Quantcast
Channel: Publications of the Laboratory for Education and Research in Secure Systems Engineering (LERSSE)
Browsing all 95 articles
Browse latest View live

Enterprise Security with EJB™ and CORBA®

This book shows you how to apply enterprise security integration (ESI) to secure your enterprise from end-to-end, using theory, examples, and practical advice. We present material on how to use the...

View Article



Experience Report: Design and Implementation of a Component-Based Protection...

This presentation reflects, from a software engineering perspective, on the experience of designing and implementing protection mechanisms for ASP.NET Web services. The limitations of Microsoft ASP.NET...

View Article

eXtreme Security Engineering: On Employing XP Practices to Achieve “Good...

This paper examines practices of eXtreme Programming (XP) on the subject of their application to the development of security solutions. We introduce eXtreme Security Engineering (XSE), an application...

View Article

eXtreme Security Engineering: On Employing XP Practices to Achieve “Good...

This presentation examines practices of eXtreme Programming (XP) on the subject of their application to the development of security solutions. We introduce eXtreme Security Engineering (XSE), an...

View Article

Flooding and Recycling Authorizations

The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the authorization servers...

View Article


Future Direction of Access Control Models, Architectures, and Technologies

The goal of this panel is to explore future directions in the research and practice of Access Control Models, Architectures, and Technologies (ACMAT). The panelists will offer their (speculative)...

View Article

Handouts: Introduction to Cryptography

Outline: - Probabilistic encryption - Identity-Based Public-Key Cryptography - Fair Coin Flipping Using Public-Key Cryptography - Fair Cryptosystems (Key Escrow) - Zero Knowledge Interactive Proof Systems

View Article

Here’s Your Lego™ Security Kit: How to Give Developers All Protection...

By presenting a protection architecture for ASP.NET Web services, this paper demonstrates the feasibility of creating middleware mechanisms in the form of composable, flexible, and extensible building...

View Article


HIPAA and CPR Architecture

The presentation that describes Health Insurance Portability and Accountability Act (HIPAA) from the perspective of the Computerized Patient Record (CPR) Architecture. Outline: • Main risks in CPR...

View Article


Human Factor in Security Administration: Brainstorming the Research Directions

Although usability has been acknowledged by the security community as one of the design goals back in 1970s, there is dearth of applications of HCI methods to the domain of computer security in general...

View Article

Implementing Multiple Channels over SSL

Multiple-Channel SSL (MC-SSL) is our model and protocol for the security of client-server communication. In contrast to SSL, MC-SSL can securely provide applications with multiple channels, and each of...

View Article

Improving Practical Security Engineering: Overview of the Ongoing Research

Security engineering is about creating viable solutions to real-world security problems-solutions that would address the requirements, be cost-effective, competitive, and yet be subject to the...

View Article

Introduction to Cryptography, Part I: Probabilistic Encryption

Outline: - Why do we need probabilistic encryption? - The idea behind - Optimized algorithm - Drawbacks

View Article


Introduction to Cryptography, Part II

Outline: - Probabilistic encryption -- Average Case Computational Di culty and the Worst Case Di culty - Identity-Based Public-Key Cryptography - Fair Coin Flipping Using Public-Key Cryptography - Fair...

View Article

Issues in the Security Architecture of the Computerized Patient Record...

We discuss issues in CPR enterprise security architecture. The main goal is to provide a security environment where a user will be viewed the same across all enterprise systems, and access control...

View Article


Issues in the Security Architecture of the Computerized Patient Record...

We discuss issues in CPR enterprise security architecture. The main goal is to provide a security environment where a user will be viewed the same across all enterprise systems, and access control...

View Article

Issues in the Security Architecture of the Computerized Patient Record...

We discuss issues in CPR enterprise security architecture. The main goal is to provide a security environment where a user will be viewed the same across all enterprise systems, and access control...

View Article


JAMES: Junk Authorizations for Massive-scale Enterprise Services

The request-response paradigm used for distributed access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the...

View Article

KOZEL: Kernel Organization Zappy Environment for Linux

This report describes application domain, design and usage of Kernel Organization Zappy Environment for Linux (KOZEL, pronounced “kozz’jol”) developed during a term project for Expert Systems cource...

View Article

Mastering Web Services Security

We present material on how to use the architectures and technologies and how to understand the specifications that are available to build a secure Web Services system. Since this technology is rapidly...

View Article
Browsing all 95 articles
Browse latest View live




Latest Images