liu.seSearch for publications in DiVA
Change search
Refine search result
123 1 - 50 of 133
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Ardi, Shanai
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Byers, David
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Meland, Per Håkon
    SINTEF ICT, Trondheim, Norway.
    Tøndel, Inger Anne
    SINTEF ICT, Trondheim, Norway.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    How can the developer benefit from security modeling?2007In: Second International Conference on Availability, Reliability and Security, 2007, IEEE Computer Society, 2007, p. 1017-1025Conference paper (Refereed)
    Abstract [en]

    Security has become a necessary part of nearly every software development project, as the overall risk from malicious users is constantly increasing, due to increased consequences of failure, security threats and exposure to threats. There are few projects today where software security can be ignored. Despite this, security is still rarely taken into account throughout the entire software lifecycle; security is often an afterthought, bolted on late in development, with little thought to what threats and exposures exist. Little thought is given to maintaining security in the face of evolving threats and exposures. Software developers are usually not security experts. However, there are methods and tools available today that can help developers build more secure software. Security modeling, modeling of e.g., threats and vulnerabilities, is one such method that, when integrated in the software development process, can help developers prevent security problems in software. We discuss these issues, and present how modeling tools, vulnerability repositories and development tools can be connected to provide support for secure software development

  • 2.
    Ardi, Shanai
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Byers, David
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Towards a Structured Unified Process for Software Security2006In: ICSE Workshop on Software Engineering for Secure Systems,2006, ACM , 2006, p. 3-10Conference paper (Refereed)
  • 3.
    Ardi, Shanai
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    A post-mortem incident modeling method2009In: 2009 International Conference on Availability, Reliability and Security (ARES),  Vol. 1-2, IEEE , 2009, p. 1018-1023Conference paper (Refereed)
    Abstract [en]

    Incident post-mortem analysis after recovery from incidents is recommended by most incident response experts. An analysis of why and how an incident happened is crucial for determining appropriate countermeasures to prevent the recurrence of the incident. Currently, there is a lack of structured methods for such an analysis, which would identify the causes of a security incident. In this paper, we present a structured method to perform the post-mortem analysis and to model the causes of an incident visually in a graph structure. This method is an extension of our earlier work on modeling software vulnerabilities. The goal of modeling incidents is to develop an understanding of what could have caused the security incident and how its recurrence can be prevented in the future. The method presented in this paper is intended to be used during the post-mortem analysis of incidents by incident response teams.

  • 4.
    Ardi, Shanai
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Integrating a security plug-in with the OpenUP/Basic development process2008In: Third International Conference on Availability, Reliability and Security, 2008, IEEE Computer Society, 2008, p. 284-291Conference paper (Refereed)
    Abstract [en]

    In this paper we present a security plug-in for the OpenUP/Basic development process. Our security plug-in is based on a structured unified process for secure software development, named S3P (sustainable software security process). This process provides the formalism required to identify the causes of vulnerabilities and the mitigation techniques that prevent these vulnerabilities. We also present the results of an expert evaluation of the security plug-in. The lessons learned from development of the plug-in and the results of the evaluation will be used when adapting S3P to other software development processes.

  • 5.
    Ardi, Shanai
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Introducing Vulnerability Awareness to Common Criteria's Security Targets2009In: The Fourth International Conference on Software Engineering Advances, Portugal, IEEE Computer Society , 2009, p. 419-424Conference paper (Refereed)
    Abstract [en]

    Security of software systems has become one of the biggest concerns in our everyday life, since software systems are increasingly used by individuals, companies and governments. One way to help software system consumers gain assurance about the security measures of software products is to evaluate and certify these products with standard evaluation processes. The Common Criteria (ISO/IEC 15408) evaluation scheme is a standard that is widely used by software vendors. This process does not include information about already known vulnerabilities, their attack data and lessons learned from them. This has resulted in criticisms concerning the accuracy of this evaluation scheme since it might not address the areas in which actual vulnerabilities might occur.

    In this paper, we present a methodology that introduces information about threats from vulnerabilities to Common Criteria documents. Our methodology improves the accuracy of the Common Criteria by providing information about known vulnerabilities in Common Criteria’s security target. Our methodology also provides documentation about how to fulfill certain security requirements, which can reduce the time for evaluation of the products.

     

  • 6. Bonatti, Piero
    et al.
    Antoniu, Grigoris
    Baldoni, Matteo
    Baroglio, Cristina
    Duma, Claudiu
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems.
    Fuchs, Norbert
    Martelli, Alberto
    Nejdl, Wolfgang
    Olmedilla, Olmedilla
    Patti, Viviana
    Peer, Joachim
    Shahmehri, Nahid
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems.
    The REWERSE View on Policies2005In: Semantic Web and Policy Workshop,2005, Proceedings of the Semantic Web and Policy Workshop: UMBC eBiquity , 2005, p. 21-Conference paper (Refereed)
  • 7.
    Bonatti, Piero
    et al.
    Naples University.
    Duma, Claudiu
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Fuchs, Norbert
    University of Zurich.
    Olmedilla, Daniel
    L3S Research Center.
    Peer, Joachim
    St. Gallen University.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Semantic Web Policies -- A Discussion of Requirements and Research Issues2006In: European Semantic Web Conference,2006, Springer: Springer , 2006, p. 712-724Conference paper (Refereed)
    Abstract [en]

    Policies are pervasive in web applications. They play crucial roles in enhancing security, privacy and usability of distributed services. There has been extensive research in the area, including the Semantic Web community, but several aspects still exist that prevent policy frameworks from widespread adoption and real world application. This paper discusses important requirements and open research issues in this context, focusing on policies in general and their integration into trust management frameworks, as well as on approaches to increase system cooperation, usability and user-awareness of policy issues.

