Advanced search Help
Searching for terms: EXACT: "Irvine, Cynthia E." in: author
Clear all search criteria
Only 2/3! You are seeing results from the Public Collection, not the complete Full Collection. Sign in to search everything (see eligibility).
-
Teaching Security Engineering Principles
"The design and construction of secure systems cannot be entirely captured in textbooks or class notes, but must be taught as an art which is learned through apprenticeship and practice. This paper describes a course in Secure Systems that uses the Flaw Hypothesis Methodology for penetration testing as a vehicle for motivating and teaching students fundamental principles of security engineering."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.
2001-04
-
Security Policy Enforcement
"Security policies are essential for computer and network security. Without a policy, security mechanisms are merely vacuous ad hoc functions that are combined to 'do something,' but what they might achieve, if anything, cannot be determined. At the management level, users must determine information assets that must be protected and must understand whether the authorizations for access to those assets are static or dynamic. This permits mandatory, discretionary, and supporting policies to be differentiated. The nature of the policy will determine the mechanisms to be used for its enforcement. How those mechanisms are constructed addresses both developmental and operational threats. Assurance is derived from the rigorous security engineering process applied to its development and to the controls maintained over the system throughout its entire lifecycle. Independent assessment provides confidence that claims made regarding the correctness and completeness of the security policy enforcement mechanisms are valid."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.
2005-09-21
-
Cybersecurity Considerations for Information Systems
"The significant efficiencies possible through the use of information technology in public systems are alluring, however, as the value of the information stored electronically increases, computer systems become targets for abuse and attack. To ensure continued public confidence in these systems, managers need to understand the impact of security shortcomings in their automated systems. A high level taxonomy of threats to information systems is presented to provide a basis for security requirements. Fundamental concepts of computer security are reviewed. The costs and benefits of investment in cybersecurity will be introduced. The concept of organizational information policy, mechanisms for its enforcement, and the value of assurance and the notion of costs and benefits of investment in cybersecurity are presented."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.
-
Security Architecture for Transient Trust
"In extraordinary situations, certain individuals may require access to information for which they are not normally authorized. For example, to facilitate rescue of people trapped inside of a burning building, firefighters may need its detailed floor plan -- information that may not typically be accessible to emergency responders. Thus, it is necessary to provide transient trust so that such sensitive information is available to selected individuals only during the emergency. The architecture presented here is designed to support transient trust. It encompasses pre-positioned, updateable domains for use exclusively during emergencies along with a set of 'normal' domains with different sensitivity levels. Allocated to partitions, these domains are entered via a high integrity trusted path service located in a separate trusted partition. Interaction among subjects in different partitions is controlled by a high assurance separation kernel, and efficient use of devices is achieved through the application of a three-part device model. The resulting architecture enforces mandatory security policies, yet ensures secure and revocable access to a class of information during declared emergencies."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.; Clark, Paul C.
2008-10
-
Expressing an Information Security Policy within a Security Simulation Game
"The Center for the Information Systems Studies and Research (CISR) at the Naval Postgraduate School has established a broad program in computer and network security education. The program, founded on a core in traditional computer science, is extended by a progression of specialized courses and a broad set of information assurance research projects. A CISR objective has been improvement of information assurance education and training for the U.S. military and government. Pursuant to that objective, CISR is developing a computer simulation game, CyberCIEGE, to teach computer security principles. CyberCIEGE players construct computer networks and make choices affecting the ability of these networks and the game's virtual users to protect valuable assets from attack by both vandals and wellmotivated professionals. CyberCIEGE includes a language for expressing different security related scenarios. A central part of this language is an ability to express a variety of different information security policies."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Thompson, Michael F.
