the system vulnerability posture, and in other evidence found through active testing of the system. During the last several years we have implemented an automatic misuse detection system at Los Alamos. This is the Network Anomaly Detection and Intrusion Reporter (NADIR). We are currently expanding NADIR to include processing of the Cray UNICOS operating system. This new component is called the UNICOS Realtime NADIR, or UNICORN. UNICORN summarizes user activity and system configurationmore » in statistical profiles. It compares these profiles to expert rules that define security policy and improper or suspicious behavior. It reports suspicious behavior to security auditors and provides tools to aid in follow-up investigations. The first phase of UNICORN development is nearing completion, and will be operational in late 1994.« less

Payload and Components Real-Time Automated Test System (PACRATS), Data Acquisition of Leak Rate and Pressure Data Test Procedure

NASA Technical Reports Server (NTRS)

Rinehart, Maegan L.

2011-01-01

The purpose of this activity is to provide the Mechanical Components Test Facility (MCTF) with the capability to obtain electronic leak test and proof pressure data, Payload and Components Real-time Automated Test System (PACRATS) data acquisition software will be utilized to display real-time data. It will record leak rates and pressure/vacuum level(s) simultaneously. This added functionality will provide electronic leak test and pressure data at specified sampling frequencies. Electronically stored data will provide ES61 with increased data security, analysis, and accuracy. The tasks performed in this procedure are to verify PACRATS only, and are not intended to provide verifications for MCTF equipment.

49 CFR 1544.409 - Integrity of screener tests.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 49 Transportation 9 2014-10-01 2014-10-01 false Integrity of screener tests. 1544.409 Section 1544.409 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRCRAFT OPERATOR SECURITY: AIR CARRIERS AND COMMERCIAL OPERATORS Screener...

HTTM - Design and Implementation of a Type-2 Hypervisor for MIPS64 Based Systems

NASA Astrophysics Data System (ADS)

Ain, Qurrat ul; Anwar, Usama; Mehmood, Muhammad Amir; Waheed, Abdul

2017-01-01

Virtualization has emerged as an attractive software solution for many problems in server domain. Recently, it has started to enrich embedded systems domain by offering features such as hardware consolidation, security, and isolation. Our objective is to bring virtualization to high-end MIPS64 based systems, such as network routers, switches, wireless base station, etc. For this purpose a Type-2 hypervisor is a viable software solution which is easy to deploy and requires no changes in host system. In this paper we present the internal design HTTM -A Type-2 hypervisor for MIPS64 based systems and demonstrate its functional correctness by using Linux Testing Project (LTP) tests. Finally, we performed LMbench tests for performance evaluation.

Engineering Trade-off Considerations Regarding Design-for-Security, Design-for-Verification, and Design-for-Test

NASA Technical Reports Server (NTRS)

Berg, Melanie; Label, Kenneth

2018-01-01

The United States government has identified that application specific integrated circuit (ASIC) and field programmable gate array (FPGA) hardware are at risk from a variety of adversary attacks. This finding affects system security and trust. Consequently, processes are being developed for system mitigation and countermeasure application. The scope of this tutorial pertains to potential vulnerabilities and countermeasures within the ASIC/FPGA design cycle. The presentation demonstrates how design practices can affect the risk for the adversary to: change circuitry, steal intellectual property, and listen to data operations. An important portion of the design cycle is assuring the design is working as specified or as expected. This is accomplished by exhaustive testing of the target design. Alternatively, it has been shown that well established schemes for test coverage enhancement (design-for-verification (DFV) and design-for-test (DFT)) can create conduits for adversary accessibility. As a result, it is essential to perform a trade between robust test coverage versus reliable design implementation. The goal of this tutorial is to explain the evolution of design practices; review adversary accessibility points due to DFV and DFT circuitry insertion (back door circuitry); and to describe common engineering trade-off considerations for test versus adversary threats.

Orion EM-1 Crew Module Structural Test Article Move to Birdcage

NASA Image and Video Library

2016-11-16

Inside the Neil Armstrong Operations and Checkout Building at NASA’s Kennedy Space Center in Florida, the Orion crew module structural test article (STA) is secured on a test tool called the birdcage. The STA arrived aboard NASA's Super Guppy aircraft at the Shuttle Landing Facility operated by Space Florida. The test article will undergo further testing in the high bay. The Orion spacecraft will launch atop NASA’s Space Launch System rocket on EM-1, its first deep space mission, in late 2018.

Printable, scannable biometric templates for secure documents and materials

NASA Astrophysics Data System (ADS)

Cambier, James L.; Musgrave, Clyde

2000-04-01

Biometric technology has been widely acknowledged as an effective means for enhancing private and public security through applications in physical access control, computer and computer network access control, medical records protection, banking security, public identification programs, and others. Nearly all of these applications involve use of a biometric token to control access to a physical entity or private information. There are also unique benefits to be derived from attaching a biometric template to a physical entity such as a document, package, laboratory sample, etc. Such an association allows fast, reliable, and highly accurate association of an individual person's identity to the physical entity, and can be used to enhance security, convenience, and privacy in many types of transactions. Examples include authentication of documents, tracking of laboratory samples in a testing environment, monitoring the movement of physical evidence within the criminal justice system, and authenticating the identity of both sending and receiving parties in shipment of high value parcels. A system is described which combines a biometric technology based on iris recognition with a printing and scanning technology for high-density bar codes.

76 FR 43993 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-22

...; System of Records AGENCY: National Security Agency/Central Security Service, Department of Defense. ACTION: Notice to Delete a System of Records. SUMMARY: The National Security Agency/Central Security.... FOR FURTHER INFORMATION CONTACT: Ms. Anne Hill, National Security Agency/Central Security Service...

31 CFR 306.23 - Securities eligible to be held in the TREASURY DIRECT Book-entry Securities System.

Code of Federal Regulations, 2010 CFR

2010-07-01

... TREASURY DIRECT Book-entry Securities System. 306.23 Section 306.23 Money and Finance: Treasury Regulations... Securities eligible to be held in the TREASURY DIRECT Book-entry Securities System. (a) Eligible issues. The... conversion to the TREASURY DIRECT Book-entry Securities System. The notice shall specify the period during...

