- Author:
- Charles P. Pfleeger
No abstract available.
Cited By
- Mun H and Oh S (2016). Injecting Subject Policy into Access Control for Strengthening the Protection of Personal Information, Wireless Personal Communications: An International Journal, 89:3, (715-728), Online publication date: 1-Aug-2016.
- Dunkerley K and Tejay G (2010). Theorizing Information Security Success, International Journal of Electronic Government Research, 6:3, (31-41), Online publication date: 1-Jul-2010.
Vaidyanathan G and Mautone S (2009). Security in dynamic web content management systems applications, Communications of the ACM, 52:12, (121-125), Online publication date: 1-Dec-2009.- Majzoobi M, Koushanfar F and Potkonjak M (2009). Techniques for Design and Implementation of Secure Reconfigurable PUFs, ACM Transactions on Reconfigurable Technology and Systems, 2:1, (1-33), Online publication date: 1-Mar-2009.
- Karras D and Zorkadis V Towards a reliable evaluation framework for message authentication in web-based transactions based on an improved computational intelligence and dynamical systems methodology Proceedings of the 15th international conference on Advances in neuro-information processing - Volume Part I, (595-602)
- Halpern J and Weissman V (2008). Using First-Order Logic to Reason about Policies, ACM Transactions on Information and System Security, 11:4, (1-41), Online publication date: 1-Jul-2008.
- Chowdhury I, Chan B and Zulkernine M Security metrics for source code structures Proceedings of the fourth international workshop on Software engineering for secure systems, (57-64)
- Eusgeld I References Dependability metrics, (267-300)
- Padayachee K and Eloff J Enhancing optimistic access controls with usage control Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business, (75-82)
- Zou X, Dai Y and Ran X (2007). Dual-Level Key Management for secure grid communication in dynamic and hierarchical groups, Future Generation Computer Systems, 23:6, (776-786), Online publication date: 1-Jul-2007.
- Ge X, Paige R, Polack F and Brooke P Extreme programming security practices Proceedings of the 8th international conference on Agile processes in software engineering and extreme programming, (226-230)
- Laccetti G and Schmid G (2007). A framework model for grid security, Future Generation Computer Systems, 23:5, (702-713), Online publication date: 1-Jun-2007.
- Giesbrecht M, Kotsireas I and Lobo A (2007). ISSAC 2007 poster abstracts, ACM Communications in Computer Algebra, 41:1-2, (38-72), Online publication date: 1-Mar-2007.
- Wahlstrom K and Quirchmayr G The motivation and proposition of a privacy-enhancing architecture for operational databases Proceedings of the fifth Australasian symposium on ACSW frontiers - Volume 68, (173-182)
- Becker S, Hasselbring W, Paul A, Boskovic M, Koziolek H, Ploski J, Dhama A, Lipskoch H, Rohr M, Winteler D, Giesecke S, Meyer R, Swaminathan M, Happe J, Muhle M and Warns T (2006). Trustworthy software systems, ACM SIGSOFT Software Engineering Notes, 31:6, (1-18), Online publication date: 1-Nov-2006.
- Hatebur D and Heisel M Problem frames and architectures for security problems Proceedings of the 24th international conference on Computer Safety, Reliability, and Security, (390-404)
- Sheng Y, Mykytyn P and Litecky C (2005). Competitor analysis and its defenses in the e-marketplace, Communications of the ACM, 48:8, (107-112), Online publication date: 1-Aug-2005.
- Milovanovic D and Bojkovic Z Integration QoS and security technologies in 4G mobile networks Proceedings of the 9th WSEAS International Conference on Communications, (1-4)
- Picó F, Olivo A, Crespi F and Camara A An electronic reconfigurable neural architecture for intrusion detection Proceedings of the First international work-conference on the Interplay Between Natural and Artificial Computation conference on Artificial Intelligence and Knowledge Engineering Applications: a bioinspired approach - Volume Part II, (376-384)
- Lindskog S, Grinnemo K and Brunstrom A Data protection based on physical separation Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part IV, (1331-1340)
- Majeed J FPGA based communication security for wireless sensor networks Proceedings of the 4th WSEAS International Conference on Electronic, Signal Processing and Control, (1-8)
- Farahmand F, Navathe S, Sharp G and Enslow P (2005). A Management Perspective on Risk of Security Threats to Information Systems, Information Technology and Management, 6:2-3, (203-225), Online publication date: 1-Apr-2005.