2004-07
-
CyberCIEGE: An Information Assurance Teaching Tool for Training and Awareness
"Good security is not intrusive and can be almost invisible to typical users, who are often unaware of or take it for granted. However, good security practice by user populations is a critical element of an organization's information assurance strategy. This is reflected in government information assurance teaching mandates such as DoD Directive 8570.1, which outlines objectives and requirements for information assurance (IA) education, training and awareness. Although mundane education, training and awareness programs may temporarily raise user interest, for many, mandatory education is considered a distracting waste of time. A new approach is needed to convey IA concepts that will engage the user's imagination. CyberCIEGE is an innovative computer-based tool to teach information assurance concepts. The tool enhances information assurance education and training through the use of computer gaming techniques. In the CyberCIEGE virtual world, students spend virtual money to operate and defend their networks, and can watch the consequences of their choices, while under attack. This paper describes CyberCIEGE and will present ways in which this tool can be used to achieve Federal and DoD information assurance teaching objectives."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Thompson, Michael F.; Allen, Ken
2005-03
-
CyberCIEGE: An Extensible Tool for Information Assurance Education
"The purpose of CyberCIEGE is to create an extensible Information Assurance (IA) teaching and learning laboratory. Through a scenario definition language, educators can create simulations to demonstrate specific IA concepts. In addition to rigorous scientific foundations, it involves the application of abstract principles to a virtual world. This hands-on virtual laboratory provides a dynamic and often surprising context where abstract principles can be applied. [...] This paper describes the motivation for CyberCIEGE and the basics of resource management games. Essential components of CyberCIEGE are presented along with an overview of typical game play. How CyberCIEGE can be used by educators to enhance information assurance classes as well as a description of the 'open source' paradigm available for sharing CyberCIEGE scenarios and related teaching materials will be discussed."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Thompson, Michael F.; Allen, Ken
-
Simulation of PKI-Enabled Communication for Identity Management Using CyberCIEGE
"CyberCIEGE is a sophisticated network security simulation packaged as a video game and used by educators around the world to enhance information assurance education and training at universities, community colleges, within the DoD, and in other government agencies. The CyberCIEGE game engine was recently expanded to include Public Key Infrastructure (PKI) features including certification authorities, selection of installed roots and cross certification. CyberCIEGE Virtual Private Network (VPN) gateways, VPN clients and email clients were then extended to incorporate the new PKI features. CyberCIEGE PKI abstractions are described in terms of player configuration choices and the consequences of these choices on network management and vulnerabilities. The CyberCIEGE game engine modifications include modeling of chains of trust and risks of cross certification schemes. The benefits of these enhancements include coherent integration of identity management technologies, ranging from the human interface through to the supporting distributed infrastructure, into scenarios. Benefits also include support for recent new scenarios focused on the PKI infrastructure, identity management, or both; and the ability to tie both identity management and PKI to concepts of identification, authentication, provenance, and access control. [...] Our paper begins with an overview of CyberCIEGE's components. Then we describe the CyberCIEGE network simulation, and that is followed by a discussion of game engine extensions made to represent identity management, PKI functions and PKI-enabled applications. These extensions are designed to help students understand issues related to the management of the identity of users and the identity of data. This work included configurable VPNs, email encryption and authentication, and support for simulated PKI functions within the game."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Thompson, Michael F.
2010-11
-
Scholarship for Service: IA Tutorials and Workshops for Educators
"In 2003 and 2004 the Center for Information Systems Security Studies and Research (CISR) at the Naval Postgraduate School organized tutorials and workshops with the intent of increasing the capacity of the United States higher education enterprise to produce professionals in the fields of Information Assurance (IA) and computer security by hosting a series of workshops for education in Information Assurance. The target audience of the workshops has been 2-year, 4- year college, and university-level educators who have responsibility for teaching curricula that are, or could be, related to Information Assurance issues. Participation by instructors from institutions serving under-represented groups was high. Attendance at the tutorials was maximized both years. The participants indicated that they benefited substantially from both the tutorials and the subsequent gathering of IA educators at the Workshop on Education in Computer Security (WECS)."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Falby, Naomi B.
