English
Related papers

Related papers: Security Policy Specification Using a Graphical Ap…

200 papers

Context: Static Application Security Testing (SAST) and Runtime Application Security Protection (RASP) are important and complementary techniques used for detecting and enforcing application-level security policies in web applications.…

Programming Languages · Computer Science 2021-07-16 Angel Luis Scull Pupo , Jens Nicolay , Elisa Gonzalez Boix

To ensure programs do not leak private data, we often want to be able to provide formal guarantees ensuring such data is handled correctly. Often, we cannot keep such data secret entirely; instead programmers specify how private data may be…

Programming Languages · Computer Science 2026-04-21 Jan Menz , Andrew K. Hirsch , Peixuan Li , Deepak Garg

Context: To effectively defend against ever-evolving cybersecurity threats, software systems should be made as secure as possible. To achieve this, software developers should understand potential vulnerabilities and apply secure coding…

Programming Languages · Computer Science 2024-07-11 Alina Torbunova , Adnan Ashraf , Ivan Porres

We present a taxonomy and an algebra for attack patterns on component-based operating systems. In a multilevel security scenario, where isolation of partitions containing data at different security classifications is the primary security…

Cryptography and Security · Computer Science 2014-03-06 Michael Hanspach , Jörg Keller

Distributed implementations of access control abound in distributed storage protocols. While such implementations are often accompanied by informal justifications of their correctness, our formal analysis reveals that their correctness can…

Cryptography and Security · Computer Science 2008-06-02 Avik Chaudhuri

We propose a simple global computing framework, whose main concern is code migration. Systems are structured in sites, and each site is divided into two parts: a computing body, and a membrane, which regulates the interactions between the…

Programming Languages · Computer Science 2017-01-11 Daniele Gorla , Matthew Hennessy , Vladimiro Sassone

For the formal verification of a network security policy, it is crucial to express the verification goals. These formal goals, called security invariants, should be easy to express for the end user. Focusing on access control and…

Cryptography and Security · Computer Science 2016-04-04 Cornelius Diekmann , Stephan-A. Posselt , Heiko Niedermayer , Holger Kinkelin , Oliver Hanka , Georg Carle

Programmable Logic Controllers (PLCs) execute critical control software that drives Industrial Automation and Control Systems (IACS). PLCs can become easy targets for cyber-adversaries as they are resource-constrained and are usually built…

Cryptography and Security · Computer Science 2021-01-07 Awais Tanveer , Roopak Sinha , Stephen G. MacDonell , Paulo Leitao , Valeriy Vyatkin

In workflows and business processes, there are often security requirements on both the data, i.e. confidentiality and integrity, and the process, e.g. separation of duty. Graphical notations exist for specifying both workflows and…

Cryptography and Security · Computer Science 2014-04-09 Thomas Bauereiss , Dieter Hutter

Today's emerging Industrial Internet of Things (IIoT) scenarios are characterized by the exchange of data between services across enterprises. Traditional access and usage control mechanisms are only able to determine if data may be used by…

Cryptography and Security · Computer Science 2018-05-16 Julian Schütte , Gerd Stefan Brost

Privacy policies often place requirements on the purposes for which a governed entity may use personal information. For example, regulations, such as HIPAA, require that hospital employees use medical information for only certain purposes,…

Cryptography and Security · Computer Science 2011-02-22 Michael Carl Tschantz , Anupam Datta , Jeannette M. Wing

Purpose is crucial for privacy protection as it makes users confident that their personal data are processed as intended. Available proposals for the specification and enforcement of purpose-aware policies are unsatisfactory for their…

Cryptography and Security · Computer Science 2015-07-30 Riccardo De Masellis , Chiara Ghidini , Silvio Ranise

A widespread design approach in distributed applications based on the service-oriented paradigm, such as web-services, consists of clearly separating the enforcement of authorization policies and the workflow of the applications, so that…

Cryptography and Security · Computer Science 2009-06-26 Michele Barletta , Silvio Ranise , Luca Viganò

For computer software, our security models, policies, mechanisms, and means of assurance were primarily conceived and developed before the end of the 1970's. However, since that time, software has changed radically: it is thousands of times…

Cryptography and Security · Computer Science 2016-11-15 Úlfar Erlingsson

Real-world applications routinely make authorization decisions based on dynamic computation. Reasoning about dynamically computed authority is challenging. Integrity of the system might be compromised if attackers can improperly influence…

Cryptography and Security · Computer Science 2021-04-22 Owen Arden , Anitha Gollamudi , Ethan Cecchetti , Stephen Chong , Andrew C. Myers

This paper analyses the security contribution of typical functional-language features by examining them in the light of accepted information security principles. Imperative and functional code are compared to illustrate various cases. In…

Cryptography and Security · Computer Science 2012-01-30 Yusuf Moosa Motara

SAFE is a clean-slate design for a highly secure computer system, with pervasive mechanisms for tracking and limiting information flows. At the lowest level, the SAFE hardware supports fine-grained programmable tags, with efficient and…

In this paper, we introduce a formal notion of partial compliance, called Attack-resistance, of a computer program running together with a defense mechanism w.r.t a non-exploitability specification. In our setting, a program may contain…

Cryptography and Security · Computer Science 2015-06-15 Vijay Ganesh , Sebastian Banescu , Martín Ochoa

Authorization and access control play an essential role in protecting sensitive information from malicious users. The system is based on security policies to determine if an access request is allowed. However, of late, the growing…

Cryptography and Security · Computer Science 2020-05-15 Tran Khanh Dang , Xuan Son Ha , Luong Khiem Tran

Security patterns are a means to encapsulate and communicate proven security solutions. They are well-established approaches for introducing security into the software development process. Our objective is to explore the research efforts on…

Software Engineering · Computer Science 2018-12-03 Abbas Javan Jafari , Abbas Rasoolzadegan