Air Force IT System Security Compliance with Law and Policy

DTIC Science & Technology

2016-04-01

production /1/saf_cio_a6/publication/afpd33-2/afpd33-2.pdf 21 AFI33-210, Air Force Certification and Accreditation Program (AFCAP), October 2014: http...cyber systems for support and operation. Today’s system certification and compliancy tracking methods are very costly, time intensive, unrealistic...and often lag behind operational and test requirements. However, with changes to policy and implementation requirements, the IT system certification

New MagViz Airport Liquid Analysis System Undergoes Testing

DOE Office of Scientific and Technical Information (OSTI.GOV)

None

2008-12-18

LOS ALAMOS, New Mexico, December 16, 2008—An innovative application of a technology first used for medical imaging may enhance airport security if Los Alamos National Laboratory scientists are successful. Los Alamos technologists have adapted Magnetic Res

[Statistical validity of the Mexican Food Security Scale and the Latin American and Caribbean Food Security Scale].

PubMed

Villagómez-Ornelas, Paloma; Hernández-López, Pedro; Carrasco-Enríquez, Brenda; Barrios-Sánchez, Karina; Pérez-Escamilla, Rafael; Melgar-Quiñónez, Hugo

2014-01-01

This article validates the statistical consistency of two food security scales: the Mexican Food Security Scale (EMSA) and the Latin American and Caribbean Food Security Scale (ELCSA). Validity tests were conducted in order to verify that both scales were consistent instruments, conformed by independent, properly calibrated and adequately sorted items, arranged in a continuum of severity. The following tests were developed: sorting of items; Cronbach's alpha analysis; parallelism of prevalence curves; Rasch models; sensitivity analysis through mean differences' hypothesis test. The tests showed that both scales meet the required attributes and are robust statistical instruments for food security measurement. This is relevant given that the lack of access to food indicator, included in multidimensional poverty measurement in Mexico, is calculated with EMSA.

49 CFR 1546.409 - Integrity of screener tests.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 49 Transportation 9 2014-10-01 2014-10-01 false Integrity of screener tests. 1546.409 Section 1546.409 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY FOREIGN AIR CARRIER SECURITY Screener Qualifications When the Foreign Air...

Orion EM-1 Crew Module Structural Test Article loaded onto Guppy

NASA Image and Video Library

2017-04-25

A view from inside NASA's Super Guppy aircraft at the Shuttle Landing Facility at NASA's Kennedy Space Center in Florida, as the Orion Exploration Mission-1 (EM-1) structural test article, secured inside its transport container, is loaded into the aircraft. The test article will be transported to Lockheed Martin's Denver facility for testing. The Orion spacecraft will launch atop NASA’s Space Launch System rocket on EM-1, its first deep space mission.

Multimodal biometric approach for cancelable face template generation

NASA Astrophysics Data System (ADS)

Paul, Padma Polash; Gavrilova, Marina

2012-06-01

Due to the rapid growth of biometric technology, template protection becomes crucial to secure integrity of the biometric security system and prevent unauthorized access. Cancelable biometrics is emerging as one of the best solutions to secure the biometric identification and verification system. We present a novel technique for robust cancelable template generation algorithm that takes advantage of the multimodal biometric using feature level fusion. Feature level fusion of different facial features is applied to generate the cancelable template. A proposed algorithm based on the multi-fold random projection and fuzzy communication scheme is used for this purpose. In cancelable template generation, one of the main difficulties is keeping interclass variance of the feature. We have found that interclass variations of the features that are lost during multi fold random projection can be recovered using fusion of different feature subsets and projecting in a new feature domain. Applying the multimodal technique in feature level, we enhance the interclass variability hence improving the performance of the system. We have tested the system for classifier fusion for different feature subset and different cancelable template fusion. Experiments have shown that cancelable template improves the performance of the biometric system compared with the original template.

Nonintrusive multibiometrics on a mobile device: a comparison of fusion techniques

NASA Astrophysics Data System (ADS)

Allano, Lorene; Morris, Andrew C.; Sellahewa, Harin; Garcia-Salicetti, Sonia; Koreman, Jacques; Jassim, Sabah; Ly-Van, Bao; Wu, Dalei; Dorizzi, Bernadette

2006-04-01

In this article we test a number of score fusion methods for the purpose of multimodal biometric authentication. These tests were made for the SecurePhone project, whose aim is to develop a prototype mobile communication system enabling biometrically authenticated users to deal legally binding m-contracts during a mobile phone call on a PDA. The three biometrics of voice, face and signature were selected because they are all traditional non-intrusive and easy to use means of authentication which can readily be captured on a PDA. By combining multiple biometrics of relatively low security it may be possible to obtain a combined level of security which is at least as high as that provided by a PIN or handwritten signature, traditionally used for user authentication. As the relative success of different fusion methods depends on the database used and tests made, the database we used was recorded on a suitable PDA (the Qtek2020) and the test protocol was designed to reflect the intended application scenario, which is expected to use short text prompts. Not all of the fusion methods tested are original. They were selected for their suitability for implementation within the constraints imposed by the application. All of the methods tested are based on fusion of the match scores output by each modality. Though computationally simple, the methods tested have shown very promising results. All of the 4 fusion methods tested obtain a significant performance increase.

[Application of classified protection of information security in the information system of air pollution and health impact monitoring].

PubMed

Hao, Shuxin; Lü, Yiran; Liu, Jie; Liu, Yue; Xu, Dongqun

2018-01-01

To study the application of classified protection of information security in the information system of air pollution and health impact monitoring, so as to solve the possible safety risk of the information system. According to the relevant national standards and requirements for the information system security classified protection, and the professional characteristics of the information system, to design and implement the security architecture of information system, also to determine the protection level of information system. Basic security measures for the information system were developed in the technical safety and management safety aspects according to the protection levels, which effectively prevented the security risk of the information system. The information system established relatively complete information security protection measures, to enhanced the security of professional information and system service, and to ensure the safety of air pollution and health impact monitoring project carried out smoothly.

