Implementing Multiple Channels over SSL
Multiple-Channel SSL (MC-SSL) is our model and protocol for the security of client-server communication. In contrast to SSL, MC-SSL can securely provide applications with multiple channels, and each of...
View ArticleImproving Practical Security Engineering: Overview of the Ongoing Research
Security engineering is about creating viable solutions to real-world security problems-solutions that would address the requirements, be cost-effective, competitive, and yet be subject to the...
View ArticleIntroduction to Cryptography, Part I: Probabilistic Encryption
Outline: - Why do we need probabilistic encryption? - The idea behind - Optimized algorithm - Drawbacks
View ArticleIntroduction to Cryptography, Part II
Outline: - Probabilistic encryption -- Average Case Computational Di culty and the Worst Case Di culty - Identity-Based Public-Key Cryptography - Fair Coin Flipping Using Public-Key Cryptography - Fair...
View ArticleIssues in the Security Architecture of the Computerized Patient Record...
We discuss issues in CPR enterprise security architecture. The main goal is to provide a security environment where a user will be viewed the same across all enterprise systems, and access control...
View ArticleIssues in the Security Architecture of the Computerized Patient Record...
We discuss issues in CPR enterprise security architecture. The main goal is to provide a security environment where a user will be viewed the same across all enterprise systems, and access control...
View ArticleIssues in the Security Architecture of the Computerized Patient Record...
We discuss issues in CPR enterprise security architecture. The main goal is to provide a security environment where a user will be viewed the same across all enterprise systems, and access control...
View ArticleJAMES: Junk Authorizations for Massive-scale Enterprise Services
The request-response paradigm used for distributed access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the...
View ArticleKOZEL: Kernel Organization Zappy Environment for Linux
This report describes application domain, design and usage of Kernel Organization Zappy Environment for Linux (KOZEL, pronounced “kozz’jol”) developed during a term project for Expert Systems cource...
View ArticleMastering Web Services Security
We present material on how to use the architectures and technologies and how to understand the specifications that are available to build a secure Web Services system. Since this technology is rapidly...
View ArticleMethod and System for Authorization and Access to Protected Resources
The present invention relates to the access of data resources using a Resource Access Decision Facility (RAD), preferably a CORBA RAD. More particularly, embodiments of the present invention provide...
View ArticleMiddleware and Web Services Security
Challenges of designing secure distributed applications are due to distribution, scale and object orientation. We will discuss the functionalities and capabilities of the security mechanisms of today...
View ArticleMiddleware and Web Services Security Mechanisms
Learning objectives: Gain a working knowledge of the security mechanisms of current Middleware and Web Services technologies. Overview: Challenges of designing secure distributed applications are due...
View ArticleObject Security Attributes: Enabling Application-specific Access Control in...
This paper makes two primary contributions toward establishing support for application-specific factors in middleware security mechanisms. First, it develops a simple classification framework for...
View ArticleObject Security Attributes: Enabling Application-specific Access Control in...
This presentation makes two primary contributions toward establishing support for application-specific factors in middleware security mechanisms. First, it develops a simple classification framework...
View ArticleOfficial Requirements and Recommendations from Various Organizations on...
This report describes recommendations and official requirements from various organizations that guide architecture of CPR security at BHSSF.
View ArticleOn the Benefits of Decomposing Policy Engines into Components
In order for middleware systems to be adaptive, their properties and services need to support a wide variety of application-specific policies. However, application developers and administrators should...
View ArticleOverview of CORBA Security
Outline: • Introduction into computer security • Security in OO systems • CORBA security model overview • Application access control in CORBA • Resource Access Decision Facility • Further Information
View ArticleOverview of Reference Model of Open Distributed Processing (RM-ODP)
Outline: - Why Languages for Enterprises? - Introduction - RM-ODP goal - What it de nes - Viewpoints - Modeling in RM-ODP - Languages - Analysis of RM-ODP - Summary - Additional Information
View ArticlePerformance Considerations for a CORBA-based Application Authorization Service
Resource Access Decision (RAD) Service allows separation of authorization from application functionality in distributed application systems by providing a logically centralized authorization control...
View Article
