- Subscribe to this page:
- RSS
- Email Alert
security administration
(4306 results)Search the Library
Mission Statement
TechRepublic's ITPapers is the Web's largest library of free technical IT white papers, webcasts, and case studies. Covering IT categories including Data Management, IT Management, Networking, Communications, Enterprise Applications, Storage, Security and much more, TechRepublic's White Paper Directory is the best source for technical white papers and IT information.
-
White Papers
Remote Attestation With Domain-Based Integrity Model and Policy Analysis
May 2012
The authors propose and implement an innovative remote attestation framework called DR@FT for efficiently measuring a target system based on an information flow-based integrity model. With this...
Provided by Institute of Electrical & Electronic Engineers
-
White Papers
Examining Social Dynamics for Countering Botnet Attacks
Sep 2011
Even though promising results have been obtained from existing research on bots and associated command and control channels, there is little research in exploring the ways on how bots are created...
Provided by Arizona State University
-
White Papers
Change Detection Methods for Computer Network Problems
Oct 2011
In previous research, the detection of network problems was performed using an appropriate subset of Management Information Base (MIB) variables. The changes in the behavior of the MIB variables...
Provided by IDOSI
-
White Papers
SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust
Dec 2011
Remote attestation is the process of securely verifying internal state of a remote hardware platform. It can be achieved either statically (at boot time) or dynamically, at run-time in order to...
Provided by INRIA
-
White Papers
Putting Theory Into Practice: The Results of a Practical Implementation of the Secure Development Life Cycle
Sep 2011
Software engineering is defined as a discipline concerned with all aspects of software production from inception to the evolution of a system. It has often been referred to as the...
Provided by IARIA
-
White Papers
Advanced Policies Management for the Support of the Administrative Delegation in Federated Systems
Sep 2011
Current identity management systems are experiencing an increasing workload of their administrators in the management of the system policies, mainly derived from the sheer amount of policies they...
Provided by IARIA
-
White Papers
An Adaptive and Dependable Distributed Monitoring Framework
Sep 2011
This paper discusses several relevant aspects of performing monitoring in the context of software-intensive systems. The focus is especially on cases where the observed system is distributed, and...
Provided by IARIA
-
White Papers
Security Test Approach for Automated Detection of Vulnerabilities of SIP-Based VoIP Softphones
Sep 2011
Voice over Internet Protocol based systems replace phone lines in many scenarios and are in wide use today. Automated security tests of such systems are required to detect implementation and...
Provided by IARIA
-
White Papers
Genomics-Based Security Protocols: From Plaintext to Cipherprotein
Sep 2011
The evolving nature of the internet will require continual advances in authentication and confidentiality protocols. Nature provides some clues as to how this can be accomplished in a distributed...
Provided by IARIA
-
White Papers
Evaluating Quality of Chaotic Pseudo-Random Generators. Application to Information Hiding
Sep 2011
Guaranteeing the security of information transmitted through the Internet, against passive or active attacks, is a major concern. The discovery of new pseudo-random number generators with a strong...
Provided by IARIA
-
White Papers
Touch'n Trust: An NFC-Enabled Trusted Platform Module
Sep 2011
Instant and ubiquitous access to devices such as public terminals raises several security concerns in terms of confidentiality and trust. While Trusted Computing introduces advanced security...
Provided by IARIA
-
White Papers
ASPF: A Policy Administration Framework for Self-Protection of Large-Scale Systems
Apr 2011
Despite its potential to tackle many security challenges of large-scale systems such as pervasive networks, self-managed protection has been little explored. This paper addresses the problem from...
Provided by IARIA
-
White Papers
Workshop-Based Security Safeguard Selection With AURUM
Apr 2011
Organizations are increasingly exposed to manifold threats concerning the security of their valuable business processes. Due to the increasing damage potential, decision makers are permanently...
Provided by IARIA
-
White Papers
Security for the Smart Grid - Enhancing IEC 62351 to Improve Security in Energy Automation Control
Apr 2011
Information security has gained tremendous importance for energy distribution and energy automation systems over the last years. Security for the smart grid is crucial to ensure reliability and...