-
Performance Impact of Connectivity Restrictions and Increased Vulnerability Presence on Automated Attack Graph Generation
"The current generation of network vulnerability detection software uses databases of known vulnerabilities and scans target networks for these weaknesses. The results can be voluminous and difficult to assess. Thus, the success of this technology has created a need for software to aid in network vulnerability analysis. Although research has shown the effectiveness of automated attack graph generation tools in displaying potential attack paths in a network, research involving the performance of these tools has been limited. The performance impact of connectivity restrictions and the number of vulnerabilities present on a network for these tools is not well understood. Using empirical testing, we have collected quantitative data using CAULDRON, an attack graph generation tool developed at George Mason University, on a collection of simulated networks defined to modulate connectivity at certain points in our networks and represent the number of vulnerabilities present per node. By defining our model to include sets of nodes, which allow connectivity from all nodes to all vulnerable nodes in the set; the number of nodes present in each set, the number of connections between sets; and the number of vulnerabilities per node as our variables, we are able to observe the performance impact on CAULDRON of both connectivity restrictions and the increased presence of vulnerabilities in our networks. The effect of these variables on processing time and memory usage is presented and can be used as a metric to assess the scalability of this tool within various customer environments."
Naval Postgraduate School (U.S.). Center for Information Systems Security Studies and Research
Irvine, Cynthia E.; Levin, Timothy E.; Cullum, James
2007-03
-
Analysis of Three Kernel-Based Multilevel Security Architectures
"Various system architectures have been proposed for highly robust enforcement of multilevel security (MLS). This paper provides an analysis of the relative merits of three architectural types--one based on a traditional separation kernel, another based on a security kernel, and a third based on a high-robustness separation kernel. We show that by taking advantage of commonly available hardware features, and incorporating security features required by the nascent Separation Kernel Protection Profile (SKPP), the latter architecture may provide several aspects of security and assurance that are not achievable with the other two."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.; Nguyen, Thuy D.
2006-08-25
-
Emergency Response for Cyber Infrastructure Management
"The objective of this research is to investigate architectural mechanisms to provide an emergency response capability for Cyber Infrastructure management through the use of distributed, highly secure, protected domains. Instead of creating a costly physically separate cyber domain, logical separation is used. This work developed an architecture and prototype demonstration in the context of an open source operating system."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Dinolt, George W.; Levin, Timothy E.
2003-02
-
Effects of Security Choices and Limits in a Metacomputing Environment
"It is anticipated that the introduction of metacomputing and distributed resource management mechanisms to the Internet and World Wide Web will make available to users and applications a large diversity of previously unavailable network and computing resources. New methods of managing the scheduling and allocation of distributed resources bring into focus new problems and approaches for managing security in those contexts. We present an analysis layered and variable security services and requirements. These services and requirements may be accessed via a network control program such as a Resource Management System (RMS) which is responsible for scheduling resources in distributed heterogeneous environments. The RMS will not present the same virtual computer/network to the same job each time it is submitted for execution. Each instance will be comprised of potentially different actual resources with different properties. Our objective is to understand how user and application requirements, characterized as choices and limits, can affect the overall security provided. A method is presented for fairly measuring the effectiveness of an RMS in performing security allocation and assignments with respect to security choices made by metacomputer users and applications."
Naval Postgraduate School (U.S.). Center for Information Systems Security Studies and Research
Irvine, Cynthia E.; Levin, Timothy E.
2000-01-31
-
Cautionary Note Regarding the Data Integrity Capacity of Certain Secure Systems
"The need to provide standard commercial-grade productivity applications as the general purpose user interface to high-assurance data processing environments is compelling, and has resulted in proposals for several different types of trusted systems. We characterize some of these systems as a class of architecture. We discuss the general integrity property that systems can only be trusted to manage modifiable data whose integrity is at or below that of their interface components. One effect of this property is that in terms of integrity these hybrid-security systems are only applicable to processing environments where the integrity of data is consistent with that of low-assurance software. Several examples are provided of hybrid-security systems subject to these limitations."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.
2002
-
Video Game for Cyber Security Training and Awareness
"Although many of the concepts included in cyber security awareness training are universal, such training often must be tailored to address the policies and requirements of a particular organization. In addition, many forms of training fail because they are rote and do not require users to think about and apply security concepts. A flexible, highly interactive video game, CyberCIEGE, is described as a security awareness tool that can support organizational security training objectives while engaging typical users in an engaging security adventure. The game is now being successfully utilized for information assurance education and training by a variety of organizations. Preliminary results indicate the game can also be an effective addition to basic information awareness training programs for general computer users (e.g., annual awareness training.) Typical employees of both large and small organizations may be made acutely aware of a wide array of cyber security problems. These range from spam and phishing to well organized attacks intended to corrupt or disable systems. Despite these constant reminders, users often take an ostrich-like attitude toward the security of the information systems they use, believing that there is little that they can do to mitigate this onslaught of problems. Even within the major organizations, users select trivial passwords or think that, so long as they keep their machines within viewing distance, arbitrary hookups to unknown networks and to the Internet pose no threat. Thus, despite their increased awareness of security problems, users and administrators of systems continue to take few effective precautions."
