Quantcast
Channel: Publications of the Laboratory for Education and Research in Secure Systems Engineering (LERSSE)
Browsing latest articles
Browse All 25 View Live

Experience Report: Design and Implementation of a Component-Based Protection...

This report reflects, from a software engineering perspective, on the experience of designing and implementing protection mechanisms for ASP.NET Web services. The limitations of Microsoft ASP.NET...

View Article



A Design of An Authorization Service

Outline: • CORBA security model • What CORBA Access Model does[ not] Cover • Healthcare Resource Access Control (H-RAC) high level view • Authorization Service framework design details

View Article

A Resource Access Decision Service for CORBA-based Distributed Systems

Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent from a particular access control policy and from factors that are...

View Article

Supporting end-to-end Security Across Proxies with Multiple-Channel SSL

Security system architecture governs the composition of components in security systems and interactions between them. It plays a central role in the design of software security systems that ensure...

View Article

An Overview of The Ongoing Research at LERSSE

This presentation provides an overview of the research projects undergoing at the Laboratory for Education and Research in Secure Systems Engineering (LERSSE).

View Article


Applicability of CORBA Security to the Healthcare Problem Domain

This paper suggests directions OMG Healthcare Domain Task Force (CORBAmed) could take in proposing OMG standards related to security in the healthcare vertical domain. The ideas are based on the...

View Article

Applying Aspect-Orientation in Designing Security Systems: A Case Study

As a security policy model evolves, the design of security systems using that model could become increasingly complicated. It is necessary to come up with an approach to guide the development, reuse...

View Article

Architectural Separation of Authorization and Application Logic in...

Security is an essential feature and foremost concern to enterprise software systems. Today, application-level access control (and other security) functions are based on complex, fine-grain and/or...

View Article


Architecture-Centered Composition of Adaptive and Dependable Enterprise...

Security is an essential feature and foremost concern to enterprise software systems. Today, application-level security functions, e.g. access control based on complex, fine-grain and/or context...

View Article


Attribute Function: an Enabler for Effective Inexpensive Application-specific...

Security is an essential feature and foremost concern to Internet and enterprise distributed software applications. However, the adoption of secure distributed applications by commercial and government...

View Article

CORBAmed Security White Paper

The issue of security in healthcare has been discussed from a variety of perspectives at many CORBAmed meetings. This report focuses on the practical topic of how CORBAmed RFPs for services can go...

View Article

CPR Security CORBA-based Security and Intranet Services

Intranet information services based on such technologies as WWW will continue to grow. Not every intranet service is and will be based on CORBA architecture. Some will continue to utilize plain...

View Article

Design

Learning objectives: * understand the principles of engineering secure systems. * make effective use of security constructs provided by current technologies. * trade off security against useability...

View Article


Design and Implementation of Resource Access Decision Server

Decoupling authorization decision logic enables implementation of complex and consistent access control policies across heterogeneous systems. However, this is difficult, if not impossible to implement...

View Article

Engineering Access Control for Distributed Enterprise Applications

Access control (AC) is a necessary defense against a large variety of security attacks on the resources of distributed enterprise applications. However, to be effective, AC in some application domains...

View Article


Engineering Application-level Access Control in Distributed Systems

This chapter discusses issues of engineering access control solutions in distributed applications for enterprise computing environments. It reviews application-level access control available in...

View Article

Enterprise Security with EJB™ and CORBA®

This book shows you how to apply enterprise security integration (ESI) to secure your enterprise from end-to-end, using theory, examples, and practical advice. We present material on how to use the...

View Article


Experience Report: Design and Implementation of a Component-Based Protection...

This presentation reflects, from a software engineering perspective, on the experience of designing and implementing protection mechanisms for ASP.NET Web services. The limitations of Microsoft ASP.NET...

View Article

eXtreme Security Engineering: On Employing XP Practices to Achieve “Good...

This paper examines practices of eXtreme Programming (XP) on the subject of their application to the development of security solutions. We introduce eXtreme Security Engineering (XSE), an application...

View Article

eXtreme Security Engineering: On Employing XP Practices to Achieve “Good...

This presentation examines practices of eXtreme Programming (XP) on the subject of their application to the development of security solutions. We introduce eXtreme Security Engineering (XSE), an...

View Article

Flooding and Recycling Authorizations

The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the authorization servers...

View Article


Here’s Your Lego™ Security Kit: How to Give Developers All Protection...

By presenting a protection architecture for ASP.NET Web services, this paper demonstrates the feasibility of creating middleware mechanisms in the form of composable, flexible, and extensible building...

View Article


Improving Practical Security Engineering: Overview of the Ongoing Research

Security engineering is about creating viable solutions to real-world security problems-solutions that would address the requirements, be cost-effective, competitive, and yet be subject to the...

View Article

Issues in the Security Architecture of the Computerized Patient Record...

We discuss issues in CPR enterprise security architecture. The main goal is to provide a security environment where a user will be viewed the same across all enterprise systems, and access control...

View Article

Issues in the Security Architecture of the Computerized Patient Record...

We discuss issues in CPR enterprise security architecture. The main goal is to provide a security environment where a user will be viewed the same across all enterprise systems, and access control...

View Article

Browsing latest articles
Browse All 25 View Live


Latest Images