Performance analysis of the CONFIDANT protocol
Proceedings of the 3rd ACM international symposium on Mobile ad hoc networking & computing
Classification of malicious host threats in mobile agent computing
SAICSIT '02 Proceedings of the 2002 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology
Journal of Network and Systems Management
Automated Software Engineering
Network Security for Substation Automation Systems
SAFECOMP '01 Proceedings of the 20th International Conference on Computer Safety, Reliability and Security
Establishing the business value of network security using analytical hierarchy process
Creating business value with information technology
Applying data mining to intrusion detection: the quest for automation, efficiency, and credibility
ACM SIGKDD Explorations Newsletter
Taxonomy of security considerations and software quality
Communications of the ACM - E-services: a cornucopia of digital offerings ushers in the next Net-based evolution
Formalising key distribution in the presence of trust using object-Z
ACSW Frontiers '03 Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003 - Volume 21
An approach to usable security based on event monitoring and visualization
Proceedings of the 2002 workshop on New security paradigms
Report on a working session on security in wireless ad hoc networks
ACM SIGMOBILE Mobile Computing and Communications Review
Payment technologies for E-commerce
What QoS research hasn't understood about risk
RIPQoS '03 Proceedings of the ACM SIGCOMM workshop on Revisiting IP QoS: What have we learned, why do we care?
Current security management & Ethical issues of information technology
A methodology for developing trusted information systems: the security requirements analysis phase
Current security management & Ethical issues of information technology
Biometrics: past, present and future
Current security management & Ethical issues of information technology
New challenges in privacy protection
Advanced topics in global information management
The domino effect of password reuse
Communications of the ACM - Human-computer etiquette
A cooperative intrusion detection system for ad hoc networks
Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks
Security issues in ad hoc networks
The handbook of ad hoc wireless networks
Computer Security in the Real World
Computer
Elaborating Security Requirements by Construction of Intentional Anti-Models
Proceedings of the 26th International Conference on Software Engineering
Model-Based Evaluation: From Dependability to Security
IEEE Transactions on Dependable and Secure Computing
Algebraic specification of network security risk management
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
(Awarded Best Theory Paper!) A Probabilistic Approach to Estimating Computer System Reliability
LISA '01 Proceedings of the 15th USENIX conference on System administration
Design of network security projects using honeypots
Journal of Computing Sciences in Colleges
Proceedings of the 1st annual conference on Information security curriculum development
Social navigation as a model for usable security
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Computer
Secure Software Development by Example
IEEE Security and Privacy
A secure architectural description language for agent systems
Proceedings of the fourth international joint conference on Autonomous agents and multiagent systems
Trust and accountability issues in scalable invalidation-based web cache consistency
ACM SIGOPS Operating Systems Review
In the eye of the beholder: a visualization-based approach to information system security
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Collaboration and Trust in Healthcare Innovation: The eDiaMoND Case Study
Computer Supported Cooperative Work
The trouble with login: on usability and computer security in ubiquitous computing
Personal and Ubiquitous Computing
Toward a threat model for storage systems
Proceedings of the 2005 ACM workshop on Storage security and survivability
How to think about security failures
Communications of the ACM - Personal information management
To download or not to download: an examination of computer security decision making
interactions - A contradiction in terms?
Minimal-feedback hints for remembering passwords
interactions - A contradiction in terms?
