Konstantin Beznosov

16 October 2005

Abstract: Security engineering is about creating viable solutions to real-world security problems-solutions that would address the requirements, be cost-effective, competitive, and yet be subject to the limitations of today security and software technologies. In this talk, I will provide an overview of the ongoing research towards improving the state of security engineering that together with my colleagues I conduct at the University of British Columbia. Specifically, I will focus on the following: * comparative study of the approaches to security mechanisms engineering * policy decision models & architecture(s) for massive scale enterprises * composable policy engines * improving usability of security administration * towards security agile assurance * end-to-end selective data protection with partially-trusted proxies

Keyword(s): research ; access control ; security engineering ; secure software ; usable security ; General Computer Security
Note: Konstantin Beznosov, "Improving Practical Security Engineering: Overview of the Ongoing Research," talk given at the Department of Computer Science, Heverlee, Belgium, Catholic University of Leuven, 20 December, 2004. Slides are available in PDF upon request.


Published in: Konstantin Beznosov, "Improving Practical Security Engineering: Overview of the Ongoing Research," talk given at the Department of Computer Science, Heverlee, Belgium, Catholic University of Leuven, 20 December, 2004. :