Naval Postgraduate School (U.S.). Center for Information Systems Security Studies and Research
Irvine, Cynthia E.; Thompson, Michael; Cone, Benjamin D.
2007-06
-
Sixth Workshop on Education in Computer Security (WECS6): Avoiding Fear, Uncertainty and Doubt Through Effective Security Education
"Naturally, information security educators play an important role in addressing the problems of fear, uncertainty and doubt. We can provide our students with an understanding of system vulnerabilities, the threat agents to whom such vulnerabilities would be attractive, and techniques for mitigating those threats. Even more importantly, our students can be practiced in the critical thinking skills necessary to discern cyber security snake oil and voodoo from sound security architectures and products. It is within this context that we welcome you to the Sixth Workshop on Education in Computer Security (WECS). Our theme this year is 'Avoiding Fear, Uncertainty, and Doubt through Effective Security Education.' The papers contained in this volume present tools and techniques that have been used in undergraduate and graduate settings. Some of the papers describe entire programs or courses, while others present laboratory activities; a few papers explore rather unusual techniques for conveying the cyber security message. The scope of our field continues to expand and this year's workshop includes papers that will broaden our horizons and enrich our teaching. We hope that the readers of this volume will join the conference organizers, authors and participants for future workshops and conferences on information security education."
Naval Postgraduate School (U.S.)
Murray, William Hugh; Tikekar, Rahul V.; Levin, Timothy E. . . .
2004-07
-
Subversion as a Threat in Information Warfare
"As adversaries develop Information Warfare capabilities, the threat of information system subversion presents a significant risk. System subversion will be defined and characterized as a warfare tool. Through recent security incidents, it is shown that means, motive, and opportunity exist for subversion, that this threat is real, and that it represents a significant vulnerability. Mitigation of the subversion threat touches the most fundamental aspect of the security problem: proving the absence of a malicious artifice. A constructive system engineering technique to mitigate the subversion threat is identified."
Naval Postgraduate School (U.S.)
Anderson, Emory A.; Irvine, Cynthia E.; Schell, Roger R.
2004-06
-
KeyNote Policy Files and Conversion to Disjunctive Normal Form for Use in IPsec
This technical report describes the utility developed for converting a KeyNote policy file to Disjunctive Normal Form, so that it can be further utilized in research on Quality of Security Service for IPsec. Some background information on KeyNote and IPsec, on the Disjunctive Normal Form of logical expressions, as well as on lex and yacc tools, can be found in the introductory paragraphs of this document.
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.; Spyropoulou, Evdoxia
2002-01
-
MYSEA Security Architecture
This document describes an innovative architecture consisting of trusted security services and integrated operating system mechanisms for the protection of distributed multi-domain computing environments from malicious code and other attacks. These security services and mechanisms extend and interoperate with existing workstations, applications and open source operating systems, providing new capabilities for composing secure distributed systems using commercial off-the-shelf (COTS) components. The latter construct results from the realization that unless a secure system offers users comfortable and familiar interfaces for handling routine information, the secure system will fail due to lack of user acceptability.
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.; Shifflett, David J.
2002-05
-
National Trusted Computing Strategy
Through neglect, the national capability to design and construct trusted computers and networks has begun to atrophy. Not only has the information infrastructure been built weakly, but also our capability to strengthen it continues to decline. The Nation is now lacking in both the research and development talent to produce trusted computing systems and the educational infrastructure to create this talent. In this document, the Center for INFOSEC Studies and Research (CISR) in Monterey, California, proposes a three-pronged approach to strengthen the national information infrastructure and reinvigorate the national capability to produce trustworthy computing systems. The document describes the Trusted Computing Exemplar project as a worked example of how trusted computing systems and components can be constructed. Second, it defines a national research initiative to advance the theoretical foundations for trusted computing and to produce a set of automated tools to support the development of high assurance systems; and third, it defines an educational initiative based on nascent Information Assurance education programs and the Trusted Computing Exemplar to provide a framework for Trusted Computer Development education. The result of this multi-faceted approach will be to increase the security of the national Information Infrastructure by increasing the availability of: Trusted Computer systems and components, Trusted Computer development tools, and Trusted Computer developers, evaluators and educators.
