liu.seSök publikationer i DiVA
Ändra sökning
Avgränsa sökresultatet
1 - 18 av 18
RefereraExporteraLänk till träfflistan
Permanent länk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Träffar per sida
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sortering
  • Standard (Relevans)
  • Författare A-Ö
  • Författare Ö-A
  • Titel A-Ö
  • Titel Ö-A
  • Publikationstyp A-Ö
  • Publikationstyp Ö-A
  • Äldst först
  • Nyast först
  • Skapad (Äldst först)
  • Skapad (Nyast först)
  • Senast uppdaterad (Äldst först)
  • Senast uppdaterad (Nyast först)
  • Disputationsdatum (tidigaste först)
  • Disputationsdatum (senaste först)
  • Standard (Relevans)
  • Författare A-Ö
  • Författare Ö-A
  • Titel A-Ö
  • Titel Ö-A
  • Publikationstyp A-Ö
  • Publikationstyp Ö-A
  • Äldst först
  • Nyast först
  • Skapad (Äldst först)
  • Skapad (Nyast först)
  • Senast uppdaterad (Äldst först)
  • Senast uppdaterad (Nyast först)
  • Disputationsdatum (tidigaste först)
  • Disputationsdatum (senaste först)
Markera
Maxantalet träffar du kan exportera från sökgränssnittet är 250. Vid större uttag använd dig av utsökningar.
  • 1.
    Ardi, Shanai
    et al.
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Byers, David
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Meland, Per Håkon
    SINTEF ICT, Trondheim, Norway.
    Tøndel, Inger Anne
    SINTEF ICT, Trondheim, Norway.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    How can the developer benefit from security modeling?2007Ingår i: The Second International Conference on Availability, Reliability and Security (ARES'07), IEEE Computer Society, 2007, s. 1017-1025Konferensbidrag (Refereegranskat)
    Abstract [en]

    Security has become a necessary part of nearly every software development project, as the overall risk from malicious users is constantly increasing, due to increased consequences of failure, security threats and exposure to threats. There are few projects today where software security can be ignored. Despite this, security is still rarely taken into account throughout the entire software lifecycle; security is often an afterthought, bolted on late in development, with little thought to what threats and exposures exist. Little thought is given to maintaining security in the face of evolving threats and exposures. Software developers are usually not security experts. However, there are methods and tools available today that can help developers build more secure software. Security modeling, modeling of e.g., threats and vulnerabilities, is one such method that, when integrated in the software development process, can help developers prevent security problems in software. We discuss these issues, and present how modeling tools, vulnerability repositories and development tools can be connected to provide support for secure software development

  • 2.
    Ardi, Shanai
    et al.
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Byers, David
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Towards a Structured Unified Process for Software Security2006Ingår i: SESS '06: Proceedings of the 2006 international workshop on Software engineering for secure systems, ACM , 2006, s. 3-10Konferensbidrag (Refereegranskat)
    Abstract [en]

    Security is often an afterthought when developing software, and is often bolted on late in development or even during deployment or maintenance, through activities such as penetration testing, add-on security software and penetrate-and patch maintenance. We believe that security needs to be built in to the software from the beginning, and that security activities need to take place throughout the software lifecycle. Accomplishing this effectively and efficiently requires structured approach combining a detailed understanding on what causes vulnerabilities, and how specific activities combine to prevent them.In this paper we introduce key elements of the approach we are taking: vulnerability cause graphs, which encode information about vulnerability causes, and security activity graphs, which encode information about security activities. We discuss how these can be applied to design software development processes (or changes to processes) that eliminate software vulnerabilities.

  • 3.
    Byers, David
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Improving Software Security by Preventing Known Vulnerabilities2013Doktorsavhandling, monografi (Övrigt vetenskapligt)
    Abstract [en]

    From originally being of little concern, security has become a crucial quality factor in modern software. The risk associated with software insecurity has increased dramatically with increased reliance on software and a growing number of threat agents. Nevertheless, developers still struggle with security. It is often an afterthought, bolted on late in development or even during deployment. Consequently the same kinds of vulnerabilities appear over and over again.