Provided by IARIA
-
White Papers
Business Intelligence Based Malware Log Data Analysis as an Instrument for Security Information and Event Management
Jun 2010
Enterprises face various risks when trying to achieve their primary goals. In regard to the information infrastructure of an enterprise, this leads to the necessity to implement an integrated set...
Provided by IARIA
-
White Papers
Enhancing Information Reliability Through Backwards Propagation of Distrust
Jun 2010
Search Engines have greatly influenced the way the people experience the web. Since, the early days of the web people have been relying on search engines to find useful information. However, their...
Provided by IARIA
-
White Papers
Security Analysis of Private Data Enquiries in Erlang
Jun 2010
Privacy is an issue of increasing concern to the Internet user. To ensure the continued success of distributed information systems, a reliable information flow must be established in certified but...
Provided by IARIA
-
White Papers
Design Patterns for a Systemic Privacy Protection
Jun 2010
This paper shows that existing privacy enhancing technologies and the state-of-the-art in research on the field of privacy protection has grew to a considerable maturity up to date, yet privacy...
Provided by IARIA
-
White Papers
Performance, Survivability, and Cost Aspects of Business Continuity Processes According to BS 25999
Jun 2010
A new model is presented for evaluating the performance of a Business Continuity Management System according to BS 25999. Performance is based fundamentally on the system's Business Continuity...
Provided by IARIA
-
White Papers
Formalization of Security Properties: Enforcement for MAC Operating Systems and Verification of Dynamic MAC Policies
Jun 2010
Enforcement of security properties by Operating Systems is an open problem. To the best of the authors' knowledge, the solution presented in this paper is the first one that enables a wide range...
Provided by IARIA
-
White Papers
Analysing Security Requirements Formally and Flexibly Based on Suspicion
Jun 2010
Increasingly, engineers need to approach security and software engineering in a unified way. This paper presents an approach to the formal analysis of security requirements that is based on...
Provided by IARIA
-
White Papers
User Preferences to Support Privacy Policy Handling in Pervasive/Ubiquitous Systems
Jun 2010
An important approach for handling user privacy in ubiquitous or pervasive systems is identity management, in which the user has a number of different virtual identities that conceal his/her real...
Provided by IARIA
-
White Papers
Graphical Password Authentication System in an Implicit Manner
Mar 2012
Authentication is a process by which a system verifies the identity of a user. Authentication may also be generalized by saying that "To authenticate" means "To authorize". For example, users tend...
Provided by Bioinfo Publications
-
White Papers
Embedded Extended Visual Cryptography Schemes for Different Patterns
Mar 2012
A Visual Cryptography Scheme (VCS) is a kind of secret sharing scheme which allows the encoding of a secret image into shares distributed to participants. The beauty of such a scheme is that a set...
Provided by Bioinfo Publications
-
White Papers
GUISET LogOn: Design and Implementation of GUISET-Driven Authorization Framework
Jul 2011
Authorization is an important part of GRID security systems with each GRID domain having its own policies that may change dynamically. Authorization ensures that resources can be accessed only by...
Provided by IARIA
-
White Papers
Multi-Tenancy Authorization System With Federated Identity for Cloud-Based Environments Using Shibboleth
Feb 2012
The services provided in clouds may represent an increase in the efficiency and effectiveness in the operations of the enterprise business, improving the cost-effectiveness related to services and...
Provided by IARIA
-
White Papers
Developing Trust and Reputation Taxonomy for a Dynamic Network Environment
Feb 2012
Trust and reputation are the pillars of many social phenomena that shape the Internet socio-economic scene. The few existing taxonomies provide only initial insights into the ways trust benefits...
Provided by IARIA
-
White Papers
A Review Study on Image Digital Watermarking
Jul 2011
There has been an increase in broadcasting media since the begin of this century, because many techniques had been developed to solve this problem. Watermarking is the greatest bet from many...
Provided by IARIA
-
White Papers
Anonymous Key Issuing Protocol for Distributed Sakai-Kasahara Identity-Based Scheme
Jul 2011
Practical implementations of identity based cryptosystems are faced to key escrow problem, which is not always a good property in many realistic scenarios. Thus, efficient key issuing protocols...
