Author: "Matt Bishop" / Topic: computer.software_genre - Searchworks@Jio Institute Digital Library Search Results

1. Addressing cyber security skills: the spectrum, not the silo

Author: Steven Furnell and Matt Bishop
Subjects: 021110 strategic, defence & security studies, General Computer Science, Cover (telecommunications), 0211 other engineering and technologies, 02 engineering and technology, Computer security, computer.software_genre, Work (electrical), 020204 information systems, Silo, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Natural (music), Business, Law, computer
Abstract: With cyber security gaining ever-greater recognition as a key concern in today's organisations, there is an accompanying appreciation that specialist skills are required to support it. However, this has created challenges for employers in recruiting the associated talent, not least because skilled staff are in short supply. With cyber security becoming a key concern in today's organisations, there is an accompanying appreciation that specialist skills are required to support it. As Steven Furnell of the University of Plymouth and Matt Bishop of the University of California at Davis explain, it is important to recognise the breadth of skills needed. The natural way to do this is to recruit talent with suitable qualifications, but for this to work we need to understand what they cover and whether they match what organisations need.
Published: 2020
Full Text: View/download PDF

2. Electronic Voting Technology Inspired Interactive Teaching and Learning Pedagogy and Curriculum Development for Cybersecurity Education

Author: Xukai Zou, Matt Bishop, and Ryan Hosler
Subjects: Electronic voting, Computer science, business.industry, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Access control, Computer security, computer.software_genre, Encryption, Authentication (law), Secrecy, Curriculum development, business, Protocol (object-oriented programming), Curriculum, computer
Abstract: Cybersecurity is becoming increasingly important to individuals and society alike. However, due to its theoretical and practical complexity, keeping students interested in the foundations of cybersecurity is a challenge. One way to excite such interest is to tie it to current events, for example elections. Elections are important to both individuals and society, and typically dominate much of the news before and during the election. We are developing a curriculum based on elections and, in particular, an electronic voting protocol. Basing the curriculum on an electronic voting framework allows one to teach critical cybersecurity concepts such as authentication, privacy, secrecy, access control, encryption, and the role of non-technical factors such as policies and laws in cybersecurity, which must include societal and human factors. Student-centered interactions and projects allow them to apply the concepts, thereby reinforcing their learning.
Published: 2021
Full Text: View/download PDF

3. Insider Attack Detection for Science DMZs Using System Performance Data

Author: Dipak Ghosal, Matt Bishop, Ross K. Gegan, and Brian Perry
Subjects: DBSCAN, DMZ, Computer science, 02 engineering and technology, Computer security, computer.software_genre, Insider, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Insider attack, 020201 artificial intelligence & image processing, Anomaly detection, Cluster analysis, computer, Data transmission, Network model
Abstract: The science DMZ is a specialized network model developed to guarantee secure and efficient transfer of data for large-scale distributed research. To enable a high level of performance, the Science DMZ includes dedicated data transfer nodes (DTNs). Protecting these DTNs is crucial to maintaining the overall security of the network and the data, and insider attacks are a major threat. Although some limited network intrusion detection systems (NIDS) are deployed to monitor DTNs, this alone is not sufficient to detect insider threats. Monitoring for abnormal system behavior, such as unusual sequences of system calls, is one way to detect insider threats. However, the relatively predictable behavior of the DTN suggests that we can also detect unusual activity through monitoring system performance, such as CPU and disk usage, along with network activity. In this paper, we introduce a potential insider attack scenario, and show how readily available system performance metrics can be employed to detect data tampering within DTNs, using DBSCAN clustering to actively monitor for unexpected behavior.
Published: 2020
Full Text: View/download PDF

4. Insider Attack Identification and Prevention in Collection-Oriented Dataflow-Based Processes

Author: Anandarup Sarkar, Bertram Ludäscher, Sven Köhler, and Matt Bishop
Subjects: Information privacy, Exploit, Computer Networks and Communications, business.industry, Dataflow, Computer science, 020207 software engineering, 02 engineering and technology, Directed acyclic graph, Machine learning, computer.software_genre, Electronic mail, Computer Science Applications, Data modeling, Attack model, Pre-play attack, Control and Systems Engineering, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Artificial intelligence, Electrical and Electronic Engineering, business, computer, Information Systems
Abstract: We introduce an approach of automatically identifying attacks by insider agents on dataflow-based processes having a collection-oriented data model and then improving the processes to prevent the attacks against them. Some process data, if used by some agents via steps at certain points of timeline, will lead to a privacy attack. A manual identification of these vulnerable data and rogue agents is quite tedious; thus, our approach automatically performs these identifications. We model a process and an attack based on a directed acyclic graph, with steps, reading and writing data, and controlled by agents. Then, we perform a declarative implementation to find out if this attack model can be mapped onto the process model based on some similarity criteria. If these criteria are met, we conclude that the attack model is “similar enough” to the process model to be successfully realized through it. Each possible way of mapping shows an avenue of attack on the process. Agent collusion scenarios are also identified. Finally, our approach automatically identifies process improvement opportunities and iteratively exploits them, thereby eliminating attack avenues.
Published: 2017
Full Text: View/download PDF

5. Introduction to the Minitrack on Inside the Insider Threats

Author: Jason Clark, Matt Bishop, and Candice Hoke
Subjects: Business, Computer security, computer.software_genre, computer, Insider
Published: 2019
Full Text: View/download PDF

6. Augmenting Machine Learning with Argumentation

Author: Karl Levitt, Carrie Gates, and Matt Bishop
Subjects: 021110 strategic, defence & security studies, Human intelligence, business.industry, Computer science, 0211 other engineering and technologies, Access control, 06 humanities and the arts, 02 engineering and technology, Information security, 0603 philosophy, ethics and religion, Machine learning, computer.software_genre, Disease control, Argumentation theory, Unexpected events, Leverage (negotiation), 060301 applied ethics, Artificial intelligence, business, computer, Problem space
Abstract: The information security community is haunted by the failure of an appropriate break-the-glass access control at the United States Center for Disease Control that led to an estimated additional 1.2 million deaths in North America in 2036. In this paper we review what caused the security failures in this system and argue that, by combining human intelligence with multiple technological approaches to create a system that emphasizes human approaches to guide analysis, the failures that occurred will not recur. We also leverage people and technologies to identify and fill gaps in the training data to minimize the threat of unexpected events. While we use this scenario as our running example, we note that our approach is generalizable to a broader problem space where machine learning approaches have been deployed to make decisions.
Published: 2018
Full Text: View/download PDF

