Search Results

You are looking at 1 - 10 of 854 items :

  • "security requirements" x
Clear All

it 6/2013 Special Issue Eliciting Security Requirements from the Business Processes Using Security Risk-Oriented Patterns Nutzung risk-basierter Muster zur Erhebung von Sicherheitsanforderungen in Geschäftsprozessen Raimundas Matulevǐcius∗, Naved Ahmed, Institute of Computer Science, Tartu, Estonia ∗ Correspondence author: rma@ut.ee Summary Although importance of aligning modelling of business processes and security is growing, there is rather limited research performed on elicitation of security require- ments from the business processes. In this paper we

Z. J. Muhsin and A. Al-Taee Mobile Workflow Management System Architecture Taking into Account Relevant Security Requirements Abstract: Workflow management systems (WfMS) have been one of the important technologies proposed to optimize management activities and reduce work complexity. In this paper, we propose a mobile WfMS (MWfMS) architecture taking into account the relevant security requirements. This work extends a previously reported MWfMS that handles the services of equipment repair and maintenance. Its architecture comprises a physical layer (i. e. system

DOI 10.1515/9781501505775-011 Chapter 8 – Security Requirements for the IoT In previous chapters, we have discussed IoT, home and network vulnerabili- ties. In this chapter, we will specifically address some of those threats and how they arise. In this chapter, we cover: 1. Why security issues arise 2. Security and product confidence 3. Why manufacturing techniques go wrong 4. Why security overhead is often cut from design 5. And why cutting security is so detrimental to the end product Why security issues arise Building end-to-end security into IoT

v The Spreading of Security Requirements T HE world being what it is, one would be naive indeed to assume that American laboratories are immune from espionage. On June 20, 1 949, the President of the United States signed the Central Intelligence Act of 1 949. Its purposes and implications were deemed to be so confidential that the House and Senate Armed Services Committees discussed the measure in secret sessions. Then they informed Congress that it was impossible to have a full debate or even to disclose the objects and operation of the proposed

. Feng, D. Lin, M. Yung, Eds. Information Security and Cryptology. CISC. Lecture Notes in Computer Science. Vol. 3822 . Berlin, Springer, 2005, pp. 75-90. 13. Alghazzawi, D. M. Operational and Security Requirements for RFID System. – Journal of Global Research in Computer Science, Vol. 2 , 2011, No 12, pp. 6-11. 14. Tan, C. C., J. Wu. Security in RFID Networks and Communications. – In: L. Chen, J. Ji, Z. Zhang, Eds. Wireless Network Security. Berlin, Springer, 2013 pp. 247-267. 15. Hwang, M. S., C. H. Wei, C. Y. Lee. Privacy and Security Requirements for RFID

showhowan informal confiden- tiality requirement can be formalized in the specification language RIFL and how this requirement can be verified in the app store Cassandra using the RSCP security anal- yser. In particular, we demonstrate how Cassandra inte- grates the information-flow analysis by the RSCP security analyser into the installation process of an app from the perspective of a user. Keywords: Information flow control, mobile platform se- curity, security requirements, specification languages, ver- ification. ACM CCS: Security and privacy→ Systems security→ In

→ Formal methods and theory of security → Security requirements; ACM CCS → Applied computing → Enterprise computing → Business process management; Regulatory Compliance, Business Processes, Deontic Logic Schlagwörter Einhaltung gesetzlicher Vorschriften, Geschäftprozess, Deontik Logik 1 Introduction The study of IT techniques to support compliance is gaining momentum in the area of Enterprise Informa- tion Systems. The number and complexity of compliance initiatives and frameworks is growing and more and more businesses are required to provide compliance certifica- tion

Abstract

Security has evolved into an essential quality factor of software systems. However, security features in software applications are often time-consuming, error-prone and too complicated for common users. This is mainly due to a limited consideration and integration of usability. As a consequence, users either circumvent security features or do not utilize them at all. Usable security is an advanced quality topic and an important research area of software systems. This area combines usability and security with the objective of making the use of security features in software effective, efficient and satisfying. In order to meet this challenge, the research project USecureD aims at supporting small and medium-sized enterprises (SMEs) in facilitating the selection and incorporation of usable security by developing, evaluating and collecting principles, guidelines, patterns and tools for merging usability and security engineering. During the initiation phase of the USecureD project, an online study (N = 118) in conjunction with 10 interviews and 2 workshops have been conducted in order to identify the relevance and requirements of usability, security and usable security with a specific focus on SMEs. The obtained results are presented and derived implications are discussed in this paper.

in i-com

, 5]). Separation of duty constraints allow for the implementation of dual control policies demanding that at least two persons have to be involved in a particular activity. Since these security requirements operate essen- tially on an executable level of specifications they consti- tutemore an implementation of a security policy thanpoli- cies by themselves. Since the lack of a policy on a more abstract level precludes the verification of a given policy, more abstract formalisms, like information-flow control approaches, have been propagated, to specify and verify

. Currently, two standard approaches exist: German AIS 20/31 [ 3 ] and American NIST SP 800-90, part A, B, and C [ 4 ], [ 5 ], [ 6 ]. Since they are developed independently, they are slightly different. Moreover, they are still evolving (especially the American documents). These differences can cause difficulties in TRNG designs. The objective of this paper is to illustrate how strict security requirements can be met, while aiming at compliance with both approaches. Moreover, we demonstrate that the new embedded tests dedicated to the PLL-TRNG, which are based on the