Authorize After You Authenticate
While it is extremely important to assess a user’s identity prior to allowing them to use some systems or conduct certain actions, knowing the user’s identity may not be sufficient…
While it is extremely important to assess a user’s identity prior to allowing them to use some systems or conduct certain actions, knowing the user’s identity may not be sufficient…
Authentication is the act of validating an entity’s identity. One goal of a secure design is to prevent an entity (user, attacker, or in general a “principal”) from gaining access…
Software systems comprising more than just a single monolithic component rely on the composition and cooperation of two or more software tiers or components to successfully accomplish their purpose. These…
Most software that has been built and released typically comes with a set of defects — implementation bugs and design flaws. To date, there has been a larger focus on finding implementation bugs rather than on identifying flaws.
Special Report: Cybersecurity The March issue of The Institute features in-depth articles on the IEEE Cybersecurity Initiative, such as resources, career advice and conferences to watch. Read more
Special Issue on Real-World Cryptography Articles due to ScholarOne: 2 May 2016 Publication date: November/December 2016 Author guidelines: www.computer.org/web/peer-review/magazines Cryptography is simultaneously one of the most theoretical areas of computer…
Garage Door Openers: An Internet of Things Case Study As the Internet of Things grows, household appliances are increasingly facing threats that come with being connected to the Internet. Focusing…
Another Top 10 list — really? Yes. This really is another Top 10 list, but it is different when compared to other lists related to software security defects. Many of…