7. Special Session

Author: Scott Buck, Diana L. Burley, Allen Parrish, Siddharth Kaza, David S. Gibson, Herb Mattord, and Matt Bishop
Subjects: Body of knowledge, ComputingMilieux_THECOMPUTINGPROFESSION, Computer science, Task force, ComputingMilieux_COMPUTERSANDEDUCATION, Joint (building), Session (computer science), Computer security, computer.software_genre, computer, Curriculum, Panel discussion
Abstract: In this special session, members of the Joint Task Force (JTF) on Cybersecurity Education will provide an overview of the CSEC2017 curricular guidelines (finalized in December 2017) and engage session participants in a discussion of the curricular framework and body of knowledge. The session will conclude with an interactive panel discussion on implementing the curricular guidance.
Published: 2018
Full Text: View/download PDF

8. A Praise for Defensive Programming: Leveraging Uncertainty for Effective Malware Mitigation

Author: Ruimin Sun, Nikolaos Sapountzis, Daniela Oliveira, Matt Bishop, Marcus Botacin, André Grégio, Donald E. Porter, Xiaolin Li, and Xiaoyong Yuan
Subjects: FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer science, business.industry, Defensive programming, media_common.quotation_subject, Software execution, Machine learning, computer.software_genre, Software, Software bug, Linux malware, Malware, Artificial intelligence, Electrical and Electronic Engineering, Praise, business, computer, Cryptography and Security (cs.CR), media_common
Abstract: A promising avenue for improving the effectiveness of behavioral-based malware detectors would be to combine fast traditional machine learning detectors with high-accuracy, but time-consuming deep learning models. The main idea would be to place software receiving borderline classifications by traditional machine learning methods in an environment where uncertainty is added, while software is analyzed by more time-consuming deep learning models. The goal of uncertainty would be to rate-limit actions of potential malware during the time consuming deep analysis. In this paper, we present a detailed description of the analysis and implementation of CHAMELEON, a framework for realizing this uncertain environment for Linux. CHAMELEON offers two environments for software: (i) standard - for any software identified as benign by conventional machine learning methods and (ii) uncertain - for software receiving borderline classifications when analyzed by these conventional machine learning methods. The uncertain environment adds obstacles to software execution through random perturbations applied probabilistically on selected system calls. We evaluated CHAMELEON with 113 applications and 100 malware samples for Linux. Our results showed that at threshold 10%, intrusive and non-intrusive strategies caused approximately 65% of malware to fail accomplishing their tasks, while approximately 30% of the analyzed benign software to meet with various levels of disruption. With a dynamic, per-system call threshold, CHAMELEON caused 92% of the malware to fail, and only 10% of the benign software to be disrupted. We also found that I/O-bound software was three times more affected by uncertainty than CPU-bound software. Further, we analyzed the logs of software crashed with non-intrusive strategies, and found that some crashes are due to the software bugs.
Published: 2018

9. A Design for a Collaborative Make-the-Flag Exercise

Author: Matt Bishop
Subjects: Computer science, Compromise, media_common.quotation_subject, Computer security, computer.software_genre, CONTEST, Know-how, computer, media_common, Flag (geometry)
Abstract: Many people know how to compromise existing systems, and capture-the-flag contests are increasing this number. There is a dearth of people who know how to design and build secure systems. A collaborative contest to build secure systems to meet specific goals—a “make-the-flag” exercise—could encourage more people to participate in cybersecurity exercises, and learn how to design and build secure systems. This paper presents a generic design for such an exercise. It explores the goals, organization, constraints, and rules. It also discusses preparations and how to run the exercise and evaluate the results. Several variations are also presented.
Published: 2018
Full Text: View/download PDF

10. A Model of Owner Controlled, Full-Provenance, Non-Persistent, High-Availability Information Sharing

Author: Sean Peisert, Ed Talbot, and Matt Bishop
Subjects: Provable security, business.industry, Computer science, Information sharing, 05 social sciences, Information Dissemination, Access control, 02 engineering and technology, Redaction, Computer security, computer.software_genre, Need to know, 020204 information systems, High availability, information sharing, 0202 electrical engineering, electronic engineering, information engineering, 0501 psychology and cognitive sciences, Confidentiality, fault tolerance, ORCON, provable security, business, computer, 050107 human factors
Abstract: © 2017 Copyright held by the owner/author(s). In this paper, we propose principles of information control and sharing that support ORCON (ORiginator COntrolled access control) models while simultaneously improving components of confidentiality, availability, and integrity needed to inherently support, when needed, responsibility to share policies, rapid information dissemination, data provenance, and data redaction. This new paradigm of providing unfettered and unimpeded access to information by authorized users, while at the same time, making access by unauthorized users impossible, contrasts with historical approaches to information sharing that have focused on need to know rather than need to (or responsibility to) share.
Published: 2017

11. The dose makes the poison — Leveraging uncertainty for effective malware detection

Author: Donald E. Porter, Ruimin Sun, André Grégio, Xiaoyong Yuan, Andrew R. Lee, Daniela Oliveira, Matt Bishop, and Xiaolin Li
Subjects: business.industry, Computer science, Deep learning, Software execution, 02 engineering and technology, Plan (drawing), Computer security, computer.software_genre, Information sensitivity, Software, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Malware, 020201 artificial intelligence & image processing, Artificial intelligence, Software engineering, business, computer
Abstract: Malware has become sophisticated and organizations don't have a Plan B when standard lines of defense fail. These failures have devastating consequences for organizations, such as sensitive information being exfiltrated. A promising avenue for improving the effectiveness of behavioral-based malware detectors is to combine fast (usually not highly accurate) traditional machine learning (ML) detectors with high-accuracy, but time-consuming, deep learning (DL) models. The main idea is to place software receiving borderline classifications by traditional ML methods in an environment where uncertainty is added, while software is analyzed by time-consuming DL models. The goal of uncertainty is to rate-limit actions of potential malware during deep analysis. In this paper, we describe Chameleon, a Linux-based framework that implements this uncertain environment. Chameleon offers two environments for its OS processes: standard — for software identified as benign by traditional ML detectors — and uncertain — for software that received borderline classifications analyzed by ML methods. The uncertain environment will bring obstacles to software execution through random perturbations applied probabilistically on selected system calls. We evaluated Chameleon with 113 applications from common benchmarks and 100 malware samples for Linux. Our results show that at threshold 10%, intrusive and non-intrusive strategies caused approximately 65% of malware to fail accomplishing their tasks, while approximately 30% of the analyzed benign software to meet with various levels of disruption (crashed or hampered). We also found that I/O-bound software was three times more affected by uncertainty than CPU-bound software.
Published: 2017
Full Text: View/download PDF

