Abstract-The adversarial element is an intrinsic part of the design of secure systems, but our assumptions about attackers and threat is often limited or stereotypical. Although there has been previous work on applying User-Centered Design on Persona development to build personas for possible attackers, such work is only speculative and fails to build upon recent research. This paper presents an approach for developing Attacker Personas which is both grounded and validated by structured data about attackers. We describe a case study example where the personas were developed and used to support the development of a Context of Use description for the EU FP7 webinos project.
Abstract.Requirements play an important role in software engineering, but their perceived usefulness means that they often fail to be properly maintained. Traceability is often considered a means for motivating and maintaining requirements, but this is difficult without a better understanding of the requirements themselves. Sensemaking techniques help us get this understanding, but the representations necessary to support it are difficult to create, and scale poorly when dealing with medium to large scale problems. This paper describes how, with the aid of supporting software tools, concept mapping can be used to both make sense of and improve the quality of a requirements specification. We illustrate this approach by using it to update the requirements specification for the EU webinos project, and discuss several findings arising from our results.
The coming advent of Quantum Computing promises to jeopardize current communications security, undermining the effectiveness of traditional public-key based cryptography. Different strategies (Post-Quantum or Quantum Cryptography) have been proposed to address this problem. Many techniques and algorithms based on quantum phenomena have been presented in recent years; the most relevant example is the introduction of Quantum Key Distribution (QKD). This approach allows to exchange cryptographic keys among parties and does not suffer from the development of quantum computation. Problems arise when this technique has to be deployed and combined with modern distributed infrastructures that heavily depend on cloud and virtualisation paradigms. This paper addresses this issue by presenting a new software stack that effortlessly introduces QKD in such environments and involves a simulation tool for Quantum Key Distribution. This software stack allows for agnostic integration, monitoring, and management of QKD, independent from a specific vendor or technology. Furthermore, a QKD simulator is presented, designed, and tested. This latter contribution is suitable as a low-level testing device, as an independent software module to check QKD protocols, and as a testbed to identify future practical enhancements.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.