Security Evolution.

ERIC Educational Resources Information Center

De Patta, Joe

2003-01-01

Examines how to evaluate school security, begin making schools safe, secure schools without turning them into fortresses, and secure schools easily and affordably; the evolution of security systems into information technology systems; using schools' high-speed network lines; how one specific security system was developed; pros and cons of the…

A New Color Image Encryption Scheme Using CML and a Fractional-Order Chaotic System

PubMed Central

Wu, Xiangjun; Li, Yang; Kurths, Jürgen

2015-01-01

The chaos-based image cryptosystems have been widely investigated in recent years to provide real-time encryption and transmission. In this paper, a novel color image encryption algorithm by using coupled-map lattices (CML) and a fractional-order chaotic system is proposed to enhance the security and robustness of the encryption algorithms with a permutation-diffusion structure. To make the encryption procedure more confusing and complex, an image division-shuffling process is put forward, where the plain-image is first divided into four sub-images, and then the position of the pixels in the whole image is shuffled. In order to generate initial conditions and parameters of two chaotic systems, a 280-bit long external secret key is employed. The key space analysis, various statistical analysis, information entropy analysis, differential analysis and key sensitivity analysis are introduced to test the security of the new image encryption algorithm. The cryptosystem speed is analyzed and tested as well. Experimental results confirm that, in comparison to other image encryption schemes, the new algorithm has higher security and is fast for practical image encryption. Moreover, an extensive tolerance analysis of some common image processing operations such as noise adding, cropping, JPEG compression, rotation, brightening and darkening, has been performed on the proposed image encryption technique. Corresponding results reveal that the proposed image encryption method has good robustness against some image processing operations and geometric attacks. PMID:25826602

KSC-2014-4854

NASA Image and Video Library

2014-12-18

CAPE CANAVERAL, Fla. -- NASA's Orion spacecraft arrives at the Launch Abort System Facility at Kennedy Space Center in Florida. The spacecraft was transported 2,700 miles overland from Naval Base San Diego in California, on a flatbed truck secured in its crew module transportation fixture for the trip. During its first flight test, Orion completed a two-orbit, four-and-a-half hour mission Dec. 5 to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program led the recovery, offload and transportation efforts. For more information, visit www.nasa.gov/orion. Photo credit: NASA/Kim Shiflett

KSC-2014-4856

NASA Image and Video Library

2014-12-18

CAPE CANAVERAL, Fla. -- NASA's Orion spacecraft arrives inside the Launch Abort System Facility at Kennedy Space Center in Florida. The spacecraft was transported 2,700 miles overland from Naval Base San Diego in California, on a flatbed truck secured in its crew module transportation fixture for the trip. During its first flight test, Orion completed a two-orbit, four-and-a-half hour mission Dec. 5 to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program led the recovery, offload and transportation efforts. For more information, visit www.nasa.gov/orion. Photo credit: NASA/Kim Shiflett

KSC-2014-4855

NASA Image and Video Library

2014-12-18

CAPE CANAVERAL, Fla. -- NASA's Orion spacecraft arrives at the Launch Abort System Facility at Kennedy Space Center in Florida. The spacecraft was transported 2,700 miles overland from Naval Base San Diego in California, on a flatbed truck secured in its crew module transportation fixture for the trip. During its first flight test, Orion completed a two-orbit, four-and-a-half hour mission Dec. 5 to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program led the recovery, offload and transportation efforts. For more information, visit www.nasa.gov/orion. Photo credit: NASA/Kim Shiflett

Template protection and its implementation in 3D face recognition systems

NASA Astrophysics Data System (ADS)

Zhou, Xuebing

2007-04-01

As biometric recognition systems are widely applied in various application areas, security and privacy risks have recently attracted the attention of the biometric community. Template protection techniques prevent stored reference data from revealing private biometric information and enhance the security of biometrics systems against attacks such as identity theft and cross matching. This paper concentrates on a template protection algorithm that merges methods from cryptography, error correction coding and biometrics. The key component of the algorithm is to convert biometric templates into binary vectors. It is shown that the binary vectors should be robust, uniformly distributed, statistically independent and collision-free so that authentication performance can be optimized and information leakage can be avoided. Depending on statistical character of the biometric template, different approaches for transforming biometric templates into compact binary vectors are presented. The proposed methods are integrated into a 3D face recognition system and tested on the 3D facial images of the FRGC database. It is shown that the resulting binary vectors provide an authentication performance that is similar to the original 3D face templates. A high security level is achieved with reasonable false acceptance and false rejection rates of the system, based on an efficient statistical analysis. The algorithm estimates the statistical character of biometric templates from a number of biometric samples in the enrollment database. For the FRGC 3D face database, the small distinction of robustness and discriminative power between the classification results under the assumption of uniquely distributed templates and the ones under the assumption of Gaussian distributed templates is shown in our tests.

Department of the Air Force Supporting Data for Fiscal Year 1993 Budget Estimates Submitted to Congress January 1992 Descriptive Summaries. Research, Development, Test and Evaluation

DTIC Science & Technology

1992-01-01

Spacecraft Technology 0503401F 450 35 Space Systems Environmental Interactions Technology 060341 OF 468 36 Space Subsystems Technology 0603428F 472 37...Space Systems Environmental Interactions Technology 35 468 0603402F Space Test Program (STP) 191 462 030591OF SPACETRACK 85 195 0604233F Specialized...is in the mid- 1990’s. Combat force commanders and units (equipped with EMP-hardened, secure radio equipment) interact with nearby relay nodes for

Systems Security Engineering

DTIC Science & Technology

2010-08-22

practice for information security management ( ISO /IEC 27002 ),” “Information technology — Security techniques — Information security management...systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security techniques — Information security risk management ( ISO /IEC 27005).” from...associated practice aids. Perhaps the most germane discovery from this effort was a draft ISO standard on Systems and software engineering, Systems and

75 FR 56079 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-15

... to the National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act...; System of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to amend a system of records. SUMMARY: The National Security Agency/Central Security Service is proposing to...

