Published: Apr 1, 2015
Converted to Gold OA:
DOI: 10.4018/IJSSE.20150401pre
Volume 6
Alessandro Aldini, Fabio Martinelli, Neeraj Suri
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Aldini, Alessandro, et al. "Special Issue on Quantitative Aspects in Security Assurance." IJSSE vol.6, no.2 2015: pp.4-5. http://doi.org/10.4018/IJSSE.20150401pre
APA
Aldini, A., Martinelli, F., & Suri, N. (2015). Special Issue on Quantitative Aspects in Security Assurance. International Journal of Secure Software Engineering (IJSSE), 6(2), 4-5. http://doi.org/10.4018/IJSSE.20150401pre
Chicago
Aldini, Alessandro, Fabio Martinelli, and Neeraj Suri. "Special Issue on Quantitative Aspects in Security Assurance," International Journal of Secure Software Engineering (IJSSE) 6, no.2: 4-5. http://doi.org/10.4018/IJSSE.20150401pre
Export Reference
Published: Apr 1, 2015
Converted to Gold OA:
DOI: 10.4018/IJSSE.2015040101
Volume 6
Richard Gay, Heiko Mantel, Henning Sudbrock
Interrupt-related covert channels (IRCCs) utilize hardware interrupts for enabling communication between processes. This article provides an empirical evaluation of IRCC vulnerabilities, based on an...
Show More
Interrupt-related covert channels (IRCCs) utilize hardware interrupts for enabling communication between processes. This article provides an empirical evaluation of IRCC vulnerabilities, based on an actual exploit. The evaluation combines experiments with an information-theoretic analysis for computing the channel bandwidth. The evaluation shows that a bandwidth of multiple bits per second is achievable in a desktop system via interrupts of a network interface card. This result clarifies the significance of this IRCC vulnerability for one particular system. The exploit presented is configurable, and the article provides a solution for computing an optimal exploit configuration for a given system. While side channels based on hardware interrupts have been discussed before, this is the first empirical evaluation of covert channels based on hardware interrupts.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Gay, Richard, et al. "An Empirical Bandwidth Analysis of Interrupt-Related Covert Channels." IJSSE vol.6, no.2 2015: pp.1-22. http://doi.org/10.4018/IJSSE.2015040101
APA
Gay, R., Mantel, H., & Sudbrock, H. (2015). An Empirical Bandwidth Analysis of Interrupt-Related Covert Channels. International Journal of Secure Software Engineering (IJSSE), 6(2), 1-22. http://doi.org/10.4018/IJSSE.2015040101
Chicago
Gay, Richard, Heiko Mantel, and Henning Sudbrock. "An Empirical Bandwidth Analysis of Interrupt-Related Covert Channels," International Journal of Secure Software Engineering (IJSSE) 6, no.2: 1-22. http://doi.org/10.4018/IJSSE.2015040101
Export Reference
Published: Apr 1, 2015
Converted to Gold OA:
DOI: 10.4018/IJSSE.2015040102
Volume 6
Tom Chothia, Chris Novakovic, Rajiv Ranjan Singh
This paper presents a framework for calculating measures of data integrity for programs in a small imperative language. The authors develop a Markov chain semantics for their language which...
