发布求助
文献互助 智能选刊 最新文献

Information Security Technical Report最新文献

筛选
英文 中文
Mobile communication security controllers an evaluation paper 移动通信安全控制器评估论文
Information Security Technical Report Pub Date : 2008-08-01 DOI: 10.1016/j.istr.2008.09.004
Keith E. Mayes, Konstantinos Markantonakis
{"title":"Mobile communication security controllers an evaluation paper","authors":"Keith E. Mayes,&nbsp;Konstantinos Markantonakis","doi":"10.1016/j.istr.2008.09.004","DOIUrl":"10.1016/j.istr.2008.09.004","url":null,"abstract":"<div><p>Cellular communication via a traditional mobile handset is a ubiquitous part of modern life and as device technology and network performance continues to advance, it becomes possible for laptop computers, Personal Digital Assistants [PDAs; Note abbreviations will be shown in square brackets to avoid confusion with references.] and even electrical meters to better exploit mobile networks for wireless communication. As the diverse demands for network access and value added services increase, so does the importance of maintaining secure and consistent access controls. A critical and well-proven component of the GSM and UMTS security solution is the smart card in the form of the SIM or USIM respectively. This has also extended into some regions using variants of CDMA standards where the RUIM is specified. However with the enlarged range of communications devices, some manufacturers claim that the hardware selection, chip design, operating system implementation and security concept are different from traditional mobile phones. This has led to a suggestion that types of “Software SIM” should be used as an alternative to the smart card based solution. This paper investigates the suggestion.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"13 3","pages":"Pages 173-192"},"PeriodicalIF":0.0,"publicationDate":"2008-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2008.09.004","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122297189","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Identity management of e-ID, privacy and security in Europe. A human rights view 欧洲电子身份证的身份管理、隐私和安全。人权观点
Information Security Technical Report Pub Date : 2008-05-01 DOI: 10.1016/j.istr.2008.07.001
Paul De Hert
{"title":"Identity management of e-ID, privacy and security in Europe. A human rights view","authors":"Paul De Hert","doi":"10.1016/j.istr.2008.07.001","DOIUrl":"10.1016/j.istr.2008.07.001","url":null,"abstract":"<div><p>With privacy enhancing identity management, end users are given better ways for managing their identities for specific contexts. One could easily argue that the need to implement identity management systems that are privacy enhancing follows from the EU data protection regulation. One of the challenges while developing privacy enhancing identity management is getting governments to become genuinely interested, both in their capacity of data processing organisation and legislator or policy maker. Another challenge, this time for the private sector, is to find the right balance between data protection perfection and simplicity or users' convenience, while developing privacy enhancing identity management systems. After a brief discussion of these challenges we discuss the growing human rights recognition of the value of digital identity and its management. In particular, the German constitutional court seems to pave the way for a basic right to have digital identity protected and secured.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"13 2","pages":"Pages 71-75"},"PeriodicalIF":0.0,"publicationDate":"2008-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2008.07.001","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129658462","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
Legal and organizational challenges and solutions for achieving a pan-European electronic ID solution 实现泛欧洲电子身份解决方案的法律和组织挑战和解决方案
Information Security Technical Report Pub Date : 2008-05-01 DOI: 10.1016/j.istr.2008.06.001
Thomas Myhr
{"title":"Legal and organizational challenges and solutions for achieving a pan-European electronic ID solution","authors":"Thomas Myhr","doi":"10.1016/j.istr.2008.06.001","DOIUrl":"10.1016/j.istr.2008.06.001","url":null,"abstract":"<div><p>In this article I discuss the creation of a pan-European eID and the legal and organizational challenges connected to that in cross-border transactions within the EU/EEA. I mainly focus on issuance procedures and (the lack of) a European “standard” on a unique identifier of physical persons that can be used in the eID. My main solution here is to use, as far as possible, existing national and international requirements on the content of passport and how they are issued. In addition I present two issues that I think the European Commission should focus on that would have a significant positive effect on the work on achieving cross-border interoperability. These issues are (i) setting up requirements for Validation Authorities and self-declaratory schemes and (ii) setting up a quality classification system, where different national security levels can be mapped up against neutral requirements adopted by the European Commission.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"13 2","pages":"Pages 76-82"},"PeriodicalIF":0.0,"publicationDate":"2008-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2008.06.001","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116091238","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