12. ACM Joint Task Force on Cybersecurity Education

Author: Elizabeth K. Hawthorne, Siddharth Kaza, David S. Gibson, Scott Buck, Matt Bishop, and Diana L. Burley
Subjects: ComputingMilieux_THECOMPUTINGPROFESSION, Computer science, Task force, Process (engineering), 05 social sciences, 050301 education, 02 engineering and technology, Computer security, computer.software_genre, 020204 information systems, ComputingMilieux_COMPUTERSANDEDUCATION, 0202 electrical engineering, electronic engineering, information engineering, Joint (building), Session (computer science), 0503 education, computer, Curriculum
Abstract: In this special session, members of the ACM Joint Task Force (JTF) on Cybersecurity Education will provide an overview of the task force mission, objectives, and release a draft of the curricular guidelines. After the overview, task force members will engage session participants in the curricular development process and solicit feedback on the draft guidelines.
Published: 2017
Full Text: View/download PDF

13. Internet- and cloud-of-things cybersecurity research challenges and advances

Author: Kara Nance, William Bradley Glisson, Matt Bishop, and Kim-Kwang Raymond Choo
Subjects: General Computer Science, Computer science, business.industry, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Cloud of things, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, The Internet, business, Law, computer
Published: 2018
Full Text: View/download PDF

14. Multiclass classification of distributed memory parallel computations

Author: Matt Bishop, Sean Whalen, and Sean Peisert
Subjects: Self-organizing map, Theoretical computer science, Computer science, Cloud computing, Machine learning, computer.software_genre, Field (computer science), Multiclass classification, Engineering, Artificial Intelligence, Communication patterns, Physical Sciences and Mathematics, Self-organizing maps, business.industry, Message passing, Random forests, Supercomputer, Bayesian networks, Signal Processing, Distributed memory, High performance computing, Computer Vision and Pattern Recognition, Artificial intelligence, business, computer, Software
Abstract: High Performance Computing (HPC) is a field concerned with solving large-scale problems in science and engineering. However, the computational infrastructure of HPC systems can also be misused as demonstrated by the recent commoditization of cloud computing resources on the black market. As a first step towards addressing this, we introduce a machine learning approach for classifying distributed parallel computations based on communication patterns between compute nodes. We first provide relevant background on message passing and computational equivalence classes called dwarfs and describe our exploratory data analysis using self organizing maps. We then present our classification results across 29 scientific codes using Bayesian networks and compare their performance against Random Forest classifiers. These models, trained with hundreds of gigabytes of communication logs collected at Lawrence Berkeley National Laboratory, perform well without any a priori information and address several shortcomings of previous approaches.
Published: 2013
Full Text: View/download PDF

15. Agile Research for Cybersecurity: Creating Authoritative, Actionable Knowledge When Speed Matters

Author: Matt Bishop, Richard C. Linger, Luanne Goldrich, and Melissa Dark
Subjects: Government, Agile usability engineering, Scope (project management), Computer science, business.industry, Agile Unified Process, Computer security, computer.software_genre, Information system, Organizational structure, Applied research, business, computer, Agile software development
Abstract: Securing information systems from attack and com-promise is a problem of massive scope and global scale. Traditional, long-term research provides a deep understanding of the foundations for protecting systems, networks, and infrastructures. But sponsors often need applied research that will create results for immediate application to unforeseen cybersecurity events. The Agile Research process is a new approach to provide this type of rapid, authoritative, applied research. It is designed to be fast, transparent, and iterative, with each iteration producing results that can be applied quickly. The idea is to engage subject-matter experts fast enough to make a difference. Agile Research requires new levels of collaboration and performance, plus adaptive organizational structures that support this new way of working. In addition to its application in Government, Agile Research is being employed in academic settings, and is influencing how research requirements and researchers are identified and matched, and research traineeship.
Published: 2017
Full Text: View/download PDF

16. LeakSemantic: Identifying Abnormal Sensitive Network Transmissions in Mobile Applications

Author: Zizhan Zheng, Somdutta Bose, Matt Bishop, Hao Fu, and Prasant Mohapatra
Subjects: FOS: Computer and information sciences, Computer Science - Cryptography and Security, business.industry, Computer science, 020207 software engineering, 02 engineering and technology, Static analysis, Computer security, computer.software_genre, Taint checking, Transmission (telecommunications), Component (UML), 0202 electrical engineering, electronic engineering, information engineering, False positive paradox, 020201 artificial intelligence & image processing, Mobile telephony, business, computer, Cryptography and Security (cs.CR), Computer network
Abstract: Mobile applications (apps) often transmit sensitive data through network with various intentions. Some transmissions are needed to fulfill the app's functionalities. However, transmissions with malicious receivers may lead to privacy leakage and tend to behave stealthily to evade detection. The problem is twofold: how does one unveil sensitive transmissions in mobile apps, and given a sensitive transmission, how does one determine if it is legitimate? In this paper, we propose LeakSemantic, a framework that can automatically locate abnormal sensitive network transmissions from mobile apps. LeakSemantic consists of a hybrid program analysis component and a machine learning component. Our program analysis component combines static analysis and dynamic analysis to precisely identify sensitive transmissions. Compared to existing taint analysis approaches, LeakSemantic achieves better accuracy with fewer false positives and is able to collect runtime data such as network traffic for each transmission. Based on features derived from the runtime data, machine learning classifiers are built to further differentiate between the legal and illegal disclosures. Experiments show that LeakSemantic achieves 91% accuracy on 2279 sensitive connections from 1404 apps.
Published: 2017
Full Text: View/download PDF

17. Introduction to Deception, Digital Forensics, and Malware Minitrack

Author: Matt Bishop and Kara Nance
Subjects: business.industry, Computer science, media_common.quotation_subject, Internet privacy, Digital forensics, Malware, Deception, business, Computer security, computer.software_genre, computer, media_common
Published: 2017
Full Text: View/download PDF