  • 8. Bonatti, Piero
    et al.
    Duma, Claudiu
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems.
    Olmedilla, Daniel
    Shahmehri, Nahid
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems.
    An Integration of Reputation-based and Policy-based Trust Management2005In: Semantic Web and Policy Workshop,2005, Proceedings of the Semantic Web and Policy Workshop: UMBC eBiquity , 2005, p. 136-Conference paper (Refereed)
  • 9.
    Bonatti, Piero
    et al.
    Universit¿a di Napoli.
    Shahmehri, Nahid
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems.
    Duma, Claudiu
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems.
    Olmedilla, Daniel
    Hannover University.
    Nejdl, Wolfgang
    Hannover University.
    Baldoni, Matteo
    Universit`a degli Studi di Torino.
    Baroglio, Cristina
    Universit`a degli Studi di Torino.
    Martelli, Alberto
    Universit`a degli Studi di Torino.
    Patti, Viviana
    Universit`a degli Studi di Torino.
    Coraggio, Paolo
    Universit¿a di Napoli .
    Antoniou, Grigoris
    Institute of Computer Science, FORTH, Greece .
    Peer, Joachim
    University of St. Gallen, Switzerland .
    E. Fuchs, Norbert
    University of Zurich, Switzerland .
    Rule-based Policy Specification: State of the Art and Future Work2004Report (Other academic)
  • 10.
    Byers, David
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Ardi, Shanai
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Duma, Claudiu
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Modeling Software Vulnerabilities with Vulnerability Cause Graphs2006In: International Conference on Software Maintenance,2006, IEEE , 2006, p. 411-422Conference paper (Refereed)
  • 11.
    Byers, David
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    A Cause-Based Approach to Preventing Software Vulnerabilities2008In: Third International Conference on Availability, Reliability and Security, 2008, IEEE Computer Society, 2008, p. 276-283Conference paper (Refereed)
    Abstract [en]

    Security is often an afterthought in software development, sometimes even bolted on during deployment or in maintenance through add-on security software and penetrate-and-patch maintenance. We think that security needs to be an integral part of software development and that preventing vulnerabilities by addressing their causes is as important as detecting and fixing them. In this paper we present a method for determining how to prevent vulnerabilities from being introduced during software development. Our method allows developers to select the set of activities that suits them best while being assured that those activities will prevent vulnerabilities. Our method is based on formal modeling of vulnerability causes and is independent of the software development process being used.

  • 12.
    Byers, David
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    A systematic evaluation of disk imaging in EnCase® 6.8 and LinEn 6.12009In: Digital Investigation, ISSN 1742-2876, Vol. 6, no 1-2, p. 61-70Article in journal (Refereed)
    Abstract [en]

    Tools for disk imaging (or more generally speaking, digital acquisition) are a foundation for forensic examination of digital evidence. Therefore it is crucial that such tools work as expected. The only way to determine whether this is the case or not is through systematic testing of each tool. In this paper we present such an evaluation of the disk imaging functions of EnCase 6.8® and LinEn 6.1, conducted on behalf of the Swedish National Laboratory of Forensic Science. Although both tools performed as expected under most circumstances, we identified cases where flaws that can lead to inaccurate and incomplete acquisition results in LinEn 6.1 were exposed. We have also identified limitations in the tool that were not evident from its documentation. In addition summarizing the test results, we present our testing methodology, which has novel elements that we think can benefit other evaluation projects.

  • 13.
    Byers, David
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Contagious errors: Understanding and avoiding issues with imaging drives containing faulty sectors2008In: Digital Investigation. The International Journal of Digital Forensics and Incident Response, ISSN 1742-2876, E-ISSN 1873-202X, Vol. 5, no 1, p. 29-33Article in journal (Refereed)
    Abstract [en]

    When using certain tools to image drives that contain faulty sectors, the tool may fail to acquire a run of sectors even though only one of the sectors is really faulty. This phenomenon, which we have dubbed "contagious errors was reported by James Lyle and Mark Wozar in a recent paper presented at DFRWS 2007 [Lyle, J., Wozar, M. Issues with imaging drives containing faulty sectors. Digital Investigation 2007; 4S: S13-5.]. Their results agree with our own experience from testing disk imaging software as part of our work for the Swedish National Laboratory of Forensic Science. We have explored the issue further, in order to determine the cause of contagious errors and to find ways around the issue. In this paper we present our analysis of the cause of contagious errors as well as several ways practitioners can avoid the problem. In addition we present our insights into the problem of consistently faulty drives in forensic tool testing.

