| 1. |
- Al Sabbagh, Bilal, et al.
(författare)
-
A Socio-technical Framework for Threat Modeling a Software Supply Chain
- 2015
-
Ingår i: IEEE Security and Privacy. - 1540-7993 .- 1558-4046. ; 13:4, s. 30-39
-
Tidskriftsartikel (refereegranskat)abstract
- A new framework performs security threat modeling for a global software supply chain. The threat modeling is based on a case study from the Swedish Armed Forces. After a review of current practices and theories for threat modeling of a software supply chain, the authors suggest a socio-technical framework for studying the software supply chain security problem from a systemic viewpoint. The framework addresses issues of modeling the target system, identifying threats, and analyzing countermeasures.
|
|
| 2. |
- Alonso-Fernandez, Fernando, 1978-, et al.
(författare)
-
Quality Measures in Biometric Systems
- 2012
-
Ingår i: IEEE Security and Privacy. - New York, NY : IEEE Computer Society. - 1540-7993 .- 1558-4046. ; 10:6, s. 52-62
-
Tidskriftsartikel (refereegranskat)abstract
- Biometric technology has been increasingly deployed in the last decade, offering greater security and convenience than traditional methods of personal recognition. But although the performance of biometric systems is heavily affected by the quality of biometric signals, prior work on quality evaluation is limited. Quality assessment is a critical issue in the security arena, especially in challenging scenarios (e.g. surveillance cameras, forensics, portable devices or remote access through Internet). Different questions regarding the factors influencing biometric quality and how to overcome them, or the incorporation of quality measures in the context of biometric systems have to be analyzed first. In this paper, a review of the state-of-the-art in these matters is provided, giving an overall framework of the main factors related to the challenges associated with biometric quality.
|
|
| 3. |
- Balliu, Musard, et al.
(författare)
-
Challenges of Producing Software Bill of Materials for Java
- 2023
-
Ingår i: IEEE Security and Privacy. - : Institute of Electrical and Electronics Engineers (IEEE). - 1540-7993 .- 1558-4046. ; 21:6, s. 12-23
-
Tidskriftsartikel (refereegranskat)abstract
- Software bills of materials (SBOMs) promise to become the backbone of software supply chain hardening. We deep-dive into six tools and the SBOMs they produce for complex open source Java projects, revealing challenges regarding the accurate production and usage of SBOMs.
|
|
| 4. |
- Balliu, Musard, et al.
(författare)
-
Securing IoT Apps
- 2019
-
Ingår i: IEEE Security and Privacy. - : IEEE COMPUTER SOC. - 1540-7993 .- 1558-4046. ; 17:5, s. 22-29
-
Tidskriftsartikel (refereegranskat)abstract
- Users increasingly rely on Internet of Things (IoT) apps to manage their digital lives through the overwhelming diversity of IoT services and devices. Are the IoT app platforms doing enough to protect the privacy and security of their users? By securing IoT apps, how can we help users reclaim control over their data?
|
|
| 5. |
|
|
| 6. |
- Dán, György, et al.
(författare)
-
Challenges in Power System Information Security
- 2012
-
Ingår i: IEEE Security and Privacy. - : IEEE Computer Society. - 1540-7993 .- 1558-4046. ; 10:4, s. 62-70
-
Tidskriftsartikel (refereegranskat)abstract
- Achieving all-encompassing component-level security in power system IT infrastructures is difficult, owing to its cost and potential performance implications.
|
|
| 7. |
- Dimitrakakis, Christos, 1975, et al.
(författare)
-
Distance-Bounding Protocols: Are You Close Enough?
- 2015
-
Ingår i: IEEE Security and Privacy. - : Institute of Electrical and Electronics Engineers (IEEE). - 1540-7993 .- 1558-4046. ; 13:4, s. 47-51
-
Tidskriftsartikel (övrigt vetenskapligt/konstnärligt)abstract
- Distance-bounding protocols can offer protection against attacks on access control systems that require users to both verify their credentials and prove their location. However, tradeoffs among accuracy, cost, and privacy are necessary.
|
|
| 8. |
- Eckhart, Matthias, et al.
