Search For:

Displaying 1-50 out of 85 total
Vote Selling, Voter Anonymity, and Forensic Logging of Electronic Voting Machines
Found in: Hawaii International Conference on System Sciences
By Sean Peisert, Matt Bishop, Alec Yasinsac
Issue Date:January 2009
pp. 1-10
Much recent work has focused on the process of auditing the results of elections. Little work has focused on auditing the e-voting systems currently in use. The facilities for doing the former include the voter-verified paper audit trail; unfortunately, th...
   
Toward Models for Forensic Analysis
Found in: Systematic Approaches to Digital Forensic Engineering, IEEE International Workshop on
By Sean Peisert, Matt Bishop, Sidney Karin, Keith Marzullo
Issue Date:April 2007
pp. 3-15
The existing solutions in the field of computer forensics are largely ad hoc. This paper discusses the need for a rigorous model of forensics and outlines qualities that such a model should possess. It presents an overview of a forensic model and an exampl...
 
Reflections on the 30th Anniversary of the IEEE Symposium on Security and Privacy
Found in: 2010 IEEE Symposium on Security and Privacy (SP)
By Peter G. Neumann,Matt Bishop,Sean Peisert,Marv Schaefer
Issue Date:May 2010
pp. 3-13
This article is a retrospective of concepts and people who have contributed significantly to the IEEE Symposium on Security and Privacy over the past 30 years. The authors identify many individuals who have contributed to SSP as program chairs, general cha...
 
Introduction to Digital Forensics -- Education, Research, and Practice Minitrack
Found in: 2013 46th Hawaii International Conference on System Sciences (HICSS)
By Kara Nance,Matt Bishop,Amelia Phillips
Issue Date:January 2013
pp. 4879
The field of digital forensics has evolved to allow security professionals to examine evidence from the increasing plethora of digital devices to help determine what individuals might have done in the past. The evidence collected is used in a wide variety ...
   
Security and Elections
Found in: IEEE Security & Privacy
By Matt Bishop,Sean Peisert
Issue Date:September 2012
pp. 64-67
University of California, Davis educators teach numerous computer security classes for undergraduate majors and nonmajors and for graduate students. These classes have used elections, and electronic-voting systems, both as lecture material and in class pro...
 
Teaching Security Stealthily
Found in: IEEE Security and Privacy
By Matt Bishop
Issue Date:March 2011
pp. 69-71
Introducing security-related concepts in computer science homework exercises emphasizes those concepts in the context of the topic that the class is covering.
 
A Clinic for
Found in: IEEE Security and Privacy
By Matt Bishop
Issue Date:March 2010
pp. 54-56
Everyone has had problems with software. Some problems are particularly serious, such as the program on a satellite that contains an error, causing the loss of expensive equipment. So how can we develop better software? One way is to make good programming ...
 
Information Assurance Education: A Work In Progress
Found in: IEEE Security and Privacy
By Matt Bishop, Deborah A. Frincke
Issue Date:September 2008
pp. 54-57
The recognition that we need improved computer security education has increased over the past several years. Recent cyberattacks in Georgia and Estonia exemplify the new threats faced by economies that rely on the Internet. Thus, more people see the need t...
 
About Penetration Testing
Found in: IEEE Security and Privacy
By Matt Bishop
Issue Date:November 2007
pp. 84-87
Students generally learn red teaming, sometimes called penetration testing or ethical hacking, as
 
I Am a Scientist, Not a Philosopher!
Found in: IEEE Security and Privacy
By Sean Peisert, Matt Bishop
Issue Date:July 2007
pp. 48-51
To evaluate anything we can't prove using pure mathematics or logical syllogism, we must test hypotheses by performing controlled experiments to generate measurable, empirical data. But today's computer security researchers often claim
 
Achieving Learning Objectives through E-Voting Case Studies
Found in: IEEE Security and Privacy
By Matt Bishop, Deborah A. Frincke
Issue Date:January 2007
pp. 53-56
The use of electronic voting machines includes a wide range of security considerations that educators can use to highlight threat models, requirements, and trade-offs involving e-voting in the context of ongoing international discussions and current events...
 
Eleventh Securities Technologies (ST) Workshop Report
Found in: Enabling Technologies, IEEE International Workshops on
By David P. Gilliam, Matt Bishop
Issue Date:June 2006
pp. 305-306
The Securities Technologies (ST) Workshop for WETICE 2006 accepted papers covering a wide-variety of topics that had applicability to the other WETICE workshops. The cross-over interest of papers in this, and other, workshops was discussed in the wrap-up p...
   
Who Owns Your Computer?
Found in: IEEE Security and Privacy
By Matt Bishop, Deborah A. Frincke
Issue Date:March 2006
pp. 61-63
Sony's much-debated choice to use rootkit-like technology to protect intellectual property highlights the increasingly blurry line between who can, should, or does control interactions among computational devices, algorithms embodied in software, and data ...
 