  • 14.
    Byers, David
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Design of a Process for Software Security2007In: Second International Conference on Availability, Reliability and Security, 2007, IEEE Computer Society, 2007, p. 301-309Conference paper (Refereed)
    Abstract [en]

    Security is often an afterthought when developing software, and is often bolted on late in development or even during deployment or maintenance, through activities such as penetration testing, add-on security software and penetrate-and-patch maintenance. We believe that security needs to be built in to the software from the beginning, and that security activities need to take place throughout the software lifecycle. Accomplishing this effectively and efficiently requires structured approach combining a detailed understanding on what causes vulnerabilities, and how to prevent them. In this paper we present a process for software security that is based on vulnerability cause graphs, a formalism we have developed for modeling the causes of software vulnerabilities. The purpose of the software security process is to evolve the software development process so that vulnerabilities are prevented. The process we present differs from most current approaches to software security in its high degree of adaptability and in its ability to evolve in step with changing threats and risks. This paper focuses on how to apply the process and the criteria that have influenced the process design

  • 15.
    Byers, David
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Graphical Modeling of Security Goals and Software Vulnerabilities2015In: Handbook of Research on Innovations in Systems and Software Engineering / [ed] Vicente García Díaz, Juan Manuel Cueva Lovelle, B. Cristina Pelayo García-Bustelo, IGI Global, 2015, p. 1-31Chapter in book (Refereed)
    Abstract [en]

    Security has become recognized as a critical aspect of software development, leading to the development of various security-enhancing techniques, many of which use some kind of custom modeling language. Models in different languages cannot readily be related to each other, which is an obstacle to using several techniques together. The sheer number of languages is, in itself, also an obstacle to adoption by developers. The authors have developed a modeling language that can be used in place of four existing modeling languages: attack trees, vulnerability cause graphs, security activity graphs, and security goal indicator trees. Models in the new language can be transformed to and from the earlier language, and a precise definition of model semantics enables an even wider range of applications, such as testing and static analysis. This chapter explores this new language.

  • 16.
    Byers, David
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Modeling Security Goals and Software Vulnerabilities2011In: Dependability and Computer Engineering: Concepts for Software-Intensive Systems / [ed] Luigia Petre, Kaisa Sere, Elena Troubitsyna, IGI Global, 2011, p. 171-198Chapter in book (Other academic)
    Abstract [en]

    Security is becoming recognized as an important aspect of software development, leading to the development of various security-enhancing techniques, many of which use some kind of custom modeling language. Models in different languages cannot readily be related to each other, which is an obstacle to using several techniques together. The sheer number of languages is, in itself, also an obstacle to adoption by developers.

    We have developed a modeling language that can be used in place of four existing modeling languages: attack trees, vulnerability cause graphs, security activity graphs, and security goal indicator trees. Our language is more precise than earlier languages, which allows models to be used in automated applications such as testing and static analysis. Models in the new language can be transformed to and from earlier languages. We also present a data model that allows users to relate different kinds of models and model elements to each other and to core security knowledge.

  • 17.
    Byers, David
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Prioritisation and Selection of Software Security Activities2009In: International Conference on Availability, Reliability and Security, 2009, IEEE , 2009, p. 201-207Conference paper (Refereed)
    Abstract [en]

    Software security is accomplished by introducing security-related activities into the software development process or by altering existing activities so that security is taken into account. Since the importance of software security has only relatively recently received the recognition it deserves, security is not ingrained into the development processes in common use today. A variety of approaches to software security have been proposed, but they rarely support developers in determining which security activities are appropriate for them and which they should choose to implement. An exception to this rule is the Sustainable Software Security Process (S3P). This paper describes the final step of the S3P, which helps developers estimate the cost of security-related activities and select the combination of security activities that best suits their needs. This is accomplished by applying the Analytic Hierarchy Process and an automated search heuristic, scatter search, to the models created as part of the S3P.  

  • 18.
    Byers, David
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Unified modeling of attacks, vulnerabilities and security activities2010In: Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems, New York, USA: ACM , 2010, p. 36-42Conference paper (Refereed)
    Abstract [en]

    Security is becoming recognized as an important aspect of software development, leading to the development of many different security-enhancing techniques, many of which use some kind of custom modeling language. Models in these different languages cannot readily be related to each other, which is an obstacle to using several techniques together. The sheer number of languages is, in itself, also an obstacle to adoption by developers.

    In this paper we present a modeling language that can be used in place of four existing modeling languages: attacktrees, vulnerability cause graphs, security activity graphs, and security goal indicator trees. Models in our language can be more precise than earlier models, which allows them to be used in automated applications, such as automatic testing and static analysis. Models in the new language can be derived automatically from models in the existing languages, and can be viewed using existing notation.

    Our modeling language exploits a data model, also presented in this paper, that permits rich interconnections between various items of security knowledge. In this data model it is straightforward to relate different kinds of models, and thereby different software security techniques, to each other.

