Publications of the Laboratory for Education and Research in Secure Systems Engineering (LERSSE)

Channel: Publications of the Laboratory for Education and Research in Secure Systems Engineering (LERSSE)

Extending XP Practices to Support Security Requirements Engineering

April 27, 2009, 1:01 pm

This paper proposes a way of extending eXtreme Programming (XP) practices, in particular the original planning game and the coding guidelines, to aid the developers and the customer to engineer...

View Article

HOT Admin: Human, Organization, and Technology Centred Improvement of the IT...

April 27, 2009, 1:02 pm

While cryptography, access control, accountability, and other security technologies have received a great deal of attention, to our knowledge this is the first attempt to address systematically the...

View Article

Summary of the HOT Admin Proposal

April 27, 2009, 1:02 pm

View Article

The Secondary and Approximate Authorization Model and its Application to...

April 27, 2009, 1:02 pm

We introduce the concept, model, and policy-specific algorithms for inferring new access control decisions from previous ones. Our secondary and approximate authorization model (SAAM) defines the...

View Article

Evaluation of SAAM_BLP

April 27, 2009, 1:02 pm

Request response access control systems that use Policy Decision Points have their reliability and latency bounded by network communication. We propose the use of a secondary decision point that...

View Article

Cooperative Secondary Authorization Recycling

April 27, 2009, 1:03 pm

As distributed enterprise systems scale up and become increasingly complex their authorization infrastructures are facing new challenges. Conventional request-response authorization architectures...

View Article

Multiple-Channel Security Architecture and Its Implementation over SSL

April 27, 2009, 1:03 pm

This paper presents multiple-channel SSL (MC-SSL), an architecture and protocol for protecting client-server communications. In contrast to SSL, which provides a single end-to-end secure channel,...

View Article

Usable Security: Quo Vadis?

April 27, 2009, 1:03 pm

The presentation discusses the current state of HCISec and challanges for future research.

View Article

Towards Agile Security Assurance

April 27, 2009, 1:03 pm

Agile development methods are promising to become the next generation replacing waterfall development. They could eventually replace the plan-driven methodologies not only in pure software solutions in...

View Article

Identification of Sources of Failures and Their Propagation in Critical...

April 27, 2009, 1:03 pm

Survival in our society relies on continued services from interdependent critical infrastructures. CITI failures are particularly pervasive in their penetration of all infrastructures and can have a...

View Article

Issues in the Security Architecture of the Computerized Patient Record...

April 27, 2009, 1:03 pm

We discuss issues in CPR enterprise security architecture. The main goal is to provide a security environment where a user will be viewed the same across all enterprise systems, and access control...

View Article

The Secondary and Approximate Authorization Model and its Application to...

April 27, 2009, 1:03 pm

The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures, with security enforcement logic obtaining decisions from authorization servers...

View Article

Employing Secondary and Approximate Authorizations to Improve Access Control...

April 27, 2009, 1:03 pm

The request-response paradigm used for developing access control solutions commonly leads to point-to-point (PTP) architectures, with security enforcement logic obtaining decisions from authorization...

View Article

A Security Analysis of the Precise Time Protocol (Short Paper)

April 27, 2009, 1:03 pm

This paper reports on a security analysis of the IEEE 1588 standard, a.k.a. Precise Time Protocol (PTP). We show that attackers can use the protocol to (a) incorrectly resynchronize clocks, (b)...

View Article

A Security Analysis of the Precise Time Protocol

April 27, 2009, 1:03 pm

This paper reports on a security analysis of the IEEE 1588 standard, a.k.a. Precise Time Protocol (PTP). We show that attackers can use the protocol to (a) incorrectly resynchronize clocks, (b)...

View Article

A Security Analysis of the Precise Time Protocol

April 27, 2009, 1:03 pm

We present a security analysis of the IEEE 1588 standard, a.k.a. Precise Time Protocol (PTP). We show that attackers can use the protocol to (a) incorrectly resynchronize clocks, (b) illegally...

View Article

Studying IT Security Professionals: Research Design and Lessons Learned

April 27, 2009, 1:04 pm

The HOT Admin Field Study used qualitative methods to study information technology security administrators. Both the nature of the field and the difficulty of gaining access to subjects had...

View Article

On the Imbalance of the Security Problem Space and its Expected Consequences

April 27, 2009, 1:04 pm

This paper considers the attacker-defender game in the field of computer security as a three-dimensional phenomenon. The decomposition of the problem space into technological, human, and social factors...

View Article

Cooperative Secondary Authorization Recycling

April 27, 2009, 1:04 pm

As distributed applications such as Grid and enterprise systems scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are...

View Article

Support for ANSI RBAC in CORBA

April 27, 2009, 1:04 pm

We describe access control mechanisms of the Common Ob ject Request Broker Architecture (CORBA) and define a configuration of the CORBA protection system in more precise and less ambiguous language...

View Article

More Pages to Explore .....

Latest Images