Denali: a scalable isolation kernel
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
ACSC '06 Proceedings of the 29th Australasian Computer Science Conference - Volume 48
A scalable approach to attack graph generation
Proceedings of the 13th ACM conference on Computer and communications security
Some information is too dangerous to be on the internet
ACM SIGCAS Computers and Society
Stochastic dynamics of music album lifecycle: An analysis of the new market landscape
International Journal of Human-Computer Studies
What is your husband's name?: sociological dimensions of internet banking authentication
OZCHI '06 Proceedings of the 18th Australia conference on Computer-Human Interaction: Design: Activities, Artefacts and Environments
Ethical hacking and password cracking: a pattern for individualized security exercises
InfoSecCD '06 Proceedings of the 3rd annual conference on Information security curriculum development
Security problems with improper implementations of improved FEA-M
Journal of Systems and Software
The social dimensions of the security of internet banking
Journal of Theoretical and Applied Electronic Commerce Research
Password sharing: implications for security design based on social practice
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Creating a Computer Security Curriculum in a Software Engineering Program
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Detecting Denial-of-Service attacks using the wavelet transform
Computer Communications
Personal Brokerage of Web Service Access
IEEE Security and Privacy
End-user privacy in human-computer interaction
Foundations and Trends in Human-Computer Interaction
Implementing Embedded Security on Dual-Virtual-CPU Systems
IEEE Design & Test
Threat modeling using attack trees
Journal of Computing Sciences in Colleges
Secure information systems engineering: a manifesto
International Journal of Electronic Security and Digital Forensics
International Journal of Information and Computer Security
Ethical aspects of web log data mining
International Journal of Information Technology and Management
A framework for reasoning about the human in the loop
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Information systems security and human behaviour
Behaviour & Information Technology
Using Cartoons to Teach Internet Security
Cryptologia
Social Engineering Techniques, Risks, and Controls
The EDP Audit, Control, and Security Newsletter
On the Anatomy of Human Hacking
Information Systems Security
SRRS: a recommendation system for security requirements
Proceedings of the 2008 international workshop on Recommendation systems for software engineering
Collective information practice: emploring privacy and security as social and cultural phenomena
Human-Computer Interaction
Engineering of Software-Intensive Systems: State of the Art and Research Challenges
Software-Intensive Systems and New Computing Paradigms
Experimental comparison of attack trees and misuse cases for security threat identification
Information and Software Technology
Two-factor cancelable biometrics authenticator
Journal of Computer Science and Technology
Guest Editorial: Information fusion in computer security
Information Fusion
Later stages support for security requirements
The Fifth Richard Tapia Celebration of Diversity in Computing Conference: Intellect, Initiatives, Insight, and Innovations
Proceedings of the 46th Annual Southeast Regional Conference on XX
Trust and security in Personal Network environments
International Journal of Electronic Security and Digital Forensics
The compliance budget: managing security behaviour in organisations
Proceedings of the 2008 workshop on New security paradigms
Position: the user is the enemy
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Security and usability research using a microworld environment
Proceedings of the 11th International Conference on Human-Computer Interaction with Mobile Devices and Services
THE WAY I SEE IT: When security gets in the way
interactions - Catalyzing a Perfect Storm
Cybersecurity: Stakeholder incentives, externalities, and policy options
Telecommunications Policy
Toward Reasoning about Security Protocols: A Semantic Approach
Electronic Notes in Theoretical Computer Science (ENTCS)
Young Australians' privacy, security and trust in internet banking
OZCHI '09 Proceedings of the 21st Annual Conference of the Australian Computer-Human Interaction Special Interest Group: Design: Open 24/7
International Journal of Security and Networks
The true cost of unusable password policies: password use in the wild
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Learning unknown attacks - a start
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Performance adaptation in real-time intrusion detection systems
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Users and trust: the new threats, the new possibilities
UAHCI'07 Proceedings of the 4th international conference on Universal access in human-computer interaction: applications and services
Specifying standard security mechanisms in multi-agent systems
AAMAS'02 Proceedings of the 2002 international conference on Trust, reputation, and security: theories and practice
Strategic games on defense trees
FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
Processing multi-parameter attacktrees with estimated parameter values
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
A logical framework for evaluating network resilience against faults and attacks
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
The technologist and internet security and privacy practices
UI-HCII'07 Proceedings of the 2nd international conference on Usability and internationalization
Security design based on social and cultural practice: sharing of passwords
UI-HCII'07 Proceedings of the 2nd international conference on Usability and internationalization
