There is a need for assessing the security of smart cards by an independent third party, specially if multi-application smart cards become reality. Intuitively, the methods to obtain this could be derived from the computer industry where security evaluation already is commonplace, but because of the special properties of smart cards, this seems very difficult. The article discusses the problems...

This article presents an overview of our proposed Security Management Model (SMM) for large scale dynamic systems. The goal of the SMM is to offer a simplified view of the overall system by taking into consideration the relevant data for the evaluation of the security assurance. A new thin infrastructure composed of the data/information relevant to the security evaluation of the system and serv...

The Common Criteria (CC) for Information Technology Security Evaluation provides comprehensive guidelines for the evaluation and certification of IT security regarding data security and data privacy. Due to the very complex and time-consuming certification process a lot of companies abstain from a CC certification. We created the CC Ontology tool, which is based on an ontological representation...

The largest feature of environmental issue in the current society is its unpredictability. Under such a circumstance, what does environmental security mean to human being? Security is not only evaluation on an objective fact, but more an outcome of people’s subjective construction. TO focus on how people’s subjective elements get involved in the environmental issue and on evaluation on the subj...

We propose a comparative performance evaluation method for security protocols. We start by constructing a security protocol model where we assign a cost functions for each cryptographic operation. For each class of cryptographic operations (e.g. symmetric encryption, asymmetric decryption), we construct a polynomial function based on an exhaustive performance evaluation of cryptographic combina...

This paper examines some questions concerning commercial computer security integrity policies. We give an example of a dynamic separation of duty policy which cannot be implemented by TCSEC based mechanisms alone, yet occurs in the real commercial world, and can be implemented efficiently in practice. We examine and describe a commercial computer security product in wide use for ensuring the in...

Threats to information security are proliferating rapidly, placing demanding requirements on protecting tangible and intangible business and individual assets. Biometrics can improve security by replacing or complementing traditional security technologies. This tutorial discusses the strengths and weaknesses of biometrics and traditional security approaches, current and future applications of b...

Programmers use security APIs to embed security into the applications they develop. Security vulnerabilities get introduced into those applications, due to the usability issues that exist in the security APIs. Improving usability of security APIs would contribute to improve the security of applications that programmers develop. However, currently there is no methodology to evaluate the usabilit...

Currently, a series of ecological environmental problems have been brought about by high-intensity intervention of human beings, and ecological security is regarded as one of the most important national survival strategies. A methodology of urban eco-security evaluation has been introduced, including a conceptual framework of pressure-state-response (PSR) model, setting-up of the indicator syst...

Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially imp...