This presentation examines practices of eXtreme Programming (XP) on the subject of their application to the development of security solutions. We introduce eXtreme Security Engineering (XSE), an application of XP practices to security engineering, and discuss its potential benefits and applicability scope. We argue that XSE could help achieve “good enough security” while avoiding defining a priory what it is.
eXtreme Security Engineering: On Employing XP Practices to Achieve “Good Enough Security” without Defining It
↧
↧
Flooding and Recycling Authorizations
The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the authorization servers through remote procedure calls. In massive-scale and complex enterprises, PTP authorization architectures result in fragile and sub-efficient solutions. The architectures also fail to exploit virtually free CPU resources and network bandwidth. This paper proposes to leverage publish-subscribe architectures for increasing failure resilience and efficiency by flooding delivery channels with speculatively pre-computed authorizations and recycling them on just-in-time basis.
↧
Future Direction of Access Control Models, Architectures, and Technologies
The goal of this panel is to explore future directions in the research and practice of Access Control Models, Architectures, and Technologies (ACMAT). The panelists will offer their (speculative) opinions on what direction the field of Access Control is evolving to.
↧
Handouts: Introduction to Cryptography
Outline: - Probabilistic encryption - Identity-Based Public-Key Cryptography - Fair Coin Flipping Using Public-Key Cryptography - Fair Cryptosystems (Key Escrow) - Zero Knowledge Interactive Proof Systems
↧
Here’s Your Lego™ Security Kit: How to Give Developers All Protection Mechanisms They Will Ever Need
By presenting a protection architecture for ASP.NET Web services, this paper demonstrates the feasibility of creating middleware mechanisms in the form of composable, flexible, and extensible building blocks. Like Lego™ constructor parts, such blocks enable the reduction of the effort of constructing, extending, and adjusting the application properties and middleware services in response to requirements or environment changes.
↧
↧
HIPAA and CPR Architecture
The presentation that describes Health Insurance Portability and Accountability Act (HIPAA) from the perspective of the Computerized Patient Record (CPR) Architecture. Outline: • Main risks in CPR related to security • HIPAA and its role in CPR risks – Brief overview – Related [proposed] regulations • Projects related to CPR security • What CORBA security covers in HIPAArelated security requirements and what it does not
↧
Human Factor in Security Administration: Brainstorming the Research Directions
Although usability has been acknowledged by the security community as one of the design goals back in 1970s, there is dearth of applications of HCI methods to the domain of computer security in general and security administration in particular. This lack of research attention even became a subject of a journal publication. HCI and security researchers are merely starting to build a network of interested people and explore opportunities for collaboration. There was only one published attempt toward addressing usability in security administration of distributed applications. The work was concerned mostly with evaluating the administrative GUI usability by applying some HCI techniques. During this session, I will briefly describe the problem domain of security administration usability and sketch some ideas for research, in the hope of promoting a discussion on the subject and identifying points and directions for future cross-disciplinary collaboration.
↧
Implementing Multiple Channels over SSL
Multiple-Channel SSL (MC-SSL) is our model and protocol for the security of client-server communication. In contrast to SSL, MC-SSL can securely provide applications with multiple channels, and each of them can have a specific cipher suite and a various number of application proxies; meanwhile, the channel negotiation and operation in MC-SSL are still based on SSL, which needs a small change in order to support multiple cipher suites. In this paper, we first introduce the multiple-channel model of MC-SSL, and then focus on the design and implementation of multiple channels over SSL, especially multi-hop proxy channels and secondary channels.