    Building security in to software from its inception and constantly adapting processes and technology to changing threats and understanding of security can significantly contribute to establishing and sustaining a high level of security.

    This thesis presents the sustainable software security process, the S3P, an approach to software process improvement for software security that focuses on preventing known vulnerabilities by addressing their underlying causes, and sustaining a high level of security by adapting the process to new vulnerabilities as they become known. The S3P is designed to overcome many of the known obstacles to software process improvement. In particular, it ensures that existing knowledge can be used to its full potential and that the process can be adapted to nearly any environment and used in conjunction with other other software security processes and security assurance models.

    The S3P is a three-step process based on semi-formal modeling of vulnerabilities, ideally supported by collaborative tools. Such proof-of-concept tools were developed for all parts of the process as part of the SHIELDS project.

    The first two steps of the S3P consist in determining the potential causes of known vulberabilities at all stages of software development, then identifying measures that would prevent each individual cause. These steps are performed using visual modeling languages with well-defined semantics and a modeling workflow. With tool support, modeling effort can be progressively reduced through collaboration and use of pre-existing models.

    Next, the costs of all potential measures are estimated using any suitable method. This thesis uses pairwise comparisons in order to support qualitative judgements. The models and costs yield a boolan optimization problem that is solved using a search-based heuristic, to identify the best set of measures to prevent selected vulnerabilities.

    Empirical evaluation of the various steps of the process has verified a number of key aspects: the modeling process is easy to learn and apply, and the method is perceived by developers as providing value and improving security. Early evaluation results were also used to refine certain aspects of the S3P.

    The modeling languages that were introduced in the S3P have since been enhanced to support other applications. This thesis presents security goal models (SGMs), a language that subsumes several security-related modeling languages to unify modeling of threats, attacks, vulnerabilities, activities, and security goals. SGMs have formal semantics and are sufficiently expressive to  support applications as diverse as automatic run-time testing, static analysis, and code inspection. Proofof-concept implementations of these applications were developed as part of the SHIELDS project.

    Finally, the thesis discusses how individual components of the S3P can be used in situations where the full process is inappropriate.

    Ladda ner (pdf)
    omslag
  • 4.
    Byers, David
    Linköpings universitet, Institutionen för datavetenskap. Linköpings universitet, Tekniska högskolan.
    Towards estimating software testability using static analysis1997Licentiatavhandling, monografi (Övrigt vetenskapligt)
  • 5.
    Byers, David
    et al.
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Ardi, Shanai
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Duma, Claudiu
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Modeling Software Vulnerabilities with Vulnerability Cause Graphs2006Ingår i: 2006 22nd IEEE International Conference on Software Maintenance, IEEE, 2006, s. 411-422Konferensbidrag (Refereegranskat)
    Abstract [en]

    When vulnerabilities are discovered in software, which often happens after deployment, they must be addressed as part of ongoing software maintenance. A mature software development organization should analyze vulnerabilities in order to determine how they, and similar vulnerabilities, can be prevented in the future. In this paper we present a structured method for analyzing and documenting the causes of software vulnerabilities. Applied during software maintenance, the method generates the information needed for improving the software development process, to prevent similar vulnerabilities in future releases. Our approach is based on vulnerability cause graphs, a structured representation of causes of software vulnerabilities

  • 6.
    Byers, David
    et al.
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    A Cause-Based Approach to Preventing Software Vulnerabilities2008Ingår i: Third International Conference on Availability, Reliability and Security, 2008, IEEE Computer Society, 2008, s. 276-283Konferensbidrag (Refereegranskat)
    Abstract [en]

    Security is often an afterthought in software development, sometimes even bolted on during deployment or in maintenance through add-on security software and penetrate-and-patch maintenance. We think that security needs to be an integral part of software development and that preventing vulnerabilities by addressing their causes is as important as detecting and fixing them. In this paper we present a method for determining how to prevent vulnerabilities from being introduced during software development. Our method allows developers to select the set of activities that suits them best while being assured that those activities will prevent vulnerabilities. Our method is based on formal modeling of vulnerability causes and is independent of the software development process being used.