Show More
This paper presents a framework for calculating measures of data integrity for programs in a small imperative language. The authors develop a Markov chain semantics for their language which calculates Clarkson and Schneider's definitions of data contamination, data suppression, program suppression and program transmission. The authors then propose their own definition of program integrity for probabilistic specifications. These definitions are based on conditional mutual information and entropy; they present a result relating them to mutual information, which can be calculated by a number of existing tools. The authors extend a quantitative information flow tool (CH-IMP) to calculate these measures of integrity and demonstrate this tool with examples including error correcting codes, the Dining Cryptographers protocol and the attempts by a number of banks to influence the Libor rate.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Chothia, Tom, et al. "Calculating Quantitative Integrity and Secrecy for Imperative Programs." IJSSE vol.6, no.2 2015: pp.23-46. http://doi.org/10.4018/IJSSE.2015040102
APA
Chothia, T., Novakovic, C., & Singh, R. R. (2015). Calculating Quantitative Integrity and Secrecy for Imperative Programs. International Journal of Secure Software Engineering (IJSSE), 6(2), 23-46. http://doi.org/10.4018/IJSSE.2015040102
Chicago
Chothia, Tom, Chris Novakovic, and Rajiv Ranjan Singh. "Calculating Quantitative Integrity and Secrecy for Imperative Programs," International Journal of Secure Software Engineering (IJSSE) 6, no.2: 23-46. http://doi.org/10.4018/IJSSE.2015040102
Export Reference
Published: Apr 1, 2015
Converted to Gold OA:
DOI: 10.4018/IJSSE.2015040103
Volume 6
Kristian Beckers, Leanid Krautsevich, Artsiom Yautsiukhin
The acquisition of information about computer systems by mostly non-technical means is called social engineering. Most critical systems are vulnerable to social threats, even when technical security...
Show More
The acquisition of information about computer systems by mostly non-technical means is called social engineering. Most critical systems are vulnerable to social threats, even when technical security is high. Social engineering is a technique that: (i) does not require any (advanced) technical tools, (ii) can be used by anyone, (iii) is cheap, (iv) almost impossible to eliminate completely. The integration of social engineering attackers with other attackers, such as software or network ones, is missing so far. Existing research focuses on classifying and analyzing social engineering attacks. The authors' contribution is to consider social engineering exploits together with technical vulnerabilities. The authors introduce a method for the integration of social engineering exploits into attack graphs and propose a simple quantitative analysis of the graphs that helps to develop a comprehensive defensive strategy.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Beckers, Kristian, et al. "Using Attack Graphs to Analyze Social Engineering Threats." IJSSE vol.6, no.2 2015: pp.47-69. http://doi.org/10.4018/IJSSE.2015040103
APA
Beckers, K., Krautsevich, L., & Yautsiukhin, A. (2015). Using Attack Graphs to Analyze Social Engineering Threats. International Journal of Secure Software Engineering (IJSSE), 6(2), 47-69. http://doi.org/10.4018/IJSSE.2015040103
Chicago
Beckers, Kristian, Leanid Krautsevich, and Artsiom Yautsiukhin. "Using Attack Graphs to Analyze Social Engineering Threats," International Journal of Secure Software Engineering (IJSSE) 6, no.2: 47-69. http://doi.org/10.4018/IJSSE.2015040103
Export Reference
Published: Apr 1, 2015
Converted to Gold OA:
DOI: 10.4018/IJSSE.2015040104
Volume 6
Alessandro Armando, Michele Bezzi, Nadia Metoui, Antonino Sabetta
Risk-aware access control systems grant or deny access to resources based on the notion of risk. It has many advantages compared to classical approaches, allowing for more flexibility, and...
