Often, security requirements for complex systems are hard to discern because it is difficult to determine which requirements must be allocated to the system and which pertain to the system environment. In the Common Criteria framework,... more
Often, security requirements for complex systems are hard to discern because it is difficult to determine which requirements must be allocated to the system and which pertain to the system environment. In the Common Criteria framework, threat analysis results in a set of objectives that can be subdivided into two major categories: those allocated to the system itself, and the
Research Interests:
Research Interests:
Although many of the concepts included in staff cyber-security awareness training are universal, such training often must be tailored to address the policies and requirements of a particular organization. In addition, many forms of... more
Although many of the concepts included in staff cyber-security awareness training are universal, such training often must be tailored to address the policies and requirements of a particular organization. In addition, many forms of training fail because they are rote and do not require users to think about and apply security concepts. A flexible, highly interactive video game, CyberCIEGE, is described as a security awareness tool that can support organizational security training objectives while engaging typical users in an engaging security adventure.
Research Interests:
Research Interests:
During many crises, access to sensitive emergency-support information is required to save lives and property. For example, for effective evacuations first responders need the names and addresses of non-ambulatory residents. Yet,... more
During many crises, access to sensitive emergency-support information is required to save lives and property. For example, for effective evacuations first responders need the names and addresses of non-ambulatory residents. Yet, currently, access to such information may not be possible because government policy makers and third-party data providers lack confidence that today’s IT systems will protect their data. Our approach to the management of emergency information provides first responders with temporary, transient access to sensitive information, and ensures that the information is revoked after the emergency. The following contributions are presented: a systematic analysis of the basic forms of trusted communication supported by the architecture; a comprehensive method for secure, distributed emergency state management; a method to allow a userspace application to securely display data; a multifaceted system analysis of the confinement of emergency information and the secure and complete revocation of access to that information at the closure of an emergency.
Research Interests:
Research Interests:
Research Interests:
In most computer science graduate programs, students must complete an advanced research project that demonstrates the students technical competence in both the theory and practice of the field. Information security is a specialization... more
In most computer science graduate programs, students must complete an advanced research project that demonstrates the students technical competence in both the theory and practice of the field. Information security is a specialization area of computer science whose research results have direct benefits to real world problems. The Common Criteria (CC) is an international standard for security evaluation of products. This paper describes the utilization of the CC paradigmatic framework for advanced student research projects focused on security engineering. Three CC-based efforts of varying levels of difficulty are presented and the suitability and benefits of applying the CC in this context are discussed.