Uncovering Assumptions in Information Security
نویسندگان
چکیده
The design and implementation of security is based upon many assumptions. This paper discusses the need for students to learn to question assumptions, and in so doing identify unrealistic or incorrect assumptions and any associated policies. More realistic assumptions can then made and/or procedures implemented to protect against violation of the assumptions. A number of examples in the context of teaching computer security are discussed and some methods of teaching awareness of assumptions presented.
منابع مشابه
Automated Formulation of Security Goals under the Inductive Approach∗
The inductive approach [1] has been successfully used for verifying a number of security protocols, uncovering hidden assumptions and even attacks. Yet it requires a high level of skill to use: a user must guide the proof process, selecting the tactic to be applied, inventing a key lemma, etc. Proofs are both onerous and cumbersome. To compound the problem, security guarantees are not built int...
متن کاملIdentifying and Measuring Security Critical Path for Uncovering Circuit Vulnerabilities
Hardware is an increasingly attractive attack surface since it controls low-level access to critical resources like cryptographic keys, personally identifiable information, and firmware. Unfortunately, it is difficult to assess the security vulnerabilities of a hardware design, which is a consequence of too few hardware security design tools and metrics. In this work, we describe important secu...
متن کاملA Sociological Definition and Categorization of Information Ethics
Background and Aim: This paper aims at the analysis of the definitions and categorizations of the realm of “Information Ethics” to criticize assumptions and clarify points of departure for introducing a new definition and categorization. Method: I used documentary research method and conceptual analysis approach. This method and approach is the best fits with the goal of pursuit roots of social...
متن کاملSecure and Private Auctions without Auctioneers
Security and privacy have become crucial factors in auction design. Various schemes to ensure the safe conduction of sealed-bid auctions have been proposed recently. We introduce a new standard of security for auctions (“full privacy”), that prevents extraction of bid information despite any collusion of participants. This requirement is stronger than other common assumptions that prohibit the ...
متن کاملExplicating SDKs: Uncovering Assumptions Underlying Secure Authentication and Authorization
Most modern applications are empowered by online services, so application developers frequently implement authentication and authorization. Major online providers, such as Facebook and Microsoft, provide SDKs for incorporating authentication services. This paper considers whether those SDKs enable typical developers to build secure apps. Our work focuses on systematically explicating implicit a...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2005