(författare)
-
Security-Enhancing Digital Twins: Characteristics, Indicators, and Future Perspectives
- 2023
-
Ingår i: IEEE Security and Privacy. - : IEEE COMPUTER SOC. - 1540-7993 .- 1558-4046. ; 21:6, s. 64-75
-
Tidskriftsartikel (refereegranskat)abstract
- The term digital twin (DT) has become a key theme of the cyber-physical systems (CPSs) area while remaining vaguely defined as a virtual replica of an entity. This article identifies DT characteristics essential for enhancing CPS security and discusses indicators to evaluate them.
|
|
| 9. |
- Harding, Patrick, et al.
(författare)
-
Dynamic security assertion markup language : Simplifying single sign-on
- 2008
-
Ingår i: IEEE Security and Privacy. - 1540-7993 .- 1558-4046. ; 6:2, s. 83-85
-
Tidskriftsartikel (refereegranskat)abstract
- Growth in the use of business process outsourcing and collaborative platforms is driving the demand for organizations to selectively share the identity information they maintain about their users with other partners. Widely accepted protocol such as the Security Assertion Markup Language (SAML) are designed to deliver single sign-on (SSO) and other security attributes, but although organizations can gain significant business value by using federated identity management techniques, they continue to face major implementation hurdles (such as wanting to scale from fewer than 10 partners to dozens, hundreds, or even thousands of them). Dynamic SAML takes advantage of security best practices and the exchange of configuration information to minimize the manual steps that administrators must currently perform to configure SAML connections securely. Although it isn't yet possible to completely automate a decision of human trust, dynamic SAML can automate the underlying exchanges to make this decision fast, simple, and secure.
|
|
| 10. |
- Kulyk, Oksana, et al.
(författare)
-
Nothing Comes for Free : How Much Usability Can You Sacrifice for Security?
- 2017
-
Ingår i: IEEE Security and Privacy. - : IEEE. - 1540-7993 .- 1558-4046. ; 15:3, s. 24-29
-
Tidskriftsartikel (refereegranskat)abstract
- Code voting systems differ in security: some ensure either vote secrecy or vote integrity, while others ensure both. However, these systems potentially impair usability, which might negatively affect voters' attitude toward Internet voting. To determine the tradeoff between usability and security in these systems, the authors conduct a pilot user study examining voters in a university elections setting.
|
|
| 11. |
- Liyanage, Madhusanka, et al.
(författare)
-
Opportunities and Challenges of Software-Defined Mobile Networks in Network Security
- 2016
-
Ingår i: IEEE Security and Privacy. - : IEEE COMPUTER SOC. - 1540-7993 .- 1558-4046. ; 14:4, s. 34-44
-
Tidskriftsartikel (refereegranskat)abstract
- To transform rigid and disparate legacy mobile networks into scalable and dynamic ecosystems, software-defined mobile network (SDMN) architecture integrates software-defined networks, network functions virtualization, and cloud computing principles. However, because SDMN architecture separates control and data planes, it can introduce new security challenges.
|
|
| 12. |
- Momen, Nurul, 1988-, et al.
(författare)
-
Did App Privacy Improve After the GDPR?
- 2019
-
Ingår i: IEEE Security and Privacy. - : IEEE. - 1540-7993 .- 1558-4046. ; 17:6, s. 10-20
-
Tidskriftsartikel (refereegranskat)abstract
- In this article, we present an analysis of app behavior before and after the regulatory change in dataprotection in Europe. Our data shows that app privacy has moderately improved after the implementationof the General Data Protection Regulation.In May 2018, stronger regulation of the processingof personal data became law in the EuropeanUnion, known as the General Data Protection Regulation(GDPR).1 The expected effect of the regulation was betterprotection of personal data, increased transparencyof collection and processing, and stronger interventionrights of data subjects, with some authors claiming thatthe GDPR would change the world, or at least that ofdata protection regulation.2 The GDPR had a two-year(2016–2018) implementation period that followedfour years of preparation. At the time of this writing,in November 2019, one and one-half years have passedsince the implementation of GDPR.Has the GDPR had an effect on consumer software?Has the world of code changed too? Did theGDPR have a measurable effect on mobile apps’behavior? How should such a change in behavior bemeasured?In our study, we decided to use two indicators for measurement:Android dangerous permission16 privileges anduser feedback from the Google Play app market. We collecteddata from smartphones with an installed app set formonths before GDPR implementation on 25 May 2018and months after that date.
|
|
| 13. |
- Pallas, Frank, et al.