Security Engineering Project

DTIC Science & Technology

2015-01-31

from a wireless joystick console broadcasting at 2.4 GHz. Figure 6. GTRI Airborne Unmanned Sensor System As shown in Figure 7 the autopilot has a...generating wind turbines , and video reconnaissance systems on unmanned aerial vehicles (UAVs). The most basic decision problem in designing a...chosen test UAV case was the GTRI Aerial Unmanned Sensor System (GAUSS) aircraft. The GAUSS platform is a small research UAV with a widely used

Computer Security Systems Enable Access.

ERIC Educational Resources Information Center

Riggen, Gary

1989-01-01

A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

Non-invasive, non-radiological quantification of anteroposterior knee joint ligamentous laxity

PubMed Central

Russell, D. F.; Deakin, A. H.; Fogg, Q. A.; Picard, F.

2013-01-01

Objectives We performed in vitro validation of a non-invasive skin-mounted system that could allow quantification of anteroposterior (AP) laxity in the outpatient setting. Methods A total of 12 cadaveric lower limbs were tested with a commercial image-free navigation system using trackers secured by bone screws. We then tested a non-invasive fabric-strap system. The lower limb was secured at 10° intervals from 0° to 60° of knee flexion and 100 N of force was applied perpendicular to the tibia. Acceptable coefficient of repeatability (CR) and limits of agreement (LOA) of 3 mm were set based on diagnostic criteria for anterior cruciate ligament (ACL) insufficiency. Results Reliability and precision within the individual invasive and non-invasive systems was acceptable throughout the range of flexion tested (intra-class correlation coefficient 0.88, CR 1.6 mm). Agreement between the two systems was acceptable measuring AP laxity between full extension and 40° knee flexion (LOA 2.9 mm). Beyond 40° of flexion, agreement between the systems was unacceptable (LOA > 3 mm). Conclusions These results indicate that from full knee extension to 40° flexion, non-invasive navigation-based quantification of AP tibial translation is as accurate as the standard validated commercial system, particularly in the clinically and functionally important range of 20° to 30° knee flexion. This could be useful in diagnosis and post-operative evaluation of ACL pathology. Cite this article: Bone Joint Res 2013;2:233–7. PMID:24184443

Energy System Integration Facility Secure Data Center | Energy Systems

Science.gov Websites

Integration Facility | NREL Energy System Integration Facility Secure Data Center Energy System Integration Facility Secure Data Center The Energy Systems Integration Facility's Secure Data Center provides

Protocol vulnerability detection based on network traffic analysis and binary reverse engineering.

PubMed

Wen, Shameng; Meng, Qingkun; Feng, Chao; Tang, Chaojing

2017-01-01

Network protocol vulnerability detection plays an important role in many domains, including protocol security analysis, application security, and network intrusion detection. In this study, by analyzing the general fuzzing method of network protocols, we propose a novel approach that combines network traffic analysis with the binary reverse engineering method. For network traffic analysis, the block-based protocol description language is introduced to construct test scripts, while the binary reverse engineering method employs the genetic algorithm with a fitness function designed to focus on code coverage. This combination leads to a substantial improvement in fuzz testing for network protocols. We build a prototype system and use it to test several real-world network protocol implementations. The experimental results show that the proposed approach detects vulnerabilities more efficiently and effectively than general fuzzing methods such as SPIKE.

KSC-2014-4816

NASA Image and Video Library

2014-12-10

SAN DIEGO, Calif. -- The Orion crew module has been secured in the crew module transportation fixture at the Mole Pier at Naval Base San Diego in California. The fixture has been secured on the back of a flatbed truck and the cover has been lowered over the spacecraft. Orion is being prepared for the overland trip back to NASA's Kennedy Space Center in Florida. Orion was recovered from the Pacific Ocean after completing a two-orbit, four-and-a-half hour mission Dec. 5 to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. NASA, the U.S. Navy and Lockheed Martin coordinated efforts to recover Orion. The Ground Systems Development and Operations Program led the recovery, offload and pre-transportation efforts. For more information, visit www.nasa.gov/orion Photo credit: NASA/Cory Huston

KSC-2014-4815

NASA Image and Video Library

2014-12-10

SAN DIEGO, Calif. -- The Orion crew module has been lowered and secured in the crew module transportation fixture at the Mole Pier at Naval Base San Diego in California. The fixture has been secured on the back of a flatbed truck and the cover is being lowered over the spacecraft. Orion is being prepared for the overland trip back to NASA's Kennedy Space Center in Florida. Orion was recovered from the Pacific Ocean after completing a two-orbit, four-and-a-half hour mission Dec. 5 to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. NASA, the U.S. Navy and Lockheed Martin coordinated efforts to recover Orion. The Ground Systems Development and Operations Program led the recovery, offload and pre-transportation efforts. For more information, visit www.nasa.gov/orion Photo credit: NASA/Cory Huston

Network Randomization and Dynamic Defense for Critical Infrastructure Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chavez, Adrian R.; Martin, Mitchell Tyler; Hamlet, Jason

2015-04-01

Critical Infrastructure control systems continue to foster predictable communication paths, static configurations, and unpatched systems that allow easy access to our nation's most critical assets. This makes them attractive targets for cyber intrusion. We seek to address these attack vectors by automatically randomizing network settings, randomizing applications on the end devices themselves, and dynamically defending these systems against active attacks. Applying these protective measures will convert control systems into moving targets that proactively defend themselves against attack. Sandia National Laboratories has led this effort by gathering operational and technical requirements from Tennessee Valley Authority (TVA) and performing research and developmentmore » to create a proof-of-concept solution. Our proof-of-concept has been tested in a laboratory environment with over 300 nodes. The vision of this project is to enhance control system security by converting existing control systems into moving targets and building these security measures into future systems while meeting the unique constraints that control systems face.« less

A Modest Proposal: For Preventing Space Operations from Being a Burden to the Navy, and for Making the Space Cadre Beneficial to the Community

DTIC Science & Technology

2007-09-01

the panorama of overall DoD outlays must take precedence over service-specific programs and turf battles. In the National Security Space “big...reaction control systems, thermal control systems, satellite integration and test, launch vehicle integration, and satellite-to- boost-stage

DOE Office of Scientific and Technical Information (OSTI.GOV)

None, None

To meet the U.S. Navy's energy goals, the National Renewable Energy Laboratory (NREL) and the Naval Facilities Engineering Command (NAVFAC) spent two years collaborating on demonstrations that tested market-ready energy efficiency measures, renewable energy generation, and energy systems integration. One such technology - an energy management system - was identified as a promising method for reducing energy use and costs, and can contribute to increasing energy security.

