Stanford Linear Accelerator Center (SLAC) was faced with the need to secure its PeopleSoftOracle business system in an academic environment that has no firewall. To provide protected access to the database servers for NT-based users all over the site while not hindering the lab’s open connectivity with the Internet, we implemented a pseudo three-tier architecture for PeopleSoft with Windows Ter...

nels in the future. Furthermore, teleservices process more Emerging telecommunication services use, store, or transmit sensitive personal data to form individual network services. We suggest an add-on approach to realize secure telecommunication services which saves the huge investments into existing network infrastructure of the ISDN. This is done by adding trusted runtime environments that co...

Managing security is essential for organizations doing business in a globally networked environment and for organizations that are at the same time seeking to achieve their missions and goals. However, numerous technical advancements do not always produce a more secure environment. All kinds of human factors can deeply affect the management of security in an organizational context. Therefore, s...

Systems security engineering (SSE) is a complex, manually intensive process, with implications for cost, time required, and repeatability/reproducibility. This paper describes BluGen, an analytic framework that generates risk plots and recommends prioritized mitigations for a target mission/system environment based on a stated level of threat and risk tolerance. The goal is to give working syst...

With the advancement of technology, communications today should be secured by secret session key. A password-authenticated key agreement method is an interactive password based method to establish secret session keys. A number of protocols for Password based Authentication and Key Exchange (PAKE) is designed for the single server environment where each user shares a password with a server. Thes...

As networking technologies evolve and business needs change, traditionally isolated and secure communication networks are giving way to more open computing environments. Security, network and systems administrators must therefore concern themselves not only with firewall and boundary security, but also with individual system security. Security administration in a large open network is a challen...

This paper presents a type system to control the migration of codebetween nodes in a concurrent distributed framework, using Dπ. Weexpress resource policies with types and enforce them via a type sys-tem. Sites are organised hierarchically in subnetworks that share thesame security policies, statically specified by a network administrator.The type system guarantees that,...

We describe an approach for testing a software system for possible security flaws. Traditionally, security testing is done using penetration analysis and formal methods. Based on the observation that most security flaws are triggered due to a flawed interaction with the environment, we view the security testing problem as the problem of testing for the fault-tolerance properties of a software s...

Security and usability are difficult to achieve simultaneously. As upcoming ubiquitous scenarios focus on usability, new security solutions are in high demand. We are following two approaches: “Inheritable Trust” which is an intuitive way of expressing and enforcing trust in a ubiquitous environment, and “Dynamic Trust Networks” which perhaps provide a mechanism for easy trust management in a l...