Teaching Secure Programming
Found in: IEEE Security and Privacy
By Matt Bishop, Deborah A. Frincke
Issue Date:September 2005
pp. 54-56
The function of academia is not to teach programming techniques, but to teach concepts, principles, and methods of thinking that students can apply to new situations. As the discipline of computer science matures, the ability to write secure code should be...
 
A Human Endeavor: Lessons from Shakespeare and Beyond
Found in: IEEE Security and Privacy
By Matt Bishop, Deborah Frincke
Issue Date:July 2005
pp. 49-51
As the fall term begins, computer security students expect to buy heavy textbooks filled with equations, information theory, and programs that sort, encipher, and route network packets. Yet, nontechnical classes also have much to offer today?s security stu...
 
Academic Degrees and Professional Certification
Found in: IEEE Security and Privacy
By Deborah Frincke, Matt Bishop
Issue Date:November 2004
pp. 56-58
Our next series of installments examines the national evolution of security and privacy education and training and how it affects the palette of education and training options; we'll also discuss the campuses that offer such curricula. We begin with a high...
 
Joining the Security Education Community
Found in: IEEE Security and Privacy
By Deborah Frincke, Matt Bishop
Issue Date:September 2004
pp. 61-63
Our next series of installments examines the national evolution of security and privacy education and training and how it affects the palette of education and training options; we?ll also discuss the campuses that offer such curricula. We begin with a high...
 
Back to School
Found in: IEEE Security and Privacy
By Deborah Frincke, Matt Bishop
Issue Date:July 2004
pp. 54-56
As summer draws to an end, faculty and students turn their attention to academic planning. This used to be a very tough task--faculty developed most of their materials from scratch. Now, rather then a handful of items to draw on when planning a security an...
 
Guarding the Castle Keep: Teaching with the Fortress Metaphor
Found in: IEEE Security and Privacy
By Deborah A. Frincke, Matt Bishop
Issue Date:May 2004
pp. 69-72
The computer security field is replete with metaphors?the original and most commonly used metaphor is the computer (or network) as a fortress, the walls of which must be guarded against potential breaches. This metaphor is useful, but like all metaphors, i...
 
Teaching Robust Programming
Found in: IEEE Security and Privacy
By Matt Bishop, Deb Frincke
Issue Date:March 2004
pp. 54-57
Badly written programs are a common reason for security failures. Programs crash, or fail to perform as intended, when users provide invalid inputs, either deliberately or accidentally. One response by the educational community has been to teach robust pro...
 
What Is Computer Security?
Found in: IEEE Security and Privacy
By Matt Bishop
Issue Date:January 2003
pp. 67-69
<p>Security is not an add-on or merely an operational concept, it is a property that must be designed and built into every system. Our challenge as educators is to teach our students the science underlying computer security and the techniques to synt...
 
Introduction to Digital Forensics: Education, Research, and Practice Minitrack
Found in: 2014 47th Hawaii International Conference on System Sciences (HICSS)
By Kara Nance,Matt Bishop
Issue Date:January 2014
pp. 4827
Provides an overview of the technical articles and features presented in this minitrack.
   
A Taxonomy of Buffer Overflow Characteristics
Found in: IEEE Transactions on Dependable and Secure Computing
By Matt Bishop,Sophie Engle,Damien Howard,Sean Whalen
Issue Date:May 2012
pp. 305-317
Significant work on vulnerabilities focuses on buffer overflows, in which data exceeding the bounds of an array is loaded into the array. The loading continues past the array boundary, causing variables and state information located adjacent to the array t...
 
Are Your Papers in Order? Developing and Enforcing Multi-tenancy and Migration Policies in the Cloud
Found in: Hawaii International Conference on System Sciences
By Brian Hay,Kara Nance,Matt Bishop,Lucas McDaniel
Issue Date:January 2012
pp. 5473-5479
As cloud usage continues to increase, new issues with respect to managing and securing resources in the cloud are becoming more apparent. While some people may believe that security and privacy in the cloud can be addressed without the consumer considering...
   
Introduction to Digital Forensics--Education, Research and Practice Minitrack
Found in: Hawaii International Conference on System Sciences
By Kara Nance,Matt Bishop,Amelia Phillips
Issue Date:January 2012
pp. 5393
No summary available.
   
Multiprocess malware
Found in: Malicious and Unwanted Software, International Conference on
By Marco Ramilli,Matt Bishop,Shining Sun
Issue Date:October 2011
pp. 8-13
Malware behavior detectors observe the behavior of suspected malware by emulating its execution or executing it in a sandbox or other restrictive, instrumented environment. This assumes that the process, or process family, being monitored will exhibit the ...
 