  • 19.
    Caronni, Germano
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems.
    Weiler, NathalieETH Zürich .Shahmehri, NahidLinköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems.
    Proceedings of the Fourth IEEE International Conference on Peer-to-Peer Computing2004Conference proceedings (editor) (Other academic)
  • 20.
    Caronni, Germano
    et al.
    Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems. Linköping University, The Institute of Technology.
    Weiler, NathalieETH Zürich.Waldvogel, MarcelShahmehri, NahidLinköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems. Linköping University, The Institute of Technology.
    Proceedings of the Fifth International Conference on Peer-to-Peer Computing2005Collection (editor) (Other academic)
  • 21.
    Chisalita, Ioan
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems.
    Shahmehri, Nahid
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems.
    A context-based vehicular communication protocol2004In: IEEE Personal, Indoor and Mobile Radio Communication Symposium,2004, Barcelona, Spain: IEEE PIMRC , 2004, p. 2820-Conference paper (Refereed)
  • 22.
    Chisalita, Ioan
    et al.
    Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems. Linköping University, The Institute of Technology.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems. Linköping University, The Institute of Technology.
    A novel architecture for supporting vehicular communication2002In: IEEE 56th Vehicular Technology Conference, 2002, p. 1002-1006Conference paper (Refereed)
    Abstract [en]

    In today's world, traffic safety is a major problem. Traffic accidents result in more than half a million casualties each year and are associated with serious injuries and extensive material losses. Therefore, special attention is given to those technologies that can reduce the number and severity of road events. Inter-vehicle communication (IVC) and vehicle to road communication (VRC) are considered to have extensive potential for the development of efficient safety systems installed in vehicles. This paper proposes a novel, safety-oriented communication platform dedicated to supporting the exchange of safety-relevant information between traffic participants. The vehicular communication platform (VCP) aims to support a specific vehicular communication mechanism previously designed by the authors and briefly presented in the paper.

  • 23.
    Chisalita, Ioan
    et al.
    Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems. Linköping University, The Institute of Technology.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems. Linköping University, The Institute of Technology.
    A peer-to-peer approach to vehicular communication for the support of traffic safety applications2002In: 5th IEEE Conference on Intelligent Transportation Systems, 2002, p. 336-341Conference paper (Refereed)
    Abstract [en]

    More than half a million casualties are due to traffic accidents each year. Therefore, there is a high demand for innovative technologies focused on collision warning and collision avoidance. Among such technologies, the inter-vehicle communication and the vehicle-to-road communication are considered to have extensive potential for supporting the safety systems located within a vehicle. In this paper we propose a new approach to vehicular communication. We designed a safety-oriented vehicular communication, built around the concept of mobile ad-hoc peer-to-peer (P2P) networking. The merging between ad-hoc connectivity and P2P paradigm facilitates the development of a vehicular network characterized by self-organization, fault-tolerance, scalability, shareable resources and services, cooperation, cases of interconnection and cost efficiency. These characteristics recommend the communication proposed here as an efficient method for providing safety-relevant data for safety systems installed in vehicles.

  • 24.
    Chisalita, Ioan
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Adaptive dissemination of safety data among moving vehicles2006In: 17th IEEE Personal, Indoor and Mobile Radio Communication Symposium,2006, Helsinki, Finland: IEEE , 2006Conference paper (Refereed)
  • 25.
    Chisalita, Ioan
    et al.
    Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems. Linköping University, The Institute of Technology.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems. Linköping University, The Institute of Technology.
    An In-Vehicle Approach for Improving Traffic Safety through GIS Utilization2002In: Proceedings of the IEEE International Conference on Systems, Man and Cybernetics. 2002, 2002Conference paper (Refereed)
    Abstract [en]

    This paper focuses on the utilization and integration of geographic information systems (GIS) oriented to tragic safety in vehicles. We have primarily analyzed the benefits of introducing GIS systems that support the driver and provide processed data to collision warning and collision avoidance systems located in vehicles. Further on, we have defined a set of information that is relevant for traffic safety and appropriate to be used within an in-vehicle GIS system. Based on these data, we propose in this paper a specific design for the GIS system. This system integrates the relevant data for traffic safety and takes into consideration the specific requirements of the vehicular domain. The integration of the GIS system within vehicles introduces a series of problems that are discussed in the paper.

  • 26.
    Chisalita, Ioan
    et al.
    Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems. Linköping University, The Institute of Technology.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems. Linköping University, The Institute of Technology.
    An in-vehicle approach for improving traffic safety through GIS utolization2002In: IEEE International Conference on Systems, Man and Cybernetics, 2002, p. 9-11Conference paper (Refereed)
  • 27.
    Chisalita, Ioan
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Emergency information dissemination in mobile networks for vehicles2006In: International Conference on Wireless Information Networks and Systems, part of the 3rd International Joint Conference on e-Business and Telecommunications,2006, Setubal, Portugal: WINSYS/ICETE , 2006Conference paper (Refereed)
  • 28.
    Chisalita, Ioan
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    On the design of safety communication systems for vehicles2007In: IEEE transactions on systems, man and cybernetics. Part A. Systems and humans, ISSN 1083-4427, E-ISSN 1558-2426, Vol. 37, no 6, p. 933-945Article in journal (Refereed)
    Abstract [en]

    Statistics show that the number of casualties due to traffic accidents exceeds one million each year. For the development of systems that prevent vehicle collisions, vehicular communication is considered a promising technology. This paper focuses on design aspects of communication systems that support the development of collaborative active safety systems such as collision warning and collision avoidance. We introduce a design method for safety communication systems that includes a set of analyses and a reasoning system for modeling and analyzing traffic scenarios. An overview of a specific solution for communication is presented in this paper. This solution proposes techniques for network organization and data dissemination that make use of contextual information. This allows the development of a communication system that is adaptable to the specifics of the traffic situation. © 2007 IEEE.

