31.
|
Improving Practical Security Engineering: Overview of the Ongoing Research
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2005-022]
Security engineering is about creating viable solutions to real-world security problems-solutions that would address the requirements, be cost-effective, competitive, and yet be subject to the limitations of today security and software technologies [...]
Published in Konstantin Beznosov, "Improving Practical Security Engineering: Overview of the Ongoing Research," talk given at the Department of Computer Science, Heverlee, Belgium, Catholic University of Leuven, 20 December, 2004. :
Transfer from CDS 0.99.7: PDF;
|
32.
|
Here’s Your Lego™ Security Kit: How to Give Developers All Protection Mechanisms They Will Ever Need
/ Konstantin Beznosov
[LERSSE-RefConfPaper-2005-009]
By presenting a protection architecture for ASP.NET Web services, this paper demonstrates the feasibility of creating middleware mechanisms in the form of composable, flexible, and extensible building blocks. [...]
Published in Konstantin Beznosov, “Here’s Your Lego! Security Kit: How to Give Developers All Protection Mechanisms They
Will Ever Need,” in Proceedings of Software Engineering and Middleware (SEM) Workshop, pp. 3-18,
Linz, Austria, 20-21 September 2004.:
Transfer from CDS 0.99.7: PDF;
|
33.
|
Flooding and Recycling Authorizations
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2005-018]
The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the authorization servers through remote procedure calls. [...]
Published in Konstantin Beznosov, "Flooding and Recycling Authorizations," presentation given at the New Security Paradigms Workshop (NSPW), Lake Arrowhead, CA, USA, 22 September, 2005, pp.25. :
Transfer from CDS 0.99.7: PDF;
|
34.
|
eXtreme Security Engineering: On Employing XP Practices to Achieve “Good Enough Security” without Defining It
/ LERSSE-PRESENTATION-2005-017
[LERSSE-PRESENTATION-2005-017]
This presentation examines practices of eXtreme Programming (XP) on the subject of their application to the development of security solutions. [...]
Published in Konstantin Beznosov, "eXtreme Security Engineering: On Employing XP Practices to Achieve Good Enough Security without Defining It," talk given at the First ACM Workshop on Business Driven Security Engineering (BizSec), Fairfax, VA, USA, 31 October, 2003. :
Transfer from CDS 0.99.7: PDF;
|
35.
|
eXtreme Security Engineering: On Employing XP Practices to Achieve “Good Enough Security” without Defining It
/ Konstantin Beznosov
[LERSSE-RefConfPaper-2005-008]
This paper examines practices of eXtreme Programming (XP) on the subject of their application to the development of security solutions. [...]
Published in Konstantin Beznosov. Extreme security engineering: On employing xp practices to achieve
"good enough security" without defining it. In First ACM Workshop on Business Driven
Security Engineering (BizSec), Faiffax, VA, USA, 2003. :
Transfer from CDS 0.99.7: PDF;
|
36.
|
Experience Report: Design and Implementation of a Component-Based Protection Architecture for ASP.NET Web Services
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2005-016]
This presentation reflects, from a software engineering perspective, on the experience of designing and implementing protection mechanisms for ASP.NET Web services. [...]
Published in Konstantin Beznosov, "Experience Report: Design and Implementation of a Component-Based Protection Architecture for ASP.NET Web Services," presented at the Eighth International SIGSOFT Symposium on Component-based Software Engineering (CBSE), St. Louis, Missouri, USA, 15 May, 2005. :
Transfer from CDS 0.99.7: PDF;
|
37.
|
Enterprise Security with EJB™ and CORBA®
/ Bret Hartman ; Donald J. Flinn ; Konstantin Beznosov
[LERSSE-BOOK-2005-002]
This book shows you how to apply enterprise security integration (ESI) to secure your enterprise from end-to-end, using theory, examples, and practical advice. [...]
Published in Bret Hartman, Donald J. Flinn, Konstantin Beznosov, "Enterprise Security with EJB? and CORBA?," New York, New York, USA, John Wiley and Sons, Inc., ISBN 0-471-40131-5, April, 2001, pp.400. :
Transfer from CDS 0.99.7: PDF;
|
38.
|
Engineering Application-level Access Control in Distributed Systems
/ Konstantin Beznosov ; Yi Deng
[LERSSE-BOOK-2005-001]
This chapter discusses issues of engineering access control solutions in distributed applications for enterprise computing environments. [...]
Published in Konstantin Beznosov, Yi Deng, "Engineering Application-level Access Control in Distributed Systems," in Handbook of Software Engineering And Knowledge Engineering, World Scientific Publishing, vol. 1, ISBN 981-02-4973-X, January, 2002, pp.20. :
Transfer from CDS 0.99.7: PDF;
|
39.
|
Design and Implementation of Resource Access Decision Server
/ Luis Espinal ; Konstantin Beznosov ; Yi Deng
[LERSSE-REPORT-2005-009]
Decoupling authorization decision logic enables implementation of complex and consistent access control policies across heterogeneous systems. [...]
Published in Luis Espinal, Konstantin Beznosov, Yi. Deng, "Design and Implementation of Resource Access Decision Server," Center for Advanced Distributed Systems Engineering (CADSE). Florida International University, technical report #2000-01, pp.18: (21 January, 2000)
Transfer from CDS 0.99.7: PDF;
|
40.
|
Design
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2005-006]
Learning objectives: * understand the principles of engineering secure systems. [...]
Published in
application development course SecAppDev course, Brussels, Belgium, Katholieke
Universiteit Leuven, 2, 3 March, 2005, pp.55. :
Transfer from CDS 0.99.7: PDF;
|