Show More
Risk-aware access control systems grant or deny access to resources based on the notion of risk. It has many advantages compared to classical approaches, allowing for more flexibility, and ultimately supporting for a better exploitation of data. The authors propose and demonstrate a risk-aware access control framework for information disclosure, which supports run-time risk assessment. In their framework access-control decisions are based on the disclosure-risk associated with a data access request and, differently from existing models, adaptive anonymization operations are used as risk-mitigation method. The inclusion of on-the-fly anonymization allows for extending access to data, still preserving privacy below the maximum tolerable risk. Risk thresholds can be adapted to the trustworthiness of the requester role, so a single access control framework can support multiple data access use cases, ranging from sharing data among a restricted (highly trusted) group to public release (low trust value). The authors have developed a prototype implementation of their framework and have assessed it by running a number of queries against the Adult Data Set from the UCI Machine Learning Repository, a publicly available dataset that is widely used by the research community. The experimental results are encouraging and confirm the feasibility of the proposed approach.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Armando, Alessandro, et al. "Risk-Based Privacy-Aware Information Disclosure." IJSSE vol.6, no.2 2015: pp.70-89. http://doi.org/10.4018/IJSSE.2015040104
APA
Armando, A., Bezzi, M., Metoui, N., & Sabetta, A. (2015). Risk-Based Privacy-Aware Information Disclosure. International Journal of Secure Software Engineering (IJSSE), 6(2), 70-89. http://doi.org/10.4018/IJSSE.2015040104
Chicago
Armando, Alessandro, et al. "Risk-Based Privacy-Aware Information Disclosure," International Journal of Secure Software Engineering (IJSSE) 6, no.2: 70-89. http://doi.org/10.4018/IJSSE.2015040104
Export Reference
Published: Apr 1, 2015
Converted to Gold OA:
DOI: 10.4018/IJSSE.2015040105
Volume 6
Gencer Erdogan, Fredrik Seehusen, Ketil Stølen, Jon Hofstad, Jan Øyvind Aagedal
The authors present the results of an evaluation in which the objective was to assess how useful testing is for validating and correcting security risk models. The evaluation is based on two...
Show More
The authors present the results of an evaluation in which the objective was to assess how useful testing is for validating and correcting security risk models. The evaluation is based on two industrial case studies. In the first case study the authors analyzed a multilingual financial Web application, while in the second case study they analyzed a mobile financial application. In both case studies, the testing yielded new information which was not found in the risk assessment phase. In particular, in the first case study, new vulnerabilities were found which resulted in an update of the likelihood values of threat scenarios and risks in the risk model. New vulnerabilities were also identified and added to the risk model in the second case study. These updates led to more accurate risk models, which indicate that the testing was indeed useful for validating and correcting the risk models.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Erdogan, Gencer, et al. "Assessing the Usefulness of Testing for Validating and Correcting Security Risk Models Based on Two Industrial Case Studies." IJSSE vol.6, no.2 2015: pp.90-112. http://doi.org/10.4018/IJSSE.2015040105
APA
Erdogan, G., Seehusen, F., Stølen, K., Hofstad, J., & Aagedal, J. Ø. (2015). Assessing the Usefulness of Testing for Validating and Correcting Security Risk Models Based on Two Industrial Case Studies. International Journal of Secure Software Engineering (IJSSE), 6(2), 90-112. http://doi.org/10.4018/IJSSE.2015040105
Chicago
Erdogan, Gencer, et al. "Assessing the Usefulness of Testing for Validating and Correcting Security Risk Models Based on Two Industrial Case Studies," International Journal of Secure Software Engineering (IJSSE) 6, no.2: 90-112. http://doi.org/10.4018/IJSSE.2015040105
Export Reference
IGI Global Open Access Collection provides all of IGI Global’s open access content in one convenient location and user-friendly interface
that can easily searched or integrated into library discovery systems.
Browse IGI Global Open
Access Collection
Author Services Inquiries
For inquiries involving pre-submission concerns, please contact the Journal Development Division:
journaleditor@igi-global.comOpen Access Inquiries
For inquiries involving publishing costs, APCs, etc., please contact the Open Access Division:
openaccessadmin@igi-global.comProduction-Related Inquiries
For inquiries involving accepted manuscripts currently in production or post-production, please contact the Journal Production Division:
journalproofing@igi-global.comRights and Permissions Inquiries
For inquiries involving permissions, rights, and reuse, please contact the Intellectual Property & Contracts Division:
contracts@igi-global.comPublication-Related Inquiries
For inquiries involving journal publishing, please contact the Acquisitions Division:
acquisition@igi-global.comDiscoverability Inquiries
For inquiries involving sharing, promoting, and indexing of manuscripts, please contact the Citation Metrics & Indexing Division:
indexing@igi-global.com Editorial Office
701 E. Chocolate Ave.
Hershey, PA 17033, USA
717-533-8845 x100