Provided by IARIA
-
White Papers
Efficiency Optimisation of Tor Using Diffie-Hellman Chain
Jul 2011
Onion routing is the most common anonymous communication channel. Usually onion routing is specified through asymmetric cipher and thus is inefficient. In Tor (the second generation onion router),...
Provided by IARIA
-
White Papers
Taint-Enhanced Anomaly Detection
Nov 2011
Anomaly detection has been popular for a long time due to its ability to detect novel attacks. However, its practical deployment has been limited due to false positives. Taint-based techniques, on...
Provided by Springer Science+Business Media
-
White Papers
Live and Trustworthy Forensic Analysis of Commodity Production Systems
Jun 2010
The authors present HyperSleuth, a framework that leverages the virtualization extensions provided by commodity hardware to securely perform live forensic analysis of potentially compromised...
Provided by Vrije Universiteit Amsterdam
-
White Papers
Malicious Code on Java Card Smartcards: Attacks and Countermeasures
Jun 2008
When it comes to security, an interesting difference between Java Card and regular Java is the absence of an on-card bytecode verifier on most Java Cards. In principle this opens up the...
Provided by Springer Science+Business Media
-
White Papers
Static Analysis on X86 Executables for Preventing Automatic Mimicry Attacks
Sep 2008
In 2005, Kruegel et al. proposed a variation of the traditional mimicry attack, to which the authors will refer to as automatic mimicry, which can defeat existing system call based HIDS models....
Provided by Springer Science+Business Media
-
White Papers
An Efficient Technique for Preventing Mimicry and Impossible Paths Execution Attacks
May 2007
In this paper, the authors propose a new strategy for dealing with the Impossible Path Execution (IPE) and the mimicry attack in the N-gram based HIDS model. Their strategy is based on a...
Provided by Universita degli Studi di Milano
-
White Papers
SafeSlinger: An Easy-to-Use and Secure Approach for Human Trust Establishment
Apr 2012
Users regularly experience a crisis of confidence on the Internet. Is that email or instant message truly originating from the claimed individual? Such doubts are commonly resolved through a leap...
Provided by Carnegie Mellon University
-
White Papers
Automatically Verified Mechanized Proof of One-Encryption Key Exchange
Apr 2012
The authors present a mechanized proof of the password-based protocol One-Encryption Key Exchange (OEKE) using the computationally-sound protocol prover CryptoVerif. OEKE is a non-trivial...
Provided by INRIA
-
White Papers
Formal Analysis of Privacy for Anonymous Location Based Services
Feb 2011
The authors propose a framework for formal analysis of privacy in location based services such as anonymous electronic toll collection. They give a formal definition of privacy, and apply it to...
Provided by INRIA
-
White Papers
Refinement Types for Secure Implementations
Feb 2010
The authors present the design and implementation of a type-checker for verifying security properties of the source code of cryptographic protocols and access control mechanisms. They derive...
Provided by Association for Computing Machinery
-
White Papers
A Formal Analysis of Authentication in the TPM
Aug 2010
The Trusted Platform Module (TPM) is a hardware chip designed to enable computers to achieve a greater level of security than is possible in software alone. To this end, the TPM provides a way to...
Provided by INRIA
-
White Papers
Practical Steps to Mitigate Virtualization Security Risks
Sep 2008
This paper, describes seven practical steps that IT organizations can take to mitigate the unique security challenges of virtualization. While many of these steps are solid best practices that...
Provided by Tripwire
-
White Papers
Tripwire Helps Meet FFIEC Requirements
Sep 2008
Off late information security and technology risk management was relegated to the back office or basement operations of most financial institutions3. Today, with the passage of legislation such as...
Provided by Tripwire
-
White Papers
Tripwire and 21 CFR Part 11: Ensuring Integrity and Trustworthiness of Electronic Clinical Data
Sep 2008
The U.S. Food and Drug Administration (FDA) has issued a set of regulations, collectively called 21 CFR Part 111 and commonly referred to as Part 11, that provide criteria for acceptance of...
Provided by Tripwire
-
White Papers
MiFID Compliance With Tripwire
Sep 2008
MiFID is a European Union Directive that, like its 1993 predecessor seeks to establish conditions under which investment firms and banks that engage in the investment business can provide such...