The benefits and drawbacks of using electronic identities 使用电子身份的好处和缺点
Information Security Technical Report Pub Date : 2008-05-01 DOI: 10.1016/j.istr.2008.07.002
Geraint Price
{"title":"The benefits and drawbacks of using electronic identities","authors":"Geraint Price","doi":"10.1016/j.istr.2008.07.002","DOIUrl":"10.1016/j.istr.2008.07.002","url":null,"abstract":"<div><p>In this article we carry out a critical analysis of the benefits and drawbacks which are likely when we include electronic data to hold, validate and process the information used to generate and manage an identity. In addition, we consider the potential knock-on impact of this for the transactions which rely on this electronic identity information.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"13 2","pages":"Pages 95-103"},"PeriodicalIF":0.0,"publicationDate":"2008-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2008.07.002","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128035257","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Insights on identity documents based on the Belgian case study 基于比利时案例研究的身份证件透视
Information Security Technical Report Pub Date : 2008-05-01 DOI: 10.1016/j.istr.2008.06.004
Danny De Cock, Koen Simoens, Bart Preneel
{"title":"Insights on identity documents based on the Belgian case study","authors":"Danny De Cock,&nbsp;Koen Simoens,&nbsp;Bart Preneel","doi":"10.1016/j.istr.2008.06.004","DOIUrl":"10.1016/j.istr.2008.06.004","url":null,"abstract":"<div><p>Efficient eGovernment and eCommerce require the ability to authenticate citizens and transactions online, whereas the increasing mobility of citizens demands reliable identification. Identity documents tend to become the most popular form of identity tokens used for these purposes. An important problem, however, is that they can easily be passed on or used by a fraudster. We discuss the use of identity documents and the problem of linking these documents with their genuine holder. We discuss ePassports and eID cards in general using the Belgian identity documents as a reference.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"13 2","pages":"Pages 54-60"},"PeriodicalIF":0.0,"publicationDate":"2008-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2008.06.004","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131719043","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
“Building secure business applications at Microsoft” by J. Steer and A. Popli 《在微软构建安全的商业应用》,作者:J. Steer和A. Popli
Information Security Technical Report Pub Date : 2008-05-01 DOI: 10.1016/j.istr.2008.09.001
{"title":"“Building secure business applications at Microsoft” by J. Steer and A. Popli","authors":"","doi":"10.1016/j.istr.2008.09.001","DOIUrl":"https://doi.org/10.1016/j.istr.2008.09.001","url":null,"abstract":"","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"13 2","pages":"Page 104"},"PeriodicalIF":0.0,"publicationDate":"2008-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2008.09.001","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"137420515","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Building secure business applications at Microsoft 在微软建立安全的商业应用程序
Information Security Technical Report Pub Date : 2008-05-01 DOI: 10.1016/j.istr.2008.04.001
John Steer , Ashish Popli
{"title":"Building secure business applications at Microsoft","authors":"John Steer ,&nbsp;Ashish Popli","doi":"10.1016/j.istr.2008.04.001","DOIUrl":"10.1016/j.istr.2008.04.001","url":null,"abstract":"<div><p>Like many global enterprises, Microsoft depends on internally developed and third-party line-of-business (LOB) applications to run its daily business activities. Nearly 4000 LOB applications are in service at Microsoft including a significant number of applications that contain business-sensitive data, customer data, or confidential employee data.</p><p>In 2001 the Microsoft IT organization wanted to make sure that the company's security risk was appropriately managed. The Security Development Life cycle for IT (SDL-IT) was created within Microsoft IT to keep track of, assess, and address potential security and privacy vulnerabilities found in LOB applications. A specialist team called the Application Consulting and Engineering (ACE) Team was formed to manage the program, providing support and oversight ensuring that application development teams adhere to the SDL-IT process.</p><p>This paper contains descriptions of the processes and standards that make up the SDL-IT process and discusses best practices that might be useful to other organizations wishing to create and enforce a security and privacy processes for LOB applications. While this paper describes Microsoft ITs own security and privacy process the authors recognize that every organization is unique and believe that the technology agnostic SDL-IT process and methodologies described can be implemented in other enterprises.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"13 2","pages":"Pages 105-110"},"PeriodicalIF":0.0,"publicationDate":"2008-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2008.04.001","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122875986","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Some thoughts on the underlying logic and process underpinning Electronic Identity (e-ID) 关于电子身份(e-ID)的基本逻辑和流程的一些想法