  • 29.
    Chisalita, Ioan
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Performance evaluation of safety communication for vehicles2006In: 3rd International Symposium on Wireless Information Systems,2006, Valencia, Spain: ISWCS/ IEEE , 2006Conference paper (Refereed)
  • 30.
    Chisalita, Ioan
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems.
    Shahmehri, Nahid
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems.
    Vehicular communication - A candidate technology for traffic safety2004In: 2004 IEEE International Conference on Systems, Man and Cybernetics,2004, IEEE SMC , 2004, p. 3903-Conference paper (Refereed)
  • 31.
    Chisalita, Ioan
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems.
    Shahmehri, Nahid
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems.
    Lambrix, Patrick
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems.
    Traffic accidents modeling and analysis using temporal reasonin2004In: ITSC 2004: 7TH INTERNATIONAL IEEE CONFERENCE ON INTELLIGENT TRANSPORTATION SYSTEMS, PROCEEDINGS, Institute of Electrical and Electronics Engineers (IEEE), 2004, p. 378-383Conference paper (Refereed)
    Abstract [en]

    Traffic accidents account for more than half a million casualties every year. The analysis of accidents helps identifying the elements that affect traffic conditions, the relationships between them, and how they may contribute to the occurrence of dangerous situations. In this paper we present a temporal reasoning system for modeling and analyzing various types of accident scenarios. The system is based on Event Calculus and was implemented using Prolog. We exemplify the use of the system by applying it for modeling and analyzing a rear-end accident scenario.

  • 32.
    Duma, Claudiu
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Herzog, Almut
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Privacy in the Semantic Web: What Policy Languages Have to Offer2007In: IEEE Workshop on Policies for Distributed Systems and Networks,2007, Bologna, Italy: IEEE , 2007, p. 109-Conference paper (Refereed)
  • 33.
    Duma, Claudiu
    et al.
    Linköping University, Department of Computer and Information Science. Linköping University, The Institute of Technology.
    Karresand, Martin
    Swedish Defence Research Agency, Sweden.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science. Linköping University, The Institute of Technology.
    Caronni, Germani
    Sun Microsystems Laboratories, USA.
    Turcan, Eduard
    Linköping University, Department of Computer and Information Science. Linköping University, The Institute of Technology.
    A trust aware peer-to-peer based overlay architecture for intrusion detectionManuscript (preprint) (Other academic)
    Abstract [en]

    Traditional intrusion detection systems (IDS) are centralized and focused on protecting well bounded network regions. In contrast, current Internet attacks are highly distributed, spanning very large and dispersed regions of the Internet. This renders the deployed intrusion detection approaches inferior and limited in comparison to the attackers' capabilities. In this paper we propose a novel trust-aware peer-to-peer (P2P) based Overlay IDS architecture which is able tocoordinate and concert the detection capabilities of individual and formerly isolated IDSs, thereby increasing the overall effectiveness againstcurrent Internet attacks. The Overlay lDS is fully decentralized, thus avoiding the single point of failure problem characteristic to many other distributed lDS solutions. Moreover, we design an adaptive trust management mechanism which makes the Overlay IDS resilient to possible malicious peers infiltrating the overlay network. We have implemented our proposed Overlay lDS using JXTA P2P framework and we have evaluated its effectiveness for preventing the spread of a real Internet worm over an emulated network. As indicated by the evaluationresults, the use of our Overlay IDS significantly increases the overall survival rate of the network.

  • 34.
    Duma, Claudiu
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Karresand, Martin
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology. IDA Linköpings universitet.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Caronni, Germano
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    A Trust-Aware, P2P-Based Overlay for Intrusion Detection2006In: International Workshop on Database and Expert Systems Applications DEXA06,2006, IEEE , 2006, p. 692-Conference paper (Refereed)
  • 35.
    Duma, Claudiu
    et al.
    Linköping University, Department of Computer and Information Science. Linköping University, The Institute of Technology.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science. Linköping University, The Institute of Technology.
    Caronni, Germano
    Sun Microsystems Laboratories, USA.
    Dynamic trust metrics for peer-to-peer systems2005In: Proceedings of the Sixteenth International Workshop on Database and Expert Systems Applications, 2005, Los Alamitos, CA, USA: IEEE Computer Society, 2005, p. 776-781Conference paper (Refereed)
    Abstract [en]

    One of the fundamental challenges for peer-to-peer (P2P) systems is the ability to manage risks involved in interacting and collaborating with priorly unknown and potentially malicious parties. Reputation-based trust management can mitigate this risk by deriving the trustworthiness of a certain peer from that peer's behavior history. However, the existing reputation systems do not provide an adequate reaction to quick changes in peers' behavior, raising serious concerns regarding their effectiveness in coping with dynamic malicious peers.