77 FR 56628 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-13

... to the National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act...; System of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to add a system of records. SUMMARY: The National Security Agency/Central Security Service proposes to add a new...

78 FR 45913 - Privacy Act of 1974; Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-30

... National Security Agency/Central Security Service systems of records subject to the Privacy Act of 1974 (5... National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act Office, 9800...; Systems of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to alter...

77 FR 26259 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-03

.... SUPPLEMENTARY INFORMATION: The National Security Agency systems of records notice subject to the Privacy Act of... of Records AGENCY: National Security Agency/Central Security Service. ACTION: Notice to Delete a System of Records. SUMMARY: The National Security Agency/Central Security Service is deleting a system of...

75 FR 67697 - Privacy Act of 1974; Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-03

... National Security Agency's record system notices for records systems subject to the Privacy Act of 1974 (5... National Security Agency/Central Security Service, Freedom of Information Act (FOIA)/Privacy Act Office...; Systems of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to add a...

75 FR 43494 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-26

... National Security Agency's record system notices for records systems subject to the Privacy Act of 1974 (5... National Security Agency/Central Security Service, Freedom of Information Act and Privacy Act Office, 9800...; System of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to...

8 CFR 103.34 - Security of records systems.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 8 Aliens and Nationality 1 2010-01-01 2010-01-01 false Security of records systems. 103.34 Section 103.34 Aliens and Nationality DEPARTMENT OF HOMELAND SECURITY IMMIGRATION REGULATIONS POWERS AND DUTIES; AVAILABILITY OF RECORDS § 103.34 Security of records systems. The security of records systems...

Second Line of Defense, Megaports Initiative, Operational Testing and Evaluation Plan, Port of Lazaro Cardenas, Mexico

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hughes, Jamie D.

2012-05-30

The purpose of the Operational Testing and Evaluation (OT&E) phases of the project is to prepare for turnover of the Megaports System supplied by U.S. Department of Energy/National Nuclear Security Administration (DOE/NNSA)—located at the Export Lanes of the Port of Lazaro Cardenas, Mexico—to the Government of Mexico (GOM).

Operational Assessment of Color Vision

DTIC Science & Technology

2016-06-20

evaluated in this study. 15. SUBJECT TERMS Color vision, aviation, cone contrast test, Colour Assessment & Diagnosis , color Dx, OBVA 16. SECURITY...symbologies are frequently used to aid or direct critical activities such as aircraft landing approaches or railroad right-of-way designations...computer-generated display systems have facilitated the development of computer-based, automated tests of color vision [14,15]. The United Kingdom’s

Multisensor system for the protection of critical infrastructure of a seaport

NASA Astrophysics Data System (ADS)

Kastek, Mariusz; Dulski, Rafał; Zyczkowski, Marek; Szustakowski, Mieczysław; Trzaskawka, Piotr; Ciurapinski, Wiesław; Grelowska, Grazyna; Gloza, Ignacy; Milewski, Stanislaw; Listewnik, Karol

2012-06-01

There are many separated infrastructural objects within a harbor area that may be considered "critical", such as gas and oil terminals or anchored naval vessels. Those objects require special protection, including security systems capable of monitoring both surface and underwater areas, because an intrusion into the protected area may be attempted using small surface vehicles (boats, kayaks, rafts, floating devices with weapons and explosives) as well as underwater ones (manned or unmanned submarines, scuba divers). The paper will present the concept of multisensor security system for a harbor protection, capable of complex monitoring of selected critical objects within the protected area. The proposed system consists of a command centre and several different sensors deployed in key areas, providing effective protection from land and sea, with special attention focused on the monitoring of underwater zone. The initial project of such systems will be presented, its configuration and initial tests of the selected components. The protection of surface area is based on medium-range radar and LLTV and infrared cameras. Underwater zone will be monitored by a sonar and acoustic and magnetic barriers, connected into an integrated monitoring system. Theoretical analyses concerning the detection of fast, small surface objects (such as RIB boats) by a camera system and real test results in various weather conditions will also be presented.

A Review of State Test Security Laws in 2013. ACT Research Report Series, 2014 (1)

ERIC Educational Resources Information Center

Croft, Michelle

2014-01-01

Test security has increased in importance in the last few years given high-profile cases of educator misconduct. This paper provides a review of state test security statutes and regulations related to statewide achievement testing using as a framework recent best practices reports by the U.S. Department of Education's National Center for Education…

Sentinel 2 MMFU: The first European Mass Memory System Based on NAND-Flash Storage Technology

NASA Astrophysics Data System (ADS)

Staehle, M.; Cassel, M.; Lonsdorfer, U.; Gliem, F.; Walter, D.; Fichna, T.

2011-08-01

Sentinel-2 is the multispectral optical mission of the EU-ESA GMES (Global Monitoring for Environment and Security) program, currently under development by Astrium-GmbH in Friedrichshafen (Germany) for a launch in 2013. The mission features a 490 Mbit/s optical sensor operating at high duty cycles, requiring in turn a large 2.4 Tbit on-board storage capacity.The required storage capacity motivated the selection of the NAND-Flash technology which was already secured by a lengthy period (2004-2009) of detailed testing, analysis and qualification by Astrium GmbH, IDA and ESTEC. The mass memory system is currently being realized by Astrium GmbH.