Provided by Tripwire
-
White Papers
Gene Kim's Practical Steps to Achieve and Maintain NERC Compliance
Oct 2008
The North American Electric Reliability Corporation (NERC) is a nonprofit corporation created to ensure that the bulk electric system in North America is reliable, adequate and secure. As the...
Provided by Tripwire
-
White Papers
FISMA: Achieving and Maintaining Compliance to Ensure Security of Systems and Data
Apr 2008
This paper is intended to show how Tripwire Enterprise can continue to help federal agencies, as well as the organizations that store, process or transmit federal information, and the contractors...
Provided by Tripwire
-
White Papers
The Fraudster Economy Model: The Dynamics of Operating a Business in the Underground
May 2008
Phishing first gained traction in 1996 with hackers trying to steal America Online passwords from unsuspecting users. Today, it has evolved into a far more menacing criminal enterprise, with bands...
Provided by RSA Security
-
White Papers
Assuring User Identities During a Business Disruption: Applying a Consistent Strong Authentication Policy to Business Continuity Planning
Aug 2009
This white paper examines the importance of maintaining a consistent two-factor authentication policy during a business disruption. In addition, it provides insight into how to develop plans that...
Provided by RSA Security
-
Whitepapers
Creating an Effective Security Operations Function
Aug 2008
When one think of a Security Operations Center (SOC), it often have an image of a large room, full of people sitting in neat rows, with their attention split between their desktop monitors and a...
Provided by RSA Security
-
White Papers
Log Management Best Practices: The Foundation for Comprehensive Security Information and Event Management
Jul 2007
Although best practices should be developed by each individual organization based on their particular environment, there are some general best practices which can be universally applied. This...
Provided by RSA Security
-
White Papers
Enterprise Key Management: Deploying a New Generation of Solutions for Enterprise Key Management
Apr 2009
As enterprises rapidly broaden their use of encryption to protect sensitive information, the management of encryption keys has taken on new importance. There has been explosive growth in the...
Provided by RSA Security
-
White Papers
Developing FIPS 140-Validated Solutions for the Federal Government Using RSA BSAFE Software
Jul 2008
The U.S. House of Representatives' Committee on Government Reform released the Fiscal Year 2007 edition of its Federal Information Security Management Act (FISMA) report. Unfortunately, the news...
Provided by RSA Security
-
White Papers
Information Security and Privacy in Emerging Economies: Implications for Global Competitiveness
Sep 2009
Commerce, collaboration and communication have, throughout time, been enabled or hampered by the environment of trust, security and privacy in which they occur. In an increasingly fluid,...
Provided by RSA Security
-
White Papers
Deploying Knowledge-Based Authentication to Increase Revenue and Bolster Security
Sep 2007
Many companies are driving sales and service to lower-cost channels, such as the Internet and the call center, to reduce operational costs, increase productivity and enhance customer satisfaction....
Provided by RSA Security
-
White Papers
Developing a Sustainable and Cost Effective IT Compliance Program
Apr 2008
Complying with laws and regulations is an increasing burden for organizations, from the board of directors down to the trenches of business. Over the past ten years there has been a significant...
Provided by Corporate Integrity
-
White Papers
Counting the Costs: Addressing the Cost of Compliance
Jul 2008
While every organization recognizes the importance of complying with all applicable internal and external security requirements, many are forced by economic reality to focus on reducing the...
Provided by RSA Security
-
White Papers
Securing Sensitive Data With Tokenization: An Emerging Technology
Sep 2009
Tokenization is an emerging technology for protecting sensitive information, based on the well-established technique of substitution. It provides significant advantages compared to traditional...
Provided by RSA Security
-
White Papers
The Coming Storm of Regulation
Jun 2009
The continuing financial crisis that has gripped the world since mid-2008 is likely to cause a flood of new global regulations. The nature of this failure dictates a new approach to regulations...
Provided by RSA Security
-
White Papers
Security and Compliance Management: Using the RSA enVision Platform Solution to Satisfy European Regulatory and Legal Obligations
Oct 2008
This White Paper seeks to identify the role that can be played by the RSA enVision Platform Solution within the legally compliant organisation. In summary, the RSA enVision Solution is a powerful...
