Security

Stay one step ahead of the hackers with strong security management, authentication, encryption and risk strategies.

  • Case Studies // Sep 2008

    Enabling Microsoft Active Directory Integration to Streamline Authentication for Leading National Insurance Companies

    Information needs to move quickly in the insurance industry, and for that reason, organizations in this sector need to provide their users with the ability to access information easily. Enabling single sign-on is a high priority because it allows users to get to the applications they need to perform their...

    Provided By PistolStar

  • White Papers // Sep 2008

    On the Secure Degrees of Freedom of Wireless X Networks

    Security is an important issue if the transmitted information is confidential. Researchers have studied the information theoretic secrecy for different channel models. In, Wyner first proposed the wiretap channel model to characterize single user secure communication problem, i.e., a sender transmits a confidential message to its receiver while keeping a...

    Provided By University of Calgary

  • White Papers // Sep 2008

    Zerber+R: Top-K Retrieval From a Confidential Index

    Privacy-preserving document exchange among collaboration groups in an enterprise as well as across enterprises requires techniques for sharing and search of access-controlled information through largely untrusted servers. In these settings search systems need to provide confidentiality guarantees for shared information while offering IR properties comparable to the ordinary search engines....

    Provided By Association for Computing Machinery

  • White Papers // Sep 2008

    Security Compliance: The Next Frontier in Security Research

    Practitioners as well as researchers have repeatedly deplored that IT security research has failed to produce practical solutions to growing security threats. This paper attributes this failure to the fact that IT departments no longer invest in security as an ideal. Rather, money is being spent on technologies that enable...

    Provided By IBM

  • White Papers // Sep 2008

    Enforcing Role-Based Access Control Policies in Web Services with UML and OCL

    Role-Based Access Control (RBAC) is a powerful means for laying out and developing higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest...

    Provided By University of Brasilia

  • Downloads // Sep 2008

    How do I... Encrypt files with GPG4Win?

    File encryption has been a key component to safe business practices for a long time. Whether it is keeping the prying eyes of competitors out of your critical product information or keeping the prying fingers of unwanted users out of your company (or employees) information, encrypting data is important. Jack...

    Provided By Jack Wallen

  • White Papers // Sep 2008

    Public-Key Locally-Decodable Codes

    In this paper, the authors introduce the notion of a Public-Key Encryption (PKE) scheme that is also a locally-decodable error-correcting code. In particular, they allow any polynomial-time adversary to read the entire ciphertext, and corrupt a constant fraction of the bits of the entire ciphertext. Nevertheless, the decoding algorithm can...

    Provided By UCL Business PLC

  • White Papers // Sep 2008

    Almost-Everywhere Secure Computation

    In this paper, the authors show how to circumvent this impossibility result and achieve meaningful security guarantees for graphs with small degree (such as expander graphs and several other topologies). In fact, the notion they introduce, which they call almost-everywhere MPC, building on the notion of almost everywhere agreement due...

    Provided By University of California, Irvine

  • White Papers // Sep 2008

    Network Risk Management Using Attacker Profiling

    Risk management refers to the process of making decisions that minimize the effects of vulnerabilities on the network hosts. This can be a difficult task in the context of high-exploit probability and the difficult to identify new exploits and vulnerabilities. For many years, security engineers have performed risk analysis using...

    Provided By University of North Florida

  • White Papers // Sep 2008

    Secure Two-Party k-Means Clustering

    The k-Means Clustering problem is one of the most-explored problems in data mining to date. With the advent of protocols that have proven to be successful in performing single database clustering, the focus has changed in recent years to the question of how to extend the single database protocols to...

    Provided By University of California, Irvine

  • White Papers // Sep 2008

    Public Key Encryption That Allows PIR Queries

    Consider the following problem: Alice wishes to maintain her email using a storage-provider Bob (such as a Yahoo! or hotmail e-mail account). This storage-provider should provide for Alice the ability to collect, retrieve, search and delete emails but, at the same time, should learn neither the content of messages sent...

    Provided By UCL Business PLC

  • White Papers // Sep 2008

    Steganography: Forensic, Security, and Legal Issues

    Steganography has long been regarded as a tool used for illicit and destructive purposes such as crime and warfare. Currently, digital tools are widely available to ordinary computer users also. Steganography software allows both illicit and legitimate users to hide messages so that they will not be detected in transit....

    Provided By Creative Commons

  • White Papers // Sep 2008

    Privacy-Aware Secure Monitoring

    Traffic monitoring is necessary for the operation, maintenance and control of communication networks. Traffic monitoring has also important implications on the user privacy. This paper discusses a novel approach to privacy-preserving traffic monitoring and the related research challenges. This study is based on the analysis of the technical implications and...

    Provided By University of Rochester

  • Downloads // Sep 2008

    10+ things you should know about rootkits

    Malware-based rootkits fuel a multibillion dollar spyware industry by stealing individual or corporate financial information. If that weren't bad enough, rootkit-based botnets generate untold amounts of spam. Here's a look at what rootkits are and what to do about them.This download is also available as an entry in our...

