The formal semantics of programming languages: an introduction
The formal semantics of programming languages: an introduction
A lattice model of secure information flow
Communications of the ACM
A secure authentication scheme for a public terminal before a transaction
NBiS'07 Proceedings of the 1st international conference on Network-based information systems
| Hi-index | 0.00 |
With increasing numbers of commercial and government services being considered for electronic delivery, effective vulnerability analysis will become increasingly critical. Organizing sets of proposed electronic services into security taxonomies will be a key part of this work. However, brute force enumeration of services and risks is inefficient, and ad hoc methods require reinvention with each new set of services. Furthermore, both such approaches fail to communicate effectively the tradeoffs between vulnerabilities and features in a set of electronic services, and fail to scale to large sets of services. From our experience advising players considering electronic delivery, we have developed a general, systematic, and scalable methodology that addresses these concerns. In this paper, we present this methodology, and apply it to the example of electronic services offered via kiosks (since kiosk systems are representative of a wide range of security issues in electronic commerce).