| 1. |
- Al Sabbagh, Bilal, et al.
(författare)
-
A Socio-technical Framework for Threat Modeling a Software Supply Chain
- 2015
-
Ingår i: IEEE Security and Privacy. - 1540-7993 .- 1558-4046. ; 13:4, s. 30-39
-
Tidskriftsartikel (refereegranskat)abstract
- A new framework performs security threat modeling for a global software supply chain. The threat modeling is based on a case study from the Swedish Armed Forces. After a review of current practices and theories for threat modeling of a software supply chain, the authors suggest a socio-technical framework for studying the software supply chain security problem from a systemic viewpoint. The framework addresses issues of modeling the target system, identifying threats, and analyzing countermeasures.
|
|
| 2. |
- Alonso-Fernandez, Fernando, 1978-, et al.
(författare)
-
Quality Measures in Biometric Systems
- 2012
-
Ingår i: IEEE Security and Privacy. - New York, NY : IEEE Computer Society. - 1540-7993 .- 1558-4046. ; 10:6, s. 52-62
-
Tidskriftsartikel (refereegranskat)abstract
- Biometric technology has been increasingly deployed in the last decade, offering greater security and convenience than traditional methods of personal recognition. But although the performance of biometric systems is heavily affected by the quality of biometric signals, prior work on quality evaluation is limited. Quality assessment is a critical issue in the security arena, especially in challenging scenarios (e.g. surveillance cameras, forensics, portable devices or remote access through Internet). Different questions regarding the factors influencing biometric quality and how to overcome them, or the incorporation of quality measures in the context of biometric systems have to be analyzed first. In this paper, a review of the state-of-the-art in these matters is provided, giving an overall framework of the main factors related to the challenges associated with biometric quality.
|
|
| 3. |
- Balliu, Musard, et al.
(författare)
-
Challenges of Producing Software Bill of Materials for Java
- 2023
-
Ingår i: IEEE Security and Privacy. - : Institute of Electrical and Electronics Engineers (IEEE). - 1540-7993 .- 1558-4046. ; 21:6, s. 12-23
-
Tidskriftsartikel (refereegranskat)abstract
- Software bills of materials (SBOMs) promise to become the backbone of software supply chain hardening. We deep-dive into six tools and the SBOMs they produce for complex open source Java projects, revealing challenges regarding the accurate production and usage of SBOMs.
|
|
| 4. |
- Balliu, Musard, et al.
(författare)
-
Securing IoT Apps
- 2019
-
Ingår i: IEEE Security and Privacy. - : IEEE COMPUTER SOC. - 1540-7993 .- 1558-4046. ; 17:5, s. 22-29
-
Tidskriftsartikel (refereegranskat)abstract
- Users increasingly rely on Internet of Things (IoT) apps to manage their digital lives through the overwhelming diversity of IoT services and devices. Are the IoT app platforms doing enough to protect the privacy and security of their users? By securing IoT apps, how can we help users reclaim control over their data?
|
|
| 5. |
|
|
| 6. |
- Dán, György, et al.
(författare)
-
Challenges in Power System Information Security
- 2012
-
Ingår i: IEEE Security and Privacy. - : IEEE Computer Society. - 1540-7993 .- 1558-4046. ; 10:4, s. 62-70
-
Tidskriftsartikel (refereegranskat)abstract
- Achieving all-encompassing component-level security in power system IT infrastructures is difficult, owing to its cost and potential performance implications.
|
|
| 7. |
- Dimitrakakis, Christos, 1975, et al.
(författare)
-
Distance-Bounding Protocols: Are You Close Enough?
- 2015
-
Ingår i: IEEE Security and Privacy. - : Institute of Electrical and Electronics Engineers (IEEE). - 1540-7993 .- 1558-4046. ; 13:4, s. 47-51
-
Tidskriftsartikel (övrigt vetenskapligt/konstnärligt)abstract
- Distance-bounding protocols can offer protection against attacks on access control systems that require users to both verify their credentials and prove their location. However, tradeoffs among accuracy, cost, and privacy are necessary.
|
|
| 8. |
- Eckhart, Matthias, et al.
(författare)
-
Security-Enhancing Digital Twins: Characteristics, Indicators, and Future Perspectives
- 2023
-
Ingår i: IEEE Security and Privacy. - : IEEE COMPUTER SOC. - 1540-7993 .- 1558-4046. ; 21:6, s. 64-75
-
Tidskriftsartikel (refereegranskat)abstract
- The term digital twin (DT) has become a key theme of the cyber-physical systems (CPSs) area while remaining vaguely defined as a virtual replica of an entity. This article identifies DT characteristics essential for enhancing CPS security and discusses indicators to evaluate them.
|
|
| 9. |
- Harding, Patrick, et al.
(författare)
-
Dynamic security assertion markup language : Simplifying single sign-on
- 2008
-
Ingår i: IEEE Security and Privacy. - 1540-7993 .- 1558-4046. ; 6:2, s. 83-85
-
Tidskriftsartikel (refereegranskat)abstract
- Growth in the use of business process outsourcing and collaborative platforms is driving the demand for organizations to selectively share the identity information they maintain about their users with other partners. Widely accepted protocol such as the Security Assertion Markup Language (SAML) are designed to deliver single sign-on (SSO) and other security attributes, but although organizations can gain significant business value by using federated identity management techniques, they continue to face major implementation hurdles (such as wanting to scale from fewer than 10 partners to dozens, hundreds, or even thousands of them). Dynamic SAML takes advantage of security best practices and the exchange of configuration information to minimize the manual steps that administrators must currently perform to configure SAML connections securely. Although it isn't yet possible to completely automate a decision of human trust, dynamic SAML can automate the underlying exchanges to make this decision fast, simple, and secure.
|
|
| 10. |
- Kulyk, Oksana, et al.
(författare)
-
Nothing Comes for Free : How Much Usability Can You Sacrifice for Security?
- 2017
-
Ingår i: IEEE Security and Privacy. - : IEEE. - 1540-7993 .- 1558-4046. ; 15:3, s. 24-29
-
Tidskriftsartikel (refereegranskat)abstract
- Code voting systems differ in security: some ensure either vote secrecy or vote integrity, while others ensure both. However, these systems potentially impair usability, which might negatively affect voters' attitude toward Internet voting. To determine the tradeoff between usability and security in these systems, the authors conduct a pilot user study examining voters in a university elections setting.
|
|
