Existing noninterference frameworks for reasoning about system security assume a fixed configuration of domains governed by a security policy that does not change over time. A static security policy, however, cannot express the domain interactions present in many modern system designs, which allow users to configure the set of active domains at runtime. In this paper, we generalize Rushby’s fra...

background: developmental dysplasia of hip (ddh) is a common childhood disorder, and ultrasonography examination is routinely used for screening purposes. in this study, we aimed to evaluate a modified combined static and dynamic   ultrasound technique for the detection of ddh and to compare with the results of static and dynamic ultrasound techniques.       methods: in this cross-sectional stu...

This paper discusses some of the limitations of the current (third) generation static code analyzers for security available on the market today and gives reasons for the plateau in their usefulness to a code reviewer. We further describe some of the characteristics of the next generation static analysis technology that will enable a new quantum leap in the space of static analysis with tools th...

This paper presents a formal and systematic model for analysis and testing of secure systems. The concept of security dependency is first introduced, and certain rules and theorems of security dependency are then formally described. These rules can be used as a basis for static analysis, dynamic testing, and covert channel analysis for a secure system. The major feature of the model presented i...

Conduct Security Assessment •Information Assets •Physical Assets Conduct Security Assessment •Information Assets •Physical Assets Assess Business Risk •Estimate Threats •Assign Probabilities of Loss Assess Business Risk •Estimate Threats •Assign Probabilities of Loss Develop Security Recommendations •Allocate Resources •Create Procedures Develop Security Recommendations •Allocate Resources •Cre...

Abstract: Voltage instability is a major threat for security of power systems. Preserving voltage security margin at a certain limit is a vital requirement for today’s power systems. Assessment of voltage security margin is a challenging task demanding sophisticated indices. In this paper, for the purpose of on line voltage security assessment a new index based on the correlation characteristic...

This paper explores the idea that IT security risk assessment can be formalized as an argumentation game in which assessors argue about how the system can be attacked by a threat agent and defended by the assessors. A system architecture plus assumptions about the environment is specified as an ASPIC argumentation theory, and an argument game is defined for exchanging arguments between assessor...

Recently, a novel approach towards semi-quantitative IT security risk assessment has been proposed in the draft IEC 62443-3-2. This approach is analyzed from several different angles, e.g. embedding into the overall standard series, semantic and methodological aspects. As a result, several systematic flaws in the approach are exposed. As a way forward, an alternative approach is proposed which ...

Due to correlation coefficient matrix of initialized samples are not always positive definite, this paper presents the improved Latin Hypercube Sampling (LHS) methods with Evolutionary Algorithm (EA) to control correlation and handle power system probability analysis problem. To deal with the non-positive definite correlation matrix, an improved median Latin hypercube sampling with evolutionary...

Adaptive security, while more realistic as an adversarial model, is typically much harder to achieve compared to static security in cryptographic protocol design. Universal composition (UC) provides a very attractive framework for the modular design of cryptographic protocols that captures both static and adaptive security formulations. In the UC framework, one can design protocols in hybrid wo...