- Bhagyavati , Olan M, Naugler D and Frank C Information assurance in the undergraduate curriculum Proceedings of the 43rd annual Southeast regional conference - Volume 1, (25-26)
- Yoo I Visualizing windows executable viruses using self-organizing maps Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, (82-89)
- Vaughn R, Dampier D and Warkentin M Building an information security education program Proceedings of the 1st annual conference on Information security curriculum development, (41-45)
- Cantrell G and Dampier D Experiments in hiding data inside the file structure of common office documents Proceedings of the 2004 international symposium on Information and communication technologies, (146-151)
- Li C and Pahl C Security in the Web Services Framework Proceedings of the 1st international symposium on Information and communication technologies, (481-486)
- Eloff J and Eloff M Information security management Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology, (130-136)
- Azadegan S, Lavine M, O'Leary M, Wijesinha A and Zimand M (2003). An undergraduate track in computer security, ACM SIGCSE Bulletin, 35:3, (207-210), Online publication date: 1-Sep-2003.
- Azadegan S, Lavine M, O'Leary M, Wijesinha A and Zimand M An undergraduate track in computer security Proceedings of the 8th annual conference on Innovation and technology in computer science education, (207-210)
- Herath J, Herath S and Herath A Integration of computer security laboratories into computer architecture courses to enhance undergraduate education Proceedings of the 2003 workshop on Computer architecture education: Held in conjunction with the 30th International Symposium on Computer Architecture, (7-es)
- Karras D and Zorkadis V (2003). On neural network techniques in the secure management of communication systems through improving and quality assessing pseudorandom stream generators, Neural Networks, 16:5-6, (899-905), Online publication date: 1-Jun-2003.
- Lane T and Brodley C (2003). An Empirical Study of Two Approaches to Sequence Learning for Anomaly Detection, Machine Language, 51:1, (73-107), Online publication date: 1-Apr-2003.
- Erwin G and Singh S The emerging need for e-commerce accepted practice (ECAP) The economic and social impacts of e-commerce, (50-68)
- Pendegraft N and Wegman J Protecting intellectual property in IT layoffs Technologies & methodologies for evaluating information technology in business, (207-221)
- Inoue H and Forrest S Anomaly intrusion detection in dynamic execution environments Proceedings of the 2002 workshop on New security paradigms, (52-60)
- Taylor S, Vorster J and Van Der Wal R The feasibility of using the world wide web to authenticate higher education qualifications issued by universities and technikons Proceedings of the 2002 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology, (93-100)
- Siau K and Meakim S Managing e-business Managing web usage in the workplace, (254-269)
- Patiyoot D (2002). Security issues for wireless ATM networks, ACM SIGOPS Operating Systems Review, 36:1, (31-57), Online publication date: 1-Jan-2002.
- Gordon L and Loeb M (2001). Using information security as a response to competitor analysis systems, Communications of the ACM, 44:9, (70-75), Online publication date: 1-Sep-2001.
- Trompeter C and Eloff J (2001). Special Features, Computers and Security, 20:5, (384-391), Online publication date: 1-Jul-2001.
- Cho S and Ciechanowicz Z Checklist-based risk analysis with evidential reasoning Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge, (277-292)
- Vaughn R Application of security tot he computing science classroom Proceedings of the thirty-first SIGCSE technical symposium on Computer science education, (90-94)
- Vaughn R (2000). Application of security tot he computing science classroom, ACM SIGCSE Bulletin, 32:1, (90-94), Online publication date: 1-Mar-2000.
- Jonsson E, Strömberg L and Lindskog S On the functional relation between security and dependability impairments Proceedings of the 1999 workshop on New security paradigms, (104-111)
- Kato K, Someya Y, Matsubara K, Toumura K and Abe H (1999). An Approach to Mobile Software Robots for the WWW, IEEE Transactions on Knowledge and Data Engineering, 11:4, (526-548), Online publication date: 1-Jul-1999.
- Zviran M and Haga W (1999). Password security, Journal of Management Information Systems, 15:4, (161-185), Online publication date: 1-Mar-1999.
