Biblio

Export results:
[ Author(Asc)] Title Type Year
Filters: First Letter Of Last Name is L  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 
L
J. Lopez, J. A. Montenegro, J. L. Vivas, E. Okamoto, and E. Dawson, "Specification and Design of Advanced Authentication and Authorization Services",
Computer Standards & Interfaces, vol. 27, no. 5, Elsevier, pp. 467-478, Jun 2005. DOI (I.F.: 0.62)More..

Abstract

A challenging task in security engineering concerns the specification and integration of security with other requirements at the top level of requirements engineering. Empirical studies show that it is common at the business process level that customers and end users are able to express their security needs. Among the security needs of Internet applications, authentication and authorization services are outstanding and, sometimes, privacy becomes a parallel requirement. In this paper, we introduce a methodology for the specification of security requirements and use a case study to apply our solution. We further detail the resulting system after extending it with an Authentication and Authorization Infrastructure.

Impact Factor: 0.62
Journal Citation Reports® Science Edition (Thomson Reuters, 2005)
PDF icon javierlopez2005c.pdf (210.49 KB)
J. Lopez, J. J. Ortega, J. M. Troya, and J. L. Vivas, "High-level Specification of Security Systems",
IEEE Globecom 2003 - Communications Security Track, IEEE Press, pp. 1506-1510, December, 2003. More..

Abstract

In order to study the security systems, we have developed a methodology for the application to the analysis of cryptographic protocols of the formal analysis techniques commonly used in communication protocols. In particular, we have extended the design and analysis phases with security properties. Our proposal uses a specification notation based on HMSC/MSC, which can be automatically translated into a generic SDL specification.

PDF icon javierlopez2003.pdf (55.43 KB)
J. Lopez, J. J. Ortega, J. M. Troya, and J. L. Vivas, "How to Specify Security Services: A Practical Approach",
7th IFIP Conference on Multimedia and Communications Security (CMS’03), LNCS 2828, Springer-Verlag, pp. 158-171, October, 2003. More..

Abstract

Security services are essential for ensuring secure communications. Typically no consideration is given to security requirements during the initial stages of system development. Security is only added latter as an afterthought in function of other factors such as the environment into which the system is to be inserted, legal requirements, and other kinds of constraints. In this work we introduce a methodology for the specification of security requirements intended to assist developers in the design, analysis, and implementation phases of protocol development. The methodology consists of an extension of the ITU-T standard requirements language MSC and HMSC, called SRSL, defined as a high level language for the specification of security protocols. In order to illustrate it and evaluate its power, we apply the new methodology to a real world example, the integration of an electronic notary system into a web-based multi-users service platform.

PDF icon javierlopez2003a.pdf (400.31 KB)