{"title":"信息安全是一个矛盾的说法吗?","authors":"J. Knight","doi":"10.1109/CMPASS.1997.613273","DOIUrl":null,"url":null,"abstract":"Although weaknesses have been demonstrated in some security techniques (encryption, protocols, mobile code such as Java, etc.), current security technology is quite strong in many areas. Despite this, information security has proved difficult to achieve in large modern software systems. Many problems have been reported in which supposedly secure systems have been penetrated and in some cases significant damage done. In practice, it appears that many (perhaps even the majority) of serious security failures are attributable to software engineering defects in the systems experiencing the failure. The author discusses the use of wrappers which can deal with deficiencies in security and considers the software architectural approach.","PeriodicalId":377266,"journal":{"name":"Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance","volume":"39 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1997-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Is information security an oxymoron?\",\"authors\":\"J. Knight\",\"doi\":\"10.1109/CMPASS.1997.613273\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Although weaknesses have been demonstrated in some security techniques (encryption, protocols, mobile code such as Java, etc.), current security technology is quite strong in many areas. Despite this, information security has proved difficult to achieve in large modern software systems. Many problems have been reported in which supposedly secure systems have been penetrated and in some cases significant damage done. In practice, it appears that many (perhaps even the majority) of serious security failures are attributable to software engineering defects in the systems experiencing the failure. The author discusses the use of wrappers which can deal with deficiencies in security and considers the software architectural approach.\",\"PeriodicalId\":377266,\"journal\":{\"name\":\"Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance\",\"volume\":\"39 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1997-06-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CMPASS.1997.613273\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CMPASS.1997.613273","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Although weaknesses have been demonstrated in some security techniques (encryption, protocols, mobile code such as Java, etc.), current security technology is quite strong in many areas. Despite this, information security has proved difficult to achieve in large modern software systems. Many problems have been reported in which supposedly secure systems have been penetrated and in some cases significant damage done. In practice, it appears that many (perhaps even the majority) of serious security failures are attributable to software engineering defects in the systems experiencing the failure. The author discusses the use of wrappers which can deal with deficiencies in security and considers the software architectural approach.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