Security, protection, and control of power systems with large-scale wind power penetration

NASA Astrophysics Data System (ADS)

Acharya, Naresh

As the number of wind generation facilities in the utility system is fast increasing, many issues associated with their integration into the power system are beginning to emerge. Of the various issues, this dissertation deals with the development of new concepts and computational methods to handle the transmission issues and voltage issues caused by large-scale integration of wind turbines. This dissertation also formulates a probabilistic framework for the steady-state security assessment of wind power incorporating the forecast uncertainty and correlation. Transmission issues are mainly related to the overloading of transmission lines, when all the wind power generated cannot be delivered in full due to prior outage conditions. To deal with this problem, a method to curtail the wind turbine outputs through Energy Management System facilities in the on-line operational environment is proposed. The proposed method, which is based on linear optimization, sends the calculated control signals via the Supervisory Control and Data Acquisition system to wind farm controllers. The necessary ramping of the wind farm outputs is implemented either by the appropriate blade pitch angle control at the turbine level or by switching a certain number of turbines. The curtailment strategy is tested with an equivalent system model of MidAmerican Energy Company. The results show that the line overload in high wind areas can be alleviated by controlling the outputs of the wind farms step-by-step over an allowable period of time. A low voltage event during a system fault can cause a large number of wind turbines to trip, depending on voltages at the wind turbine terminals during the fault and the under-voltage protection setting of wind turbines. As a result, an N-1 contingency may evolve into an N-(K+1) contingency, where K is the number of wind farms tripped due to low voltage conditions. Losing a large amount of wind power following a line contingency might lead to system instabilities. It is important for the system operator to be aware of such limiting events during system operation and be prepared to take proper control actions. This can be achieved by incorporating the wind farm tripping status for each contingency as part of the static security assessment. A methodology to calculate voltages at the wind farm buses during a worst case line fault is proposed, which, along with the protection settings of wind turbines, can be used to determine the tripping of wind farms. The proposed algorithm is implemented in MATLAB and tested with MidAmerican Energy reduced network. The result shows that a large amount of wind capacity can be tripped due to a fault in the lines. Therefore, the technique will find its application in the static security assessment where each line fault can be associated with the tripping of wind farms as determined from the proposed method. A probabilistic framework to handle the uncertainty in day-ahead forecast error in order to correctly assess the steady-state security of the power system is presented. Stochastic simulations are conducted by means of Latin hypercube sampling along with the consideration of correlations. The correlation is calculated from the historical distribution of wind power forecast errors. The results from the deterministic simulation based on point forecast and the stochastic simulation show that security assessment based solely on deterministic simulations can lead to incorrect assessment of system security. With stochastic simulations, each outcome can be assigned a probability and the decision regarding control actions can be made based on the associated probability.

New MagViz Airport Liquid Analysis System Undergoes Testing

ScienceCinema

None

2017-12-09

LOS ALAMOS, New Mexico, December 16, 2008—An innovative application of a technology first used for medical imaging may enhance airport security if Los Alamos National Laboratory scientists are successful. Los Alamos technologists have adapted Magnetic Res

An alternative to sneakernet

DOE Office of Scientific and Technical Information (OSTI.GOV)

Orrell, S.; Ralstin, S.

1992-04-01

Many computer security plans specify that only a small percentage of the data processed will be classified. Thus, the bulk of the data on secure systems must be unclassified. Secure limited access sites operating approved classified computing systems sometimes also have a system ostensibly containing only unclassified files but operating within the secure environment. That system could be networked or otherwise connected to a classified system(s) in order that both be able to use common resources for file storage or computing power. Such a system must operate under the same rules as the secure classified systems. It is in themore » nature of unclassified files that they either came from, or will eventually migrate to, a non-secure system. Today, unclassified files are exported from systems within the secure environment typically by loading transport media and carrying them to an open system. Import of unclassified files is handled similarly. This media transport process, sometimes referred to as sneaker net, often is manually logged and controlled only by administrative procedures. A comprehensive system for secure bi-directional transfer of unclassified files between secure and open environments has yet to be developed. Any such secure file transport system should be required to meet several stringent criteria. It is the purpose of this document to begin a definition of these criteria.« less

An alternative to sneakernet

DOE Office of Scientific and Technical Information (OSTI.GOV)

Orrell, S.; Ralstin, S.

1992-01-01

Many computer security plans specify that only a small percentage of the data processed will be classified. Thus, the bulk of the data on secure systems must be unclassified. Secure limited access sites operating approved classified computing systems sometimes also have a system ostensibly containing only unclassified files but operating within the secure environment. That system could be networked or otherwise connected to a classified system(s) in order that both be able to use common resources for file storage or computing power. Such a system must operate under the same rules as the secure classified systems. It is in themore » nature of unclassified files that they either came from, or will eventually migrate to, a non-secure system. Today, unclassified files are exported from systems within the secure environment typically by loading transport media and carrying them to an open system. Import of unclassified files is handled similarly. This media transport process, sometimes referred to as sneaker net, often is manually logged and controlled only by administrative procedures. A comprehensive system for secure bi-directional transfer of unclassified files between secure and open environments has yet to be developed. Any such secure file transport system should be required to meet several stringent criteria. It is the purpose of this document to begin a definition of these criteria.« less

Security in Intelligent Transport Systems for Smart Cities: From Theory to Practice

PubMed Central

Javed, Muhammad Awais; Ben Hamida, Elyes; Znaidi, Wassim

2016-01-01

Connecting vehicles securely and reliably is pivotal to the implementation of next generation ITS applications of smart cities. With continuously growing security threats, vehicles could be exposed to a number of service attacks that could put their safety at stake. To address this concern, both US and European ITS standards have selected Elliptic Curve Cryptography (ECC) algorithms to secure vehicular communications. However, there is still a lack of benchmarking studies on existing security standards in real-world settings. In this paper, we first analyze the security architecture of the ETSI ITS standard. We then implement the ECC based digital signature and encryption procedures using an experimental test-bed and conduct an extensive benchmark study to assess their performance which depends on factors such as payload size, processor speed and security levels. Using network simulation models, we further evaluate the impact of standard compliant security procedures in dense and realistic smart cities scenarios. Obtained results suggest that existing security solutions directly impact the achieved quality of service (QoS) and safety awareness of vehicular applications, in terms of increased packet inter-arrival delays, packet and cryptographic losses, and reduced safety awareness in safety applications. Finally, we summarize the insights gained from the simulation results and discuss open research challenges for efficient working of security in ITS applications of smart cities. PMID:27314358

Continuous Security and Configuration Monitoring of HPC Clusters

DOE Office of Scientific and Technical Information (OSTI.GOV)

Garcia-Lomeli, H. D.; Bertsch, A. D.; Fox, D. M.