How knowledge management can support the IT security of eGovernment services
KMGov'03 Proceedings of the 4th IFIP international working conference on Knowledge management in electronic government
Dependability metrics
BANBAD - A Centralized belief-networks-based anomaly detection algorithm for MANETs
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Two heads are better than one: security and usability of device associations in group scenarios
Proceedings of the Sixth Symposium on Usable Privacy and Security
Towards holistic security management through coherent measuring
Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
Policy framework for security and privacy management
IBM Journal of Research and Development
Cyber security analysis using attack countermeasure trees
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
QoS-T: QoS throttling to elicit user cooperation in computer systems
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
A data-centric approach to insider attack detection in database systems
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Nodes bearing grudges: towards routing security, fairness, and robustness in mobile ad hoc networks
EUROMICRO-PDP'02 Proceedings of the 10th Euromicro conference on Parallel, distributed and network-based processing
Using attack and protection trees to analyze threats and defenses to homeland security
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Managing the risks of smarter planet solutions
IBM Journal of Research and Development
A chronological database as backbone for clinical practice and research data management
CBMS'03 Proceedings of the 16th IEEE conference on Computer-based medical systems
Discovering Multidimensional Correlations among Regulatory Requirements to Understand Risk
ACM Transactions on Software Engineering and Methodology (TOSEM)
Layered security architecture for threat management using multi-agent system
ACM SIGSOFT Software Engineering Notes
Security in the context of multi-agent systems
The 10th International Conference on Autonomous Agents and Multiagent Systems - Volume 3
Value conflicts for information security management
The Journal of Strategic Information Systems
Rational choice of security measures via multi-parameter attack trees
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
A trust assignment model based on alternate actions payoff
iTrust'06 Proceedings of the 4th international conference on Trust Management
Quantifying the security of composed systems
PPAM'05 Proceedings of the 6th international conference on Parallel Processing and Applied Mathematics
Zero footprint secure internet authentication using network smart card
CARDIS'06 Proceedings of the 7th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Supporting security sensitive architecture design
QoSA'05 Proceedings of the First international conference on Quality of Software Architectures and Software Quality, and Proceedings of the Second International conference on Software Quality
Towards a comprehensive framework for secure systems development
CAiSE'06 Proceedings of the 18th international conference on Advanced Information Systems Engineering
Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model
Journal of Management Information Systems
Barry is not the weakest link: eliciting secure system requirements with personas
BCS '10 Proceedings of the 24th BCS Interaction Specialist Group Conference
Measuring resistance to social engineering
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Towards a cyber security reporting system – a quality improvement process
SAFECOMP'05 Proceedings of the 24th international conference on Computer Safety, Reliability, and Security
On fast and approximate attack tree computations
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
OWA trees and their role in security modeling using attack trees
Information Sciences: an International Journal
Aegis: a novel cyber-insurance model
GameSec'11 Proceedings of the Second international conference on Decision and Game Theory for Security
Modeling internet security investments: tackling topological information uncertainty
GameSec'11 Proceedings of the Second international conference on Decision and Game Theory for Security
ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
A quantitative risk analysis approach for deliberate threats
CRITIS'10 Proceedings of the 5th international conference on Critical Information Infrastructures Security
SP 800-44 Version 2. Guidelines on Securing Public Web Servers
SP 800-44 Version 2. Guidelines on Securing Public Web Servers
Rational security: Modelling everyday password use
International Journal of Human-Computer Studies
PODS '12 Proceedings of the 31st symposium on Principles of Database Systems
International Journal of Information Management: The Journal for Information Professionals
Vulnerability Assessment: Assessment Of Vulnerability Scanners
Network Security
Generating obstacle conditions for requirements completeness
Proceedings of the 34th International Conference on Software Engineering
Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees
Security and Communication Networks
Learning from your elders: a shortcut to information security management success
SAFECOMP'07 Proceedings of the 26th international conference on Computer Safety, Reliability, and Security
Designing digital security course in educational sciences
International Journal of Knowledge Engineering and Soft Data Paradigms
NAPTune: fine tuning graphical authentication
Proceedings of the 3rd International Conference on Human Computer Interaction
Mitigating multi-threats optimally in proactive threat management
ACM SIGSOFT Software Engineering Notes
User Perceptions of Security Technologies
International Journal of Information Security and Privacy
Eliciting Policy Requirements for Critical National Infrastructure Using the IRIS Framework