Information Security Technical Report Pub Date : 2008-05-01 DOI: 10.1016/j.istr.2008.06.002
Tony Collings
{"title":"Some thoughts on the underlying logic and process underpinning Electronic Identity (e-ID)","authors":"Tony Collings","doi":"10.1016/j.istr.2008.06.002","DOIUrl":"10.1016/j.istr.2008.06.002","url":null,"abstract":"<div><p>This article I have outlined the fundamental issues that underpin any Identity or e-ID Scheme and any attempt to turn them into an automated e-ID delivery. The significance of Identity has almost gone un-noticed as our highly complex and interdependent technological society has evolved. It is only with the debate surrounding ID card systems and the rise of internet and electronic fraud that there is any awakening and understanding of the real issues that underpin identity and its impact upon society. The article examines why Identity matters by comparing what goes into the underlying logic and process underpinning electronic identity. The European Commission national ID Card scheme and other international perspectives are compared with what the USA is doing in this area and with what the UK is proposing with its national ID Card scheme. A discusses the basics components of identity, identity crime and some unintended consequences of electronic identity schemes.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"13 2","pages":"Pages 61-70"},"PeriodicalIF":0.0,"publicationDate":"2008-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2008.06.002","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131146138","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Identity management throughout one's whole life 贯穿一生的身份管理
Information Security Technical Report Pub Date : 2008-05-01 DOI: 10.1016/j.istr.2008.06.003
Marit Hansen , Andreas Pfitzmann , Sandra Steinbrecher
{"title":"Identity management throughout one's whole life","authors":"Marit Hansen ,&nbsp;Andreas Pfitzmann ,&nbsp;Sandra Steinbrecher","doi":"10.1016/j.istr.2008.06.003","DOIUrl":"10.1016/j.istr.2008.06.003","url":null,"abstract":"<div><p>Identity management has to comprise all areas of life throughout one's whole lifetime to gain full advantages, e.g., ease-of-use for all kinds of digital services, authenticity and authorisation, reputation and user-controlled privacy.</p><p>To help laying the foundations for identity management applicable to people's whole life, we describe the formation of digital identities happening numerous times within one's physical life, i.e., their establishment, evolvement and termination, and derive building blocks for managing these digital identities from the needs of individuals and of society.</p><p>The identity attributes occurring and developing can be categorised according to their sensitiveness and the security requirements individuals have regarding them. We give an analysis of the sensitivity of identities and their attributes w.r.t. privacy and security both from a legal and individual's perspective. This leads to how systems for identity management throughout one's whole life should be designed using the building blocks derived.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"13 2","pages":"Pages 83-94"},"PeriodicalIF":0.0,"publicationDate":"2008-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2008.06.003","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124009513","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 36
Secure software development: Why the development world awoke to the challenge 安全软件开发:为什么开发界意识到了挑战
Information Security Technical Report Pub Date : 2008-01-01 DOI: 10.1016/j.istr.2008.03.001
Mason Brown, Alan Paller
{"title":"Secure software development: Why the development world awoke to the challenge","authors":"Mason Brown,&nbsp;Alan Paller","doi":"10.1016/j.istr.2008.03.001","DOIUrl":"10.1016/j.istr.2008.03.001","url":null,"abstract":"<div><p>From the beginning of the information security age 20 years ago, CIOs have asked over and over, “when will programmers stop making security mistakes?” But other than highly visible efforts by a few large software vendors, the software development community has not heard the question. At least they have not responded until now.</p><p>More than 40 large organizations, from Tata Consulting Services (the largest outsourcer in India) to Intel, from Boeing to Siemens, have joined together to raise the visibility of secure software development – and they are having an impact.</p><p>This article chronicles the forces that brought the consortium together and the steps that they have taken to improve the practice of secure coding throughout the development lifecycle.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"13 1","pages":"Pages 40-43"},"PeriodicalIF":0.0,"publicationDate":"2008-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2008.03.001","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124889280","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信