Results-oriented security
Found in: Malicious and Unwanted Software, International Conference on
By Matt Bishop,Richard Ford,Marco Ramilli
Issue Date:October 2011
pp. 42-49
Current security practice is to examine incoming messages, commands, data, and executing processes for attacks that can then be countered. This position paper argues that this practice is counterproductive because the number and variety of attacks are far ...
 
Technology, Training, and Transformation
Found in: IEEE Security and Privacy
By Matt Bishop
Issue Date:September 2010
pp. 72-75
As technology advances, the ways people will interact with the technology changes to reflect the changes in technology. But most people do not care how technology works, but only that it does what it is supposed to do. Requiring them to learn how to secure...
 
Demythifying Cybersecurity
Found in: IEEE Security and Privacy
By Edward B. Talbot, Deborah Frincke, Matt Bishop
Issue Date:May 2010
pp. 56-59
This article looks at four cybersecurity myths that recur in both popular literature and technical work:
 
Reflections on UNIX Vulnerabilities
Found in: Computer Security Applications Conference, Annual
By Matt Bishop
Issue Date:December 2009
pp. 161-184
The UNIX operating system was developed in a friendly, collaborative environment without any particular predefined objectives. As it entered less friendly environments, expanded its functionality, and became the basis for commercial, infrastructure, and ho...
 
Are Patched Machines Really Fixed?
Found in: IEEE Security and Privacy
By Ryan W. Gardner, Matt Bishop, Tadayoshi Kohno
Issue Date:September 2009
pp. 82-85
Updating and patching has become a ubiquitous part of software maintenance, with particular importance to security. It's especially crucial when the systems in question perform vital functions and security compromises might yield drastic consequences. Unfo...
 
Live Analysis: Progress and Challenges
Found in: IEEE Security and Privacy
By Brian Hay, Matt Bishop, Kara Nance
Issue Date:March 2009
pp. 30-37
As computer technologies become increasingly ubiquitous, so must supporting digital forensics tools and techniques for efficiently and effectively analyzing associated systems' behavior. Live analysis is a logical and challenging step forward in this area ...
 
Investigating the Implications of Virtual Machine Introspection for Digital Forensics
Found in: Availability, Reliability and Security, International Conference on
By Kara Nance, Matt Bishop, Brian Hay
Issue Date:March 2009
pp. 1024-1029
Researchers and practitioners in computer forensics currently must base their analysis on information that is either incomplete or produced by tools that may themselves be compromised as a result of the intrusion. Complicating these issues are the techniqu...
 
Virtual Machine Introspection: Observation or Interference?
Found in: IEEE Security and Privacy
By Kara Nance, Matt Bishop, Brian Hay
Issue Date:September 2008
pp. 32-37
As virtualization becomes increasingly mainstream, virtual machine introspection techniques and tools are evolving to provide methods to monitor the behavior of virtual machines. This survey classifies and describes current VMI introspection technologies a...
 
Twelfth Securities Technologies (ST) Workshop Report
Found in: Enabling Technologies, IEEE International Workshops on
By David P. Gilliam, Matt Bishop
Issue Date:June 2008
pp. 255-256
The Securities Technologies (ST) Workshop for WETICE 2008 accepted two papers as full papers for this year's workshop. The committee received a total of eight papers for the ST workshop. The two papers did cover quite interesting topics and provided some g...
 
The Dynamics of Counting and Recounting Votes
Found in: IEEE Security and Privacy
By Alec Yasinsac, Matt Bishop
Issue Date:May 2008
pp. 22-29
The limitations of current paper- and electronic-based voting systems and recount procedures can undermine the credibility of public elections. A corroborative, redundant voting system that performs vote counts via independent mechanisms at the polling pla...
 
Computer Forensics in Forensis
Found in: Systematic Approaches to Digital Forensic Engineering, IEEE International Workshop on
By Sean Peisert, Matt Bishop, Keith Marzullo
Issue Date:May 2008
pp. 102-122
Different users apply computer forensic systems, models, and terminology in very different ways. They often make incompatible assumptions and reach different conclusions about the validity and accuracy of the methods they use to log, audit, and present for...
 
Of Paper Trails and Voter Receipts
Found in: Hawaii International Conference on System Sciences
By Alec Yasinsac, Matt Bishop
Issue Date:January 2008
pp. 488
The Internet pervades virtually every aspect of our daily lives, and it seems there is no area that is immune from computing solutions. Computers can do things faster, with greater precision, more reliably, etc., etc., etc. Ironically, one area that most n...
   
ST Workshop Final Report
Found in: Enabling Technologies, IEEE International Workshops on
By David P. Gilliam, Matt Bishop, Y. V. (Ramana) Reddy
Issue Date:June 2007
pp. 387-388
The Securities Technologies (ST) Workshop for WETICE 2007 accepted three papers as full papers for this year's workshop. The committee received and accepted only a limited number of papers for the ST workshop. However, the papers did cover quite interestin...
 