Provided by Field Fisher Waterhouse
-
White Papers
Four Best Practices for Secure Web Access
May 2009
Securing web access is critical to protect against the threat of sensitive corporate data ending up in the wrong hands. As organizations extend access to more users and enable information sharing...
Provided by RSA Security
-
Whitepapers
An Overview and Competitive Analysis of the One Time Password (OTP) Market
Apr 2013
In the face of an ever-changing threat landscape and an increasingly dispersed workforce, one-time password (OTP) authentication -- even in its state of maturity -- continues to play an integral...
Provided by EMC
-
White Papers
Keeping the Promise of Privacy: Protecting Sensitive Data in Healthcare Organizations
Jul 2008
The e-Health initiative is well on its way and currently there is a need for better security controls that limit the ability for this data to fall into the wrong hands. Hospitals and healthcare...
Provided by Frost & Sullivan
-
White Papers
Security Compliance in a Virtual World: Best Practices to Build a Solid Foundation
Aug 2009
Over time, IT and security teams and external auditors will increase their knowledge and competencies in virtualization. IT and security teams should work closely with each other and their...
Provided by RSA Security
-
White Papers
Securing Personally Identifiable Information
May 2009
Sensitive information - such as credit card numbers and social security numbers combined with a person's first and last name, (a.k.a., Personally Identifiable Information, or PII) - is everywhere....
Provided by Enterprise Strategy Group
-
White Papers
Identity and Information Security Integration
Sep 2009
Off late identity management and information security solutions were often procured, implemented, and managed independently with different tools, processes, and organizational units. The...
Provided by Enterprise Strategy Group
-
White Papers
Your Browser Wears No Clothes: Why Fully Patched Browsers Remain Vulnerable
Feb 2009
As users of technology, it has been taught that the Internet is not always a safe place but that it can protect ourselves by patching and hardening systems. While patch management and system...
Provided by Information Systems Security Association
-
White Papers
Guide to PCI Compliance for Web Applications: Updated for Version 1.2 of the Payment Card Industry Data Security Standard
Oct 2008
On the surface, the Payment Card Industry (PCI) Data Security Standard (DSS) reads as a series of do this, don't do that" absolutes. Vet, in three areas, the standard gives organizations some...
Provided by Breach Security
-
White Papers
The Downward Spiral: Failures in Your Web Applications
Apr 2009
Anytime when a web application is not performing as expected, or it's the integrity that is compromised, the outbound flow needs to be analyzed to fully understand what information is being given...
Provided by Breach Security
-
White Papers
Comodo Authentication Solutions Overview
Apr 2009
Conducting business online offers enormous benefits to an enterprise. Unfortunately, these benefits continue to be challenged by an escalating variety of complex security threats that all too...
Provided by Comodo
-
White Papers
Driving Company Security and Profitability Through Centralized Management for PC Endpoint Security
Apr 2009
Challenges pose threats to both company security and profitability. The security threats are more obvious; even a small proportion of un/under-protected PC endpoints can jeopardize an entire...
Provided by Comodo
-
White Papers
A Security Architecture for Application Session Handoff
Oct 2008
Ubiquitous computing across a variety of wired and wireless connections still lacks an effective security architecture. In the research work, the paper addresses the specific issue of designing...
Provided by Institute of Electrical and Electronics Engineers
-
White Papers
Dynamic Routing With Security Considerations
Mar 2009
Security has become one of the major issues for data communication over wired and wireless networks. Different from the past work on the designs of cryptography algorithms and system...
Provided by Institute of Electrical and Electronics Engineers
-
White Papers
User Centric Identity Management
May 2008
Identity management is traditionally seen from the service providers' point of view, meaning that it is an activity undertaken by the service provider to manage service user identities....
Provided by University of Queensland
-
White Papers
Improving Quality, Safety and Efficiency of Healthcare: Security Best Practices for Health Information Exchange
Mar 2009
Health Information Exchange (HIE) is the mobilization of healthcare information electronically across organizations within a region or community. Healthcare delivery networks are now faced with...
Provided by Trend Micro
-
Whitepapers
Multilayer Security: Enabling a Sustainable Alternative to Paper-Based Customer Communications
Jul 2008
Companies of every ilk stand to potentially save millions by moving the bulk of their paper-based communications with customers online. For instance, one recent article estimated that a major bank...
