Topic
Security Technical Implementation Guide
About: Security Technical Implementation Guide is a research topic. Over the lifetime, 12 publications have been published within this topic receiving 86 citations.
Papers
3 Jun 2012
TL;DR: It is described how a structured flow of analysis and testing activities organized in five phases can accelerate the discovery of security issues in computer hardware products that could be exploited through software or physical attacks.
Abstract: Security assurance is a rapidly evolving but well understood discipline in the software industry. Many firms have adopted the Security Development Lifecycle as a process to identify and fix vulnerabilities in their products before they are released. To do this, they rely on sound software security practices, tools and precise technical information available through a vast collection of publicly known vulnerabilities and exploits. Historically, secure development practices for hardware products have not developed as fast. Only a limited number of methodologies, standards, exploits, and testing tools exist to assist vendors with their security assurance goals. This paper presents a Hardware Security Development Lifecycle at the hardware technology level that has been used on commercial CPUs, chipsets, and SoCs. It describes how a structured flow of analysis and testing activities organized in five phases can accelerate the discovery of security issues in computer hardware products that could be exploited through software or physical attacks. We summarize lessons learned over several years of security evaluation experience that have resulted in a systematic method that can be adapted to make security assurance an integral part of hardware development cycles.
36 citations
TL;DR: The objective of this paper is to design a methodology for the introduction, development and maintenance of computer security within major organizations.
22 citations
Book•
25 Oct 2012
TL;DR: This book provides the fundamentals of computer architecture for security and covers a wide range of computer hardware, system software and data concepts from a security perspective.
Abstract: The first book to introduce computer architecture for security and provide the tools to implement secure computer systemsThis book provides the fundamentals of computer architecture for security. It covers a wide range of computer hardware, system software and data concepts from a security perspective. It is essential for computer science and security professionals to understand both hardware and software security solutions to survive in the workplace.Examination of memory, CPU architecture and system implementationDiscussion of computer buses and a dual-port bus interfaceExamples cover a board spectrum of hardware and software systemsDesign and implementation of a patent-pending secure computer systemIncludes the latest patent-pending technologies in architecture securityPlacement of computers in a security fulfilled network environmentCo-authored by the inventor of the modern Computed Tomography (CT) scannerProvides website for lecture notes, security tools and latest updates
17 citations
17 Sep 2014
TL;DR: This work proposes empirically testing security products’ detection rates by linking multiple pieces of data such as network traffic, executable files, and an email to the attack that generated all the data, which provides an automated means of evaluating risks and the security posture of alternative security architectures.
Abstract: Defense in depth is vital as no single security product detects all of today’s attacks. To design defense in depth organizations rely on best practices and isolated product reviews with no way to determine the marginal benefit of additional security products. We propose empirically testing security products’ detection rates by linking multiple pieces of data such as network traffic, executable files, and an email to the attack that generated all the data. This allows us to directly compare diverse security products and to compute the increase in total detection rate gained by adding a security product to a defense in depth strategy not just its stand alone detection rate. This approach provides an automated means of evaluating risks and the security posture of alternative security architectures. We perform an experiment implementing this approach for real drive-by download attacks found in a real time email spam feed and compare over 40 security products and human click-through rates by linking email, URL, network content, and executable file attack data.
15 citations
1 Aug 2016
TL;DR: Various factors that includes technical and social perspectives that should be taken into consideration with a proper balance to secure a software system are explained.
Abstract: Software security is equally a shared responsibility of technical experts and clients who deploys the system. When a software receives security assurance upon its product release, security validation of the software is assured. Security compromise may take place by luring authenticate users to exploit the vulnerabilities persists in the system.Vulnerabilities emerging from user side also plays a significant role in determining security assurance of the system. Depending upon the level of software attack surface, potential vulnerability can be injected into the system. Therefore the root causes of software vulnerabilities cannot merely contributed to the technical aspects of mitigation techniques. These increased level of requirements took security experts to a spectrum where users' improper or insecure practices should also be counted while securing a software system. In this paper, I explain about various factors that includes technical and social perspectives that should be taken into consideration with a proper balance to secure a software system. Based on thorough literature review, an in-depth explanation on various information system vulnerabilities and recommended techniques to reduce the attack surfaces of those vulnerabilities are also provided.
8 citations
Related Topics (5)
Performance Metrics
| Year | Papers |
|---|---|
| 2016 | 3 |
| 2015 | 1 |
| 2014 | 1 |
| 2012 | 2 |
| 2009 | 1 |
| 2003 | 1 |