18. Information Security Education for a Global Digital Society

Author: Lynn Futcher, Natalia Miloslavskaya, Matt Bishop, and Marianthi Theocharidou
Subjects: Digital society, Cloud computing security, business.industry, Political science, Security convergence, Information security, Public relations, business, Computer security, computer.software_genre, computer
Published: 2017
Full Text: View/download PDF

19. Bear: A Framework for Understanding Application Sensitivity to OS (Mis) Behavior

Author: Aokun Chen, Donald E. Porter, Ruimin Sun, Daniela Oliveira, Andrew R. Lee, and Matt Bishop
Subjects: Computer science, business.industry, 020206 networking & telecommunications, Workload, 02 engineering and technology, computer.software_genre, Software, Software bug, Software deployment, System call, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Operating system, Statistical analysis, business, computer
Abstract: Applications are generally written assuming a predictable and well-behaved OS. In practice, they experience unpredictable misbehavior at the OS level and across OSes: different OSes can handle network events differently, APIs can behave differently across OSes, and OSes may be compromised or buggy. This unpredictability is challenging because its sources typically manifest during deployment and are hard to reproduce. This paper introduces Bear, a framework for statistical analysis of application sensitivity to OS unpredictability that can help developers build more resilient software, discover challenging bugs and identify the scenarios that most need validation. Bear analyzes a program with a set of perturbation strategies on a set of commonly used system calls in order to discover the most sensitive system calls for each application, the most impactful strategies, and how they predict abnormal program outcome. We evaluated Bear with 113 CPU and IO-bound programs, and our results show that null memory dereferencing and erroneous buffer operations are the most impactful strategies for predicting abnormal program execution and that their impacts increase ten-fold with workload increase (e.g. number of network requests from 10 to 1000). Generic system calls are more sensitive than specialized system calls—for example, write and sendto can both be used to send data through a socket, but the sensitivity of write is twice that of sendto. System calls with an array parameter (e.g. read) are more sensitive to perturbations than those having a struct parameter with a buffer (e.g readv). Moreover, the fewer parameters a system call has, the more sensitive it is.
Published: 2016
Full Text: View/download PDF

20. I'm not sure if we're okay

Author: Richard Ford, Mark E. Fioravanti, and Matt Bishop
Subjects: 0301 basic medicine, Computer science, As is, media_common.quotation_subject, 030106 microbiology, Context (language use), Space (commercial competition), Certainty, Computer security, computer.software_genre, System protection, 03 medical and health sciences, Ask price, Malware, Enhanced Data Rates for GSM Evolution, computer, media_common
Abstract: Asymmetry and uncertainty have been written about at length in the context of computer security. Indeed, many cutting edge defensive techniques provide system protection by relying on attacker uncertainty about certain aspects of the system. However, with these defensive countermeasures, typically the defender has the ability to derive full knowledge of the system (as is the case in, for example, Instruction Set Randomization), but the attacker has limited knowledge.In this paper, we concern ourselves with the case in which neither the attacker nor the defender have perfect knowledge of the system, but where the level of uncertainty tolerable to both parties is different. In particular, we explore scenarios where the attacker's need for certainty is lower than that of the defender, and ask if non-determinism can be used as a weapon. We provide an example in the malware arena, demonstrating the use of quorum sensing as a potential application of this technique. We argue that this idea of mutual uncertainty is a new paradigm which opens the way to novel solutions in the space.
Published: 2016
Full Text: View/download PDF

21. Is Anybody Home? Inferring Activity From Smart Home Network Traffic

Author: Bogdan Copos, Matt Bishop, Jeff Rowe, and Karl Levitt
Subjects: Traffic analysis, business.industry, Computer science, Covert channel, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Thermostat, law.invention, Carbon dioxide sensor, Information sensitivity, Traffic classification, Home automation, law, Server, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Internet of Things, business, computer, Personally identifiable information, Computer network
Abstract: As smart home devices are introduced into our homes, security and privacy concerns are being raised. Smart home devices collect, exchange, and transmit various data about the environment of our homes. This data can not only be used to characterize a physical property but also to infer personal information about the inhabitants. One potential attack vector for smart home devices is the use of traffic classification as a source for covert channel attacks. Specifically, we are concerned with the use of traffic classification techniques for inferring events taking place within a building. In this work, we study two of the most popular smart home devices, the Nest Thermostat and the wired Nest Protect (i.e. smoke and carbon dioxide detector) and show that traffic analysis can be used to learn potentially sensitive information about the state of a smart home. Among other observations, we show that we can determine, with 88% and 67% accuracy respectively, when the thermostat transitions between the Home and Auto Away mode and vice versa, based only on network traffic originating from the device. This information may be used, for example, by an attacker to infer whether the home is occupied.
Published: 2016
Full Text: View/download PDF

22. Special Session

Author: Siddharth Kaza, Diana L. Burley, Elizabeth K. Hawthorne, Matt Bishop, Lynn Futcher, and Scott Buck
Subjects: Engineering management, Multimedia, Process (engineering), Computer science, Task force, ComputingMilieux_COMPUTERSANDEDUCATION, Joint (building), Session (computer science), computer.software_genre, Curriculum, computer
Abstract: In this special session, members of the ACM Joint Task Force on Cyber Education to Develop Undergraduate Curricular Guidance will provide an overview of the task force mission, objectives, and work plan. After the overview, task force members will engage session participants in the curricular development process.
Published: 2016
Full Text: View/download PDF

23. A Taxonomy of Buffer Overflow Characteristics

Author: Damien Howard, Sean Whalen, Sophie Engle, and Matt Bishop
Subjects: Web server, business.industry, Computer science, Distributed computing, Process (computing), computer.software_genre, Boundary (real estate), Electronic mail, Software, Taxonomy (general), State (computer science), Electrical and Electronic Engineering, business, computer, Buffer overflow
Abstract: Significant work on vulnerabilities focuses on buffer overflows, in which data exceeding the bounds of an array is loaded into the array. The loading continues past the array boundary, causing variables and state information located adjacent to the array to change. As the process is not programmed to check for these additional changes, the process acts incorrectly. The incorrect action often places the system in a nonsecure state. This work develops a taxonomy of buffer overflow vulnerabilities based upon characteristics, or preconditions that must hold for an exploitable buffer overflow to exist. We analyze several software and hardware countermeasures to validate the approach. We then discuss alternate approaches to ameliorating this vulnerability.
Published: 2012
Full Text: View/download PDF