Continuous security and configuration monitoring of information systems has been a time consuming and laborious task for system administrators at the High Performance Computing (HPC) center. Prior to this project, system administrators had to manually check the settings of thousands of nodes, which required a significant number of hours rendering the old process ineffective and inefficient. This paper explains the application of Splunk Enterprise, a software agent, and a reporting tool in the development of a user application interface to track and report on critical system updates and security compliance status of HPC Clusters. In conjunction with other configuration managementmore » systems, the reporting tool is to provide continuous situational awareness to system administrators of the compliance state of information systems. Our approach consisted of the development, testing, and deployment of an agent to collect any arbitrary information across a massively distributed computing center, and organize that information into a human-readable format. Using Splunk Enterprise, this raw data was then gathered into a central repository and indexed for search, analysis, and correlation. Following acquisition and accumulation, the reporting tool generated and presented actionable information by filtering the data according to command line parameters passed at run time. Preliminary data showed results for over six thousand nodes. Further research and expansion of this tool could lead to the development of a series of agents to gather and report critical system parameters. However, in order to make use of the flexibility and resourcefulness of the reporting tool the agent must conform to specifications set forth in this paper. This project has simplified the way system administrators gather, analyze, and report on the configuration and security state of HPC clusters, maintaining ongoing situational awareness. Rather than querying each cluster independently, compliance checking can be managed from one central location.« less

CS651 Computer Systems Security Foundations 3d Imagination Cyber Security Management Plan

DOE Office of Scientific and Technical Information (OSTI.GOV)

Nielsen, Roy S.

3d Imagination is a new company that bases its business on selling and improving 3d open source related hardware. The devices that they sell include 3d imagers, 3d printers, pick and place machines and laser etchers. They have a fast company intranet for ease in sharing, storing and printing large, complex 3d designs. They have an employee set that requires a variety of operating systems including Windows, Mac and a variety of Linux both for running business services as well as design and test machines. There are a wide variety of private networks for testing transfer rates to and frommore » the 3d devices, without interference with other network tra c. They do video conferencing conferencing with customers and other designers. One of their machines is based on the project found at delta.firepick.org(Krassenstein, 2014; Biggs, 2014), which in future, will perform most of those functions. Their devices all include embedded systems, that may have full blown operating systems. Most of their systems are designed to have swappable parts, so when a new technology is born, it can be quickly adopted by people with 3d Imagination hardware. This company is producing a fair number of systems and components, however to get the funding they need to mass produce quality parts, so they are preparing for an IPO to raise the funds they need. They would like to have a cyber-security audit performed so they can give their investors con dence that they are protecting their data, customers information and printers in a proactive manner.« less

European Service Module Structural Test Article Load onto Guppy for Transport to Denver Colorado

NASA Image and Video Library

2017-06-23

At Kennedy Space Center's Shuttle Landing Facility in Florida, workers move the Orion service module structural test article for Exploration Mission-1 (EM-1), built by the European Space Agency, inside NASA's Super Guppy aircraft. The module is secured inside the aircraft and shipped to Lockheed Martin's Denver facility to undergo testing. The Orion spacecraft will launch atop the agency's Space Launch System rocket on EM-1 in 2019

MISTY PICTURE EVENT, Test Execution Report

DTIC Science & Technology

1987-11-30

testbed at overpressures ranging from 10 psi (83 kPa) to 3.4 psi (23 kPa). A series of experiments were positioned near the Thermal Radiation Sources...to include scheduling, construction, photography, and recording systems. (2) Formulate and direct the safety and security plans for the test series and...ANFO stacked charges multiburst test at Planet Ranch, AZ in 1978, e. MILL RACE (MISTY CASTLE Series I) - 600 ton ANFO surface stacked charge at WSMR in

Information technology security system engineering methodology

NASA Technical Reports Server (NTRS)

Childs, D.

2003-01-01

A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.

6 CFR 5.31 - Security of systems of records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Security of systems of records. 5.31 Section 5.31 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY DISCLOSURE OF RECORDS AND INFORMATION Privacy Act § 5.31 Security of systems of records. (a) In general. Each component...

Personal health record systems and their security protection.

PubMed

Win, Khin Than; Susilo, Willy; Mu, Yi

2006-08-01

The objective of this study is to analyze the security protection of personal health record systems. To achieve this we have investigated different personal health record systems, their security functions, and security issues. We have noted that current security mechanisms are not adequate and we have proposed some security mechanisms to tackle these problems.

Motion effects in multistatic millimeter-wave imaging systems

NASA Astrophysics Data System (ADS)

Schiessl, Andreas; Ahmed, Sherif Sayed; Schmidt, Lorenz-Peter

2013-10-01

At airport security checkpoints, authorities are demanding improved personnel screening devices for increased security. Active mm-wave imaging systems deliver the high quality images needed for reliable automatic detection of hidden threats. As mm-wave imaging systems assume static scenarios, motion effects caused by movement of persons during the screening procedure can degrade image quality, so very short measurement time is required. Multistatic imaging array designs and fully electronic scanning in combination with digital beamforming offer short measurement time together with high resolution and high image dynamic range, which are critical parameters for imaging systems used for passenger screening. In this paper, operational principles of such systems are explained, and the performance of the imaging systems with respect to motion within the scenarios is demonstrated using mm-wave images of different test objects and standing as well as moving persons. Electronic microwave imaging systems using multistatic sparse arrays are suitable for next generation screening systems, which will support on the move screening of passengers.

28 CFR 700.24 - Security of systems of records.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 28 Judicial Administration 2 2010-07-01 2010-07-01 false Security of systems of records. 700.24... Records Under the Privacy Act of 1974 § 700.24 Security of systems of records. (a) The Office Administrator or Security Officer shall be responsible for issuing regulations governing the security of systems...