(författare)
-
Privacy Engineering From Principles to Practice : A Roadmap
- 2024
-
Ingår i: IEEE Security and Privacy. - : Institute of Electrical and Electronics Engineers (IEEE). - 1540-7993 .- 1558-4046. ; 22:2, s. 86-92
-
Tidskriftsartikel (refereegranskat)abstract
- Privacy engineering is gaining momentum in industry and academia alike. So far, manifold low-level primitives and higher-level methods and strategies have successfully been established. Still, fostering adoption in real-world information systems calls for additional aspects to be consciously considered in research and practice.
|
|
| 14. |
- Wang, Xueqin, et al.
(författare)
-
A Socio-Technical Framework for Threat Modeling A Software Supply Chain
- 2013
-
Ingår i: The 2013 Dewald Roode Workshop on Information Systems Security Research, IFIP WG8.11/WG11.13. - : International Federation for Information Processing.
-
Konferensbidrag (refereegranskat)abstract
- In this paper we suggest a possible threat modeling approach for software supply chain. A Socio-technical approach is discussed and applied for modeling software supply chain security based on a case study of Swedish armed forces (SWAF). First we review current practices and theories for threat modeling of software supply chain. Then we suggest the application of a socio-technical framework for studying software supply chain security problem from a systemic viewpoint. Afterward we propose a step-by-step approach for threat modeling including modeling the target system, identifying threats and analyzing countermeasures. We also present a Delphi groups validation of the socio-technical framework.
|
|
| 15. |
- Hargeby, Anders, et al.
(författare)
-
Habitat-specific pigmentation in a freshwater isopod : Adaptive evolution over a small spatiotemporal scale
- 2004
-
Ingår i: Evolution. - : Wiley. - 0014-3820 .- 1558-5646. ; 58:1, s. 81-94
-
Tidskriftsartikel (refereegranskat)abstract
- Pigmentation in the freshwater isopod Asellus aquaticus (Crustacea) differed between habitats in two Swedish lakes. In both lakes, isopods had lighter pigmentation in stands of submerged vegetation, consisting of stoneworts (Chara spp.), than in nearby stands of reed (Phragmites australis). Experimental crossings of light and dark isopods in a common environment showed that pigmentation had a genetic basis and that genetic variance was additive. Environmental effects of diet or chromatophore adjustment to the background had minor influence on pigmentation, as shown by laboratory rearing of isopods on stonewort or reed substrates, as well as analyses of stable isotope ratios for isopods collected in the field. In both study lakes, the average phenotype became lighter with time (across generations) in recently established stonewort stands. Taken together, these results indicate that altered phenotype pigmentation result from evolutionary responses to local differences in natural selection. Based on the assumption of two generations per year, the evolutionary rate of change in pigmentationwas 0.08 standard deviations per generation (haldanes) over 20 generations in one lake and 0.22 haldanes over two generations in the other lake. This genetic change occurred during an episode of population growth in a novel habitat, a situation known to promote adaptive evolution. In addition, stonewort stands constitute large and persistent patches, characteristics that tend to preserve local adaptations produced by natural selection. Results from studies on selective forces behind the adaptivedivergence suggest that selective predation from visually oriented predators is a possible selective agent. We found no indications of phenotype-specificmovements between habitats. Mating within stonewort stands was random with respect to pigmentation, but on a whole-lake scale it is likely that mating is assortative, as a result of local differences in phenotype distribution.
|
|
