49,245 research outputs found
Model-Based Security Testing
Security testing aims at validating software system requirements related to
security properties like confidentiality, integrity, authentication,
authorization, availability, and non-repudiation. Although security testing
techniques are available for many years, there has been little approaches that
allow for specification of test cases at a higher level of abstraction, for
enabling guidance on test identification and specification as well as for
automated test generation.
Model-based security testing (MBST) is a relatively new field and especially
dedicated to the systematic and efficient specification and documentation of
security test objectives, security test cases and test suites, as well as to
their automated or semi-automated generation. In particular, the combination of
security modelling and test generation approaches is still a challenge in
research and of high interest for industrial applications. MBST includes e.g.
security functional testing, model-based fuzzing, risk- and threat-oriented
testing, and the usage of security test patterns. This paper provides a survey
on MBST techniques and the related models as well as samples of new methods and
tools that are under development in the European ITEA2-project DIAMONDS.Comment: In Proceedings MBT 2012, arXiv:1202.582
Impact assessment for vulnerabilities in open-source software libraries
Software applications integrate more and more open-source software (OSS) to
benefit from code reuse. As a drawback, each vulnerability discovered in
bundled OSS potentially affects the application. Upon the disclosure of every
new vulnerability, the application vendor has to decide whether it is
exploitable in his particular usage context, hence, whether users require an
urgent application patch containing a non-vulnerable version of the OSS.
Current decision making is mostly based on high-level vulnerability
descriptions and expert knowledge, thus, effort intense and error prone. This
paper proposes a pragmatic approach to facilitate the impact assessment,
describes a proof-of-concept for Java, and examines one example vulnerability
as case study. The approach is independent from specific kinds of
vulnerabilities or programming languages and can deliver immediate results
Recommended from our members
Evaluating the resilience and security of boundaryless, evolving socio-technical Systems of Systems
Management information systems in social safety net programs : a look at accountability and control mechanisms
This paper is intended to provide task managers and World Bank Group clients working on Social Safety Net (SSN) programs with practical and systematic ways to use information management practices to mitigate risks by strengthening control and accountability mechanisms. It lays out practices and options to consider in the design and implementation of the Management Information System (MIS), and how to evaluate and mitigate operational risks originating from running a MIS. The findings of the paper are based on the review of several Conditional Cash Transfer (CCT) programs in the Latin American Region and various World Bank publications on CCTs. The paper presents a framework for the implementation of MIS and cross-cutting information management systems that is based on industry standards and information management practices. This framework can be applied both to programs that make use of information and communications technology (ICT) and programs that are paper based. It includes examples of MIS practices that can strengthen control and accountability mechanisms of SSN programs, and presents a roadmap for the design and implementation of an MIS in these programs. The application of the framework is illustrated through case studies from three fictitious countries. The paper concludes with some considerations and recommendations for task managers and government officials in charge of implementing CCTs and other safety nets program, and with a checklist for the implementation and monitoring of MIS.E-Business,Technology Industry,Education for Development (superceded),Labor Policies,Knowledge Economy
Patterns of information security postures for socio-technical systems and systems-of-systems
This paper describes a proposal to develop patterns
of security postures for computer based socio-technical systems and systems-of-systems. Such systems typically span many organisational boundaries, integrating multiple computer systems, infrastructures and organisational processes. The paper describes the motivation for the proposed work, and our approach to the development, specification, integration and validation of security patterns for socio-technical and system-of-system scale systems
Recommended from our members
The organizational social context of mental health services and clinician attitudes toward evidence-based practice: a United States national study.
UnlabelledABSTBACKGROUND: Evidence-based practices have not been routinely adopted in community mental health organizations despite the support of scientific evidence and in some cases even legislative or regulatory action. We examined the association of clinician attitudes toward evidence-based practice with organizational culture, climate, and other characteristics in a nationally representative sample of mental health organizations in the United States.MethodsIn-person, group-administered surveys were conducted with a sample of 1,112 mental health service providers in a nationwide sample of 100 mental health service institutions in 26 states in the United States. The study examines these associations with a two-level Hierarchical Linear Modeling (HLM) analysis of responses to the Evidence-Based Practice Attitude Scale (EBPAS) at the individual clinician level as a function of the Organizational Social Context (OSC) measure at the organizational level, controlling for other organization and clinician characteristics.ResultsWe found that more proficient organizational cultures and more engaged and less stressful organizational climates were associated with positive clinician attitudes toward adopting evidence-based practice.ConclusionsThe findings suggest that organizational intervention strategies for improving the organizational social context of mental health services may contribute to the success of evidence-based practice dissemination and implementation efforts by influencing clinician attitudes
- …