  • 7.
    Byers, David
    et al.
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    A systematic evaluation of disk imaging in EnCase® 6.8 and LinEn 6.12009Ingår i: Digital Investigation, ISSN 1742-2876, Vol. 6, nr 1-2, s. 61-70Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Tools for disk imaging (or more generally speaking, digital acquisition) are a foundation for forensic examination of digital evidence. Therefore it is crucial that such tools work as expected. The only way to determine whether this is the case or not is through systematic testing of each tool. In this paper we present such an evaluation of the disk imaging functions of EnCase 6.8® and LinEn 6.1, conducted on behalf of the Swedish National Laboratory of Forensic Science. Although both tools performed as expected under most circumstances, we identified cases where flaws that can lead to inaccurate and incomplete acquisition results in LinEn 6.1 were exposed. We have also identified limitations in the tool that were not evident from its documentation. In addition summarizing the test results, we present our testing methodology, which has novel elements that we think can benefit other evaluation projects.

  • 8.
    Byers, David
    et al.
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Contagious errors: Understanding and avoiding issues with imaging drives containing faulty sectors2008Ingår i: Digital Investigation. The International Journal of Digital Forensics and Incident Response, ISSN 1742-2876, E-ISSN 1873-202X, Vol. 5, nr 1, s. 29-33Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    When using certain tools to image drives that contain faulty sectors, the tool may fail to acquire a run of sectors even though only one of the sectors is really faulty. This phenomenon, which we have dubbed "contagious errors was reported by James Lyle and Mark Wozar in a recent paper presented at DFRWS 2007 [Lyle, J., Wozar, M. Issues with imaging drives containing faulty sectors. Digital Investigation 2007; 4S: S13-5.]. Their results agree with our own experience from testing disk imaging software as part of our work for the Swedish National Laboratory of Forensic Science. We have explored the issue further, in order to determine the cause of contagious errors and to find ways around the issue. In this paper we present our analysis of the cause of contagious errors as well as several ways practitioners can avoid the problem. In addition we present our insights into the problem of consistently faulty drives in forensic tool testing.

  • 9.
    Byers, David
    et al.
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Design of a Process for Software Security2007Ingår i: Second International Conference on Availability, Reliability and Security, 2007, IEEE Computer Society, 2007, s. 301-309Konferensbidrag (Refereegranskat)
    Abstract [en]

    Security is often an afterthought when developing software, and is often bolted on late in development or even during deployment or maintenance, through activities such as penetration testing, add-on security software and penetrate-and-patch maintenance. We believe that security needs to be built in to the software from the beginning, and that security activities need to take place throughout the software lifecycle. Accomplishing this effectively and efficiently requires structured approach combining a detailed understanding on what causes vulnerabilities, and how to prevent them. In this paper we present a process for software security that is based on vulnerability cause graphs, a formalism we have developed for modeling the causes of software vulnerabilities. The purpose of the software security process is to evolve the software development process so that vulnerabilities are prevented. The process we present differs from most current approaches to software security in its high degree of adaptability and in its ability to evolve in step with changing threats and risks. This paper focuses on how to apply the process and the criteria that have influenced the process design

  • 10.
    Byers, David
    et al.
    Linköpings universitet, Institutionen för datavetenskap. Linköpings universitet, Tekniska högskolan.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap. Linköpings universitet, Tekniska högskolan.
    Disk Imaging Evaluation: EnCase 6.8/LinEn 6.12008Rapport (Övrigt vetenskapligt)
    Abstract [en]

