Using Proven Reference Monitor Patterns for Security Evaluation

Heckman, Mark; Schell, Roger R.

doi:10.3390/info7020023

Cited by 7 publications

(3 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The research on information security is extensive, yet while most concepts regarding information security have been reviewed and discussed in the existing literature, some critical areas remain unaddressed [21]. For example, few studies examined information security awareness training [17].…”

Section: Information Security Awarenessmentioning

confidence: 99%

A Perspective on the Intersection of Information Security Policies and IA Awareness, Factoring in End-User Behavior

Muller¹

2020

Annals of Computer Science and Information Systems

View full text Add to dashboard Cite

In 2017 Executive Order 13800 was enacted for all federal entities to use the NIST Cybersecurity Framework to report on FISMA compliance. According to GAO-19-545 report sixteen agencies were identified as failing to successfully implement FISMA regulations rooted in information security policies (ISPs). This paper will introduce the link between information assurance awareness with the prescribed actions and its direct influence on information security policies. While organizations are conscious of the federal rules and regulations, most continue to fail to successfully implement and comply with the guidelines due to a sincere lack of information assurance and awareness, which ties directly into human behavior. A discussion on the intersection of information security awareness and behavior will be presented. The UTAUT theory measures and informs the researcher on factors that influence the end-user. Conclusively, recommendations will be offered on why organizations need to invest in a mechanism that measures these factors, which increases information awareness to change behavior, thus achieving better compliance with their organizational ISPs.

show abstract

Section: Information Security Awarenessmentioning

confidence: 99%

A Perspective on the Intersection of Information Security Policies and IA Awareness, Factoring in End-User Behavior

Muller¹

2020

Annals of Computer Science and Information Systems

View full text Add to dashboard Cite

show abstract

“…• In [202], three indices (completeness, isolation, and verifiability) are used as the engineering principles of security kernel. • [203] is related to security patterns of a grid system.…”

Section: Security Characteristicmentioning

confidence: 99%

Systematic Literature Review of Security Pattern Research

Washizaki¹,

Xia²,

Kamata³

et al. 2020

Preprint

View full text Add to dashboard Cite

Security patterns encompass security-related issues in secure software system development and operations that often appear in certain contexts. Since the late 1990s about 500 security patterns have been proposed. Although the technical components are well investigated, the direction, overall picture, and barriers to implementation are not. Here, a systematic literature review of 240 papers is used to devise a taxonomy for security pattern research. Our taxonomy and the survey results should improve communications among practitioners and researchers, standardize the terminology, and increase the effectiveness of security patterns.

show abstract

“…The paper by Heckman and Schell [6] leverages patterns to design systems that can be proven to be secure. As a basic pattern they use a Reference Monitor, the implementation of which is a multilevel model security kernel.…”

mentioning

confidence: 99%

Introduction to the Special Issue on Evaluating the Security of Complex Systems

Fernández

2016

Information

View full text Add to dashboard Cite

Recent security breaches show the need to secure large, distributed, complex systems. A fundamental, but little discussed aspect of security is how to evaluate when a complete system is secure. Purely formal methods cannot handle this level of complexity. Code checking does not consider the interaction of separate modules working together and is hard to scale. Model-based approaches, such as patterns and problem frames, can be effective for handling large systems. Their use in evaluating security appears promising. A few works in this direction exist, but there is a need for more ideas. This Special Issue focuses on global, model-based, architectural, and systems-oriented evaluation methods.

show abstract

Using Proven Reference Monitor Patterns for Security Evaluation

Cited by 7 publications

References 17 publications

A Perspective on the Intersection of Information Security Policies and IA Awareness, Factoring in End-User Behavior

A Perspective on the Intersection of Information Security Policies and IA Awareness, Factoring in End-User Behavior

Systematic Literature Review of Security Pattern Research

Introduction to the Special Issue on Evaluating the Security of Complex Systems

Contact Info

Product

Resources

About