Are you the publisher? Claim or contact us about this channel


Embed this content in your HTML

Search

Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog


Channel Description:

Publications of the Laboratory for Education and Research in Secure Systems Engineering (LERSSE) latest documents

older | 1 | 2 | (Page 3)

    0 0

    This presentation examines practices of eXtreme Programming (XP) on the subject of their application to the development of security solutions. We introduce eXtreme Security Engineering (XSE), an application of XP practices to security engineering, and discuss its potential benefits and applicability scope. We argue that XSE could help achieve “good enough security” while avoiding defining a priory what it is.

    0 0

    The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the authorization servers through remote procedure calls. In massive-scale and complex enterprises, PTP authorization architectures result in fragile and sub-efficient solutions. The architectures also fail to exploit virtually free CPU resources and network bandwidth. This paper proposes to leverage publish-subscribe architectures for increasing failure resilience and efficiency by flooding delivery channels with speculatively pre-computed authorizations and recycling them on just-in-time basis.

    0 0

    The goal of this panel is to explore future directions in the research and practice of Access Control Models, Architectures, and Technologies (ACMAT). The panelists will offer their (speculative) opinions on what direction the field of Access Control is evolving to.

    0 0

    Outline: - Probabilistic encryption - Identity-Based Public-Key Cryptography - Fair Coin Flipping Using Public-Key Cryptography - Fair Cryptosystems (Key Escrow) - Zero Knowledge Interactive Proof Systems

    0 0

    By presenting a protection architecture for ASP.NET Web services, this paper demonstrates the feasibility of creating middleware mechanisms in the form of composable, flexible, and extensible building blocks. Like Lego™ constructor parts, such blocks enable the reduction of the effort of constructing, extending, and adjusting the application properties and middleware services in response to requirements or environment changes.

    0 0
  • 04/27/09--11:18: HIPAA and CPR Architecture
  • The presentation that describes Health Insurance Portability and Accountability Act (HIPAA) from the perspective of the Computerized Patient Record (CPR) Architecture. Outline: • Main risks in CPR related to security • HIPAA and its role in CPR risks – Brief overview – Related [proposed] regulations • Projects related to CPR security • What CORBA security covers in HIPAArelated security requirements and what it does not

    0 0

    Although usability has been acknowledged by the security community as one of the design goals back in 1970s, there is dearth of applications of HCI methods to the domain of computer security in general and security administration in particular. This lack of research attention even became a subject of a journal publication. HCI and security researchers are merely starting to build a network of interested people and explore opportunities for collaboration. There was only one published attempt toward addressing usability in security administration of distributed applications. The work was concerned mostly with evaluating the administrative GUI usability by applying some HCI techniques. During this session, I will briefly describe the problem domain of security administration usability and sketch some ideas for research, in the hope of promoting a discussion on the subject and identifying points and directions for future cross-disciplinary collaboration.

    0 0

    Multiple-Channel SSL (MC-SSL) is our model and protocol for the security of client-server communication. In contrast to SSL, MC-SSL can securely provide applications with multiple channels, and each of them can have a specific cipher suite and a various number of application proxies; meanwhile, the channel negotiation and operation in MC-SSL are still based on SSL, which needs a small change in order to support multiple cipher suites. In this paper, we first introduce the multiple-channel model of MC-SSL, and then focus on the design and implementation of multiple channels over SSL, especially multi-hop proxy channels and secondary channels.

    0 0

    Security engineering is about creating viable solutions to real-world security problems-solutions that would address the requirements, be cost-effective, competitive, and yet be subject to the limitations of today security and software technologies. In this talk, I will provide an overview of the ongoing research towards improving the state of security engineering that together with my colleagues I conduct at the University of British Columbia. Specifically, I will focus on the following: * comparative study of the approaches to security mechanisms engineering * policy decision models & architecture(s) for massive scale enterprises * composable policy engines * improving usability of security administration * towards security agile assurance * end-to-end selective data protection with partially-trusted proxies

    0 0

    Outline: - Why do we need probabilistic encryption? - The idea behind - Optimized algorithm - Drawbacks

    0 0

    Outline: - Probabilistic encryption -- Average Case Computational Di culty and the Worst Case Di culty - Identity-Based Public-Key Cryptography - Fair Coin Flipping Using Public-Key Cryptography - Fair Cryptosystems (Key Escrow) - Zero Knowledge Interactive Proof Systems

    0 0

    We discuss issues in CPR enterprise security architecture. The main goal is to provide a security environment where a user will be viewed the same across all enterprise systems, and access control decisions will be consistent across all components of the CPR enterprise.

    0 0

    We discuss issues in CPR enterprise security architecture. The main goal is to provide a security environment where a user will be viewed the same across all enterprise systems, and access control decisions will be consistent across all components of the CPR enterprise.

older | 1 | 2 | (Page 3)