Towards systematic software security hardening
Author : Marc-André Laverdière-Papineau
Publisher : Marc-André Laverdière
Page : 129 pages
File Size : 48,90 MB
Release : 2008
Category :
ISBN : 049434444X
Author : Marc-André Laverdière-Papineau
Publisher : Marc-André Laverdière
Page : 129 pages
File Size : 48,90 MB
Release : 2008
Category :
ISBN : 049434444X
Author : Joaquim Filipe
Publisher : Springer Science & Business Media
Page : 408 pages
File Size : 36,65 MB
Release : 2008-11-02
Category : Computers
ISBN : 3540886532
This book contains the best papers of the 4th International Conference on E-business and Telecommunications (ICETE), which was held during July 28–31, 2007 in Barcelona, Spain. The conference reflects a continuing effort to increase the dissemination of recent research results among professionals who work in the areas of e-business and telecommunications. ICETE is a joint international conf- ence integrating four major areas of knowledge that are divided into four cor- sponding conferences: ICE-B (International Conference on e-Business), SECRYPT (International Conference on Security and Cryptography), WINSYS (International Conference on Wireless Information Systems) and SIGMAP (International Conf- ence on Signal Processing and Multimedia). The program of this joint conference included several outstanding keynote lectures presented by internationally renowned distinguished researchers who are experts in the various ICETE areas. Their keynote speeches contributed to the ov- all quality of the program and heightened the significance of the theme of the conference. The conference topic areas define a broad spectrum in the key areas of- business and telecommunications. This wide view has made it appealing to a global audience of engineers, scientists, business practitioners and policy experts. The papers accepted and presented at the conference demonstrated a number of new and innovative solutions for e-business and telecommunication networks and systems, showing that the technical problems in these fields are challenging, related and significant.
Author : Djedjiga Mouheb
Publisher : Springer
Page : 247 pages
File Size : 22,99 MB
Release : 2015-04-22
Category : Computers
ISBN : 3319161067
This book comprehensively presents a novel approach to the systematic security hardening of software design models expressed in the standard UML language. It combines model-driven engineering and the aspect-oriented paradigm to integrate security practices into the early phases of the software development process. To this end, a UML profile has been developed for the specification of security hardening aspects on UML diagrams. In addition, a weaving framework, with the underlying theoretical foundations, has been designed for the systematic injection of security aspects into UML models. The work is organized as follows: chapter 1 presents an introduction to software security, model-driven engineering, UML and aspect-oriented technologies. Chapters 2 and 3 provide an overview of UML language and the main concepts of aspect-oriented modeling (AOM) respectively. Chapter 4 explores the area of model-driven architecture with a focus on model transformations. The main approaches that are adopted in the literature for security specification and hardening are presented in chapter 5. After these more general presentations, chapter 6 introduces the AOM profile for security aspects specification. Afterwards, chapter 7 details the design and the implementation of the security weaving framework, including several real-life case studies to illustrate its applicability. Chapter 8 elaborates an operational semantics for the matching/weaving processes in activity diagrams, while chapters 9 and 10 present a denotational semantics for aspect matching and weaving in executable models following a continuation-passing style. Finally, a summary and evaluation of the work presented are provided in chapter 11. The book will benefit researchers in academia and industry as well as students interested in learning about recent research advances in the field of software security engineering.
Author : Sandro Etalle
Publisher : Springer Science & Business Media
Page : 425 pages
File Size : 28,74 MB
Release : 2007-07-30
Category : Computers
ISBN : 0387736549
This volume contains the proceedings of the IFIPTM 2007, the Joint iTrust and PST Conferences on Privacy, Trust Management and Security, held in Moncton, New Brunswick, Canada, in 2007. The annual iTrust international conference looks at trust from multidisciplinary perspectives: economic, legal, psychology, philosophy, sociology as well as information technology. This volume, therefore, presents the most up-to-date research on privacy, security, and trust management.
Author : Hamido Fujita
Publisher : IOS Press
Page : 640 pages
File Size : 17,62 MB
Release : 2009
Category : Computers
ISBN : 1607500493
"Papers presented at the Eighth International Conference on New Trends in Software Methodologies, Tools and Techniques, (SoMeT 09) held in Prague, Czech Republic ... from September 23rd to 25th 2009."--P. v.
