91,706 Hits in 2.4 sec

Process Authentication for High System Assurance

Hussain M.J. Almohri, Danfeng Yao, Dennis Kafura
2014 IEEE Transactions on Dependable and Secure Computing  
As a result, malware may impersonate other processes, thus violating system assurance.  ...  To demonstrate the application of process authentication, we develop a system call monitoring framework for preventing unauthorized use or access of system resources.  ...  Our authentication system can be conveniently integrated with existing policy-based access control systems for strong system assurance.  ... 
doi:10.1109/tdsc.2013.29 fatcat:7edokxdjczgzjgfqxmoxexnk4i

Kernel Based Process Level Authentication Framework for Secure Computing and High Level System Assurance

Pradnya Patil, Shubham Joshi
2014 International Journal of Innovative Research in Computer and Communication Engineering  
In order to demonstrate the application of Process Authentication proposed System Call monitoring framework for preventing unauthorized use or access of system resources like HDD, RAM.  ...  Existing MAC solutions belongs to authorization mechanism however authorization mechanism along is not sufficient for achieving system assurance.  ...  Hence Operating System level secure computing is now playing critical role for high assurance systems.  ... 
doi:10.15680/ijircce.2014.0212045 fatcat:k3ehxiyk6jhsxnsvl6mdwmbzie

Yeni Bir Güvenlik Katmanı Ekleyerek Mobil Hizmet Kullanıcısı Kimliğinin Güvenliğini Sağlama

2021 European Journal of Science and Technology  
However, existing solutions generally does not provide very high level of assurance in the asserted digital identity.  ...  authentication and non-repudiation services for service providers and users.  ...  The ISO/IEC 29115 Entity Authentication Assurance Framework (2013) standard presents four levels of assurance (LoA) for entity authentication.  ... 
doi:10.31590/ejosat.833433 fatcat:cxq7iiy5frddpjjz6zhtbrqyi4

Service provider authentication assurance

Audun Josang, Kent A. Varmedal, Christophe Rosenberger, Rajendra Kumar
2012 2012 Tenth Annual International Conference on Privacy, Security and Trust  
This paper proposes a framework for server and service provider authentication assurance, similarly to frameworks for user authentication assurance that have already been specified, or are currently under  ...  The concept of authentication assurance traditionally refers to the robustness of methods and mechanisms for user authentication, including the robustness of initial registration and provisioning of user  ...  Assurance (UIRA) refers to the thoroughness of the process for enrolling new entities that are to be authenticated by the system.  ... 
doi:10.1109/pst.2012.6297941 dblp:conf/pst/JosangVRK12 fatcat:oij4bgymgnbevgxr2fdpvej7ta

Making Identity Assurance and Authentication Strength Work for Federated Infrastructures

Jule Anna Ziegler, Uros Stevanovic, David Leo Groep, Ian Neilson, David P. Kelsey, Maarten Kremers
2021 Zenodo  
The focus of this paper lies in providing guidance and best practices based on example scenarios for both Service Providers to request the appropriate REFEDS assurance level, as well as for Identity Provider  ...  In order to assess and communicate the quality of identities being used and authentications being performed, so called Level of Assurance (LoA) frameworks are used.  ...  The authors wish to thank the project members of GÉANT, AARC2 as well as the REFEDS community for helpful discussions and feedback to continuously improve the work presented in this paper.  ... 
doi:10.5281/zenodo.4916048 fatcat:txb4mu7y25esfn6ft47arnassy

Assurance Requirements for Mutual User and Service Provider Authentication [chapter]

Audun Jøsang
2015 Lecture Notes in Computer Science  
Unilateral authentication is obviously insufficient for securing twoway interaction, so both user authentication assurance and service provider authentication assurance must be considered.  ...  Several nations and organisations have published frameworks for assurance of user authentication in the context of eGovermnent.  ...  -User Identity Registration Assurance (UIRA) refers to the thoroughness of the process for enrolling new entities that are to be authenticated by the system.  ... 
doi:10.1007/978-3-319-17016-9_3 fatcat:ngm7rdf4qrd5rm72d7r655fjcy

Identity Management Lifecycle - Exemplifying the Need for Holistic Identity Assurance Frameworks [chapter]

Jostein Jensen
2013 Lecture Notes in Computer Science  
Identity management makes the foundation for secure and trusted communication, and government frameworks for authentication and identity assurance are therefore developed to support the strategies.  ...  This paper examines three existing authentication and identity assurance frameworks, and is a good example to show the importance of specifying assurance frameworks that takes a holistic view of the identity  ...  [6] Requirements for each lifecycle activity can be bundled to form identity assurance levels, where a low assurance level specifies IdM requirements for systems with limited risk levels and high assurance  ... 
doi:10.1007/978-3-642-36818-9_38 fatcat:mm2hczjgazf5ze7ua4uxcg2aym

