Privacy and Security (TOPS)


Search Issue
enter search term and/or author name


ACM Transactions on Information and System Security (TISSEC), Volume 5 Issue 4, November 2002

User authentication through keystroke dynamics
Francesco Bergadano, Daniele Gunetti, Claudia Picardi
Pages: 367-397
DOI: 10.1145/581271.581272
Unlike other access control systems based on biometric features, keystroke analysis has not led to techniques providing an acceptable level of accuracy. The reason is probably the intrinsic variability of typing dynamics, versus other---very...

Improving the granularity of access control for Windows 2000
Michael M. Swift, Anne Hopkins, Peter Brundrett, Cliff Van Dyke, Praerit Garg, Shannon Chan, Mario Goertzel, Gregory Jensenworth
Pages: 398-437
DOI: 10.1145/581271.581273
This article presents the mechanisms in Windows 2000 that enable fine-grained and centrally managed access control for both operating system components and applications. These features were added during the transition from Windows NT 4.0 to support...

The economics of information security investment
Lawrence A. Gordon, Martin P. Loeb
Pages: 438-457
DOI: 10.1145/581271.581274
This article presents an economic model that determines the optimal amount to invest to protect a given set of information. The model takes into account the vulnerability of the information to a security breach and the potential loss should such a...

A methodology for analyzing the performance of authentication protocols
Alan Harbitter, Daniel A. Menascé
Pages: 458-491
DOI: 10.1145/581271.581275
Performance, in terms of user response time and the consumption of processing and communications resources, is an important factor to be considered when designing authentication protocols. The mix of public key and secret key encryption algorithms...

A model of OASIS role-based access control and its support for active security
Jean Bacon, Ken Moody, Walt Yao
Pages: 492-540
DOI: 10.1145/581271.581276
OASIS is a role-based access control architecture for achieving secure interoperation of services in an open, distributed environment. The aim of OASIS is to allow autonomous management domains to specify their own access control policies and to...