Morteza Damanafshan scite author profile

Security is one of the most important concerns for both developers and consumers in the Information Technology (IT) world. Developing secure IT products demands some standards to assure the security level of the products. Common Criteria (CC) standard is formed to achieve this goal. But like other standards, CC has its own problems. In this paper, we address two of these problems. abstraction and time problems. Abstraction in the context of Common Criteria evaluation methodology is one of the most significant problems in the IT product evaluation process. Furthermore, the other problem of evaluation process based on Common Criteria is that it is a time consuming process, so it eventually makes the process a costly one. To solve these two problems, we decompose the tasks mentioned in the CC standard into finer ones. Moreover, we propose various expertises and task parallelism for performing aforementionedfiner tasks.

show abstract

Raas

Soleimani¹,

Asl²,

Doroud³

et al. 2007

View full text Add to dashboard Cite

One of the primary challenges in IDS alerts analysis is controlling and archiving the huge amount of alerts that have been triggered mainly in attack periods. We have developed a self-adaptive controlling mechanism which archives the Snort generated alerts in a well-formed abstracted format. An appropriate hashing technique along with a full-automated time-based hierarchical archiving approach has been used to reach this end. The developed system prevents the Snort database size to grow uncontrollably and unexpectedly. Results obtained from experiments and test cases show that especially in critical attack situations the system responds to queries well in a reasonable amount of time. The developed analyzer with new archiving approach is also able to compress the generated alerts effectively and generate statistical reports fast. The developed system is platform independent and can be deployed on mid-range servers and workstations. Also employing it does not require much degree of security expertise.

show abstract

Securing Programs via Modeling and Efficient Enforcement of Access Control Policies

Parsa

Damanafshan

2007

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.