Many papers and articles attempt to define or even quantify privacy, typically with a major focus on anonymity. A related research exercise in the area of evidence-based trust models for ubiquitous computing environments has given us an impulse to take a closer look at the definition(s) of privacy in the Common Criteria, which we then transcribed in a bit more formal manner. This lead us to a f...

vii 1 Background: The Importance of Requirements Engineering 1 1.1 Security Requirements Issues 1 1.1.1 The Problem of Negative Requirements 2 2 Methods and Practices 3 2.1 Overview of the SQUARE Process 3 2.1.1 How to Apply SQUARE 5 2.2 The Comprehensive, Lightweight Application Security Process 6 2.3 Core Security Requirements Artifacts 8 2.4 Security Requirements Engineering Process 8 2.5 Se...

This paper presents a formal security policy model for SmartCards with digital signature application. This kind of model is necessary for each evaluation according to Information Technology Security Evaluation Criteria assurance level E4 (Common Criteria level EAL5) and above. Furthermore, we argue that such a model is essential for reasoning about the security of Information Technology compone...

Software distribution to target devices like factory controllers, medical instruments, vehicles or airplanes is increasingly performed electronically over insecure networks. Such software often implements vital functionality, and so the software distribution process can be highly critical, both from the safety and the security perspective. In this paper, we introduce a novel software distributi...

INTRODUCTION Many epidemiological methods for analysing follow-up studies require the calculation of rates based on accumulating person-time and events, stratified by various factors. Managing this stratification and accumulation is often the most difficult aspect of this type of analysis. TUTORIAL We provide a tutorial on accumulating person-time and events, stratified by various factors i.e...

As collaboration has proven to be beneficial in learning environments, there has been an emerging interest in automating the formation of student groups. However, existing work focuses on optimal formations from the instructor’s perspective based on pedagogical criteria (e.g., maximal group productivity, avoiding orphans or unmatched students). In contrast, we propose a formal collaboration mod...

ACL2 is a reimplemented extended version of Boyer and Moore's Nqthm and Kaufmann's Pc-Nqthm, intended for large scale veriication projects. However, the logic supported by ACL2 is compatible with the applicative subset of Common Lisp. The decision to use an \industrial strength" programming language as the foundation of the mathematical logic is crucial to our advocacy of ACL2 in the applicatio...