Information plays an important role in today’s businesses. It needs to be protected at all costs in order to avoid facing the consequences of loss of data and compromising information. In order to address information security, SMMEs (Small Medium and Micro Enterprises) should adopt a culture that is security abiding. By supporting a security culture where members of staff intuitively protect in...

Implementations of cryptographic algorithms are vulnerable to Side Channel Analysis (SCA). To counteract it, masking schemes are usually involved which randomize key-dependent data by the addition of one or several random value(s) (the masks). When dth-order masking is involved (i.e. when d masks are used per key-dependent variable), the complexity of performing an SCA grows exponentially with ...

Software-defined networking (SDN) is being strongly considered as the next promising networking platform, and studies regarding SDN have been actively conducted accordingly. However, the security of SDN remains undefined and unknown when considering the enhancement of network security in SDN. In this paper, we verify whether SDN can enhance network security. Specifically, the idea of enabling s...

editorial

In order to develop security critical Information Systems, specifying security quality requirements is vitally important, although it is a very difficult task. Fortunately, there are several security standards, like the Common Criteria (ISO/IEC 15408), which help us handle security requirements. This article will present a Common Criteria centred and reuse-based process that deals with security...

Software security is an important quality. The software security testing is one of the most important kinds of the software testing. How to test the software security, and especially to automatically generate security test cases are major problems. An improved method of the test data generation based on Genetic Algorithm is put forwarded. A software security test algorithm is developed. The alg...

This paper presents a CORBA Security discretionary prototype developed in the context of JaCoWeb Security Project. JaCoWeb Security Project is developing an authorization scheme for large-scale networks that is based on structures and concepts introduced in Web, Java and CORBA for security. This scheme is being developed in order to deal with management of security policies in large-scale netwo...

The aim of this research is to investigate project commitment in the information systems security context. In doing so, a survey takes place in order to investigate organizational commitment to information security projects within a financial institution. Achieving the required level of information security within organizations usually requires more than security awareness and control but also ...

Combining security solutions in order to achieve stronger (combined) security properties is not straightforward. This paper shows that security-preserving alphabetic language homomorphisms can be used to derive security results for combined security solutions. A relatively simple example of the combination of two different authentication properties (device authentication using a trusted platfor...

This paper provides detailed information on iCLASSTMreader and key security. It explains the security problems found without revealing the extracted secret keys (DES authentication Key and the 3DES data encryption key for iCLASSTMStandard Security cards). The chosen approach of not releasing the encryption and authentication keys gives iCLASS vendors and customers an important headstart to upda...