Experience Report: Design and Implementation of a Component-Based Protection...
This report reflects, from a software engineering perspective, on the experience of designing and implementing protection mechanisms for ASP.NET Web services. The limitations of Microsoft ASP.NET...
View ArticleArchitectural Separation of Authorization and Application Logic in...
Security is an essential feature and foremost concern to enterprise software systems. Today, application-level access control (and other security) functions are based on complex, fine-grain and/or...
View ArticleDesign and Implementation of Resource Access Decision Server
Decoupling authorization decision logic enables implementation of complex and consistent access control policies across heterogeneous systems. However, this is difficult, if not impossible to implement...
View ArticleEngineering Application-level Access Control in Distributed Systems
This chapter discusses issues of engineering access control solutions in distributed applications for enterprise computing environments. It reviews application-level access control available in...
View ArticleExperience Report: Design and Implementation of a Component-Based Protection...
This presentation reflects, from a software engineering perspective, on the experience of designing and implementing protection mechanisms for ASP.NET Web services. The limitations of Microsoft ASP.NET...
View ArticleHere’s Your Lego™ Security Kit: How to Give Developers All Protection...
By presenting a protection architecture for ASP.NET Web services, this paper demonstrates the feasibility of creating middleware mechanisms in the form of composable, flexible, and extensible building...
View ArticleImproving Practical Security Engineering: Overview of the Ongoing Research
Security engineering is about creating viable solutions to real-world security problems-solutions that would address the requirements, be cost-effective, competitive, and yet be subject to the...
View ArticlePerformance Considerations for a CORBA-based Application Authorization Service
Resource Access Decision (RAD) Service allows separation of authorization from application functionality in distributed application systems by providing a logically centralized authorization control...
View ArticleSoftware Engineering at ECE
This talk gives a brief overview of the Software Engineering teaching and research at the Department of Electrical and Computer Engineering, the University of British Columbia.
View ArticleTowards Agile Security Assurance
Agile development methods are promising to become the next generation replacing water-fall development. They could eventually replace the plan-driven methodologies not only in pure software solutions...
View ArticleTowards Agile Security Assurance
Agile development methods are promising to become the next generation replacing water-fall development. They could eventually replace the plan-driven methodologies not only in pure software solutions...
View ArticleTowards Agile Security Assurance
Agile development methods are promising to become the next generation replacing water-fall development. They could eventually replace the plan-driven methodologies not only in pure software solutions...
View ArticleExtending XP Practices to Support Security Requirements Engineering
This paper proposes a way of extending eXtreme Programming (XP) practices, in particular the original planning game and the coding guidelines, to aid the developers and the customer to engineer...
View ArticleTowards Agile Security Assurance
Agile development methods are promising to become the next generation replacing waterfall development. They could eventually replace the plan-driven methodologies not only in pure software solutions in...
View Article