H28.1 6-Apr-01 Clark Thomborson Software Security CompSci 725 Handout 28: Report Writing #2 (Sample Titles & Abstracts) Clark Thomborson University of.

Slides:

Advertisements

Similar presentations

Operating Systems Components of OS

Advertisements

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu

Security of JavaCard smart card applets Erik Poll University of Nijmegen

New Security Issues Raised by Open Cards Pierre GirardJean-Louis Lanet GERMPLUS R&D.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Operating System Security

Java Applet Security Diana Dong CS 265 Spring 2004.

Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.

Security Prospects through Cloud Computing by Adopting Multiple Clouds Meiko Jensen, Jorg Schwenk Jens-Matthias Bohli, Nils Gruschka Luigi Lo Iacono Presented.

Gemplus and OSGI Benjamin Maury Gemplus Introduction  World Leader for Smart Card Solutions  Smart Solutions in Telecommunications  Beyond.

27 th Oct 2003 Checking Secure Interactions of Smart Card Applets: extended version P. Bieber, J. Cazin, P. Girard, J. –L. Lanet, V. Wiels, and G. Zanon.

UDDI, Discovery and Web Services Registries. Introduction To facilitate e-commerce, companies needed a way to locate one another and exchange information.

Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.

Java Security: From HotJava to Netscape & Beyond Drew Dean, Edward W. Felten, Dan S. Wallach Department of Computer Science, Princeton University May,

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

Adding Organizations and Roles as Primitives to the JADE Framework NORMAS’08 Normative Multi Agent Systems, Matteo Baldoni 1, Valerio Genovese 1, Roberto.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

Satzinger, Jackson, and Burd Object-Orieneted Analysis & Design

Rob Jaeger, University of Maryland, Department of Computer Science 1 Active Networking “ The active network provides a platform on which network services.

1 Software Testing and Quality Assurance Lecture 30 – Testing Systems.

J2EE Java 2 Enterprise Edition. Relevant Topics in The Java Tutorial Topic Web Page JDBC orial/jdbc

On Platform-Plugin Architecture Take Eclipse as an Example 魏恒峰.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

 1. Introduction  2. Development Life-Cycle  3. Current Component Technologies  4. Component Quality Assurance  5. Advantages and Disadvantages.

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

Software Engineering Muhammad Fahad Khan

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.

SEC835 Database and Web application security Information Security Architecture.

Previous Next 06/18/2000Shanghai Jiaotong Univ. Computer Science & Engineering Dept. C+J Software Architecture Shanghai Jiaotong University Author: Lu,

MT311 Java Application Development and Programming Languages Li Tak Sing( 李德成 )

Presented by Amlan B Dey.  Access control is the traditional center of gravity of computer security.  It is where security engineering meets computer.

Software Models (Cont.) 9/22/2015ICS 413 – Software Engineering1 -Component-based software engineering -Formal Development Model.

Cosc 4010 Sandboxing. Last lecture Last time, we covered chroot, which is a method to "sandbox" a problem. –Not full proof by any means. Many simple mistakes.

J2ME Presented by May Sayed & Menna Hawash. Outline Introduction “Java Technology” Introduction “What is J2ME?” J2ME Architecture J2ME Core Concepts 

1 22 August 2001 The Security Architecture of the M&M Mobile Agent Framework P. Marques, N. Santos, L. Silva, J. Silva CISUC, University of Coimbra, Portugal.

Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.

Java 2 security model Valentina Casola. Components of Java the development environment –development lifecycle –Java language features –class files and.

CPRG 215 Introduction to Object-Oriented Programming with Java Module 1-Introduction to Java Topic 1.1 Basics of Java Produced by Harvey Peters, 2008 Copyright.

Open Service Gateway Initiative (OSGi) Reporter : 林學灝侯承育 1.

Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.

Integrated Systems Division Service-Oriented Programming Guy Bieber, Lead Architect Motorola ISD C4I 2000 OOPSLA Jini Pattern Language Workshop Guy Bieber,

Writing Systems Software in a Functional Language An Experience Report Iavor Diatchki, Thomas Hallgren, Mark Jones, Rebekah Leslie, Andrew Tolmach.

