SecurityRatty: IEEE Security and Privacy

PrePrint: Mobile Biometric System-on-Token System for Signing Digital Transactions: Implementation and Performance Evaluation

2010-01-09 15:40:26 by Editor in IEEE Security and Privacy

This paper presents an architecture for biometric systems where the user has full control over his biometric data and allows him to sign digital transactions using biometrics. In order to show the performance of the proposed architecture, it has been implemented and tested on a commercial mobile device: the Nokia N800. The implementation runs a...

Tags: commercial mobile device, transaction, nbis nist software, sign digital transactions, types, legal x509, system, biosecur-id database, architecture

PrePrint: Securing Android-Powered Mobile Devices Using SELinux

2009-11-24 14:47:33 by Editor in IEEE Security and Privacy

...security risks. As a case in point, critical processes in Android run with the highest possible privileges (i.e., root-user). Consequently, whenever a vulnerability is detected in these processes, an attacker may gain full control of the device. This research proposes the use of SELinux (a Linux Security Module) for enforcing tight and...

Tags: android, mobile devices, file system-, system, linux, linux kernel, android environment, core system services, selinux

PrePrint: Model-Based Verification of Security and Non-Functional Behavior using AADL

2009-10-29 14:48:24 by Editor in IEEE Security and Privacy

...information allows changes to the architecture to be reflected in the various analysis models with little effort. We describe how model-based development using the Architecture Analysis and Design Language (AADL) and compatible analysis tools provides the platform for multi-dimensional, multi-fidelity analysis and verification. A special...

Tags: system, system quality attributes, system view, architecture, architecture analysis, system realization, security, single-source architecture model, system designer

PrePrint: Detecting the Theft of Trade Secrets by Insiders: A Summary of MITRE Insider Threat Research

2009-09-25 06:36:05 by Editor in IEEE Security and Privacy

...information makes it a tempting target for individuals willing and able to steal it. One recent survey found that although intellectual property theft accounted for less than 1% of all cyber crimes against businesses, it resulted in over 50% of the total monetary loss. In most cases, the offender was an insider with access to corporate...

Tags: insider, detect insider threats, trade secrets, intellectual property theft, research project, todays corporations stem, project, total monetary loss, mitre

IEEE Security and Privacy - July/August 2009 (Vol. 7, No. 4)

2009-09-25 06:36:05 by Editor in IEEE Security and Privacy

IEEE Security and Privacy

Tags: ieee security, privacy

PrePrint: Designing Host and Network Sensors to Mitigate the Insider Threat

2009-09-25 06:36:04 by Editor in IEEE Security and Privacy

We propose a design for insider threat detection that combines an array of complementary techniques that aims to detect evasive adversaries. We are motivated by real world incidents and our experience with building isolated detectors: such standalone mechanisms are often easily identified and avoided by malefactors. Our work-in-progress combines...

Tags: detectors, remote network detectors, detect evasive adversaries, insider threat detection, real world incidents, real environments, sensors, insider activity, combines

PrePrint: Open Issues in Secure Domain Name System (DNS) Deployment

2009-09-25 06:36:04 by Editor in IEEE Security and Privacy

...security measures. A set of security specifications called DNS Security Extensions (DNSSEC) specification has been proposed by IETF and has been demonstrated to provide the needed protection. However ubiquitous DNSSEC deployment throughout the DNS infrastructure calls for certain critical security operations. There are some unresolved issues...

Tags: dns, dns infrastructure calls, dns security extensions, actual network addresses, addresses, ubiquitous dnssec deployment, critical security operations, operations, issues

PrePrint: Building A System For Insider Security

2009-09-25 06:36:04 by Editor in IEEE Security and Privacy

...security. To investigate the evolution of the insider within an organization, we have used system dynamics to develop a preliminary model of the employee life cycle. In this model, we define and analyze interactions of the employee population with insider security protection strategies. The model was exercised for an example scenario that...

Tags: insider security, insider, effective insider security, insider adversaries, insider protection strategies, strategies, system, model, preliminary model

PrePrint: Protecting DNS from Routing Attacks: A Comparison of Two Alternative Anycast Implementations

2009-09-25 06:36:03 by Editor in IEEE Security and Privacy

DNS is a critical piece of the Internet supporting the majority of Internet applications. Because it is organized in a hierarchy, its correct operation is dependent on the availability of a small number of servers at the upper levels of the hierarchy. These emph{backbone} servers are vulnerable to routing attacks in which adversaries controlling...

Tags: attacks, alternative anycast implementations, internet, internet applications, dns, server address space, emphbackbone servers, servers, correct operation

A Note on Trust-Enhanced Security

2009-05-28 17:37:54 by Editor in IEEE Security and Privacy

...information systems for their basic operation. Clearly, we're seeing a renewed urgency to get a better handle on capturing and reasoning about trust in computing systems and information services. Even Microsoft has adopted the term trustworthy computing as a company initiative in both its internal software development and its commercial...

Tags: trust, internal software development, systems, information systems, company initiative, government activities, term trustworthy, author takes, commercial offerings

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo