Peter Mell
YOU?
Author Swipe
View article: Hardware security failure scenarios
Hardware security failure scenarios Open
Historically, hardware has been assumed to be inherently secure. However, chips are both created with software and contain complex encodings (e.g., circuit designs and firmware). This leads to bugs, some of which compromise security. This …
View article: Measuring the Exploitation of Weaknesses in the Wild
Measuring the Exploitation of Weaknesses in the Wild Open
Identifying the software weaknesses exploited by attacks supports efforts to reduce developer introduction of vulnerabilities and to guide security code review efforts. A weakness is a bug or fault type that can be exploited through an ope…
View article: Non-fungible token security
Non-fungible token security Open
Non-fungible token (NFT) technology provides a mechanism to enable real assets (both virtual and physical) to be sold and exchanged on a blockchain. While NFTs are most often used for autographing digital assets (associating one’s name wit…
View article: Understanding stablecoin technology and related security considerations
Understanding stablecoin technology and related security considerations Open
Stablecoins are cryptocurrencies whose price is pegged to that of another asset (typically one with low price volatility). The market for stablecoins has grown tremendously - up to almost $200 billion USD in 2022. These coins are being use…
View article: Recommendations for federal vulnerability disclosure guidelines
Recommendations for federal vulnerability disclosure guidelines Open
Receiving reports on suspected security vulnerabilities in information systems is one of the best ways for developers and services to become aware of issues. Formalizing actions to accept, assess, and manage vulnerability disclosure report…
View article: Measuring the Common Vulnerability Scoring System base score equation
Measuring the Common Vulnerability Scoring System base score equation Open
This work evaluates the validity of the Common Vulnerability Scoring System (CVSS) Version 3 ''base score'' equation in capturing the expert opinion of its maintainers. CVSS is a widely used industry standard for rating the severity of inf…
View article: Understanding Stablecoin Technology and Related Security Considerations
Understanding Stablecoin Technology and Related Security Considerations Open
Stablecoins are cryptocurrencies whose price is pegged to that of another asset (typically one with low price volatility). The market for stablecoins has grown tremendously – up to almost $200 billion USD in 2022. These coins are being use…
View article: Table of Contents
Table of Contents Open
each year to highlight selected papers from a conference.The papers in this issue cover a broad spectrum of applied
View article: A Decade of Reoccurring Software Weaknesses
A Decade of Reoccurring Software Weaknesses Open
The Common Weakness Enumeration (CWE) community publishes an aggregate metric to calculate the 'Most Dangerous Software Errors.' However, the used equation highly biases frequency over exploitability and impact. We provide a metric to miti…
View article: The Generation of Security Scoring Systems Leveraging Human Expert Opinion
The Generation of Security Scoring Systems Leveraging Human Expert Opinion Open
While the existence of many security elements can be measured (e.g., vulnerabilities, security controls, or privacy controls), it is challenging to measure their relative security impact. In the physical world we can often measure the impa…
View article: A Historical and Statistical Studyof the Software Vulnerability Landscape
A Historical and Statistical Studyof the Software Vulnerability Landscape Open
Understanding the landscape of software vulnerabilities is key for developing effective security solutions. Fortunately, the evaluation of vulnerability databases that use a framework for communicating vulnerability attributes and their se…
View article: Measurements of the Most Significant Software Security Weaknesses
Measurements of the Most Significant Software Security Weaknesses Open
In this work, we provide a metric to calculate the most significant software security weaknesses as defined by an aggregate metric of the frequency, exploitability, and impact of related vulnerabilities. The Common Weakness Enumeration (CW…
View article: A Suite of Metrics for Calculating the Most Significant Security Relevant Software Flaw Types
A Suite of Metrics for Calculating the Most Significant Security Relevant Software Flaw Types Open
The Common Weakness Enumeration (CWE) is a prominent list of software weakness types. This list is used by vulnerability databases to describe the underlying security flaws within analyzed vulnerabilities. This linkage opens the possibilit…
View article: A Taxonomic Approach to Understanding Emerging Blockchain Identity Management Systems
A Taxonomic Approach to Understanding Emerging Blockchain Identity Management Systems Open
Identity management systems (IDMSs) are widely used to provision user identities while managing authentication, authorization, and data sharing within organizations and on the web. Traditional identity systems typically suffer from single …
View article: Implementing a Protocol Native Managed Cryptocurrency
Implementing a Protocol Native Managed Cryptocurrency Open
Previous work presented a theoretical model based on the implicit Bitcoin specification for how an entity might issue a protocol native cryptocurrency that mimics features of fiat currencies. Protocol native means that it is built into the…
View article: Augmenting Fiat Currency with an Integrated Managed Cryptocurrency
Augmenting Fiat Currency with an Integrated Managed Cryptocurrency Open
In this work, we investigate how the governance features of a managed currency (e.g., a fiat currency) can be built into a cryptocurrency in order to leverage potential benefits found in the use of blockchain technology and smart contracts…
View article: Quantifying Information Exposure in Internet Routing
Quantifying Information Exposure in Internet Routing Open
Data sent over the Internet can be monitored and manipulated by intermediate entities in the data path from the source to the destination. For unencrypted communications (and some encrypted communications with known weaknesses), eavesdropp…
View article: Managed Blockchain Based Cryptocurrencies with Consensus Enforced Rules\n and Transparency
Managed Blockchain Based Cryptocurrencies with Consensus Enforced Rules\n and Transparency Open
Blockchain based cryptocurrencies are usually unmanaged, distributed,\nconsensus-based systems in which no single entity has control. Managed\ncryptocurrencies can be implemented using private blockchains but are\nfundamentally different a…
View article: Smart Contract Federated Identity Management without Third Party\n Authentication Services
Smart Contract Federated Identity Management without Third Party\n Authentication Services Open
Federated identity management enables users to access multiple systems using\na single login credential. However, to achieve this a complex privacy\ncompromising authentication has to occur between the user, relying party (RP)\n(e.g., a bu…
View article: Smart Contract Federated Identity Management without Third Party Authentication Services
Smart Contract Federated Identity Management without Third Party Authentication Services Open
Federated identity management enables users to access multiple systems using a single login credential. However, to achieve this a complex privacy compromising authentication has to occur between the user, relying party (RP) (e.g., a busin…
View article: Blockchain technology overview
Blockchain technology overview Open
Blockchains are tamper evident and tamper resistant digital ledgers\nimplemented in a distributed fashion (i.e., without a central repository) and\nusually without a central authority (i.e., a bank, company, or government). At\ntheir basic…
View article: Managed Blockchain Based Cryptocurrencies with Consensus Enforced Rules and Transparency
Managed Blockchain Based Cryptocurrencies with Consensus Enforced Rules and Transparency Open
Blockchain based cryptocurrencies are usually unmanaged, distributed, consensus-based systems in which no single entity has control. Managed cryptocurrencies can be implemented using private blockchains but are fundamentally different as t…
View article: Linear Time Algorithms to Restrict Insider Access using Multi-Policy Access Control Systems.
Linear Time Algorithms to Restrict Insider Access using Multi-Policy Access Control Systems. Open
An important way to limit malicious insiders from distributing sensitive information is to as tightly as possible limit their access to information. This has always been the goal of access control mechanisms, but individual approaches have…
View article: Evasion-resistant network scan detection
Evasion-resistant network scan detection Open
Popular network scan detection algorithms operate through evaluating external sources for unusual connection patterns and traffic rates. Research has revealed evasive tactics that enable full circumvention of existing approaches (specifica…