CORBAmed Security White Paper
The issue of security in healthcare has been discussed from a variety of perspectives at many CORBAmed meetings. This report focuses on the practical topic of how CORBAmed RFPs for services can go...
View ArticleCPR Security CORBA-based Security and Intranet Services
Intranet information services based on such technologies as WWW will continue to grow. Not every intranet service is and will be based on CORBA architecture. Some will continue to utilize plain...
View ArticleDesign
Learning objectives: * understand the principles of engineering secure systems. * make effective use of security constructs provided by current technologies. * trade off security against useability...
View ArticleDesign and Implementation of Resource Access Decision Server
Decoupling authorization decision logic enables implementation of complex and consistent access control policies across heterogeneous systems. However, this is difficult, if not impossible to implement...
View ArticleEngineering Access Control for Distributed Enterprise Applications
Access control (AC) is a necessary defense against a large variety of security attacks on the resources of distributed enterprise applications. However, to be effective, AC in some application domains...
View ArticleEngineering Application-level Access Control in Distributed Systems
This chapter discusses issues of engineering access control solutions in distributed applications for enterprise computing environments. It reviews application-level access control available in...
View ArticleEnterprise Security with EJB™ and CORBA®
This book shows you how to apply enterprise security integration (ESI) to secure your enterprise from end-to-end, using theory, examples, and practical advice. We present material on how to use the...
View ArticleExperience Report: Design and Implementation of a Component-Based Protection...
This presentation reflects, from a software engineering perspective, on the experience of designing and implementing protection mechanisms for ASP.NET Web services. The limitations of Microsoft ASP.NET...
View ArticleeXtreme Security Engineering: On Employing XP Practices to Achieve “Good...
This paper examines practices of eXtreme Programming (XP) on the subject of their application to the development of security solutions. We introduce eXtreme Security Engineering (XSE), an application...
View ArticleFlooding and Recycling Authorizations
The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the authorization servers...
View ArticleFuture Direction of Access Control Models, Architectures, and Technologies
The goal of this panel is to explore future directions in the research and practice of Access Control Models, Architectures, and Technologies (ACMAT). The panelists will offer their (speculative)...
View ArticleHandouts: Introduction to Cryptography
Outline: - Probabilistic encryption - Identity-Based Public-Key Cryptography - Fair Coin Flipping Using Public-Key Cryptography - Fair Cryptosystems (Key Escrow) - Zero Knowledge Interactive Proof Systems
View ArticleHere’s Your Lego™ Security Kit: How to Give Developers All Protection...
By presenting a protection architecture for ASP.NET Web services, this paper demonstrates the feasibility of creating middleware mechanisms in the form of composable, flexible, and extensible building...
View ArticleHIPAA and CPR Architecture
The presentation that describes Health Insurance Portability and Accountability Act (HIPAA) from the perspective of the Computerized Patient Record (CPR) Architecture. Outline: • Main risks in CPR...
View ArticleHuman Factor in Security Administration: Brainstorming the Research Directions
Although usability has been acknowledged by the security community as one of the design goals back in 1970s, there is dearth of applications of HCI methods to the domain of computer security in general...
View ArticleImplementing Multiple Channels over SSL
Multiple-Channel SSL (MC-SSL) is our model and protocol for the security of client-server communication. In contrast to SSL, MC-SSL can securely provide applications with multiple channels, and each of...
View ArticleImproving Practical Security Engineering: Overview of the Ongoing Research
Security engineering is about creating viable solutions to real-world security problems-solutions that would address the requirements, be cost-effective, competitive, and yet be subject to the...
View ArticleIntroduction to Cryptography, Part I: Probabilistic Encryption
Outline: - Why do we need probabilistic encryption? - The idea behind - Optimized algorithm - Drawbacks
View ArticleIntroduction to Cryptography, Part II
Outline: - Probabilistic encryption -- Average Case Computational Di culty and the Worst Case Di culty - Identity-Based Public-Key Cryptography - Fair Coin Flipping Using Public-Key Cryptography - Fair...
View ArticleIssues in the Security Architecture of the Computerized Patient Record...
We discuss issues in CPR enterprise security architecture. The main goal is to provide a security environment where a user will be viewed the same across all enterprise systems, and access control...
View Article
