From informal knowledge to formal logic

From informal knowledge to formal logic : a realistic case study in medical protocols / M. Balser ... - In: Infrastructure security : international conference, InfraSec 2002, Bristol, UK, October 1 - 3, 2002 ; proceedings / George Davida .... - Berlin u. a. : Springer, 2002. - S. 49-64. - (Lecture notes in computer science ; 2437

A Security and Privacy Framework for e-Learning

Prior research in the e-learning area has appeared with a focus on its adoption aspects. Limited research has been carried out solely on the interplay between e-learning and security and privacy. Considering the wide acceptance of e-learning, and a plethora of cybersecurity breach incidents, it is surprising that the two topics have not been discussed together. An effective e-learning environment depends on stakeholders who understand the importance of security and behave responsibly within it. In this paper, we present a conceptual model that looks at some of the information security and privacy factors related to e-learning

Specification and formal verification of security requirements

Abstract:. With the grown of internet and distributed applications, security requirements are going inherent to the software development process. Each time one communicates with some other one there are relevant security risk that must be taken in account. This is what is happening in the new soft-ware applications using client/server architecture. We propose including security requirements at the top level of development process, together with functional requirements because they are much related. With this information we are able to extract all communication protocols that are involved in our application and their associated security goals. This is the input to a verification phase in which we look for security flaws. The last step, and the more useful (and the not yet finished) is to use this information to modify our initial specification at the top level of the development proces

Interoperability between Heterogeneous Federation Architectures: Illustration with SAML and WS-Federation

International audienceDigital identity management intra and inter information systems, and, service oriented architectures, are the roots of identity federation. This kind of security architectures aims at enabling information system interoperability. Existing architectures, however, do not consider interoperability of heterogeneous federation architectures, which rely on different federation protocols.In this paper, we try to initiate an in-depth reflection on this issue, through the comparison of two main federation architecture specifications: SAML and WS-Federation. We firstly propose an overall outline of identity federation. We furthermore address the issue of interoperability for federation architectures using a different federation protocol. Afterwards, we compare SAML and WS-Federation. Eventually, we define the ways of convergence, and therefore, of interoperability

Single sign-on using trusted platforms

Network users today have to remember one username/password pair for every service they are registered with. One solution to the security and usability implications of this situation is Single Sign-On, a mechanism by which the user authenticates only once to an entity termed the ‘Authentication Service Provider’ (ASP) and subsequently uses disparate Service Providers (SPs) without necessarily re-authenticating. The information about the user’s authentication status is handled between the ASP and the desired SP in a manner transparent to the user. This paper demonstrates a method by which the end-user’s computing platform itself plays the role of the ASP. The platform has to be a Trusted Platform conforming to the Trusted Computing Platform Alliance (TCPA) specifications. The relevant TCPA architectural components and security services are described and associated threats are analysed

Pre-Prototype Testing: Empirical Insights on the Expected Usefulness of Decentralized Identity Management Systems

Decentralized identity management systems (IMSs) are envisaged to decrease fraud, enhance users’ privacy and introduce transparency to the rather opaque business with personal data. Given these quite desirable features it is not surprising that many whitepapers discuss the technical feasibility of decentralized IMSs. What is missing, however, is the consideration of actual user requirements and their assessment of the decentralized IMS’s ability to actually protect their privacy. We provide insights on the perceived usability of decentralized IMS features as well as on user concerns and requirements. The result of this study is a trigger for further and iterative usability testing that takes up the insights provided by this study. The result suggests that the usability of decentralized IMSs is not as straightforward as presumed by many companies and that a good deal of work is necessary to identify and implement actual user requirements into a functioning prototype

Using GSM/UMTS for single sign-on

At present, network users have to remember a username and a corresponding password for every service with which they are registered. Single Sign-On (SSO) has been proposed as a solution to the usability, security and management implications of this situation. Under SSO, users authenticate themselves only once to an entity termed the ‘Authentication Service Provider ’ (ASP) and subsequently use disparate Service Providers (SPs) without reauthenticating. The information about the user’s authentication status is handled between the ASP and the desired SP in a manner transparent to the user. In this paper we propose a SSO protocol where a GSM or UMTS operator plays the role of the ASP and by which its subscribers can be authenticated to SPs without any user interaction and in a way that preserves the user’s privacy and mobility. The protocol only requires minimal changes to the deployed GSM infrastructure

A market for trading software issues

The security of software is becoming increasingly important. Open source software forms much of our digital infrastructure. It, however, contains vulnerabilities which have been exploited, attracted public attention, and caused large financial damages. This article proposes a solution to shortcomings in the current economic situation of open source software development. The main idea is to introduce price signals into the peer production of software. This is achieved through a trading market for futures contracts on the status of software issues. Users, who value secure software, gain the possibility to predict outcomes and incentivize work, strengthening collaboration and information sharing in open source software development. The design of such a trading market is discussed and a prototype introduced. The feasibility of the trading market design is corroborated in a proof-of-concept implementation and simulation. Preliminary results show that the implementation works and can be used for future experiments. Several directions for future research result from this article, which contributes to peer production, software development practices, and incentives design