- Carney M and Loe B A comparison of methods for implementing adaptive security policies Proceedings of the 7th conference on USENIX Security Symposium - Volume 7, (1-1)
Index Terms
- Security in computing
Recommendations
Cloud Computing Security: Amazon Web Service
ACCT '15: Proceedings of the 2015 Fifth International Conference on Advanced Computing & Communication TechnologiesCloud Computing is a recently emerged model which is becoming popular among almost all enterprises. It involves the concept of on demand services which means using the cloud resources on demand and we can scale the resources as per demand. Cloud ...
Cloud computing security: challenges and future trends
Cloud computing is one of the most trendy terminologies. Cloud providers aim to satisfy clients' requirements for computing resources such as services, applications, networks, storage and servers. They offer the possibility of leasing these resources ...
Cloud computing security
Highlights We survey approaches to protecting data from a cloud infrastructure provider. We explain some difficulties with using fully homomorphic encryption for cloud computing applications. We describe a method in which in-browser key translation ...
Reviews
Stanley A. Kurzban
The second edition of Pfleeger's book, knowledgeably corrected and supplemented with material from outside the cryptological and US Department of Defense (DoD) communities, can serve its primary intended audience of students and professors extraordinarily well as a textbook for a one- or two-semester course in computer security. Contrary to the assertion in the preface, however, it does not “function equally well as a reference for a computer professional”: such an individual would find it woefully incomplete and too often misleading or inaccurate. Those familiar with the first edition [1] will find that the second has new material on malicious code, firewalls, electronic mail, federal cryptographic initiatives, the program development process, and administration. All are welcome, though any material on malicious code and federal initiatives must quickly lose currency. Material retained from the first edition—most of it excellent, well organized, and well presented—deals with security in general; cryptography; security for operating systems, databases, and networks; administration; and ethics. Although written by a member of the DoD community and biased toward the peculiar concerns thereof, the book treats such concerns as law, administration, human factors, and mainframe commercial systems relatively well and comprehensively. There are exercises after each chapter and a respectable index. The bibliography is extensive, yet has few references to the huge and tremendously useful segment of the literature that the DoD community has not dominated. The book's greatest weakness is inappropriate emphasis. The author includes “integrity” within the scope of “security” and includes authorized acts among those that can compromise integrity. In fact, the most prevalent sources of loss are errors and misuse of authority. Nonetheless, the author devotes almost none of the book to them, focusing instead on prevention of unauthorized acts. Aside from one virus and one worm, the author offers no example of any fraud or crime that caused great loss and resulted from an unauthorized act. Astonishingly and tellingly, a seven-page section on covert channels ends frankly with the accurate observation that “reports of covert channel attacks just do not exist.” Despite the book's attention to cracking, it hardly touches on the subject of user-friendly password mechanisms. (When it does, it touts supposedly pronounceable system-chosen passwords, but ignores voluminous literature on better methods.) In a few places the book is simply inaccurate. Contrary to the author's assertion, courts have accepted media as adequate evidence. Although the book aptly uses the terms “apocryphal” and “legendary” with reference to salami attacks, it goes on to state falsely that “roundoff error can be substantial.” The author treats several items superficially or even dismissively. The brief discussion of unattended session control does not refer to the subsequent discussion of time-out mechanisms. The author leaves a false impression of mainframes' vulnerability to viruses by, among other things, failing to relate program protection to viruses. The brief section on biometric means of identity verification makes no mention of signature dynamics. The value of a vendor's commitment to the integrity of its systems or the systems' history of robustness is inaccurately portrayed and dismissed out of hand, and the problem of distributing fixes without alerting potential abusers to systems' flaws receives no attention at all. The author says nothing about the fact that unmotivated users will ignore “LAST LOG-ON AT” messages; or about defensive measures and opponents' countermeasures that apply to the detection of successive unsuccessful attempts to log on; or about the legal implications of first displays shown to those who call into systems. All in all, while there is much about computer security that the book treats inadequately or misleadingly, it can serve students and professors seeking a useful basic text. The field is very large, and those who need comprehensive and scrupulously accurate material can consult Ruthberg and Tipton [2 ].
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.