    Provided By Michael Kassner

  • White Papers // Sep 2008

    Best Practices for Software Selection

    Selecting an enterprise software solution requires a significant investment of an organization's time, energy, and resources. Due diligence during the selection process requires time and resources that must be subtracted from core operations. As a result, the cost of an enterprise system begins before a software package is even selected...

    Provided By Technology Evaluation Centers

  • White Papers // Sep 2008

    Mutating DAC and MAC Security Policies: A Generic Metamodel Based Approach

    Security is becoming a critical aspect of most software systems. Modern programming languages, coding guidelines and source code analysis techniques are able to detect and avoid low-level vulnerabilities such as buffer overflow and code injection. In this paper, the authors show how DAC and MAC security policies can be specified,...

    Provided By INRIA

  • White Papers // Sep 2008

    A Security Domain Model for Implementing Trusted Subject Behaviors

    Within a Multi-Level Secure (MLS) system, trusted subjects are granted privileges to perform operations that are not possible by ordinary subjects controlled by Mandatory Access Control (MAC) policy enforcement mechanisms. These subjects are trusted not to conduct malicious activity or degrade system security. The authors present a formal definition for...

    Provided By University of Sioux Falls

  • White Papers // Sep 2008

    Modeling and Assessment of Systems Security

    Information Technology (IT) is a crucial resource and enabler in almost every part of the people society. However, there are severe risks associated with IT that may substantially decrease the potential benefits. To handle these risks, it is essential to be able to judge the security posture of systems. This...

    Provided By University of Sioux Falls

  • White Papers // Sep 2008

    On the Inability of Existing Security Models to Cope with Data Mobility in Dynamic Organizations

    Modeling tools play an important role in identifying threats in traditional IT systems, where the physical infrastructure and roles are assumed to be static. In dynamic organizations, the mobility of data outside the organizational perimeter causes an increased level of threats such as the loss of confidential data and the...

    Provided By University of Sioux Falls

  • White Papers // Sep 2008

    Using Common Criteria as Reusable Knowledge in Security Requirements Elicitation

    The elicitation of Security Requirements (SRs) is a crucial issue to develop secure information systems of high quality. Although, the authors have several methods mainly for functional requirements such as goal-oriented methods and use case modeling, most of them do not provide sufficient supports to identify threats, security objectives and...

    Provided By Tokyo Gas

  • White Papers // Sep 2008

    Automatic Generation of Secure Multidimensional Code for Data Warehouses by Using QVT Transformations: An MDA Approach

    Data Warehouses manage vital information for the decision making process, which may be discovered by unauthorized users if the authors do not establish security measures in all the stages of the development process. They have proposed MDA architecture to develop secure Data Warehouses which allows them to be modeled at...

    Provided By University of Carthage

  • White Papers // Sep 2008

    Generating Simplified Regular Expression Signatures for Polymorphic Worms

    It is crucial to automatically generate accurate and effective signatures to defense against polymorphic worms. Previous paper using conjunctions of tokens or token subsequence could lose some important information, like ignoring 1 byte token and neglecting the distances in the sequential tokens. In this paper the authors propose the Simplified...

    Provided By Springer Healthcare

  • White Papers // Sep 2008

    Generalized Identity Based and Broadcast Encryption Schemes

    The authors provide a general framework for constructing identity-based and broadcast encryption systems. In particular, they construct a general encryption system called spatial encryption from which many systems with a variety of properties follow. The ciphertext size in all these systems is independent of the number of users involved and...

    Provided By Stanford Technology Ventures Program

  • White Papers // Sep 2008

    IT Security Risk Analysis Based on Business Process Models Enhanced with Security Requirements

    Traditional risk analysis approaches are based on events, probabilities and impacts. They are complex, time-consuming, and costly, and have limitations regarding the data and assessment quality: first, security events have to be identified often without much methodological guidance, making the process prone to errors and omissions. Second, concrete probability values...

    Provided By Open University

  • White Papers // Sep 2008

    Modeling Security Protocols Using UML 2

    Security protocols must be designed to ensure the integrity of electronic communications between participants. Although the design of secure communication protocols has improved over the years the tasks of building and validating these protocols remain inherently difficult. Security protocols may fail due to unintended use, malicious attacks, incorrect logic or...

    Provided By University of Sioux Falls

  • White Papers // Sep 2008

    Transforming Security Audit Requirements into a Software Architecture

    Security is, more than ever, an important software quality. Nevertheless, it is hard to build a secure application, as demonstrated by the vast amount of security advisories, patches and updates published regularly. In this paper, an approach for automated transformations from a security requirements model to a consistent architectural model...

    Provided By University of Sioux Falls

  • White Papers // Sep 2008

    Privacy Protection in Location-Based Services Through a Public-Key Privacy Homomorphism

    Location-Based Services (LBS) can be accessed from a variety of mobile devices to obtain value added information related to the location of the user. Most of the times, these services are provided by a trusted company (e.g. a telecommunications company). In this paper, the authors propose a novel technique to...