↧
Improving Practical Security Engineering: Overview of the Ongoing Research
Security engineering is about creating viable solutions to real-world security problems-solutions that would address the requirements, be cost-effective, competitive, and yet be subject to the limitations of today security and software technologies. In this talk, I will provide an overview of the ongoing research towards improving the state of security engineering that together with my colleagues I conduct at the University of British Columbia. Specifically, I will focus on the following: * comparative study of the approaches to security mechanisms engineering * policy decision models & architecture(s) for massive scale enterprises * composable policy engines * improving usability of security administration * towards security agile assurance * end-to-end selective data protection with partially-trusted proxies
↧
↧
Introduction to Cryptography, Part I: Probabilistic Encryption
Outline: - Why do we need probabilistic encryption? - The idea behind - Optimized algorithm - Drawbacks
↧
Introduction to Cryptography, Part II
Outline: - Probabilistic encryption -- Average Case Computational Di culty and the Worst Case Di culty - Identity-Based Public-Key Cryptography - Fair Coin Flipping Using Public-Key Cryptography - Fair Cryptosystems (Key Escrow) - Zero Knowledge Interactive Proof Systems
↧
Issues in the Security Architecture of the Computerized Patient Record Enterprise
We discuss issues in CPR enterprise security architecture. The main goal is to provide a security environment where a user will be viewed the same across all enterprise systems, and access control decisions will be consistent across all components of the CPR enterprise.
↧
Issues in the Security Architecture of the Computerized Patient Record Enterprise
We discuss issues in CPR enterprise security architecture. The main goal is to provide a security environment where a user will be viewed the same across all enterprise systems, and access control decisions will be consistent across all components of the CPR enterprise.
↧
↧
Issues in the Security Architecture of the Computerized Patient Record Enterprise
We discuss issues in CPR enterprise security architecture. The main goal is to provide a security environment where a user will be viewed the same across all enterprise systems, and access control decisions will be consistent across all components of the CPR enterprise.
↧
JAMES: Junk Authorizations for Massive-scale Enterprise Services
The request-response paradigm used for distributed access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the authorization servers through remote procedure calls. In massive-scale and complex enterprises, PTP authorization architectures result in fragile and sub-efficient solutions. The architectures also fail to exploit virtually free CPU and network bandwidth resources. This talk describes the approach taken by JAMES project to leverage publish-subscribe architectures for increasing failure resilience and performance through flooding delivery channels with speculatively pre-computed authorizations and recycling them on just-in-time basis. The talk also provides a brief overview of other research projects conducted at the Laboratory for Education and Research in Secure Systems Engineering (LERSSE), the University of British Columbia, Vancouver, Canada
↧
KOZEL: Kernel Organization Zappy Environment for Linux
This report describes application domain, design and usage of Kernel Organization Zappy Environment for Linux (KOZEL, pronounced “kozz’jol”) developed during a term project for Expert Systems cource CEN5120 tought by Dr. Pelin in Spring of 1997 at School of Computer Science, Florida International University. We present the problem the system is designed to solve, discuss a conceptual view of the system architecture, give a detailed picture of its implementation and describe usage of the system.
↧
Mastering Web Services Security
We present material on how to use the architectures and technologies and how to understand the specifications that are available to build a secure Web Services system. Since this technology is rapidly changing, we present the theory behind the models and explain the thinking behind many of the security specifications that are at the forefront of the technology today. Our emphasis is on showing you how to build and understand the complexities of a secure end-to-end Web Services system. This book gives you both a detailed technical understanding of the major components of an end-to-end enterprise security architecture and a broad description of how to deploy and use Web Services security technologies to protect your corporation and its interaction with the outside world.
↧
↧
Method and System for Authorization and Access to Protected Resources
The present invention relates to the access of data resources using a Resource Access Decision Facility (RAD), preferably a CORBA RAD. More particularly, embodiments of the present invention provide enhancements to a RAD that allow additional query capabilities and faster resource access.
↧
Middleware and Web Services Security
Challenges of designing secure distributed applications are due to distribution, scale and object orientation. We will discuss the functionalities and capabilities of the security mechanisms of today middleware and web services technologies, such as EJB, COM+, and ASP.NET, that allow addressing these challenges.
↧
Middleware and Web Services Security Mechanisms
Learning objectives: Gain a working knowledge of the security mechanisms of current Middleware and Web Services technologies. Overview: Challenges of designing secure distributed applications are due to distribution, scale and object orientation. The functionalities and capabilities of the security mechanisms of today Middleware and Web Services technologies, such as EJB, COM+, and ASP.NET, are cases suited to addressing these challenges.
↧
More Pages to Explore .....