Author : Lotfi ben Othmane
Publisher : CRC Press
Page : 216 pages
File Size : 21,2 MB
Release : 2017-11-28
Category : Computers
ISBN : 1351650882
Developing secure software requires the integration of numerous methods and tools into the development process, and software design is based on shared expert knowledge, claims, and opinions. Empirical methods, including data analytics, allow extracting knowledge and insights from the data that organizations collect from their processes and tools, and from the opinions of the experts who practice these processes and methods. This book introduces the reader to the fundamentals of empirical research methods, and demonstrates how these methods can be used to hone a secure software development lifecycle based on empirical data and published best practices.
Author : IAEA
Publisher : International Atomic Energy Agency
Page : 152 pages
File Size : 33,6 MB
Release : 2021-10-06
Category : Technology & Engineering
ISBN : 9201237200
This revision provides guidance on how to establish or improve, develop, implement, maintain, and sustain computer security within nuclear facilities. This publication addresses the use of risk informed approaches to establish and enhance computer security policies, programmes; it describes the integration of computer security into the management system of a facility; establishes a systematic approach to identifying facility functions and appropriate computer security measures that protect sensitive digital assets and the facility from the consequence of cyber-attacks consistent with the threat assessment or design basis threat.
Author : Ed Moyle
Publisher : Packt Publishing Ltd
Page : 418 pages
File Size : 44,37 MB
Release : 2020-11-20
Category : Computers
ISBN : 1838982191
Plan and design robust security architectures to secure your organization's technology landscape and the applications you develop Key Features Leverage practical use cases to successfully architect complex security structures Learn risk assessment methodologies for the cloud, networks, and connected devices Understand cybersecurity architecture to implement effective solutions in medium-to-large enterprises Book DescriptionCybersecurity architects work with others to develop a comprehensive understanding of the business' requirements. They work with stakeholders to plan designs that are implementable, goal-based, and in keeping with the governance strategy of the organization. With this book, you'll explore the fundamentals of cybersecurity architecture: addressing and mitigating risks, designing secure solutions, and communicating with others about security designs. The book outlines strategies that will help you work with execution teams to make your vision a concrete reality, along with covering ways to keep designs relevant over time through ongoing monitoring, maintenance, and continuous improvement. As you progress, you'll also learn about recognized frameworks for building robust designs as well as strategies that you can adopt to create your own designs. By the end of this book, you will have the skills you need to be able to architect solutions with robust security components for your organization, whether they are infrastructure solutions, application solutions, or others.What you will learn Explore ways to create your own architectures and analyze those from others Understand strategies for creating architectures for environments and applications Discover approaches to documentation using repeatable approaches and tools Delve into communication techniques for designs, goals, and requirements Focus on implementation strategies for designs that help reduce risk Become well-versed with methods to apply architectural discipline to your organization Who this book is for If you are involved in the process of implementing, planning, operating, or maintaining cybersecurity in an organization, then this security book is for you. This includes security practitioners, technology governance practitioners, systems auditors, and software developers invested in keeping their organizations secure. If you’re new to cybersecurity architecture, the book takes you through the process step by step; for those who already work in the field and have some experience, the book presents strategies and techniques that will help them develop their skills further.
Author : Tiziana Margaria
Publisher : Springer Nature
Page : 339 pages
File Size : 49,70 MB
Release :
Category :
ISBN : 3031753879
Author : Javier Lopez
Publisher : Springer
Page : 573 pages
File Size : 25,31 MB
Release : 2015-04-08
Category : Computers
ISBN : 3319175335
This book constitutes the proceedings of the 11th International Conference on Information Security Practice and Experience, ISPEC 2015, held in Beijing China, in May 2015. The 38 papers presented in this volume were carefully reviewed and selected from 117 submissions. The regular papers are organized in topical sections named: system security, stream cipher, analysis, key exchange protocol, elliptic curve cryptography, authentication, attribute-based encryption, mobile security, theory, implementation, privacy and indistinguishability.