24. Are Patched Machines Really Fixed?

Author: Matt Bishop, Tadayoshi Kohno, and R.W. Gardner
Subjects: Ubiquitous computing, Computer Networks and Communications, Computer science, Electronic voting, business.industry, Vulnerability, Cryptography, Software maintenance, Computer security, computer.software_genre, Security testing, Server, Security through obscurity, Smart card, Electrical and Electronic Engineering, business, Law, computer, Vulnerability (computing)
Abstract: Updating and patching has become a ubiquitous part of software maintenance, with particular importance to security. It's especially crucial when the systems in question perform vital functions and security compromises might yield drastic consequences. Unfortunately, updates intended to remediate security problems are sometimes incomplete, are flawed, or introduce new vulnerability themselves. The authors present several examples of such instances in a widely used electronic voting system, a device for which security is critical. A central lesson of the study is that evaluating a system's security by examining changes between revisions is insufficient; you must evaluate and analyze the system as a whole.
Published: 2009
Full Text: View/download PDF

25. Live Analysis: Progress and Challenges

Author: Brian Hay, Kara Nance, and Matt Bishop
Subjects: Live analysis, Focus (computing), Computer Networks and Communications, business.industry, Computer science, Digital forensics, Cryptography, computer.software_genre, Data science, World Wide Web, Forensic science, Virtual machine, Electrical and Electronic Engineering, business, Law, computer
Abstract: As computer technologies become increasingly ubiquitous, so must supporting digital forensics tools and techniques for efficiently and effectively analyzing associated systems' behavior. Live analysis is a logical and challenging step forward in this area and a method that has recently received increased R&D focus. This article describes some live analysis approaches as well as tools and techniques for live analysis on real and virtual machines. The discussion includes research challenges and open problems.
Published: 2009
Full Text: View/download PDF

26. Virtual Machine Introspection: Observation or Interference?

Author: Matt Bishop, Kara Nance, and Brian Hay
Subjects: Software_OPERATINGSYSTEMS, Computer Networks and Communications, business.industry, Hardware virtualization, Full virtualization, Computer science, Temporal isolation among virtual machines, System monitoring, computer.software_genre, Virtualization, Virtual machine introspection, Virtual machine, Key (cryptography), Operating system, Electrical and Electronic Engineering, Software engineering, business, Law, computer
Abstract: As virtualization becomes increasingly mainstream, virtual machine introspection techniques and tools are evolving to monitor VM behavior. A survey of existing approaches highlights key requirements, which are addressed by a new tool suite for the Xen VM monitoring system.
Published: 2008
Full Text: View/download PDF

27. Computer forensics in forensis

Author: Sean Peisert, Keith Marzullo, and Matt Bishop
Subjects: Computer errors, Computer science, Digital forensics, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Computer forensics, Audit, Computer security, computer.software_genre, Data science, Terminology, Scientific method, General Earth and Planetary Sciences, Suspect, computer, General Environmental Science
Abstract: Different users apply computer forensic systems, models, and terminology in very different ways. They often make incompatible assumptions and reach different conclusions about the validity and accuracy of the methods they use to log, audit, and present forensic data. This is problematic, because these fields are related, and results from one can be meaningful to the others. We present several forensic systems and discuss situations in which they produce valid and accurate conclusions and also situations in which their accuracy is suspect. We also present forensic models and discuss areas in which they are useful and areas in which they could be augmented. Finally, we present some recommendations about how computer scientists, forensic practitioners, lawyers, and judges could build more complete models of forensics that take into account appropriate legal details and lead to scientifically valid forensic analysis.
Published: 2008
Full Text: View/download PDF

28. Introduction to the Inside the Insider Threat Minitrack

Author: William Claycomb, Matt Bishop, and Kara Nance
Subjects: Government, Computer science, Software security assurance, Insider threat, Intrusion detection system, Computer security, computer.software_genre, computer
Published: 2016
Full Text: View/download PDF

29. About Penetration Testing

Author: Matt Bishop
Subjects: Computer Networks and Communications, Computer science, Interpretation (philosophy), White hat, Computer security, computer.software_genre, Penetration test, Certified Ethical Hacker, Order (exchange), Penetration (warfare), Electrical and Electronic Engineering, Law, computer, Hacker
Abstract: Students generally learn red teaming, sometimes called penetration testing or ethical hacking, as "breaking into your own system to see how hard it is to do so". Contrary to this simplistic view, a penetration test requires a detailed analysis of the threats and potential attackers in order to be most valuable. Using the results of penetration testing requires proper interpretation. Neither testers nor sponsors should assert that the penetration test has found all possible flaws, or that the failure to find flaws means that the system is secure. All types of testing can show only the presence of flaws and never the absence of them. The best that testers can say is that the specific flaws they looked for and failed to find aren't present: this can give some idea of the overall security of the system's design and implementation.
Published: 2007
Full Text: View/download PDF

30. Fixing federal e-voting standards

Author: Mark Gondree, Matt Bishop, and Earl T. Barr
Subjects: World Wide Web, General Computer Science, Process (engineering), Computer science, Voting, media_common.quotation_subject, Threat model, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Computer security, computer.software_genre, computer, media_common
Abstract: Without a threat model and a system model, voting standards cannot ensure the integrity or accuracy of the voting process.
Published: 2007
Full Text: View/download PDF

31. Achieving Learning Objectives through E-Voting Case Studies

Author: Deborah A. Frincke and Matt Bishop
Subjects: Information privacy, Knowledge management, Computer Networks and Communications, Electronic voting, Computer science, business.industry, media_common.quotation_subject, Usability, Computer security, computer.software_genre, Security policy, Voting, Threat model, Confidentiality, Information flow (information theory), Electrical and Electronic Engineering, business, Law, computer, media_common
Abstract: The rapidly increasing use of electronic voting machines in US elections provides a wonderful opportunity to teach students about computer security. In this article, we present an informal e-voting case study to achieve five learning outcomes for students in a typical college (or even high school) classroom. Our intent is to motivate a set of lessons specifically involving e-voting, as well as illustrate the usefulness of mapping outcomes to simplified case studies: (i) understanding how to write a "security specification", (ii) learning about different forms of security policies, (iii) understanding confidentiality, privacy, and information flow, (iv) recognizing the importance of considering usability from a security perspective, and (v) identifying assurances role in establishing confidence in results
Published: 2007
Full Text: View/download PDF

