Trusted operating systems (OS) provide the basic security mechanisms and services that allow a computer system to protect, distinguish, and separate classified data. Trusted operating systems have been developed since the early 1980s and began to receive National Security Agency (NSA) evaluation in 1984. The researches about trusted OS are proceeding over the world, and new product type using t...

Application-level web security refers to vulnerabilities inherent in the code of a web-application itself (irrespective of the technologies in which it is implemented or the security of the webserver/back-end database on which it is built). In the last few months application-level vulnerabilities have been exploited with serious consequences: hackers have tricked e-commerce sites into shipping ...

Planning information security investment is somewhere between art and science. This paper reviews and compares existing scientific approaches and discusses the relation between security investment models and security metrics. To structure the exposition, the high-level security production function is decomposed into two steps: cost of security is mapped to a security level, which is then mapped...

Cloud computing is becoming increasingly attractive both in commercial and government sectors because of the significant cost reduction in their IT operations. The technical benefits of cloud environment (and its service-oriented capabilities) are the availability of computing resources those can quickly be engaged for service execution and released when no longer needed. As the cloud services ...

Information is a perennially significant business asset in all organizations. Therefore, it must be protected as any other valuable asset. This is the objective of information security, and an information security program provides this kind of protection for a company’s information assets and for the company as a whole. One of the best ways to address information security problems in the corpor...

Search protocols are among the main applications of RFID systems. Since a search protocol should be able to locate a certain tag among many tags, not only it should be secure against RFID threats but also it should be affordable. In this article, an RFID-based search protocol will be presented. We use an encryption technique that is referred to as authenticated encryption in order to boost the ...