Provided by VeriSign
-
Webcasts
Achieving Agile Security Management: Moving From Reactive to Managed Security
Jan 2009
The presenters of this webcast discuss about achieving agile security management. The attendee will learn how to bring together people, processes and technology to proactively manage the security...
Provided by NetIQ
-
Webcasts
Protecting PII: How to Work With IT to Manage Risk
Jan 2009
Privacy professionals must make sure their IT organization is employing responsible privacy practices that will ensure the safety of their company's business-critical data or face significant...
Provided by CXO Media
-
Webcasts
Five Ways to Reduce Your IT Audit Burden
Jan 2009
Most organizations spend 30-50% more on compliance than they should. The good news is that compliance can be achieved effectively and efficiently and the attendee of this webcast will learn five...
Provided by CXO Media
-
White Papers
PuppetCast: A Secure Peer Sampling Protocol
Sep 2008
PuppetCast is a protocol for secure peer sampling in large-scale distributed systems. A peer sampling protocol continuously provides each node in the system with a uniform random sample of the...
Provided by Vrije Universiteit
-
White Papers
Identikey Server 3.1: Strong Authentication Solution Against MITM Attacks for e-Banking
Apr 2009
As the global leader in two-factor authentication solutions for the financial industry, VASCO Data Security provides mature technology that has minimal impact on IT architecture, is designed to...
Provided by VASCO Data Security
-
White Papers
Touch'n Trust: An NFC-Enabled Trusted Platform Module
Sep 2011
Instant and ubiquitous access to devices such as public terminals raises several security concerns in terms of confidentiality and trust. While Trusted Computing introduces advanced security...
Provided by IARIA
-
White Papers
ASPF: A Policy Administration Framework for Self-Protection of Large-Scale Systems
Apr 2011
Despite its potential to tackle many security challenges of large-scale systems such as pervasive networks, self-managed protection has been little explored. This paper addresses the problem from...
Provided by IARIA
-
White Papers
Workshop-Based Security Safeguard Selection With AURUM
Apr 2011
Organizations are increasingly exposed to manifold threats concerning the security of their valuable business processes. Due to the increasing damage potential, decision makers are permanently...
Provided by IARIA
-
White Papers
Security for the Smart Grid - Enhancing IEC 62351 to Improve Security in Energy Automation Control
Apr 2011
Information security has gained tremendous importance for energy distribution and energy automation systems over the last years. Security for the smart grid is crucial to ensure reliability and...
Provided by IARIA
-
White Papers
Business Intelligence Based Malware Log Data Analysis as an Instrument for Security Information and Event Management
Jun 2010
Enterprises face various risks when trying to achieve their primary goals. In regard to the information infrastructure of an enterprise, this leads to the necessity to implement an integrated set...
Provided by IARIA
-
White Papers
Enhancing Information Reliability Through Backwards Propagation of Distrust
Jun 2010
Search Engines have greatly influenced the way the people experience the web. Since, the early days of the web people have been relying on search engines to find useful information. However, their...
Provided by IARIA
-
White Papers
Security Analysis of Private Data Enquiries in Erlang
Jun 2010
Privacy is an issue of increasing concern to the Internet user. To ensure the continued success of distributed information systems, a reliable information flow must be established in certified but...
Provided by IARIA
-
White Papers
Design Patterns for a Systemic Privacy Protection
Jun 2010
This paper shows that existing privacy enhancing technologies and the state-of-the-art in research on the field of privacy protection has grew to a considerable maturity up to date, yet privacy...
Provided by IARIA
-
White Papers
Performance, Survivability, and Cost Aspects of Business Continuity Processes According to BS 25999
Jun 2010
A new model is presented for evaluating the performance of a Business Continuity Management System according to BS 25999. Performance is based fundamentally on the system's Business Continuity...
Provided by IARIA
-
White Papers
Formalization of Security Properties: Enforcement for MAC Operating Systems and Verification of Dynamic MAC Policies
Jun 2010
Enforcement of security properties by Operating Systems is an open problem. To the best of the authors' knowledge, the solution presented in this paper is the first one that enables a wide range...