International Journal of Secure Software Engineering
Risk-Based models of attacker behavior in cybersecurity
SBP'13 Proceedings of the 6th international conference on Social Computing, Behavioral-Cultural Modeling and Prediction
Accountability in enterprise mashup services
Advances in Software Engineering
Cost-benefit analysis of digital rights management products using stochastic models
Proceedings of the 46th Annual Simulation Symposium
Value-based argumentation for designing and auditing security measures
Ethics and Information Technology
Comparing attack trees and misuse cases in an industrial setting
Information and Software Technology
End User Security Training for Identification and Access Management
Journal of Organizational and End User Computing
| Hi-index | 0.00 |
From the Book:I have written this book partly to correct a mistake. Seven years ago I wrote another book: Applied Cryptography. In it, I described a mathematical utopia: algorithms that would keep your deepest secrets safe for millennia, protocols that could perform the most fantastical electronic interactions-unregulated gambling, undetectable authentication, anonymous cash-safely and securely. In my vision cryptography was the great technological equalizer; anyone with a cheap (and getting cheaper every year) computer could have the same security as the largest government. In the second edition of the same book, written two years later, I went so far as to write: "It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics." It's just not true. Cryptography can't do any of that. It's not that cryptography has gotten weaker since 1994, or that the things I described in that book are no longer true; it's that cryptography doesn't exist in a vacuum. Cryptography is a branch of mathematics. And like all mathematics, it involves numbers, equations, and logic. Security, palpable security that you or I might find useful in our lives, involves people: things people know, relationships between people, people and how they relate to machines. Digital security involves computers: complex, unstable, buggy computers. Mathematics is perfect; reality is subjective. Mathematics is defined; computers are ornery. Mathematics is logical; people are erratic, capricious, and barely comprehensible. The error of Applied Cryptography is that I didn't talk at all about the context. I talked about cryptography as if it were The Answer. I was pretty naive. Theresult wasn't pretty. Readers believed that cryptography was a kind of magic security dust that they could sprinkle over their software and make it secure. That they could invoke magic spells like "128-bit key" and "public-key infrastructure." A colleague once told me that the world was full of bad security systems designed by people who read Applied Cryptography. Since writing the book, I have made a living as a cryptography consultant: designing and analyzing security systems. To my initial surprise, I found that the weak points had nothing to do with the mathematics. They were in the hardware, the software, the networks, and the people. Beautiful pieces of mathematics were made irrelevant through bad programming, a lousy operating system, or someone's bad password choice. I learned to look beyond the cryptography, at the entire system, to find weaknesses. I started repeating a couple of sentiments you'll find throughout this book: "Security is a chain; it's only as secure as the weakest link." "Security is a process, not a product." Any real-world system is a complicated series of interconnections. Security must permeate the system: its components and connections. And in this book I argue that modern systems have so many components and connections-some of them not even known by the systems' designers, implementers, or users-that insecurities always remain. No system is perfect; no technology is The Answer. This is obvious to anyone involved in real-world security. In the real world, security involves processes. It involves preventative technologies, but also detection and reaction processes, and an entire forensics system to hunt down and prosecute the guilty. Security is not a product; it itself is a process. And if we're ever going to make our digital systems secure, we're going to have to start building processes. A few years ago I heard a quotation, and I am going to modify it here: If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology. This book is about those security problems, the limitations of technology, and the solutions. Read this book in order, from beginning to end. No, really. Many technical books are meant to skim, bounce around in, and use as a reference. This book isn't. This book has a plot; it tells a story. And like any good story, it makes less sense telling it out of order. The chapters build on each other, and you won't buy the ending if you haven't come along on the journey. Actually, I want you to read the book through once, and then read it through a second time. This book argues that in order to understand the security of a system, you need to look at the entire system-and not at any particular technologies. Security itself is an interconnected system, and it helps to have cursory knowledge of everything before learning more about anything. But two readings is probably too much to ask; forget I mentioned it. This book has three parts. Part 1 is "The Landscape," and gives context to the rest of the book: who the attackers are, what they want, and what we need to deal with the threats. Part 2 is "Technologies," basically a bunch of chapters describing different security technologies and their limitations. Part 3 is "Strategies": Given the requirements of the landscape and the limitations of the technologies, what do we do now? I think digital security is about the coolest thing you can work on today, and this book reflects that feeling. It's serious, but fun, too. Enjoy the read.