Usability of Security Administration vs. Usability of End-user Security
Having recently received increasing attention, usable security is implicitly all about the end user who employs a computer system to accomplish security-unrelated business or personal goals. However,...
View ArticleMultiple-Channel Security Model And Its Implementation Over SSL
Multiple-Channel SSL (MC-SSL) is a new model and protocol to secure client-server communication. In contrast to SSL, which provides a single end-to-end secure channel, MCSSL can provide applications...
View ArticleResource Access Decision Service for CORBA-based Distributed Systems
Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent from a particular access control policy and from factors that are...
View ArticleAnalysis of Interdependencies between CITI and other Critical Infrastructures...
* Objectives * Information Requirement for CITI Failure Analysis * Use of Public Domain Failure Reports * Existing Classification Methods * Our Method of Classification and Analysis * Results of our...
View ArticleAssessment of Interdependencies between Communication and Information...
Failure in Communication and Information Technology Infrastructure (CITI) can disrupt the effective functionalities of many of the critical infrastructures. Conversely, failures in other...
View ArticleExtending XP Practices to Support Security Requirements Engineering
This paper proposes a way of extending eXtreme Programming (XP) practices, in particular the original planning game and the coding guidelines, to aid the developers and the customer to engineer...
View ArticleHOT Admin: Human, Organization, and Technology Centred Improvement of the IT...
While cryptography, access control, accountability, and other security technologies have received a great deal of attention, to our knowledge this is the first attempt to address systematically the...
View ArticleMultiple-Channel Security Architecture and Its Implementation over SSL
This paper presents multiple-channel SSL (MC-SSL), an architecture and protocol for protecting client-server communications. In contrast to SSL, which provides a single end-to-end secure channel,...
View ArticleUsable Security: Quo Vadis?
The presentation discusses the current state of HCISec and challanges for future research.
View ArticleTowards Agile Security Assurance
Agile development methods are promising to become the next generation replacing waterfall development. They could eventually replace the plan-driven methodologies not only in pure software solutions in...
View ArticleIdentification of Sources of Failures and Their Propagation in Critical...
Survival in our society relies on continued services from interdependent critical infrastructures. CITI failures are particularly pervasive in their penetration of all infrastructures and can have a...
View ArticleIssues in the Security Architecture of the Computerized Patient Record...
We discuss issues in CPR enterprise security architecture. The main goal is to provide a security environment where a user will be viewed the same across all enterprise systems, and access control...
View ArticleA Security Analysis of the Precise Time Protocol (Short Paper)
This paper reports on a security analysis of the IEEE 1588 standard, a.k.a. Precise Time Protocol (PTP). We show that attackers can use the protocol to (a) incorrectly resynchronize clocks, (b)...
View ArticleA Security Analysis of the Precise Time Protocol
This paper reports on a security analysis of the IEEE 1588 standard, a.k.a. Precise Time Protocol (PTP). We show that attackers can use the protocol to (a) incorrectly resynchronize clocks, (b)...
View ArticleA Security Analysis of the Precise Time Protocol
We present a security analysis of the IEEE 1588 standard, a.k.a. Precise Time Protocol (PTP). We show that attackers can use the protocol to (a) incorrectly resynchronize clocks, (b) illegally...
View ArticleStudying IT Security Professionals: Research Design and Lessons Learned
The HOT Admin Field Study used qualitative methods to study information technology security administrators. Both the nature of the field and the difficulty of gaining access to subjects had...
View ArticleOn the Imbalance of the Security Problem Space and its Expected Consequences
This paper considers the attacker-defender game in the field of computer security as a three-dimensional phenomenon. The decomposition of the problem space into technological, human, and social factors...
View ArticleCooperative Secondary Authorization Recycling
As distributed applications such as Grid and enterprise systems scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are...
View ArticleTowards Understanding IT Security Professionals and Their Tools
We report preliminary results of our ongoing field study of IT professionals who are involved in security management. We interviewed a dozen practitioners from five organizations to understand their...
View Article