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Dinolt, George W.; Levin, Timothy E.
2002-05
-
Diamond HASP Trusted Computing Exemplar
The National Information Infrastructure is weak; there are no high security, high assurance, off-the-shelf products available that can be used to strengthen it; and the National capability to design and construct such trusted computer systems and networks has atrophied. The purpose of the Trusted Computing Exemplar project is to provide a worked example to show how trusted computing systems and components can be constructed. A prototype high assurance development framework will be created first, and then used to produce a reference implementation trusted computing component, the Embedded MicroKernel Prototype. A third-party evaluation of the component will be initiated during development (e.g., once the high-level design documentation is written). The documentation, source code, development framework and other deliverables will be made openly available as they are produced. The goal is to produce a very small, portable component that will provide users with correct security operation and an a priori assurance against system subversion.
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Dinolt, George W.; Levin, Timothy E.
2002-09
-
Execution Policies Research and Implementation
This research studied the application of a software-based ring execution policy, the type of which has previously been implemented via hardware mechanisms, to an open source operating system. Such an execution policy is orthogonal to, and may be used in conjunction with, other mandatory (viz, secrecy, integrity) and discretionary policies. It allows processes running with otherwise similar privileges (such as the root user, or secrecy attributes) to be differentiated with respect to priority or privilege regarding system resources and execution. The authors have found that it is possible to construct a mandatory ring execution policy whose primary function is to restrict subjects from executing certain file system objects, and that this may result in a more coherent and manageable policy than what can be expected from various discretionary (e.g., policy-bypass or privilege-grouping) mechanisms.
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.; Clark, Paul C.
2003-02
-
Demonstration of Quality of Security Service Awareness for IPsec
Quality of Security Service (QoSS) refers to the ability to provide security services according to user and system preferences, policies and conditions. Thus, security can be managed as a responsive "service" for which quantitative measurement of service "efficiency" is possible. This document presents a demonstration on how a specific underlying security mechanism, IPsec, can be modulated to provide different levels for security in response to changing QoSS requirements. Section 1 provides a demonstration of QoSS awareness for IPsec. Section 2 provides some Psec background and describes how QoSS notions can be linked to this security mechanism. Section 3 gives a brief description of the demo's functionality. Section 4 discusses the IPsec's Security Policy Database and how to put rules into it. Sections 5 and 6 discuss Internet Key Exchange daemon's configuration and policy issues. Section 7 presents the functionality of the QoSS management module. Display of traffic data and of established security parameters is discussed in sections 8 and 9. Section 10 contains a detailed list of demonstration steps and files.
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.; Spyropoulou, Evdoxia
2002-09
-
Teaching Objectives of a Simulation Game for Computer Security
"This paper describes a computer simulation game being developed to teach computer security principles. The player of the game constructs computer networks and makes choices affecting the ability of these networks and the games virtual users to protect valuable assets from attack by both vandals and well-motivated professionals. The game introduces the player to the need for well formed information security policies, allowing the player to deploy a variety of means to enforce security policies, including authentication, audit and access controls. The game will depict a number of vulnerabilities ranging from trivial passwords to trap doors planted by highly skilled, well-funded adversaries."
Naval Postgraduate School (U.S.). Center for Information Systems Security Studies and Research
Irvine, Cynthia E.; Thompson, Michael
2003-06-27
-
Approach to Security Requirements Engineering for a High Assurance System
"Requirements specifications for high assurance secure systems are rare in the open literature. This paper examines the development of a requirements document for a multilevel secure system that must meet stringent assurance and evaluation requirements. The system is designed to be secure, yet combines popular commercial components with specialized high assurance ones. Functional and non-functional requirements pertinent to security are discussed. A multi-dimensional threat model is presented. The threat model accounts for the developmental and operational phases of system evolution and for each phase accounts for both physical and non-physical threats. We describe our team-based method for developing a requirements document and relate that process to techniques in requirements engineering. The system requirements document presented provides a calibration point for future security requirements engineering techniques intended to meet both functional and assurance goals."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.; Wilson, Jeffery D.