    Good tools are critical to successful examination of digital evidence, yet the quality of such tools is very often an unknown. Independent testing is currently the only way to assess the performance and quality of the tools available to digital forensic examiners, and independent testing is critical in order to know whether tools deliver what they promise, and to assess the level of trust one can place in them.   This project has aimed to thoroughly assess the quality of the disk imaging functionality in EnCase 6.8 and LinEn 6.1 under a variety of conditions and with respect to the requirements of Swedish law enforcement. The project has been conducted in four phases: survey, requirements, test planning and testing and analysis.   Details of the project results are published in separate reports related to each phase. The overall conclusions are as follows:

    • No independent, public evaluations of EnCase version 6 other than this one exist.
    • EnCase 6.8 performs as expected on the Windows platform when using a hardware write blocker. Operation without a write blocker was not assessed, as this was not a requirement. Hidden sectors were, as expected, not acquired.
    • LinEn 6.1 performs as expected only when operating in “BIOS mode”, but fails many tests when operating under “direct ATA mode”. Hidden sectors were, as expected, not acquired in “BIOS mode”.

    Based on the test results, we conclude that provided the limitation of not acquiring hidden sectors is acceptable, EnCase 6.8 is an adequate tool for imaging ATA drives when using a hardware write blocker, whereas LinEn 6.1 should be avoided if complete and accurate acquisition is a desired.

    All the work was conducted by experienced staff in test labs belonging to the Security and Networks group within the Division for Database and Information Techniques (ADIT) at the Department of Computer and Information Science (IDA) at Linköping University under the supervision of Professor Nahid Shahmehri.

    Linköping, March 5, 2008

    Ladda ner fulltext (pdf)
    fulltext
  • 11.
    Byers, David
    et al.
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Graphical Modeling of Security Goals and Software Vulnerabilities2015Ingår i: Handbook of Research on Innovations in Systems and Software Engineering / [ed] Vicente García Díaz, Juan Manuel Cueva Lovelle, B. Cristina Pelayo García-Bustelo, IGI Global, 2015, s. 1-31Kapitel i bok, del av antologi (Refereegranskat)
    Abstract [en]

    Security has become recognized as a critical aspect of software development, leading to the development of various security-enhancing techniques, many of which use some kind of custom modeling language. Models in different languages cannot readily be related to each other, which is an obstacle to using several techniques together. The sheer number of languages is, in itself, also an obstacle to adoption by developers. The authors have developed a modeling language that can be used in place of four existing modeling languages: attack trees, vulnerability cause graphs, security activity graphs, and security goal indicator trees. Models in the new language can be transformed to and from the earlier language, and a precise definition of model semantics enables an even wider range of applications, such as testing and static analysis. This chapter explores this new language.

  • 12.
    Byers, David
    et al.
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Modeling Security Goals and Software Vulnerabilities2011Ingår i: Dependability and Computer Engineering: Concepts for Software-Intensive Systems / [ed] Luigia Petre, Kaisa Sere, Elena Troubitsyna, IGI Global, 2011, s. 171-198Kapitel i bok, del av antologi (Övrigt vetenskapligt)
    Abstract [en]

    Security is becoming recognized as an important aspect of software development, leading to the development of various security-enhancing techniques, many of which use some kind of custom modeling language. Models in different languages cannot readily be related to each other, which is an obstacle to using several techniques together. The sheer number of languages is, in itself, also an obstacle to adoption by developers.

    We have developed a modeling language that can be used in place of four existing modeling languages: attack trees, vulnerability cause graphs, security activity graphs, and security goal indicator trees. Our language is more precise than earlier languages, which allows models to be used in automated applications such as testing and static analysis. Models in the new language can be transformed to and from earlier languages. We also present a data model that allows users to relate different kinds of models and model elements to each other and to core security knowledge.