14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,

Distribution and components. 2 What is the problem? Enterprise computing is Large scale & complex: It supports large scale and complex organisations Spanning.

Security Vulnerabilities in A Virtual Environment

Dispatching Java agents to user for data extraction from third party web sites Alex Roque F.I.U. HPDRC.

COSC573 Instructor: Professor Anvari Student:Shen Zhong ID#: Summer semester,1999 Washington.D.C.

Java – in context Main Features From Sun Microsystems ‘White Paper’

Introduction Architecture Hardware Software Application Security Logical Attack Physical Attack Side channel Attack.

Dynamic Creation and Management of Runtime Environments in the Grid Kate Keahey Matei Ripeanu Karl Doering.

VMM Based Rootkit Detection on Android

Problem On a regular basis we use: –Java applets –JavaScript –ActiveX –Shockwave Notion of ubiquitous computing.

TTCN-3 Testing and Test Control Notation Version 3.

JAVA CARD Presented by: MAYA RAJ U C A S,PATHANAMTHITTA.

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

Enterprise Architectures Course Code : CPIS-352 King Abdul Aziz University, Jeddah Saudi Arabia.

Security of Digital Signatures

Distribution and components

Towards Effective Adaptive User Interfaces Design

The Improvement of PaaS Platform ZENG Shu-Qing, Xu Jie-Bin 2010 First International Conference on Networking and Distributed Computing SQUARE.

Software Design Methodology

Designing Software for Ease of Extension and Contraction

How to Mitigate the Consequences What are the Countermeasures?

Shielding applications from an untrusted cloud with Haven

PLANNING A SECURE BASELINE INSTALLATION

NSA Security-Enhanced Linux (SELinux)

FRAMEWORKS AND REUSE What is “Framework”?

Presentation transcript:

h Apr-01 Clark Thomborson Software Security CompSci 725 Handout 28: Report Writing #2 (Sample Titles & Abstracts) Clark Thomborson University of Auckland

h Apr-01 Clark Thomborson New Security issues Raised by Java Card This paper discusses the solution on smart cards regarding the market needs and the flexibility for card applications. The strong typing of Java enforces the language based security, but is not sufficient. The security problems and solutions on the features which Java card bring to application developers and end users were described here: download framework from open card architecture is proposed, with the off-card byte code verification performed by a third-party. The program Applet Firewall is invoked when codes in one context attempt to access data or codes in another context. The sharable interface concept is also introduced here. Platform and application securities were also discussed. The application security relies on a proven implementation of the OS and the associated Java Card Runtime Environment. Ensuring the correctness of this implementation is the basis of the platform security. This can be done through a mathematical proof of the implementation.

h Apr-01 Clark Thomborson Java Cards Security Issues In this paper, the author introduced new security issues raised by Java Cards in four aspects. One is to download code securely on card. The verification must be done off- card by a third-party, card issuer. The second security is the Java Card platform level security which is under the issuer's responsibility. The third one is the application security which is under the provider's responsibility. The last issue is about data and objectssharing on the card. This mechanism prevents unauthorized access to data and objects.

h Apr-01 Clark Thomborson Two Security Issues about Java Card I introduce two concerns about java card security. One is the post-issuance applet download feature. Another one is multi- services feature. And give an interesting point from where you can start your attack.

h Apr-01 Clark Thomborson A Secure Java Smart Card System: Visa Open Platform Traditional smart card technologies are difficult to develop and have a long time-to-market. Open smart card systems offer several advantages, including short development cycles, dynamic updating of cards and the ability for one card to provide services from many providers. However they raise new security concerns to ensure that both users and providers of services are protected from malicious tampering. We discuss how the VISA Open Platform addresses these concerns. Methods include off card verification and digital signing of applets, formal proof of correctness of major software components, and sandbox firewalling of executions domains. The resulting system is a powerful frame work for developing and deploying smart card applications, but security can only be ensured by the careful use of its facilities.