You are previewing International Journal of Secure Software Engineering (IJSSE) Volume 6, Issue 2.
O'Reilly logo
International Journal of Secure Software Engineering (IJSSE) Volume 6, Issue 2

Book Description

The International Journal of Secure Software Engineering (IJSSE) publishes original research on the security concerns that construe during the software development practice. IJSSE promotes the idea of developing security-aware software systems from the ground up. This journal examines the software security from a software engineering perspective and addresses technical, as well as managerial aspects of secure software engineering. IJSSE includes all aspects of software security in the development, deployment, and management processes of software systems.

This issue contains the following articles:

  • An Empirical Bandwidth Analysis of Interrupt-Related Covert Channels
  • Calculating Quantitative Integrity and Secrecy for Imperative Programs
  • Using Attack Graphs to Analyze Social Engineering Threats
  • Risk-Based Privacy-Aware Information Disclosure
  • Assessing the Usefulness of Testing for Validating and Correcting Security Risk Models Based on Two Industrial Case Studies

Table of Contents

  1. Cover
  2. Masthead
  3. Call For Articles
  4. Special Issue on Quantitative Aspects in Security Assurance
  5. An Empirical Bandwidth Analysis of Interrupt-Related Covert Channels
    1. ABSTRACT
    2. 1. INTRODUCTION
    3. 2. BACKGROUND
    4. 3. THE IRCC EXPLOIT
    5. 4. EMPIRICAL EVALUATION OF THE IRCC EXPLOIT
    6. 5. COMPUTING OPTIMAL EXPLOIT CONFIGURATIONS
    7. 6. SELECTED FINDINGS AND OUTLOOK
    8. 7. SUMMARY
    9. ACKNOWLEDGMENT
    10. REFERENCES
    11. Proofs
  6. Calculating Quantitative Integrity and Secrecy for Imperative Programs
    1. ABSTRACT
    2. 1. INTRODUCTION
    3. 2 BACKGROUND
    4. 3. USING MUTUAL INFORMATION TO CALCULATE CONDITIONAL MUTUAL INFORMATION AND ENTROPY
    5. 4. A LANGUAGE FOR INTEGRITY CHECKING
    6. 5. IMPLEMENTATION AND EXAMPLES
    7. 6. EXAMPLES COMBINING SECRECY AND INTEGRITY
    8. 7. PROGRAM INTEGRITY
    9. 8. PROGRAM INTEGRITY FOR PROBABILISTIC PROGRAMS
    10. 9. CONCLUSION AND FURTHER WORK
    11. REFERENCES
    12. ENDNOTES
  7. Using Attack Graphs to Analyze Social Engineering Threats
    1. ABSTRACT
    2. INTRODUCTION
    3. RELATED WORK
    4. SOCIAL ENGINEERING EXPLOITS
    5. ANALYSIS OF SOCIAL ENGINEERING THREATS WITH ATTACK GRAPHS
    6. DISCUSSION
    7. CONCLUSION
    8. ACKNOWLEDGMENT
    9. REFERENCES
    10. ENDNOTES
  8. Risk-Based Privacy-Aware Information Disclosure
    1. ABSTRACT
    2. INTRODUCTION
    3. SCENARIO
    4. RISK-AWARE ACCESS CONTROL
    5. PRIVACY PRESERVING INFORMATION DISCLOSURE
    6. RISK-AWARE INFORMATION DISCLOSURE
    7. APPLICATION OF RISK-AWARE ROLE-BASED ACCESS CONTROL
    8. RISK-AWARE ACCESS CONTROL FRAMEWORK
    9. EVALUATION
    10. RELATED WORK
    11. CONCLUSION
    12. ACKNOWLEDGMENT
    13. REFERENCES
    14. ENDNOTES
  9. Assessing the Usefulness of Testing for Validating and Correcting Security Risk Models Based on Two Industrial Case Studies
    1. ABSTRACT
    2. 1. INTRODUCTION
    3. 2. TEST-DRIVEN SECURITY RISK ANALYSIS
    4. 3. RESEARCH METHOD
    5. 4. OVERVIEW OF THE TWO CASE STUDIES
    6. 5. RESULTS
    7. 6. DISCUSSION
    8. 7. RELATED WORK
    9. 8. CONCLUSION
    10. ACKNOWLEDGMENT
    11. REFERENCES
  10. Call For Articles