32. Traducement

Author: Tom Walcott and Matt Bishop
Subjects: General Computer Science, business.industry, Computer science, Internet privacy, Information security, Computer security model, Asset (computer security), Computer security, computer.software_genre, Security information and event management, Security testing, Security service, Security through obscurity, Safety, Risk, Reliability and Quality, business, computer, Countermeasure (computer)
Abstract: Security models generally incorporate elements of both confidentiality and integrity. We examine a case where confidentiality is irrelevant to the process being modeled. In this case, integrity includes not only the authentication of origin and the lack of unauthorized changes to a document, but also the acceptance of all parties that the document is complete, signed by all parties, and cannot be modified further. This is especially critical when the document is recorded, so that it is legally the agreement or statement of record, and any copies of the document have no legal force. We show that current security models do not capture the details of this process. We then present a new security model for this process. This model captures the recordation process, and augments, rather than supplants, existing models. Hence it can also be used with existing security models to describe other situations.
Published: 2004
Full Text: View/download PDF

33. Cyber defense technology networking and evaluation

Author: Russ Mundy, Anthony D. Joseph, D. Sterne, Ron Ostrenga, Terry Benzel, Catherine Rosenberg, Karl N. Levitt, J. D. Tygar, Wes Hardaker, Clifford Neuman, George Kesidis, Sally Floyd, Carla E. Brodley, Peng Liu, S. F. Wu, Matt Bishop, B. Lindell, Sonia Fahmy, S. Shankar Sastry, P. Porras, David J. Miller, Ruzena Bajcsy, Vern Paxson, and B. Braden
Subjects: General Computer Science, Cyber defense, Computer science, business.industry, Information security, Computer security, computer.software_genre, Telecommunications, business, computer
Abstract: Creating an experimental infrastructure for developing next-generation information security technologies.
Published: 2004
Full Text: View/download PDF

34. The Strategy and Tactics of Information Warfare

Author: Emily O. Goldman and Matt Bishop
Subjects: Engineering, Information Age, business.industry, Information technology, ComputerApplications_COMPUTERSINOTHERSYSTEMS, Lower order, Chinese Information Operations and Information Warfare, Adversary, Computer security, computer.software_genre, Information warfare, Politics, Order (exchange), Political Science and International Relations, business, computer
Abstract: What makes warfare in the information age a departure from the past is that information as warfare has become as important as information in warfare. Information is no longer just a means to boost the effectiveness of lethal technologies, but opens up the possibility of non-lethal attacks that can incapacitate, defeat, deter or coerce an adversary. The information age has also expanded the domains of IW – on the battlefield, in the marketplace, and against the infrastructure of modern society – and its purveyors –individuals and private groups in addition to national militaries. Yet despite these differences, the logic of warfare remains the same – sequencing and coordinating attacks to achieve lower order technical or ‘cyber’ goals, which are part of a broader campaign to achieve higher order political, material and/or symbolic goals. Moreover, despite the leveling affect of information technology, states and state-sponsored groups will retain certain advantages in waging information warfare because a ca...
Published: 2003
Full Text: View/download PDF

35. Realism in Teaching Cybersecurity Research: The Agile Research Process

Author: Luanne Goldrich, Richard Linger, Matt Bishop, and Melissa Dark
Subjects: Value (ethics), Government, Engineering, business.industry, Research process, Computer security, computer.software_genre, Order (exchange), Information system, Applied research, business, computer, Realism, Agile software development
Abstract: As global threats to information systems continue to increase, the value of effective cybersecurity research has never been greater. There is a pressing need to educate future researchers about the research process itself, which is increasingly unpredictable, multi-disciplinary, multi-organizational, and team-oriented. In addition, there is a growing demand for cybersecurity research that can produce fast, authoritative, and actionable results. In short, speed matters. Organizations conducting cyber defense can benefit from the knowledge and experience of the best minds in order to make effective decisions in difficult and fast moving situations. The Agile Research process is a new approach to provide such rapid, authoritative, applied research. It is designed to be fast, transparent, and iterative, with each iteration producing results that can be applied quickly. Purdue University is employing Agile Research as a teaching vehicle in an innovative, multi-university graduate program with government sponsor participation, as described in this paper. Because it simulates real-world operations and processes, this program is equipping students to become effective contributors to cybersecurity research.
Published: 2015
Full Text: View/download PDF

36. Trends in academic research: vulnerabilities analysis and intrusion detection

Author: Matt Bishop
Subjects: General Computer Science, Computer science, Intrusion detection system, Computer security, computer.software_genre, Law, computer
Published: 2002
Full Text: View/download PDF

37. Teaching Security Stealthily

Author: Matt Bishop
Subjects: Focus (computing), Computer Networks and Communications, Network security, business.industry, Computer science, Information assurance, Computer security, computer.software_genre, Software, ComputingMilieux_COMPUTERSANDEDUCATION, Mathematics education, State (computer science), Electrical and Electronic Engineering, business, Law, computer
Abstract: Many people and institutions are considering how to make students who aren't taking computer security classes aware of the issues and make them think about how to improve the state of software and systems. Here four exercises are presented: one from a class introducing non-majors to computers and programming, and three from a beginning programming class for majors. The focus is on introductory classes because they form the basis for students' computing experiences. Introducing concepts of in formation assurance and computer security early makes the students more aware of these issues.
Published: 2011
Full Text: View/download PDF

38. Insider Attack Identification and Prevention Using a Declarative Approach

Author: Sean Riddle, Matt Bishop, Sven Köhler, Anandarup Sarkar, and Bertram Ludaescher
Subjects: Exploit, business.industry, Computer science, Vulnerability, Machine learning, computer.software_genre, Data modeling, Attack model, Vulnerability assessment, Insider attack, Artificial intelligence, Data mining, business, computer
Abstract: A process is a collection of steps, carried out using data, by either human or automated agents, to achieve a specific goal. The agents in our process are insiders, they have access to different data and annotations on data moving in between the process steps. At various points in a process, they can carry out attacks on privacy and security of the process through their interactions with different data and annotations, via the steps which they control. These attacks are sometimes difficult to identify as the rogue steps are hidden among the majority of the usual non-malicious steps of the process. We define process models and attack models as data flow based directed graphs. An attack A is successful on a process P if there is a mapping relation from A to P that satisfies a number of conditions. These conditions encode the idea that an attack model needs to have a corresponding similarity match in the process model to be successful. We propose a declarative approach to vulnerability analysis. We encode the match conditions using a set of logic rules that define what a valid attack is. Then we implement an approach to generate all possible ways in which agents can carry out a valid attack A on a process P, thus informing the process modeler of vulnerabilities in P. The agents, in addition to acting by themselves, can also collude to carry out an attack. Once A is found to be successful against P, we automatically identify improvement opportunities in P and exploit them, eliminating ways in which A can be carried out against it. The identification uses information about which steps in P are most heavily attacked, and try to find improvement opportunities in them first, before moving onto the lesser attacked ones. We then evaluate the improved P to check if our improvement is successful. This cycle of process improvement and evaluation iterates until A is completely thwarted in all possible ways.
Published: 2014
Full Text: View/download PDF

