We describe ITS4, a tool for statically scanning security-critical C source code for vulnerabilities. Compared to other approaches, our scanning technique stakes out a new middle ...
Current Web technologies use access control lists (ACLs) for enforcing regulations and practices governing businesses today. Having the policy hard-coded into ACLs causes manageme...
This paper presents a Quality of Security Service (QoSS) costing framework and demonstration. A method for quantifying costs related to the security service and for storing and re...
E. Spyropoulou, Timothy E. Levin, Cynthia E. Irvin...
We present a new commerce protocol that allows customers and merchants to conduct face-to-face creditcard authorizations with a credit card company securely with the option of ano...
The World Wide Web is playing a major role in reducing business costs and in providing convenience to users. Digital Libraries capitalize on this technology to distribute document...
This contribution discusses a network-level access control technique that applies the non-discretionary access control model to individual data packets that are exchanged between ...
This paper describes two recently developed intrusion detection algorithms, and gives experimental results on their performance. The algorithms detect anomalies in execution audit...
Early IT security evaluation criteria like the TCSEC and the ITSEC suffered much criticism for their lack of coverage of privacy-related requirements. Recent evaluation criteria, ...
Cooperative frameworks for intrusion detection and response exemplify a key area of today’s computer research: automating defenses against malicious attacks that increasingly ar...