Security Engineering for Large Scale Distributed Applications
The way security mechanisms for large-scale distributed applications are engineered today has a number of serious drawbacks. As a result, secure distributed applications are a) very expensive and...
View ArticleSecurity Requirements in Healthcare
Presentation on requirements in US healthcare organizations to security vendors, given to the joint SecSIG/CORBAmed session. Outline: • Risks • Requirements – Security requirements to the healthcare...
View ArticleSoftware Engineering at ECE
This talk gives a brief overview of the Software Engineering teaching and research at the Department of Electrical and Computer Engineering, the University of British Columbia.
View ArticleSPAPI: A Security and Protection Architecture for Physical Infrastructures...
In recent years, concerns about the safety and security of critical infrastructures have increased enormously. The se infrastructures can easily become subjects of physical and cyber attacks. In this...
View ArticleSupporting Relationships in Access Control Using Role Based Access Control
The Role Based Access Control (RBAC) model and mechanism have proven to be useful and effective. This is clear from the many RBAC implementations in commercial products. However, there are many common...
View ArticleTaxonomy of CPR Enterprise Security Concerns at Baptist Health Systems of...
This document categorizes security concerns of Computerized Patient Record enterprise according to federal and Florida state legal requirements, as well as to the internal security policies of Baptist...
View ArticleToward Usable Security Administration
Administration of protection mechanisms for large networked information enterprises is challenging due to large numbers of application instances resources and users, complex and dynamic business...
View ArticleToward Usable Security Administration
Administration of protection mechanisms for large networked information enterprises is challenging due to large numbers of application instances resources and users, complex and dynamic business...
View ArticleTowards Agile Security Assurance
Agile development methods are promising to become the next generation replacing water-fall development. They could eventually replace the plan-driven methodologies not only in pure software solutions...
View ArticleTowards Agile Security Assurance
Agile development methods are promising to become the next generation replacing water-fall development. They could eventually replace the plan-driven methodologies not only in pure software solutions...
View ArticleTowards Agile Security Assurance
Agile development methods are promising to become the next generation replacing water-fall development. They could eventually replace the plan-driven methodologies not only in pure software solutions...
View ArticleUpcoming OMG HealthCare Resource Access Control Facility
Outline: • CORBA in 5 minutes • CORBA security model • Why HRAC • HRAC concepts • HRAC framework design • Work status
View ArticleUpdate on Security Domain Membership RFP Proposal
Presentation explains structural design proposed by the SDMM proposal, as it was standing on December 2000.
View ArticleUsability of Security Administration vs. Usability of End-user Security
Having recently received increasing attention, usable security is implicitly all about the end user who employs a computer system to accomplish security-unrelated business or personal goals. However,...
View ArticleSecondary and Approximate Authorization Model (SAAM) and its Application to...
The talk defines the secondary and approximate authorization model (SAAM). In SAAM, approximate authorization responses are inferred from cached primary responses, and therefore provide an alternative...
View ArticleResource Access Decision Service for CORBA-based Distributed Systems
Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent from a particular access control policy and from factors that are...
View ArticleAnalysis of Interdependencies between CITI and other Critical Infrastructures...
* Objectives * Information Requirement for CITI Failure Analysis * Use of Public Domain Failure Reports * Existing Classification Methods * Our Method of Classification and Analysis * Results of our...
View ArticleAssessment of Interdependencies between Communication and Information...
Failure in Communication and Information Technology Infrastructure (CITI) can disrupt the effective functionalities of many of the critical infrastructures. Conversely, failures in other...
View ArticleExtending XP Practices to Support Security Requirements Engineering
This paper proposes a way of extending eXtreme Programming (XP) practices, in particular the original planning game and the coding guidelines, to aid the developers and the customer to engineer...
View ArticleHOT Admin: Human, Organization, and Technology Centred Improvement of the IT...
While cryptography, access control, accountability, and other security technologies have received a great deal of attention, to our knowledge this is the first attempt to address systematically the...
View ArticleThe Secondary and Approximate Authorization Model and its Application to...
We introduce the concept, model, and policy-specific algorithms for inferring new access control decisions from previous ones. Our secondary and approximate authorization model (SAAM) defines the...
View ArticleEvaluation of SAAM_BLP
Request response access control systems that use Policy Decision Points have their reliability and latency bounded by network communication. We propose the use of a secondary decision point that...
View ArticleCooperative Secondary Authorization Recycling
As distributed enterprise systems scale up and become increasingly complex their authorization infrastructures are facing new challenges. Conventional request-response authorization architectures...
View ArticleMultiple-Channel Security Architecture and Its Implementation over SSL
This paper presents multiple-channel SSL (MC-SSL), an architecture and protocol for protecting client-server communications. In contrast to SSL, which provides a single end-to-end secure channel,...
View Article