    Provided By Springer Healthcare

  • White Papers // Sep 2008

    Top Ten Tips to Data Security

    Every day sees another headline that illustrates how data protection has been ignored resulting in vital data that has been exposed or lost. Yet it is common knowledge that enterprises have a vested interest, and a legal obligation to effectively protect data. Companies must understand, and account, for any mishaps...

    Provided By CREDANT Technologies

  • White Papers // Sep 2008

    Simplifying Enterprise File Management

    With valuable corporate data increasingly distributed throughout enterprises, today's IT organizations face many barriers to efficient, cost-effective file management. However, these organizations can significantly simplify file management?including consolidation and migration?by deploying innovative file services solutions as part of a reliable File Area Network (FAN). This paper describes the key data...

    Provided By Brocade Communications Systems

  • White Papers // Sep 2008

    Towards Robust Computation on Encrypted Data

    Encryption schemes that support computation on encrypted data are useful in constructing efficient and intuitively simple cryptographic protocols. However, the approach was previously limited to stand-alone and/or honest-but-curious security. In this paper, the authors apply recent results on \"Non-malleable homomorphic encryption\" to construct new protocols with Universally Composable security against...

    Provided By University of Idaho

  • White Papers // Sep 2008

    Towards an Integrated Framework for Model-Driven Security Engineering

    Security is a major issue in developing software systems. It is widely recognized that security aspects must be considered in all the phases of the development process from the analysis of the organizational context to the final implementation of the software system. However, current approaches for designing secure systems only...

    Provided By University of Toledo

  • White Papers // Sep 2008

    Countering IPC Threats in Multiserver Operating Systems

    Multiserver operating systems have great potential to improve dependability, but, paradoxically, are paired with inherently more complex Inter Process Communication (IPC). Several projects have attempted to run drivers and extensions in isolated protection domains, but a systematic way to deal with IPC threats posed by untrusted parties is not yet...

    Provided By Vu Tuan Anh

  • White Papers // Sep 2008

    Limits of Constructive Security Proofs

    The collision-resistance of hash functions is an important foundation of many cryptographic protocols. Formally, collision-resistance can only be expected if the hash function in fact constitutes a parametrized family of functions, since for a single function, the adversary could simply know a single hard-coded collision. In practical applications, however, unkeyed...

    Provided By Saarixx Labs

  • White Papers // Sep 2008

    OAEP is Secure Under Key-Dependent Messages

    Key-Dependent Message (KDM) security was introduced by the researchers to address the case where key cycles occur among encryptions, e.g., a key is encrypted with itself. The authors extend this definition to include the cases of adaptive corruptions and arbitrary active attacks, called adKDM security incorporating several novel design choices...

    Provided By Saarixx Labs

  • White Papers // Sep 2008

    Slide Attacks on a Class of Hash Functions

    In this paper, the authors study the application of slide attacks to hash functions. Slide attacks have mostly been used for block cipher cryptanalysis. But, as shown in the current paper, they also form a potential threat for hash functions, namely for sponge-function like structures. As it turns out, certain...

    Provided By Orange Labs

  • Downloads // Sep 2008

    Prepare for e-discovery requests: How to avoid disastrous legal sanctions and fines

    When companies are hit with a lawsuit, IT leaders are often ill-prepared for an e-discovery request. For instance, does your company have formal e-discovery policies? Do you know what data to store and how long to store it? IT leaders who stumble trying to answer these questions may be setting...

    Provided By TechRepublic

  • White Papers // Sep 2008

    Designing Web Content Management Systems Using the Method Association Approach

    Model-driven web approaches focus on creating robust web applications. There are two downsides to using these model-driven web approaches: they consist of a unique set of models and method and they are aimed at designing web applications from scratch. This paper presents the Method Association Approach, which selects and constructs...

    Provided By Utrecht University

  • White Papers // Sep 2008

    Making Secure Processors OS- and Performance-Friendly

    In today's digital world, computer security issues have become increasingly important. In particular, researchers have proposed designs for secure processors which utilize hardware-based memory encryption and integrity verification to protect the privacy and integrity of computation even from sophisticated physical attacks. However, currently proposed schemes remain hampered by problems that...

    Provided By Association for Computing Machinery

  • Webcasts // Sep 2008

    EMC Replication Solutions for CLARiiON

    The attendee of this webcast will learn about how EMC local data protection and remote replication can secure the business-critical applications and data in the CLARiiON CX3/CX4 environments. The presenters gives demonstration of how RecoverPoint/SE provides a single product solution for protecting and replicating Microsoft Exchange data in many local...

    Provided By EMC

  • White Papers // Sep 2008

    Formal Modeling of Authentication in SIP Registration

    The Session Initiation Protocol (SIP) is increasingly used as a signaling protocol for administrating Voice over IP (VoIP) phone calls. SIP can be configured in several ways so that different functional and security requirements are met. Careless configuration of the SIP protocol is known to lead to a large set...

    Provided By University of Orleans