Orion EM-1 Crew Module Structural Test Article loaded onto Guppy

NASA Image and Video Library

2017-04-25

The Orion Exploration Mission-1 (EM-1) structural test article, secured inside its transport container, is lifted up by crane from its transport vehicle at the Shuttle Landing Facility at NASA's Kennedy Space Center in Florida. The test article will be loaded into NASA's Super Guppy aircraft, in view at left, and transported to Lockheed Martin's Denver facility for testing. The Orion spacecraft will launch atop NASA’s Space Launch System rocket on EM-1, its first deep space mission.

Video performance for high security applications.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Connell, Jack C.; Norman, Bradley C.

2010-06-01

The complexity of physical protection systems has increased to address modern threats to national security and emerging commercial technologies. A key element of modern physical protection systems is the data presented to the human operator used for rapid determination of the cause of an alarm, whether false (e.g., caused by an animal, debris, etc.) or real (e.g., a human adversary). Alarm assessment, the human validation of a sensor alarm, primarily relies on imaging technologies and video systems. Developing measures of effectiveness (MOE) that drive the design or evaluation of a video system or technology becomes a challenge, given the subjectivitymore » of the application (e.g., alarm assessment). Sandia National Laboratories has conducted empirical analysis using field test data and mathematical models such as binomial distribution and Johnson target transfer functions to develop MOEs for video system technologies. Depending on the technology, the task of the security operator and the distance to the target, the Probability of Assessment (PAs) can be determined as a function of a variety of conditions or assumptions. PAs used as an MOE allows the systems engineer to conduct trade studies, make informed design decisions, or evaluate new higher-risk technologies. This paper outlines general video system design trade-offs, discusses ways video can be used to increase system performance and lists MOEs for video systems used in subjective applications such as alarm assessment.« less

A cross-case comparative analysis of international security forces' impacts on health systems in conflict-affected and fragile states.

PubMed

Bourdeaux, Margaret; Kerry, Vanessa; Haggenmiller, Christian; Nickel, Karlheinz

2015-01-01

Destruction of health systems in fragile and conflict-affected states increases civilian mortality. Despite the size, scope, scale and political influence of international security forces intervening in fragile states, little attention has been paid to array of ways they may impact health systems beyond their effects on short-term humanitarian health aid delivery. Using case studies we published on international security forces' impacts on health systems in Haiti, Kosovo, Afghanistan and Libya, we conducted a comparative analysis that examined three questions: What aspects, or building blocks, of health systems did security forces impact across the cases and what was the nature of these impacts? What forums or mechanisms did international security forces use to interact with health system actors? What policies facilitated or hindered security forces from supporting health systems? We found international security forces impacted health system governance, information systems and indigenous health delivery organizations. Positive impacts included bolstering the authority, transparency and capability of health system leadership. Negative impacts included undermining the impartial nature of indigenous health institutions by using health projects to achieve security objectives. Interactions between security and health actors were primarily ad hoc, often to the detriment of health system support efforts. When international security forces were engaged in health system support activities, the most helpful communication and consultative mechanisms to manage their involvement were ones that could address a wide array of problems, were nimble enough to accommodate rapidly changing circumstances, leveraged the power of personal relationships, and were able to address the tensions that arose between security and health system supporting strategies. Policy barriers to international security organizations participating in health system support included lack of mandate, conflicts between security strategies and health system preservation, and lack of interoperability between security and indigenous health organizations with respect to logistics and sharing information. The cases demonstrate both the opportunities and risks of international security organizations involvement in health sector protection, recovery and reconstruction. We discuss two potential approaches to engaging these organizations in health system support that may increase the chances of realizing these opportunities while mitigating risks.

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2013 CFR

2013-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2013-01-01 2013-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2014 CFR

2014-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2014-01-01 2014-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

Final Report, Next-Generation Mega-Voltage Cargo-Imaging System for Cargo Conainer Inspection, March 2007

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dr. James Clayton, Ph.D., Varian Medical Systems-Security & Inspection Products; Dr. Emma Regentova, Ph.D, University of Nevada Las Vegas; Dr. Evangelos Yfantis, Ph.D., University of Nevada, Las Vegas

The UNLV Research Foundation, as the primary award recipient, teamed with Varian Medical Systems-Security & Inspection Products and the University of Nevada Las Vegas (UNLV) for the purpose of conducting research and engineering related to a "next-generation" mega-voltage imaging (MVCI) system for inspection of cargo in large containers. The procurement and build-out of hardware for the MVCI project has been completed. The K-9 linear accelerator and an optimized X-ray detection system capable of efficiently detecting X-rays emitted from the accelerator after they have passed through the device is under test. The Office of Science financial assistance award has made possiblemore » the development of a system utilizing a technology which will have a profound positive impact on the security of U.S. seaports. The proposed project will ultimately result in critical research and development advances for the "next-generation" Linatron X-ray accelerator technology, thereby providing a safe, reliable and efficient fixed and mobile cargo inspection system, which will very significantly increase the fraction of cargo containers undergoing reliable inspection as the enter U.S. ports. Both NNSA/NA-22 and the Department of Homeland Security's Domestic Nuclear Detection Office are collaborating with UNLV and its team to make this technology available as soon as possible.« less

Implementation of an experimental fault-tolerant memory system

NASA Technical Reports Server (NTRS)

Carter, W. C.; Mccarthy, C. E.

1976-01-01

The experimental fault-tolerant memory system described in this paper has been designed to enable the modular addition of spares, to validate the theoretical fault-secure and self-testing properties of the translator/corrector, to provide a basis for experiments using the new testing and correction processes for recovery, and to determine the practicality of such systems. The hardware design and implementation are described, together with methods of fault insertion. The hardware/software interface, including a restricted single error correction/double error detection (SEC/DED) code, is specified. Procedures are carefully described which, (1) test for specified physical faults, (2) ensure that single error corrections are not miscorrections due to triple faults, and (3) enable recovery from double errors.