Provided by IARIA
-
White Papers
Analysing Security Requirements Formally and Flexibly Based on Suspicion
Jun 2010
Increasingly, engineers need to approach security and software engineering in a unified way. This paper presents an approach to the formal analysis of security requirements that is based on...
Provided by IARIA
-
White Papers
User Preferences to Support Privacy Policy Handling in Pervasive/Ubiquitous Systems
Jun 2010
An important approach for handling user privacy in ubiquitous or pervasive systems is identity management, in which the user has a number of different virtual identities that conceal his/her real...
Provided by IARIA
-
White Papers
Graphical Password Authentication System in an Implicit Manner
Mar 2012
Authentication is a process by which a system verifies the identity of a user. Authentication may also be generalized by saying that "To authenticate" means "To authorize". For example, users tend...
Provided by Bioinfo Publications
-
White Papers
Embedded Extended Visual Cryptography Schemes for Different Patterns
Mar 2012
A Visual Cryptography Scheme (VCS) is a kind of secret sharing scheme which allows the encoding of a secret image into shares distributed to participants. The beauty of such a scheme is that a set...
Provided by Bioinfo Publications
-
White Papers
How code signing works
May 2012
For developers creating software to be distributed via the internet, tampering is a common concern. Software can be modified to include malware, and the software's original, non-malicious author...
Provided by Thawte
-
White Papers
GUISET LogOn: Design and Implementation of GUISET-Driven Authorization Framework
Jul 2011
Authorization is an important part of GRID security systems with each GRID domain having its own policies that may change dynamically. Authorization ensures that resources can be accessed only by...
Provided by IARIA
-
White Papers
Multi-Tenancy Authorization System With Federated Identity for Cloud-Based Environments Using Shibboleth
Feb 2012
The services provided in clouds may represent an increase in the efficiency and effectiveness in the operations of the enterprise business, improving the cost-effectiveness related to services and...
Provided by IARIA
-
White Papers
Developing Trust and Reputation Taxonomy for a Dynamic Network Environment
Feb 2012
Trust and reputation are the pillars of many social phenomena that shape the Internet socio-economic scene. The few existing taxonomies provide only initial insights into the ways trust benefits...
Provided by IARIA
-
White Papers
A Review Study on Image Digital Watermarking
Jul 2011
There has been an increase in broadcasting media since the begin of this century, because many techniques had been developed to solve this problem. Watermarking is the greatest bet from many...
Provided by IARIA
-
White Papers
Anonymous Key Issuing Protocol for Distributed Sakai-Kasahara Identity-Based Scheme
Jul 2011
Practical implementations of identity based cryptosystems are faced to key escrow problem, which is not always a good property in many realistic scenarios. Thus, efficient key issuing protocols...
Provided by IARIA
-
White Papers
Efficiency Optimisation of Tor Using Diffie-Hellman Chain
Jul 2011
Onion routing is the most common anonymous communication channel. Usually onion routing is specified through asymmetric cipher and thus is inefficient. In Tor (the second generation onion router),...
Provided by IARIA
-
White Papers
Taint-Enhanced Anomaly Detection
Nov 2011
Anomaly detection has been popular for a long time due to its ability to detect novel attacks. However, its practical deployment has been limited due to false positives. Taint-based techniques, on...
Provided by Springer Science+Business Media
-
White Papers
Live and Trustworthy Forensic Analysis of Commodity Production Systems
Jun 2010
The authors present HyperSleuth, a framework that leverages the virtualization extensions provided by commodity hardware to securely perform live forensic analysis of potentially compromised...
Provided by Vrije Universiteit Amsterdam
-
White Papers
Malicious Code on Java Card Smartcards: Attacks and Countermeasures
Jun 2008
When it comes to security, an interesting difference between Java Card and regular Java is the absence of an on-card bytecode verifier on most Java Cards. In principle this opens up the...
Provided by Springer Science+Business Media
-
White Papers
Static Analysis on X86 Executables for Preventing Automatic Mimicry Attacks
Sep 2008
In 2005, Kruegel et al. proposed a variation of the traditional mimicry attack, to which the authors will refer to as automatic mimicry, which can defeat existing system call based HIDS models....