39. A Clinic for 'Secure' Programming

Author: Matt Bishop
Subjects: Web server, Computer Networks and Communications, business.industry, Computer science, media_common.quotation_subject, Software development, computer.software_genre, Computer security, Programming style, Engineering, Software, Technical communication, Electrical and Electronic Engineering, Grading (education), business, Law, computer, media_common
Abstract: In this paper, the author mentions that despite the reliance on software in everything from televisions and cars to medical equipment, it often doesn't work correctly. Everyone has had problems with software like text editors that freeze, answering machines that won't answer. Others are far more serious, such as the program on a satellite that contains an error, causing the loss of expensive equipment, or Web servers that have bugs enabling an attacker to break in and steal personal data. In the case of medical equipment, poor software could cost lives. To develop a better software, one way is to make good programming as much a part of learning computer science as good writing is a part of studying English and law. To test this idea, a secure-programming clinic was developed. Principles of robust programming are widely taught in beginning and advanced programming courses. They're a large part of good programming style and require the realization that things can go wrong. A user might enter a string when the program expects an integer. A function that opens a file might fail. The program must check for these possibilities and handle them correctly. Grading in these programming courses takes such practices into account. But all too often in advanced computer science courses, students don't follow these practices.
Published: 2010
Full Text: View/download PDF

40. Supporting reconfigurable security policies for mobile programs

Author: Raju Pandey, B. Hashii, Matt Bishop, and S. Malabarba
Subjects: Computer Networks and Communications, Computer science, Covert channel, Access control, Conditional access, Security policy, Asset (computer security), Computer security, computer.software_genre, Security testing, Security information and event management, Logical security, Security engineering, Distributed System Security Architecture, Application security, Cloud computing security, business.industry, Information security, Computer security model, Security service, Information security standards, Software security assurance, Network Access Control, Security through obscurity, Security convergence, Network security policy, business, computer
Abstract: Programming models that support code migration have gained prominence, mainly due to a widespread shift from stand-alone to distributed applications. Although appealing in terms of system design and extensibility, mobile programs are a security risk and require strong access control. Further, the mobile code environment is fluid, i.e. the programs and resources located on a host may change rapidly, necessitating an extensible security model. In this paper, we present the design and implementation of a security infrastructure. The model is built around an event=response mechanism, in which a response is executed when a security-related event occurs. We support a fine-grained, conditional access control language, and enforce policies by instrumenting the bytecode of protected classes. This method enhances efficiency and promotes separation of concerns between security policy and program specification. This infrastructure also allows security policies to change at runtime, adapting to varying system state, intrusion, and other events. © 2000 Published by Elsevier Science B.V. All rights reserved.
Published: 2000
Full Text: View/download PDF

41. Who owns your computer? [digital rights management

Author: Deborah A. Frincke and Matt Bishop
Subjects: Digital rights management, Intellectual property rights protection, Computer Networks and Communications, business.industry, Computer science, Internet privacy, Control (management), Rootkit, Data security, Intellectual property, Computer security, computer.software_genre, Key (cryptography), Electrical and Electronic Engineering, business, Law, computer
Abstract: Sony's much-debated choice to use rootkit-like technology to protect intellectual property highlights the increasingly blurry line between who can, should, or does control interactions among computational devices, algorithms embodied in software, and data upon which they act. With respect to policy and defense, two key questions emerge: When systems or computational elements are combined, whose policy and expectation dominates? What sorts of defenses are appropriate, and in which situations? The challenge to educators is to provide the experiences, and seek the understanding, that let others make better choices when such conflicts arise in the future
Published: 2006
Full Text: View/download PDF

42. Teaching Secure Programming

Author: Matt Bishop and Deborah A. Frincke
Subjects: Multimedia, Computer Networks and Communications, business.industry, Computer science, Software development, Computer security model, computer.software_genre, Computer network programming, Software, Software security assurance, Code (cryptography), Electrical and Electronic Engineering, business, Software engineering, Law, computer, Software assurance
Abstract: Computer users, managers, and developers agree that we need software and systems that are "more secure". Such efforts require support from both the education and training communities to improve software assurance -particularly in writing secure code.
Published: 2005
Full Text: View/download PDF

43. A Human Endeavor: Lessons from Shakespeare and Beyond

Author: Matt Bishop and Deborah A. Frincke
Subjects: Core (game theory), Computer Networks and Communications, Computer science, ComputingMilieux_COMPUTERSANDEDUCATION, General education, Engineering ethics, Electrical and Electronic Engineering, Computer security, computer.software_genre, Law, computer
Abstract: Nontechnical classes have much to offer today's security students. In addition to satisfying most colleges' general education requirements, such classes provide core background material that explains aspects of computer security that most technical courses overlook. In this article, we highlight important noncomputer disciplines that modern undergraduate or graduate technology students' education often neglects.
Published: 2005
Full Text: View/download PDF

44. Antimalware Software: Do We Measure Resilience?

Author: Matt Bishop, Richard Ford, Marco Carvalho, and Liam M. Mayron
Subjects: business.industry, Computer science, Software development, Survivability, Computer security, computer.software_genre, Software metric, Software analytics, Engineering, Software security assurance, Software construction, Resilience (network), business, computer
Abstract: There is great interest in the topic of resilient cyber systems, especially with respect to attacks by malicious software. The challenges of measuring the actual resilience of a system and the ambiguity of the term “resilience” itself cloud much of the accompanying research. In this paper, we examine some of the lessons learned in defining resilience metrics. We argue that such metrics are highly contextual and that a general, quantitative set of metrics for resilience of cyber systems is impractical. Instead, a set of considerations and guidelines for building metrics that are helpful for a particular system are provided. We then consider these metrics in the light of current anti-malware software tests and argue that testing efforts have been primarily directed toward robust systems, not resilient ones. As such, current anti-malware tests tend to push the market toward existing solutions geared toward prevention rather than mitigation and survivability.
Published: 2013

