This paper seeks to discover whether aviation security measures are costeffective by considering their effectiveness, their cost and expected lives saved as a result of such expenditure. An assessment of the Federal Air Marshal Service suggests that the annual cost is $180 million per life saved. This is greatly in excess of the regulatory safety goal (societal willingness to pay to save a life...

| A framework for static security pricing in a re-regulated utility environment is presented. The eventual goal is to determine the marginal value of security resources, such as spinning reserve, voltage support, ramp rate ability, etc., in maintaining system security. The basic problem statement is presented in a form already decomposed into a master problem and contingent subproblems, which a...

Information is a perennially significant business asset in all organizations. Therefore, it must be protected as any other valuable asset. This is the objective of information security, and an information security program provides this kind of protection for a company’s information assets and for the company as a whole. One of the best ways to address information security problems in the corpor...

The use of the Internet raises serious behavioural issues regarding, for example, security and the interaction among agents that may travel across links. Model-building such interactive systems is one of the biggest current challenges in computer science. A general model, action calculi, has been introduced by Robin Milner to unify the various emerging disciplines of interactive behaviour. In t...

This paper deals with day-ahead static security assessment with respect to a postulated set of contingencies while taking into account uncertainties about the next day system conditions. We propose a heuristic approach to check whether, given some assumptions regarding these uncertainties, the worst case with respect to each contingency is still controllable by appropriate combinations of preve...

In Web services, a framework for the separation of authentication (IdP) and services (SP) has been proposed and actually deployed. In this framework, quality of information provided by IdPs and SPs must be evaluated to assure the security of services. In this paper, we propose a security model in which IdPs and SPs obtain grades according to their assurance of services, and exchange information...

Humans make mistakes, and software programmers are no exception. Software vulnerabilities are discovered everyday; close to 8,000 vulnerabilities were reported in 2014, and almost 2,500 were reported in the first four months of 2015 [9]. Microsoft Security Response Centre defines software vulnerabilities as a security exposure that results from a product weakness that the product developer did ...

A common way by which attackers gain control of hosts is through remote exploits. A new dimension to the problem is added by worms which use exploit code to self-propagate, and are becoming a commonplace occurrence. Defense mechanisms exist but popular ones are signature-based techniques which use known byte patterns, and they can be thwarted using polymorphism, metamorphism and other obfuscati...

Workflow applications for large complex organizations often need to cross several security domains, each with different management and specific security requirements. The resultant cross-dependency between the workflow specification and the security policy of each domain can be hard to manage without specific tools. This work presents a static analyzer that automatically verifies the consistenc...

0 7 4 0 7 4 5 9 / 0 2 / $ 1 7 . 0 0 © 2 0 0 2 I E E E education, better interface design, and security-conscious defaults. With software implementation flaws, however, the problems are typically both preventable and well understood. Analyzing reports of security attacks quickly reveals that most attacks do not result from clever attackers discovering new kinds of flaws, but rather stem from rep...