Network-based attacks have become common and sophisticated. For this reason, intrusion detection systems are now shifting their focus from the hosts and their operating systems to...
A business's success depends on its ability to protect valuable business assets in an increasingly hostile environment. Protecting information requires a cost, not only in pu...
Protocols to facilitate secure electronic delivery are necessary if the Internet is to achieve its true potential as a business communications tool. We present a protocol for secu...
Abstract Role-based access control RBAC has recently received a lot of attention due to its exibility, expressive power and simplicity in administration. In RBAC permissions are as...
Emerging telecommunication services use, store, or transmit sensitive personal data to form individual network services. We suggest an add-on approach to realize secure telecommun...
This paper describes various possible attacks on temporal properties such as temporal records of payment times and declarations of the closing times for electronic submissions, an...
This paper first investigates and analyzes security holes concerning the use of Server-Side Includes (SSI) in some of the most used Web server software packages. We show that, by ...
1 Assurance has been defined as "the degree of confidence that security needs are satisfied"[2]. The problem with this definition is that, unless one has a way to specify...
System protection mechanisms such as access controls can be fooled by authorized but malicious users, masqueraders, and misfeasors. Intrusion detection techniques are therefore us...
This paper questions the status quo regarding Security Management (SM) tools that function in an isolated, monolithic fashion. People work best by interacting with others and with...