Temat: security design - Katalog OPAC zbiorów

Skocz do pozycji: 1.

Tytuł:: Computer-aided tool based on common criteria related design patterns
Autorzy:: Rogowski, Dariusz
Powiązania:: https://bibliotekanauki.pl/articles/431960.pdf
Data publikacji:: 2013
Wydawca:: Wydawnictwo Uniwersytetu Ekonomicznego we Wrocławiu
Tematy:: Common Criteria
security assurance
design patterns
computer-aided tool
Opis:: The paper describes the results of an R&D project whose aim was to work out a computer tool supporting the development of IT products with built-in security features. The tool ensures that all security measures are applied into a product with regards to the requirements of the ISO/IEC 15408 standard (Common Criteria for Information Technology Security Evaluation). Nowadays there are only a few, limited solutions which support developers in using the Common Criteria methodology. The proposed tool supports three basic processes: security development, product development, and product evaluation as well as writing special evidence documents based on design patterns. Developers used the tool in software- and hardware projects and demonstrated it facilitates and speeds up the development processes of IT security-enhanced products.
Źródło:: Informatyka Ekonomiczna; 2013, 3(29); 111-127
1507-3858
Pojawia się w:: Informatyka Ekonomiczna
Dostawca treści:: Biblioteka Nauki

Artykuł

Zmień widok

na półce

Skocz do pozycji: 2.

Tytuł:: Utilizing Object Capabilities to Improve Web Application Security
Autorzy:: Koppmann, Michael
Kudera, Christian
Pucher, Michael
Merzdovnik, Georg
Powiązania:: https://bibliotekanauki.pl/articles/27272525.pdf
Data publikacji:: 2022
Wydawca:: NASK - National Research Institute
Tematy:: object capabilities
design patterns
web security
możliwości obiektów
wzorce projektowe
bezpieczeństwo sieci
Opis:: Nowadays, more and more applications are built with web technologies, such as HTML, CSS, and JavaScript, which are then executed in browsers. The web is utilized as an operating system independent application platform. With this change, authorization models change and no longer depend on operating system accounts and underlying access controls and file permissions. Instead, these accounts are now implemented in the applications themselves, including all of the protective measures and security controls that are required for this. Because of the inherent complexity, flaws in the authorization logic are among the most common security vulnerabilities in web applications. Most applications are built on the concept of the Access-Control List (ACL), a security model that decides who can access a given object. Object Capabilities, transferable rights to perform operations on specific objects, have been proposed as an alternative to ACLs, since they are not susceptible to certain attacks prevalent for ACLs. While their use has been investigated for various domains, such as smart contracts, they have not been widely applied for web applications. In this paper, we therefore present a general overview of the capability- based authorization model and adapt those approaches for use in web applications. Based on a prototype implementation, we show the ways in which Object Capabilities may enhance security, while also offering insights into existing pitfalls and problems in porting such models to the web domain.
Źródło:: Applied Cybersecurity & Internet Governance; 2022, 1, 1; 1-18
2956-3119
2956-4395
Pojawia się w:: Applied Cybersecurity & Internet Governance
Dostawca treści:: Biblioteka Nauki

Artykuł

Zmień widok

na półce

Informacja

Wyszukujesz frazę "security design" wg kryterium: Temat

Źródło danych

Dostawca treści

Kolekcja

Rok wydania

Wydawca

Temat

Autor

Typ dokumentu

Język