  • 13.
    Byers, David
    et al.
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Prioritisation and Selection of Software Security Activities2009Ingår i: International Conference on Availability, Reliability and Security, 2009, IEEE , 2009, s. 201-207Konferensbidrag (Refereegranskat)
    Abstract [en]

    Software security is accomplished by introducing security-related activities into the software development process or by altering existing activities so that security is taken into account. Since the importance of software security has only relatively recently received the recognition it deserves, security is not ingrained into the development processes in common use today. A variety of approaches to software security have been proposed, but they rarely support developers in determining which security activities are appropriate for them and which they should choose to implement. An exception to this rule is the Sustainable Software Security Process (S3P). This paper describes the final step of the S3P, which helps developers estimate the cost of security-related activities and select the combination of security activities that best suits their needs. This is accomplished by applying the Analytic Hierarchy Process and an automated search heuristic, scatter search, to the models created as part of the S3P.  

  • 14.
    Byers, David
    et al.
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Unified modeling of attacks, vulnerabilities and security activities2010Ingår i: Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems, New York, USA: ACM , 2010, s. 36-42Konferensbidrag (Refereegranskat)
    Abstract [en]

    Security is becoming recognized as an important aspect of software development, leading to the development of many different security-enhancing techniques, many of which use some kind of custom modeling language. Models in these different languages cannot readily be related to each other, which is an obstacle to using several techniques together. The sheer number of languages is, in itself, also an obstacle to adoption by developers.

    In this paper we present a modeling language that can be used in place of four existing modeling languages: attacktrees, vulnerability cause graphs, security activity graphs, and security goal indicator trees. Models in our language can be more precise than earlier models, which allows them to be used in automated applications, such as automatic testing and static analysis. Models in the new language can be derived automatically from models in the existing languages, and can be viewed using existing notation.

    Our modeling language exploits a data model, also presented in this paper, that permits rich interconnections between various items of security knowledge. In this data model it is straightforward to relate different kinds of models, and thereby different software security techniques, to each other.

  • 15.
    Shahmehri, Nahid
    et al.
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Byers, David
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Hiran, Rahul
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    TRAP: Open Decentralized Distributed Spam Filtering2011Ingår i: Trust, Privacy and Security in Digital Business / [ed] Furnell, Steven; Lambrinoudakis, Costas; Pernul, Günther, Berlin / Heidelberg: Springer , 2011, s. 86-97Kapitel i bok, del av antologi (Refereegranskat)
    Abstract [en]

    Spam is a significant problem in the day-to-day operations of large networks and information systems, as well as a common conduit for malicious software. The problem of detecting and eliminating spam remains of great interest, both commercially and in a research context. In this paper we present TRAP, a reputation-based open, decentralized and distributed system to aid in detecting unwanted e-mail. In TRAP, all participants are equal, all participants can see how the system works, and there is no reliance on any member or subset of members. This paper outlines the TRAP system itself and shows, through simulation, that the fundamental component of TRAP, a distributed low-overhead trust management system, is efficient and robust under the normal conditions present on the Internet.

  • 16.
    Shahmehri, Nahid
    et al.
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Mammar, Amel
    Télécom Sud, Paris, France.
    Montes De Oca, Edgardo
    Montimage Company, Paris, France.
    Byers, David
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Cavalli, Ana
    Télécom Sud, Paris, France.
    Ardi, Shanai
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Jimenez, Willy
    Télécom Sud, Paris, France.
    An advanced approach for modeling and detecting software vulnerabilities2012Ingår i: Information and Software Technology, ISSN 0950-5849, E-ISSN 1873-6025, Vol. 54, nr 9, s. 997-1013Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Context: Passive testing is a technique in which traces collected from the execution of a system under testare examined for evidence of flaws in the system.

    Objective: In this paper we present a method for detecting the presence of security vulnerabilities bydetecting evidence of their causes in execution traces. This is a new approach to security vulnerabilitydetection.