2002
-
TCX Project: High Assurance for Secure Embedded Systems
"An overview of the Trusted Computing Exemplar (TCX) research project and its accomplishments to date are presented. The TCX project is constructing a separation kernel that will be high assurance and suitable for use in simple embedded systems. To guide the kernel development, we have created a reusable high assurance development framework. The main emphasis of this multifaceted research and development initiative is to transfer knowledge and techniques for high assurance trusted system development new developers, evaluators and educators."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.; Nguyen, Thuy D.
2005-03
-
Challenges in Computer Security Education
"A friend of mine was part of a team assigned to build a networking product. Just as they were finishing up someone asked, What about security? At that point, it was a little late to do much about the system's security architecture, so they ultimately rolled out the product with a sprinkling of security sugar. The customer, who didn't even know how to ask for security, was pleased and probably will be until disaster strikes. This is just one example of the insufficient attention paid to security engineering and the secure use of computers. Companies are often unaware of even the most rudimentary procedures for securing their systems, while in the computer industry careful security engineering is left in the dust of rapid release cycles. Although awareness is increasing about the need for better computer security, to actually move in that direction we need people who know what they want, people who can build secure systems, and people who can manage those systems so they stay secure. For three days last January, an international group met to discuss some of these issues at the First ACM Workshop on Education in Computer Security, held in Monterey, California. Representatives from 20 universities and a sprinkling of information systems security employers from industry and government were invited to attend based on position papers they had written. The group's task was to discuss ways to address the impending crisis in information security education. Among the questions addressed were articulating the diversity of information security education requirements for different careers and the need for training and retaining security experts in education."
Naval Postgraduate School (U.S.). Center for Information Systems Security Studies and Research
Irvine, Cynthia E.
1997-10
-
Cyber Security Training and Awareness through Game Play
"Effective user security awareness training can greatly enhance the information assurance posture of an organization. Yet holding a trainees attention sufficiently long to impart a message is a considerable challenge, particularly when the training is mandated and the topic is viewed by the target audience as potentially mundane. Video games have been proposed as an engaging training vehicle. This paper describes how a video game-like tool called CyberCIEGE was employed to develop security awareness training targeted for the requirements of a specific organization, and how this extensible tool can offer training and education for a range of target audiences."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Cone, Benjamin D.; Thompson, Michael F.
2006
-
Security: Where Testing Fails
"Computer security addresses the problem of enforcement of security policies in the presence of malicious users and software. Systems enforcing mandatory policies can create confinement domains that limit the damage incurred by malicious software executing in applications. To achieve assurance that the confinement domains cannot be breached, the underlying enforcement mechanism must be constructed to ensure that it is resistant to penetration by malicious software and is free of malicious artifacts. The limitations and contributions of testing in achieving these goals are discussed. Why would a national software testing laboratory advertise on its web page that it provides testing for functionality, compatibility, performance, scalability, and fault tolerance, but not security? The answer may lie in the fact that certain aspects of security policy can be described in completely non-subjective terms. For example, the policy may state that unauthorized individuals are not permitted to read classified material. Can testing ensure that policy will not be violated? This paper provides an overview of challenges that security poses to testing and describes the role of testing in the engineering of trustworthy systems."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.
2000
-
Is Electronic Privacy Achievable?
"While secrecy and integrity policies are most often crafted for protection of corporate (e.g., commercial, educational and government) information, we understand privacy policies to be targeted toward the protection of information for and about individuals. The purpose of this panel is to focus on how new technologies are affecting privacy. [...] Despite the historical lack of support for privacy research on the part of government, military and industry, it is encouraging to see recent developments in theory, techniques and products to support the 'Privacy' part of 'Security & Privacy' (e.g., see 'proponent' panelists, below). However, it seems clear that the science of privacy is in its infancy, and there are more questions on the table than answers."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.
2000-05