Analysis of Computer Intrusions Using Sequences of Function Calls
Found in: IEEE Transactions on Dependable and Secure Computing
By Sean Peisert, Matt Bishop, Sidney Karin, Keith Marzullo
Issue Date:April 2007
pp. 137-150
This paper demonstrates the value of analyzing sequences of function calls for forensic analysis. Although this approach has been used for intrusion detection (that is, determining that a system has been attacked), its value in isolating the cause and effe...
 
Security Verification Techniques Applied to PatchLink COTS Software
Found in: Enabling Technologies, IEEE International Workshops on
By David P. Gilliam, John D. Powell, Matt Bishop, Chris Andrew, Sameer Jog
Issue Date:June 2006
pp. 319-325
Verification of the security of software artifacts is a challenging task. An integrated approach that combines verification techniques can increase the confidence in the security of software artifacts. Such an approach has been developed by the Jet Propuls...
 
Some Problems in Sanitizing Network Data
Found in: Enabling Technologies, IEEE International Workshops on
By Matt Bishop, Rick Crawford, Bhume Bhumiratana, Lisa Clark, Karl Levitt
Issue Date:June 2006
pp. 307-312
The problem of removing sensitive information from data before it is released publicly, or turned over to less trusted analysts, underlies much of the unwillingness to share data. The solution is to sanitize, or deidentify, parts of the data. When dealing ...
 
Application of Lightweight Formal Methods to Software Security
Found in: Enabling Technologies, IEEE International Workshops on
By David P. Gilliam, John D. Powell, Matt Bishop
Issue Date:June 2005
pp. 160-165
Formal specification and verification of security has proven a challenging task. There is no single method that has proven feasible. Instead, an integrated approach which combines several formal techniques can increase the confidence in the verification of...
 
How to Sanitize Data
Found in: Enabling Technologies, IEEE International Workshops on
By Matt Bishop, Bhume Bhumiratana, Rick Crawford, Karl Levitt
Issue Date:June 2004
pp. 217-222
Balancing the needs of a data analyst with the privacy needs of a data provider is a key issue when data is sanitized. This work treats both the requirements of the analyst and the privacy expectations as policies, and composes the two policies to detect c...
 
Addressing Software Security and Mitigations in the Life Cycle
Found in: Software Engineering Workshop, Annual IEEE/NASA Goddard
By David Gilliam, John Powell, Eric Haugh, Matt Bishop
Issue Date:December 2003
pp. 201
Traditionally, security is viewed as an organizational and Information Technology (IT) systems function comprising of firewalls, intrusion detection systems (IDS), system security settings and patches to the operating system (OS) and applications running o...
 
Miracle Cures and Toner Cartridges: Finding Solutions to the Spam Problem
Found in: Computer Security Applications Conference, Annual
By Michael Clifford, Daniel Faigin, Matt Bishop, Tasneem Brutch
Issue Date:December 2003
pp. 428
No summary available.
   
Software Security Checklist for the Software Life Cycle
Found in: Enabling Technologies, IEEE International Workshops on
By David P. Gilliam, Thomas L. Wolfe, Josef S. Sherif, Matt Bishop
Issue Date:June 2003
pp. 243
A formal approach to security in the software life cycle is essential to protect corporate resources. However, little thought has been given to this aspect of software development. Traditionally, software security has been treated as an afterthought leadin...
 
Computer Security Education: Training, Scholarship, and Research (Supplement to Computer Magazine)
Found in: Computer
By Matt Bishop, Giovanni Vigna
Issue Date:April 2002
pp. 31-32, 30
Since 9/11, we are increasingly aware of threats to security and computer system vulnerabilities. We are also more aware of the need to educate the workforce quickly and effectively.<p>Traditionally, computer security education falls into two distinc...
 
Reducing Software Security Risk through an Integrated Approach
Found in: Software Engineering Workshop, Annual IEEE/NASA Goddard
By David P. Gilliam, John D. Powell, John C. Kelly, Matt Bishop
Issue Date:November 2001
pp. 36
<p>This paper presents joint work by the California Institute of Technology's Jet Propulsion Laboratory and the University of California at Davis (UC Davis) sponsored by the National Aeronautics and Space Administration Goddard Independent Verificati...
 
Development of a Software Security Assessment Instrument to Reduce Software Security Risk
Found in: Enabling Technologies, IEEE International Workshops on
By David P. Gilliam, John C. Kelly, John D. Powell, Matt Bishop
Issue Date:June 2001
pp. 144
This paper discusses joint work by the California Institute of Technology's Jet Propulsion Laboratory and the University of California at Davis (UC Davis) sponsored by the National Aeronautics and Space Administration to develop a security assessment instr...
 
 1  2 Next >>