    In this paper we investigate the requirements on the dynamics of trust in P2P systems and propose a versatile trust metric which satisfies these requirements. In particular, our proposed metric is able to detect and penalize both the sudden changes in peers' behavior and their potential oscillatory malicious behavior. Moreover, our metric is flexible and allows the implementation of different types of trust dynamics. We evaluate our metric through simulation and show its unique features and advantages over the existing metrics.

  • 36.
    Duma, Claudiu
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Lambrix, Patrick
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    A flexible category-based collusion-resistant key management scheme for multicast2003In: Security and privacy in the age of uncertainty: IFIP TC11 18th International Conference on Information Security (SEC2003) May 26-28, 2003, Athens, Greece / [ed] Dimitris Gritzalis; Sabrina De Capitani di Vimercati; Pierangela Samarati; Sokratis Katsikas, Kluwer Academic Publishers, 2003, p. 133-144Conference paper (Refereed)
    Abstract [en]

    Current key management schemes for multicast provide either no resistance to collusion or perfect resistance to collusion. However, resistance to collusion is achieved at the expense of efficiency in terms of the number of transmissions and the number of keys that are used. We argue that applications may have certain assumptions regarding the users and their access to the multicast channel that may be used to provide a broader range of choices for balancing efficiency against resistance to collusion.

    We formalize the collusion requirement based upon the users' access to the multicast channel. Different user categorizations give different degrees of collusion resistance and we show that the existing work has focused on special cases of user categorizations. Further, we go on to propose and evaluate a flexible key management strategy for the general case where the accessibility relation defines the order of exclusion of the categories. The theoretical and experimental results show that our scheme has good performance regarding transmissions and keys per controller.

  • 37.
    Duma, Claudiu
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Lambrix, Patrick
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    A hybrid key tree scheme for multicast to balance security and efficiency requirement2003In: Proceedings of the Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE '03), Institute of Electrical and Electronics Engineers (IEEE), 2003, p. 208-213Conference paper (Refereed)
    Abstract [en]

    Security and efficiency of rekeying are crucial requirements for multicast key management. However, the two requirements pull in different directions and balancing them to meet the application needs is still an open issue. In this paper we introduce a hybrid key tree scheme to balance security, namely the resistance to collusion, and the efficiency. The resistance to collusion is measured by an integer parameter. The communication and the storage requirements for the controller depend on this parameter too, and they decrease as the resistance to collusion is relaxed. We analytically evaluate the efficiency of our scheme and compare with the previous work. The results show that our scheme allows a fine-tuning of security requirements versus efficiency requirements at run-time, which is not possible with the previous key management schemes.

  • 38.
    Duma, Claudiu
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Lambrix, Patrick
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Efficient storage for category-based group key management2004In: Proceedings of the 5th Conference on Computer Science and Systems Engineering in Linköping, 2004, p. 139-146Conference paper (Refereed)
    Abstract [en]

    In multicast group communication, efficiency- and security are competing requirements and balancing them is an acknowledged challenge. In particular, the collusion resistance has an impact on the efficiency of any scheme. In this context, the category-based group key management (category-based GKM) scheme balances the collusion resistance constraints against the communication cost and the group controller storage. However, this scheme increases the storage requirements for users. In this paper we address this problem by introducing a novel technique based on spanning hash key tree (SKT). In the worst case, using our t echnique, the storage requirement remains the same as in the original category-based GKM scheme. However, the experimentalresults show that, in general, the SKT technique greatly reduces the key storage for the users as well as for the controller.

  • 39.
    Duma, Claudiu
    et al.
    Linköping University, Department of Computer and Information Science. Linköping University, The Institute of Technology.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science. Linköping University, The Institute of Technology.
    Turcan, Eduard
    Linköping University, Department of Computer and Information Science. Linköping University, The Institute of Technology.
    Resilient trust for peer-to-peer based critical information infrastructures2004In: Proceedings of the 2nd International Conference on Critical Infrastructures (CRIS 2004), Grenoble, France: International Institute for Critical Infrastructure , 2004Conference paper (Refereed)
    Abstract [en]

    Critical information infrastructures (CII) include the information technologies, telecommunication, and the Internet. The protection of CII is a paramount task, as other critical infrastructures (e.g. power grids, banking, and finance) become increasingly dependent on information services. Fault tolerance, scalability, self management, and self healing are some of the main requirements for the information-based critical services. These requirements can be addressed by the emerging peer-to-peer (P2P) technologies. The P2P architectural paradigm distributes the functionality, previously centralized into servers, to all the peers into the network. This approach has the advantage of avoiding bottlenecks and single point of failure making P2P networks robust and resilient to attacks. However, decentralization and distribution of P2P systems raise t he question of trust: how to distinguish the trustworthy peers from malicious ones. In this paper we analyze the resiliency of the existing reputation-based trust management mechanisms and identify the open problems to be addressed in order to provide the degree of resiliency necessary to critical information infrastructures.