Provided by Springer Science+Business Media
-
White Papers
An Efficient Technique for Preventing Mimicry and Impossible Paths Execution Attacks
May 2007
In this paper, the authors propose a new strategy for dealing with the Impossible Path Execution (IPE) and the mimicry attack in the N-gram based HIDS model. Their strategy is based on a...
Provided by Universita degli Studi di Milano
-
White Papers
SafeSlinger: An Easy-to-Use and Secure Approach for Human Trust Establishment
Apr 2012
Users regularly experience a crisis of confidence on the Internet. Is that email or instant message truly originating from the claimed individual? Such doubts are commonly resolved through a leap...
Provided by Carnegie Mellon University
-
White Papers
Automatically Verified Mechanized Proof of One-Encryption Key Exchange
Apr 2012
The authors present a mechanized proof of the password-based protocol One-Encryption Key Exchange (OEKE) using the computationally-sound protocol prover CryptoVerif. OEKE is a non-trivial...
Provided by INRIA
-
White Papers
Formal Analysis of Privacy for Anonymous Location Based Services
Feb 2011
The authors propose a framework for formal analysis of privacy in location based services such as anonymous electronic toll collection. They give a formal definition of privacy, and apply it to...
Provided by INRIA
-
White Papers
Refinement Types for Secure Implementations
Feb 2010
The authors present the design and implementation of a type-checker for verifying security properties of the source code of cryptographic protocols and access control mechanisms. They derive...
Provided by Association for Computing Machinery
-
White Papers
A Formal Analysis of Authentication in the TPM
Aug 2010
The Trusted Platform Module (TPM) is a hardware chip designed to enable computers to achieve a greater level of security than is possible in software alone. To this end, the TPM provides a way to...
Provided by INRIA
-
White Papers
Analysing PKCS#11 Key Management APIs With Unbounded Fresh Data
Apr 2009
The authors extend Delaune, Kremer and Steel's framework for analysis of PKCS#11-based APIs from bounded to unbounded fresh data. They achieve this by: formally defining the notion of an attribute...
Provided by University of Oldenburg
-
White Papers
Towards a Type System for Security APIs
Apr 2009
Security API analysis typically only considers a subset of an API's functions, with results bounded by the number of function calls. Furthermore, attacks involving partial leakage of sensitive...
Provided by University of Edinburgh
-
White Papers
Automatic Verification of Correspondences for Security Protocols
Jul 2008
The authors present a new technique for verifying correspondences in security protocols. In particular, correspondences can be used to formalize authentication. Their technique is fully automatic,...
Provided by CNRS
-
White Papers
Computationally Sound Mechanized Proofs for Basic and Public-Key Kerberos
Mar 2008
The authors present a computationally sound mechanized analysis of Kerberos 5, both with and without its public-key extension PKINIT. They prove authentication and key secrecy properties using the...
Provided by Association for Computing Machinery
-
White Papers
A Study of Privacy Setting Errors in an Online Social Network
Jan 2012
Access control policies are notoriously difficult to configure correctly, even people who are professionally trained system administrators experience difficulty with the task. With the increasing...
Provided by Columbia University
-
White Papers
Solving Performance Issues in Anonymization Overlays With a L3 Approach
Aug 2008
Anonymization (Mix) networks are based on the delivery of messages through a sequence of overlay hops devised to avoid end-to-end linkage of the information, thus protecting users' identities...
Provided by University of Trento
-
White Papers
Authentication Anomaly Detection: A Case Study on a Virtual Private Network
Jun 2007
The authentication logs on a network can provide a trove of information for discovering potential anomalies in login attempts. Using such logs collected by a production Virtual Private Network...
Provided by Association for Computing Machinery
-
White Papers
Provably Repairing the ISO/IEC 9798 Standard for Entity Authentication
Jan 2012
The authors formally analyze the family of entity authentication proto-cols defined by the ISO/IEC 9798 standard and find numerous weaknesses, both old and new, including some that violate even...
Provided by ETH Zurich
-
White Papers
Proposal of N-Gram Based Algorithm for Malware Classification
Aug 2011
Obfuscation techniques degrade the n-gram features of binary form of the malware. In this paper, methodology to classify malware instances by using n-gram features of its disassembled code is...
Provided by IARIA
