Serwis Infona wykorzystuje pliki cookies (ciasteczka). Są to wartości tekstowe, zapamiętywane przez przeglądarkę na urządzeniu użytkownika. Nasz serwis ma dostęp do tych wartości oraz wykorzystuje je do zapamiętania danych dotyczących użytkownika, takich jak np. ustawienia (typu widok ekranu, wybór języka interfejsu), zapamiętanie zalogowania. Korzystanie z serwisu Infona oznacza zgodę na zapis informacji i ich wykorzystanie dla celów korzytania z serwisu. Więcej informacji można znaleźć w Polityce prywatności oraz Regulaminie serwisu. Zamknięcie tego okienka potwierdza zapoznanie się z informacją o plikach cookies, akceptację polityki prywatności i regulaminu oraz sposobu wykorzystywania plików cookies w serwisie. Możesz zmienić ustawienia obsługi cookies w swojej przeglądarce.
The paper aims at defining the agent based threat modelling from the viewpoint of security agents. Agent causal to threat creates insecure gateways and paths which lead to vulnerabilities in the system. Any system built on to a vulnerable foundation of a vulnerable language or architecture shall forever remain risk bound. Security agents or “POLICE” agents as we term them come dexterous. The modelling...
Smart cards are an example of advanced chip technology. They allow information transfer between the card holder and the system over secure networks, but they contain sensitive data related to both the card holder and the system, that has to be kept private and confidential. The objective of this work is to create an executable model of a smart card system, including the security protocols and transactions,...
User's behaviors in information systems have different formats in different working modes, they mean users' intention actually. API callings, menu selections or requests are the familiar base elements of software behaviors, and different technologies are required to monitor and understand them. In information systems, it is necessary to insure that users' software behavior is trusted while processing...
Developing large scale software systems has major security challenges. This paper describes the issues involved and then addresses two topics: formal methods for emerging secure systems and secure services modeling.
Controlling and testing a large scale web application is a time consuming and expensive job because of the huge number of pages and their actions. The hierarchical architecture proposed in this paper is a framework which can decreases nested relations between web pages. We can also use different programming methods like object oriented or structured over this model. One of the most important advantages...
Industry, finance, and other business activities are increasingly reliant on computer networks and systems, which demand effective interoperability of systems. But this also demands effective systems security, which poses a major challenge to the socio-technical interactions enabled by interoperable tools. This paper addresses modeling of the linkages between interoperability and security in the model...
This paper proposes using functional programming style in a way to respond to detection of and interaction with the software attacks and vulnerabilities. Additionally, our approach considers involving Description Logics, as a basis for the use of the Semantic Web and meta-programming to produce executable ontologies and to enable semantic reasoning over behavior and interaction with software attacks...
Misuse cases and attack trees have been suggested for security requirements elicitation and threat modeling in software projects. Their use is believed to increase security awareness throughout the software development life cycle. Experiments have identified strengths and weaknesses of both model types. In this paper we present how misuse cases and attack trees can be linked to get a high-level view...
Design-level vulnerabilities are a main source of security risks in software. To improve the reliability of software design, this paper presents a modified threat-driven modeling framework, to determine which threats require mitigation and how to mitigate the threats. To specify the functions and threat mitigations of a security design as a whole, aspect-oriented Stochastic Petri nets are used as...
Software development Is there such a thing anymore as a software system that doesn't need to be secure? We routinely hear vendors claim that their systems are "secure." However, without knowing what assumptions are made by the vendor, it is hard to justify such a claim. Almost every software controlled system faces threats from potential adversaries, from Internet-aware client applications...
As the data warehouse contains the sensitive information, which is used for decision making process, it is necessary to take precautionary measures in the data warehouse building process itself. Current approaches for the conceptual modeling of ETL do not address the security aspects in the conceptual modeling phase. In this paper, we propose a simulation model for secure data extraction in ETL processes...
Fuzz testing is an effective technique for finding security vulnerabilities in software. Traditionally fuzz testing tools use random inputs and watch the resulting values. In this paper, we present a model-based fuzz framework for systematic automated testing of a TCG trusted software stack implementation. This framework is based on blackbox fuzz testing methods, integrated with target profiling,...
To avoid security vulnerabilities, there are many secure software development efforts in the directions of secure software development life cycle processes, security specification languages, and security requirements engineering processes. In this paper, we compare and contrast various secure software development processes based on a number of characteristics that such processes should have. We also...
Threat analysis gives how potential adversaries exploit system weakness to achieve their goals. It identifies threats and defines a risk mitigation policy for a specific architecture, functionality and configuration. In a threat analysis security metrics are a challenging requirement in order to determine the status of network security performance and to further enhance it by minimizing exposure to...
Software security issues have been a major concern to the cyberspace community, so a great deal of research on security testing has been performed, and various security testing techniques have been developed. Most of these techniques, however, have focused on testing software systems after their implementation is completed. To build secure and dependable software systems in a cost-effective way, however,...
The rising need for security in SOA applications requires better support for management of non-functional properties in Web-based business processes. Here, the model-driven approach may provide valuable benefits in terms of maintainability and deployment. Apart from modeling the pure functionality of a process, the consideration of security properties at the level of a process model is a promising...
This paper presents an attack scenario based approach for software security testing at design stage. Attack scenarios are represented as extended activity diagram (EAD) and new unified threat model (NUTM). Security test cases are derived from attack scenarios automatically according to coverage criteria of complex attack path. These test cases are applied to test the security of system. According...
We analyze the specific challenges of inspecting software development documents for security: Most security goals are formulated as negative (i.e. avoidance) goals, and security is a non-local property of the whole system. We suggest a new type of model for security relevant features to address these challenges. Our model, named security goal indicator tree (SGIT), maps negative and non-local goals...
Government departments play an important role in the country's economic development and building, along with the continuous deepening of network application, some important contents such as the government services have gradually started on the Internet. Based on information security model, we designed and implemented a security system of e-government information. And introduced the various components...
The Common Criteria (CC) has been focused on single product that is consisted of one software component. Evaluation modeling of composed product, which is consisted of two or more evaluated or unevaluated component, is needed. In this paper, we survey and classify evaluation criteria for information security system and product in context of CC evaluation scheme. We define 5 types of assurance, and...
Podaj zakres dat dla filtrowania wyświetlonych wyników. Możesz podać datę początkową, końcową lub obie daty. Daty możesz wpisać ręcznie lub wybrać za pomocą kalendarza.