Privacy and Security (TOPS)


Search Issue
enter search term and/or author name


ACM Transactions on Information and System Security (TISSEC), Volume 17 Issue 1, August 2014

Comparing Vulnerability Severity and Exploits Using Case-Control Studies
Luca Allodi, Fabio Massacci
Article No.: 1
DOI: 10.1145/2630069

(U.S.) Rule-based policies for mitigating software risk suggest using the CVSS score to measure the risk of an individual vulnerability and act accordingly. A key issue is whether the ‘danger’ score does actually match the risk of...

Rumpole: An Introspective Break-Glass Access Control Language
Srdjan Marinovic, Naranker Dulay, Morris Sloman
Article No.: 2
DOI: 10.1145/2629502

Access control policies define what resources can be accessed by which subjects and under which conditions. It is, however, often not possible to anticipate all subjects that should be permitted access and the conditions under which they should be...

A Framework for Expressing and Enforcing Purpose-Based Privacy Policies
Mohammad Jafari, Reihaneh Safavi-Naini, Philip W. L. Fong, Ken Barker
Article No.: 3
DOI: 10.1145/2629689

Purpose is a key concept in privacy policies. Although some models have been proposed for enforcing purpose-based privacy policies, little has been done in defining formal semantics for purpose, and therefore an effective enforcement...

Security Analysis of Accountable Anonymity in Dissent
Ewa Syta, Henry Corrigan-Gibbs, Shu-Chun Weng, David Wolinsky, Bryan Ford, Aaron Johnson
Article No.: 4
DOI: 10.1145/2629621

Users often wish to communicate anonymously on the Internet, for example, in group discussion or instant messaging forums. Existing solutions are vulnerable to misbehaving users, however, who may abuse their anonymity to disrupt communication....