45. Information behaving badly

Author: Matt Bishop, Julie Boxwell Ard, Carrie Gates, and Michael Xin Sun
Subjects: Information behavior, Workflow, Flow (mathematics), Action (philosophy), Computer science, Insider threat, Leakage (economics), Computer security, computer.software_genre, computer
Abstract: Traditionally, insider threat detection has focused on observing human actors -- or, more precisely, computer accounts and processes acting on behalf of those actors -- to model their "normal" behavior, then determine if they have performed some anomalous action and, further, if that action is malicious. In this paper, we shift the paradigm from observing human behavior to observing information behavior by modeling how documents flow through an organization. We hypothesize that similar types of documents will exhibit similar workflows, and that a document deviating from its expected workflow indicates potential data leakage.
Published: 2013
Full Text: View/download PDF

46. Forgive and forget

Author: Steven L. Greenspan, Emily Rine Butler, Matt Bishop, Kevin R. B. Butler, and Carrie Gates
Subjects: Forgiveness, Forgetting, business.industry, Computer science, media_common.quotation_subject, Internet privacy, Social pressure, Cryptography, Access control, Computer security, computer.software_genre, Fresh Start, The Internet, business, computer, media_common
Abstract: Traditionally, if someone did some act that required forgiveness, there were social norms in place for such forgiveness to happen. Over time, the act is also typically forgotten. And, should the person not be forgiven and the social pressure become too great, he had the option of moving to a new location for a fresh start. Yet with the Internet, these options are no longer available. Worse, activities which traditionally did not even require forgiveness are now impacting lives in unexpected ways, and are never forgotten. There are, however, technical approaches that could be applied to the problem, such as (1) controlling dissemination through new access control models or cryptographic approaches, (2) flooding the web with contrary information, (3) leading users to believe the information applies to someone else, (4) changing the semantics of what was written, and (5) finding a way to take advantage of the inconvenient information. In this paper we discuss the social act of forgiveness, and go into detail on the possible technical approaches to "forgetting" without deleting.
Published: 2013
Full Text: View/download PDF

47. Virtual Penetration Testing: A Joint Education Exercise across Geographic Borders

Author: Helen Armstrong, Colin J. Armstrong, Matt Bishop, Curtin University [Perth], Planning and Transport Research Centre (PATREC), University of California [Davis] (UC Davis), University of California, Ronald C. Dodge, Lynn Futcher, TC 11, and WG 11.8
Subjects: Medical education, Computer science, 05 social sciences, Penetration testing, 050301 education, vulnerability testing, 02 engineering and technology, Computer security, computer.software_genre, Vulnerability assessment, 020204 information systems, Security education, Penetration (warfare), 0202 electrical engineering, electronic engineering, information engineering, Information system, ComputingMilieux_COMPUTERSANDEDUCATION, Joint (building), [INFO]Computer Science [cs], Business case, security education, 0503 education, computer
Abstract: Part 1: WISE 8; International audience; This paper describes an exercise that combines the business case for penetration testing with the application of the testing and subsequent management reporting. The exercise was designed for students enrolled in information systems and computer science courses to present a more holistic understanding of network and system security within an organization. This paper explains the objectives and structure of the exercise and its planned execution by two groups of students, the first group being information systems students in Australia and the second group comprising students enrolled in a computer security course in the United States.
Published: 2013
Full Text: View/download PDF

48. Introducing secure coding in CS0 and CS1 (abstract only)

Author: Elizabeth K. Hawthorne, Siddharth Kaza, Matt Bishop, Diana L. Burley, and Blair Taylor
Subjects: Syllabus, Multimedia, Computer science, ComputingMilieux_COMPUTERSANDEDUCATION, Attendance, Computer security, computer.software_genre, Information assurance, computer, Curriculum, Secure coding
Abstract: The CS 2013 curriculum includes Information Assurance and Security as a pervasive knowledge area. However, introducing security in lower level courses is challenging because of lack of appropriate teaching resources and training. This workshop will provide a well-tested strategy for introducing secure coding concepts in CS0, CS1, and CS2. We will introduce attendees to secure coding through hands-on exercises, and provide self-contained, lab-based modules designed to be injected into CS0-CS2 with minimal impact on the course (www.towson.edu/securityinjections). Participants will be encouraged to bring in their own syllabus and labs to modify to include secure coding concepts. The first 15 participants will be reimbursed for the workshop cost on attendance. Laptop recommended.
Published: 2013
Full Text: View/download PDF

49. Conspiracy and information flow in the Take-Grant Protection Model

Author: Matt Bishop
Subjects: Computer Networks and Communications, business.industry, Computer science, Access control, Context (language use), Computer security, computer.software_genre, Set (abstract data type), Flow (mathematics), Hardware and Architecture, Information flow (information theory), Safety, Risk, Reliability and Quality, business, Theoretic model, computer, Software
Abstract: The Take Grant Protection Model is a theoretic model of access control that captures the notion of information flow throughout the modelled system. This paper analyzes the problem of sharing information in the context of paths along which information can flow, and presents the number of actors necessary and sufficient to share information, in this model. The results are applied to information flow in a network to reduce the size of the set of actors who could have participated in the theft.
Published: 1996
Full Text: View/download PDF

50. Joining the security education community

Author: Deborah A. Frincke and Matt Bishop
Subjects: Critical security studies, Information privacy, Computer Networks and Communications, business.industry, Computer science, Internet privacy, Data security, Computer security, computer.software_genre, Security education, ComputingMilieux_COMPUTERSANDEDUCATION, Curriculum development, Electrical and Electronic Engineering, business, Law, computer
Abstract: A major emerging trend in security education is in curriculum development. We begin with a high-level view of community venues for gatherings within and between the security and privacy community and its supporters.
Published: 2004
Full Text: View/download PDF

Searchworks

Select search scope, currently: Articles Catalog books, media & more in Jio Institute collections Articles journal articles & other e-resources

Search

Search Constraints

Refine your results

Search Limiters

Topic

Publication Year Range

Language

Journal

Database

Publisher

114 results on '"Matt Bishop"'

Search Results

Catalog

Select search scope, currently: Articles

Catalog

books, media & more in Jio Institute collections

Articles

journal articles & other e-resources