    Method: Our method uses formal models of vulnerability causes, known as security goal models and vulnerabilitydetection conditions (VDCs). The former are used to identify the causes of vulnerabilities andmodel their dependencies, and the latter to give a formal interpretation that is suitable for vulnerabilitydetection using passive testing techniques. We have implemented modeling tools for security goal modelsand vulnerability detection conditions, as well as TestInv-Code, a tool that checks execution traces ofcompiled programs for evidence of VDCs.

    Results: We present the full definitions of security goal models and vulnerability detection conditions, aswell as structured methods for creating both. We describe the design and implementation of TestInv-Code. Finally we show results obtained from running TestInv-Code to detect typical vulnerabilities in severalopen source projects. By testing versions with known vulnerabilities, we can quantify the effectivenessof the approach.

    Conclusion: Although the current implementation has some limitations, passive testing for vulnerabilitydetection works well, and using models as the basis for testing ensures that users of the testing tool caneasily extend it to handle new vulnerabilities.

    Ladda ner fulltext (pdf)
    fulltext
  • 17.
    Tjärnström, Fredrik
    et al.
    Linköpings universitet, Institutionen för systemteknik, Reglerteknik. Linköpings universitet, Tekniska högskolan.
    Duppils, Mattias
    Linköpings universitet, Institutionen för systemteknik, Elektroniska komponenter. Linköpings universitet, Tekniska högskolan.
    Haslum, Patrik
    Linköpings universitet, Institutionen för datavetenskap. Linköpings universitet, Tekniska högskolan.
    Byers, David
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Kulups, Gundars
    Linköpings universitet, Institutionen för systemteknik, Reglerteknik. Linköpings universitet, Tekniska högskolan.
    Lawesson, Dan
    Linköpings universitet, Institutionen för systemteknik, Reglerteknik. Linköpings universitet, Tekniska högskolan.
    ENSYM-Project Oriented Studies of spring 98 - team 11999Rapport (Övrigt vetenskapligt)
    Abstract [en]

    The report is description of the ENSYM Project Oriented Studies(POS) of spring 1998. The project goal was to control a toy cararound a not beforehand given track as fast as possible.

    Ladda ner fulltext (pdf)
    ENSYM-Project Oriented Studies of spring 98 - team 1
    Ladda ner fulltext (ps)
    FULLTEXT01
  • 18.
    Vapen, Anna
    et al.
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Byers, David
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    2-clickAuth - Optical Challenge-Response Authentication2010Ingår i: International Conference on Availability, Reliability, and Security, 2010. ARES '10, IEEE COMPUTER SOC, 10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA , 2010, s. 79-86Konferensbidrag (Refereegranskat)
    Abstract [en]

    Internet users today often have usernames and passwords at multiple web sites. To simplify things, many sites support some form of federated identity management, such as OpenID, that enables users to have a single account that allows them to log on to many different sites by authenticating to a single identity provider. Most identity providers perform authentication using a username and password. Should these credentials be compromised, e. g. captured by a key logger or malware on an untrusted computer, all the users accounts become compromised. Therefore a more secure authentication method is desirable. We have implemented 2-clickAuth, an optical challenge-response solution where a web camera and a camera phone are used for authentication. Two-dimensional barcodes are used for the communication between phone and computer, which allows 2-clickAuth to transfer relatively large amounts of data in a short period of time. 2-clickAuth is considerably more secure than passwords while still being easy to use and easy to distribute to users. This makes 2-clickAuth a viable alternative to passwords in systems where enhanced security is desired, but availability, ease-of-use, and cost cannot be compromised. We have implemented an identity provider in the OpenID federated identity management system that uses 2clickAuth for authentication, making 2-clickAuth available to all users of sites that support OpenID, including Facebook, Sourceforge and MySpace.

1 - 18 av 18
RefereraExporteraLänk till träfflistan
Permanent länk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf