Identification of Sources of Failures and Their Propagation in Critical...
Survival in our society relies on continued services from interdependent critical infrastructures. CITI failures are particularly pervasive in their penetration of all infrastructures and can have a...
View ArticleIssues in the Security Architecture of the Computerized Patient Record...
We discuss issues in CPR enterprise security architecture. The main goal is to provide a security environment where a user will be viewed the same across all enterprise systems, and access control...
View ArticleThe Secondary and Approximate Authorization Model and its Application to...
The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures, with security enforcement logic obtaining decisions from authorization servers...
View ArticleEmploying Secondary and Approximate Authorizations to Improve Access Control...
The request-response paradigm used for developing access control solutions commonly leads to point-to-point (PTP) architectures, with security enforcement logic obtaining decisions from authorization...
View ArticleA Security Analysis of the Precise Time Protocol (Short Paper)
This paper reports on a security analysis of the IEEE 1588 standard, a.k.a. Precise Time Protocol (PTP). We show that attackers can use the protocol to (a) incorrectly resynchronize clocks, (b)...
View ArticleA Security Analysis of the Precise Time Protocol
This paper reports on a security analysis of the IEEE 1588 standard, a.k.a. Precise Time Protocol (PTP). We show that attackers can use the protocol to (a) incorrectly resynchronize clocks, (b)...
View ArticleA Security Analysis of the Precise Time Protocol
We present a security analysis of the IEEE 1588 standard, a.k.a. Precise Time Protocol (PTP). We show that attackers can use the protocol to (a) incorrectly resynchronize clocks, (b) illegally...
View ArticleStudying IT Security Professionals: Research Design and Lessons Learned
The HOT Admin Field Study used qualitative methods to study information technology security administrators. Both the nature of the field and the difficulty of gaining access to subjects had...
View ArticleOn the Imbalance of the Security Problem Space and its Expected Consequences
This paper considers the attacker-defender game in the field of computer security as a three-dimensional phenomenon. The decomposition of the problem space into technological, human, and social factors...
View ArticleCooperative Secondary Authorization Recycling
As distributed applications such as Grid and enterprise systems scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are...
View ArticleSupport for ANSI RBAC in CORBA
We describe access control mechanisms of the Common Ob ject Request Broker Architecture (CORBA) and define a configuration of the CORBA protection system in more precise and less ambiguous language...
View ArticleTowards Understanding IT Security Professionals and Their Tools
We report preliminary results of our ongoing field study of IT professionals who are involved in security management. We interviewed a dozen practitioners from five organizations to understand their...
View ArticleUnderstanding IT Security Administration through a Field Study
The security administration of large organizations is exceptionally challenging due to the increasingly large numbers of application instances, resources, and users; the growing complexity and dynamics...
View ArticleDetecting, Analyzing and Responding to Security Incidents: A Qualitative...
This study develops categories of responses to security incidents, based on a grounded theory analysis of interviews with security practitioners, with a focus on the tasks performed during security...
View ArticleTowards Understanding IT Security Professionals and Their Tools
It is estimated that organizations worldwide will spend around $100 Billion USD on IT Security in 2007. A notable size of this will be spent on tools but little is known how effective IT security...
View ArticleA Study of Security Administration Errors
Security administrators prevent security breaches against their infrastructure by using their tools to implement the security policy. This paper deals with security administration errors that were...
View ArticleProceedings of the Second EECE 512 Mini-Conference on Computer Security
The proceedings of the second mini-conference of the EECE 512 course on Topics in Computer Security include four papers: 1. "Controlling Access to Resources Within The Python Interpreter" by Brett...
View ArticleCooperative Secondary Authorization Recycling
As distributed applications such as Grid and enterprise systems scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are...
View ArticleOn the Imbalance of the Security Problem Space and its Expected Consequences
This paper considers the attacker-defender game in the field of computer security as a three-dimensional phenomenon. The decomposition of the problem space into technological, human, and social factors...
View Article