Resilient device authentication system (RDAS) through SIOMETRICS

Mike Duren, John Walsh, Hal Aldridge, Meng-Day (Mandel) Yu
2013 Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop on - CSIIRW '13  
Collaboration between academia, leading industry innovators, and a high assurance security DoD provider has resulted in an architectural approach to change the paradigm in cyber security by reducing the  ...  In recent decades, human biometrics have been used authenticate the identity of human beings and provide access control.  ...  This holistic approach reduces system cost and improves security; the latter by having a high degree of silicon-level trust bound to the Information Assurance protocols.  ... 
doi:10.1145/2459976.2459978 dblp:conf/csiirw/DurenWAY13 fatcat:edcq34prkvgmfbarsi3h4au7gm

An Approach to Security Requirements Engineering for a High Assurance System *

Cynthia E. Irvine, Timothy Levin, Jeffery D. Wilson, David Shifflett, Barbara Pereira
2002 Requirements Engineering  
Requirements specifications for high assurance secure systems are rare in the open literature.  ...  The system is designed to be secure, yet combines popular commercial components with specialized high assurance ones. Functional and non-functional requirements pertinent to security are discussed.  ...  Luqi for useful discussions of the requirements engineering process. The authors are grateful to their U.S. Navy and government sponsors for their support of this research.  ... 
doi:10.1007/s007660200015 fatcat:652zihg3nfcdpaazyyu2e2ajom

Secure Compartmented Data Access over an Untrusted Network Using a COTS-Based Architecture [chapter]

Paul Clark
2004 Statistics: A Series of Textbooks and Monographs  
We compare our architecture to other models of controlling access to sensitive data and draw conclusions about the requirements for high-security solutions for electronic business as well as DoD applications  ...  assurance for each application.  ...  over an untrusted wide area network using high-assurance security mechanisms.  ... 
doi:10.1201/9781420030884.ch5 fatcat:75ncqbjbengj7ibimebdrlzssy

Identifying native applications with high assurance

Hussain M.J. Almohri, Danfeng (Daphne) Yao, Dennis Kafura
2012 Proceedings of the second ACM conference on Data and Application Security and Privacy - CODASKY '12  
Main stream operating system kernels lack a strong and reliable mechanism for identifying the running processes and binding them to the corresponding executable applications.  ...  We present a protocol for the secure authentication of applications.  ...  We present a novel identification model in which applications are identified and authenticated with high assurance.  ... 
doi:10.1145/2133601.2133635 dblp:conf/codaspy/AlmohriYK12 fatcat:xy2ue2mx5ndupj5exysuh6du5i

A Method of Risk Assessment for Multi-Factor Authentication

Jae-Jung Kim, Seng-Phil Hong
2011 Journal of Information Processing Systems  
and issues of such authentication methods in order to present a user authentication level system model suitable for different online services.  ...  With the increasingly diverse risks in online environments, user authentication methods are also becoming more diversified.  ...  level system) model into a 5 level user authentication system.  ... 
doi:10.3745/jips.2011.7.1.187 fatcat:7iix5wm3dndrrjksmadyoy5ude

Analysis on the Attribute Binding based Enhanced User Authentication

Tae Kyung Kim, Jae Hoon Nah
2013 International Journal of Security and Its Applications  
In this paper, we proposed the attribute binding based enhanced user authentication. User authentication is a simple process that is used to determine if an identity is real.  ...  We don't consider biometric authentication in this paper. Biometric authentication by itself can provide mid-level to high-level assurance.  ...  This identity corroboration process, also known as "out of wallet" knowledge-based authentication, is generally invoked when external users are requesting a high-risk transaction -for example, opening  ... 
doi:10.14257/ijsia.2013.7.6.25 fatcat:oeicgoeu3fhe5i56we4ad7u5xi

Towards security effectiveness measurement utilizing risk-based security assurance

Reijo M. Savola, Heimo Pentikainen, Moussa Ouedraogo
2010 2010 Information Security for South Africa  
This methodology is then applied to an example system: a Push E-mail service.  ...  This paper introduces an enhanced methodology to develop security effectiveness metrics that can be used in connection with correctness assurance of security controls.  ...  As the LoA classification is defined as be a generic assurance system for electronic authentication, specific security requirements existing in the particular SuI might require additional processing and  ... 
doi:10.1109/issa.2010.5588322 fatcat:joplcg5eljbhdo7hzurf67mk7a

Modeling Trusted Computing Support in a Protection Profile for High Assurance Security Kernels [chapter]

Hans Löhr, Ahmad-Reza Sadeghi, Christian Stüble, Marion Weber, Marcel Winandy
2009 Lecture Notes in Computer Science  
This paper presents a Common Criteria protection profile for high assurance security kernels (HASK-PP) based on the results and experiences of several (international) projects on design and implementation  ...  and authenticated boot in Section 4.1.  ...  We would like to thank Helmut Kurth and Gerald Krummeck from atsec information security for their invaluable contribution in writing the protection profile, and the anonymous reviewers for their thoughtful  ... 
doi:10.1007/978-3-642-00587-9_4 fatcat:nychxcvehfbxpbw3ibd4x2iase
« Previous Showing results 1 — 15 out of 91,706 results