  • 40.
    Fritzson, Peter
    et al.
    Linköping University, Department of Computer and Information Science, PELAB - Programming Environment Laboratory. Linköping University, The Institute of Technology.
    Auguston, Mikhail
    New Mexico State University, Las Cruces, New Mexico, USA.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science. Linköping University, The Institute of Technology.
    Using Assertions in Declarative and Operational Models for Automated Debugging1992Conference paper (Refereed)
    Abstract [en]

     This article presents an improved method for semiautomatic bug localization, by extending our previous generalized algorithm debugging technique, (GADT) [Fritzson et al. 1991], which uses declarative assertions about program units such as procedures and operational assertions about program behavior. For example, functional properties are best expressed through declarative assertions about procedure units, whereas order-dependent properties, or sequencing constraints in general, are more easily expressed using operational semantics. A powerful assertion language, called FORMAN, has been developed to this end. Such assertions can be collected into assertion libraries, which can greatly increase the degree of automation in bug localization. The long-range goal of this work is a semiautomatic debugging and testing system, which can be used during large-scale program development of nontrivial programs. To our knowledge, the extended GADT (EGADT) presented here is the first method that uses powerful operational assertions integrated with algorithmic debugging. In addition to providing support for local-level bug localization within procedures (which is not handled well by basic algorithmic debugging), the operational assertions reduce the number of irrelevant questions to the programmer during bug localization, thus further improving bug localization. A prototype of the GADT, implemented in PASCAL, supports debugging in a subset of Pascal. An interpreter of FORMAN assertions has also been implemented in PASCAL. During bug localization, both declarative and operational assertions are evaluated on execution traces.

  • 41.
    Fritzson, Peter
    et al.
    Linköping University, Department of Computer and Information Science. Linköping University, The Institute of Technology.
    Auguston, Mikhail
    New Mexico State University, Las Cruces, USA.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science. Linköping University, The Institute of Technology.
    Using assertions in declarative and operational models for automated debugging1994In: Journal of Systems and Software, ISSN 0164-1212, E-ISSN 1873-1228, Vol. 25, no 3, p. 223-239Article in journal (Refereed)
    Abstract [en]

    This article presents an improved method for semiautomatic bug localization, by extending our previous generalized algorithm debugging technique, (GADT) [Fritzson et al. 1991], which uses declarative assertions about program units such as procedures and operational assertions about program behavior. For example, functional properties are best expressed through declarative assertions about procedure units, whereas order-dependent properties, or sequencing constraints in general, are more easily expressed using operational semantics. A powerful assertion language, called FORMAN, has been developed to this end. Such assertions can be collected into assertion libraries, which can greatly increase the degree of automation in bug localization. The long-range goal of this work is a semiautomatic debugging and testing system, which can be used during large-scale program development of nontrivial programs. To our knowledge, the extended GADT (EGADT) presented here is the first method that uses powerful operational assertions integrated with algorithmic debugging. In addition to providing support for local-level bug localization within procedures (which is not handled well by basic algorithmic debugging), the operational assertions reduce the number of irrelevant questions to the programmer during bug localization, thus further improving bug localization. A prototype of the GADT, implemented in PASCAL, supports debugging in a subset of Pascal. An interpreter of FORMAN assertions has also been implemented in PASCAL. During bug localization, both declarative and operational assertions are evaluated on execution traces.

  • 42.
    Fritzson, Peter
    et al.
    Linköping University, Department of Computer and Information Science. Linköping University, The Institute of Technology.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science. Linköping University, The Institute of Technology.
    Kamkar, Mariam
    Linköping University, Department of Computer and Information Science. Linköping University, The Institute of Technology.
    Gyimothy, Tibor
    Research Group on the Theory of Automata, Hungarian Academy of Sciences.
    Generalized algorithmic debugging and testing1992In: ACM Letters on Programming Languages and Systems, ISSN 1057-4514, Vol. 1, no 4, p. 303-322Article in journal (Refereed)
    Abstract [en]

    This paper presents a method for semi-automatic bug localization, generalized algorithmic debugging, which has been integrated with the category partition method for functional testing. In this way the efficiency of the algorithmic debugging method for bug localization can be improved by using test specifications and test results. The long-range goal of this work is a semi-automatic debugging and testing system which can be used during large-scale program development of nontrivial programs. The method is generally applicable to procedural langua ges and is not dependent on any ad hoc assumptions regarding the subject program. The original form of algorithmic debugging, introduced by Shapiro, was however limited to small Prolog programs without side-effects, but has later been generalized to concurrent logic programming languages. Another drawback of the original method is the large number of interactions with the user during bug localization. To our knowledge, this is the first method which uses category partition testing to improve the bug localization properties of algorithmic debugging. The method can avoid irrelevant questions to the programmer by categorizing input parameters and then match these against test cases in the test database. Additionally, we use program slicing, a data flow analysis technique, to dynamically compute which parts of the program are relevant for the search, thus further improving bug localization. We believe that this is the first generalization of algorithmic debugging for programs with side-effects written in imperative languages such as Pascal. These improvements together makes it more feasible to debug larger programs. However, additional improvements are needed to make it handle pointer-related side-effects and concurrent Pascal programs. A prototype generalized algorithmic debugger for a Pascal subset without pointer side-effects and a test case generator for application programs in Pascal, C, dBase, and LOTUS have been implemented

  • 43.
    Graham, Ross Lee
    et al.
    Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems. Linköping University, The Institute of Technology.
    Shahmehri, NahidLinköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems. Linköping University, The Institute of Technology.
    Proceedings of the Second International Conference on Peer-to-Peer Computing2002Conference proceedings (editor) (Other academic)
  • 44.
    Herzog, Almut
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    A usability study of security policy management2006In: Security and Privacy in Dynamic Environments. Proceedings of the 21st International Information Security Conference (IFIP TC-11) (SEC’06), 2006, p. 296-306Conference paper (Other academic)
    Abstract [en]

    The Java Security Manager is one major security feature of the Java programming language. However, in many Java applications the Security Manager is not enabled because it slows execution time. This paper explores the performance of the Java Security Manager in depth, identifies the permissions with the worst performance and gives advice on how to use the Security Manager in a more efficient way.

