Basin, D., Clavel, M., & Egea, M. (2011). A decade of model-driven security. Paper presented at the 16th ACM Symposium on Access Control Models and Technologies, Innsbruck, Austria. [Full text available in the ACM Digital Library database.]
In model-driven development, system designs are specified using
graphical modeling languages like UML and system artifacts such as code
and configuration data are automatically generated from the models.
Model-driven security is a specialization of this paradigm, where system
designs are modeled together with their security requirements and
security infrastructures are directly generated from the models. Over
the past decade, we have explored different facets of model-driven
security. This research includes different modeling languages, code
generators, model analysis tools, and even model transformations. For
example, in multi-tier systems, we used model transformations to
transform a security policy, formulated for a system's data model, to a
security policy governing the behavior of the system's graphical user
interface. In this paper, we survey progress made, tool support, and
case studies, which attest to the flexibility and power of such a
multi-faceted approach to building secure systems.
Mylonas, A., Tsoumas, B., Dritsas, S., & Gritzalis, D. (2011). A secure smartphone applications roll-out scheme. Paper presented at the 8th International Conference on Trust, Privacy, and Security in Digital Business, Toulouse, France. Retrieved from http://goo.gl/So8Ym
The adoption of smartphones, devices transforming from simple
communication devices to smart and multipurpose devices, is
constantly increasing. Amongst the main reasons for their
vast pervasiveness are their small size, their enhanced functionality,
as well as their ability to host many useful and attractive
applications. Furthermore, recent studies estimate that application
installation in smartphones acquired from official
application repositories, such as the Apple Store, will continue to
increase.
In this context, the official application repositories might
become attractive to attackers trying to distribute malware via
these repositories. The paper examines the security
inefficiencies related to application distribution via application
repositories.
Our contribution focuses on surveying the application
management procedures enforced during application distribution in the
popular smartphone platforms (i.e. Android, Black-Berry,
Apple iOS, Symbian, Windows Phone), as well as on proposing a scheme
for an application management system suited for secure
application distribution via application repositories.
Souppaya, M., & Scarfone, K. (2011, September). Guidelines for securing wireless local area networks (WLANs) (NIST Special Publication 800-153 - Draft). Retrieved from http://csrc.nist.gov/publications/drafts/800-153/Draft-SP800-153.pdf
The purpose of this publication is to provide organizations with recommendations for improving the security configuration and monitoring
of their IEEE 802.11 wireless local area networks (WLANs) and their
devices connecting to those networks. Recommendations . . . cover topics such as standardized WLAN security configurations,
dual connected WLAN client devices, and security assessments and
continuous monitoring [this is one of four new cyber-related publications from NIST.]
