Stressing Security Requirements: Exploiting the Flaw Hypothesis Method with Deviational Techniques

Security Analysis with Deviational Techniques

Private Key based query on encrypted data

Nowadays, users of information systems have inclination to use a central server to decrease data transferring and maintenance costs. Since such a system is not so trustworthy, users' data usually upkeeps encrypted. However, encryption is not a nostrum for security problems and cannot guarantee the data security. In other words, there are some techniques that can endanger security of encrypted d...

Deviational Analyses for Validating Regulations on Real Systems

Deviational analysis is a traditional way of exploring the safety of systems. The results of deviational analysis contribute to traditional safety cases and safety arguments. We extend deviational analysis to other aspects of dependability, notably security. We discuss how the evidence of deviational analysis can contribute to the validation of regulations, in the sense of their application of ...

Security Assessment of IP-based Networks: A Holistic Approach

This paper deals with network security assessment. We discuss currently available network security assessment tools and provide a categorization of their limitations. We revisit the methodology that the tools are based on, the flaw-hypothesis testing methodology. We then discuss the application of the methodology to network security assessment and discuss what is necessary to augment current ne...

Teaching Security Engineering Principles

The design and construction of secure systems cannot be entirely captured in textbooks or class notes, but must be taught as an art which is learned through apprenticeship and practice. This paper describes a course in Secure Systems that uses the Flaw Hypothesis Methodology for penetration testing as a vehicle for motivating and teaching students fundamental principles of security