    Our performance test shows that the CPU execution time penalty varies between 5% and 100% per resource access statement. This extreme range is due to the fact that some resource accesses are costly (such as file and socket access) and therefore hide the performance penalty for the access control check almost completely. The time penalty is much more noticeable with access to main memory resources (such as Java objects).

    In order to achieve reasonable response times, it is of utmost importance to tune garbage collection because the Java Security Manager creates short-lived objects during its permission check. Also, the order of permissions in the policy file can be important.

  • 45.
    Herzog, Almut
    et al.
    Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems. Linköping University, The Institute of Technology.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems. Linköping University, The Institute of Technology.
    An evaluation of Java application containers according to security requirements2005In: Proceedings of the 14th IEEE International Workshops on Enabling Technologies, 2005, p. 178-183Conference paper (Refereed)
    Abstract [en]

    Web browsers, Web servers, Java application servers and OSGi frameworks are all instances of Java execution environments that tun more or less untrusted Java applications. In all these environments, Java applications can come from different sources. Consequently, application developers rarely know which other applications exist in the target Java execution environment. This paper investigates the requirements that need to be imposed on such a container from a security point of view and how the requirements have been implemented by different Java application containers. More specifically, we show a general risk analysis considering assets, threats and vulnerabilities of a Java container. This risk analysis exposes generic Java security problems and leads to a set of security requirements. These security requirements are then used to evaluate the security architecture of existing Java containers for Java applications, applets, servlets, OSGi bundles, and Enterprise Java Beans. For comparison, the requirements are also examined for a C++ application.

  • 46.
    Herzog, Almut
    et al.
    Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems. Linköping University, The Institute of Technology.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems. Linköping University, The Institute of Technology.
    Performance of the Java Security Manager2005In: Computers and Security, ISSN 0167-4048, Vol. 24, no 3, p. 192-207Article in journal (Refereed)
    Abstract [en]

    The Java Security Manager is one major security feature of the Java programming language. However, in many Java applications the Security Manager is not enabled because it slows execution time. This paper explores the performance of the Java Security Manager in depth, identifies the permissions with the worst performance and gives advice on how to use the Security Manager in a more efficient way.

    Our performance test shows that the CPU execution time penalty varies between 5% and 100% per resource access statement. This extreme range is due to the fact that some resource accesses are costly (such as file and socket access) and therefore hide the performance penalty for the access control check almost completely. The time penalty is much more noticeable with access to main memory resources (such as Java objects).

    In order to achieve reasonable response times, it is of utmost importance to tune garbage collection because the Java Security Manager creates short-lived objects during its permission check. Also, the order of permissions in the policy file can be important.

  • 47.
    Herzog, Almut
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems.
    Shahmehri, Nahid
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems.
    Problems Running Untrusted Services as Java Threads2005In: International Workshop on Certification and Security in Inter-Organizational E-Services CSES04,2004, New York, NY, U.S.A: Springer , 2005, p. 19-Conference paper (Refereed)
  • 48.
    Herzog, Almut
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Usability and security of personal firewalls2007In: International Information Security Conference IFIP TC-11,2007, New York, NY, USA: Springer Verlag , 2007, p. 37-Conference paper (Refereed)
  • 49.
    Herzog, Almut
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Usability and security of personal firewalls2007In: New Approaches for Security, Privacy and Trust in Complex Environments, Springer Berlin/Heidelberg, 2007, p. 37-48Chapter in book (Other academic)
    Abstract [en]

    Effective security of a personal firewall depends on (1) the rule granularity and the implementation of the rule enforcement and (2) the correctness and granularity of user decisions at the time of an alert. A misconfigured or loosely configured firewall may be more dangerous than no firewall at all because of the user’s false sense of security. This study assesses effective security of 13 personal firewalls by comparing possible granularity of rules as well as the usability of rule set-up and its influence on security.

    In order to evaluate usability, we have submitted each firewall to use cases that require user decisions and cause rule creation. In order to evaluate the firewalls’ security, we analysed the created rules. In addition, we ran a port scan and replaced a legitimate, network-enabled application with another program to assess the firewalls’ behaviour in misuse cases. We have conducted a cognitive walkthrough paying special attention to user guidance and user decision support.

    We conclude that a stronger emphasis on user guidance, on conveying the design of the personal firewall application, on the principle of least privilege and on implications of default settings would greatly enhance both usability and security of personal firewalls.

  • 50.
    Herzog, Almut
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Usable Set-up of Runtime Security Policies2007In: International Symposium on Human Aspects of Information Security and Assurance,2007, Emerald Group Publishing Limited, 2007, p. 394-407Conference paper (Refereed)
123 1 - 50 of 133
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf