Security Standardisation Research

This book constitutes the refereed proceedings of the 4th International Conference on Security Standardisation Research, SSR 2018, held in Darmstadt, Germany, in November 2018.The papers cover a range of topics in the field of security standardisation research, including cryptographic evaluation, standards development, analysis with formal methods, potential future areas of standardisation, and improving existing standards.

This book constitutes the refereed proceedings of the 8th International Conference on Security Standardisation Research, SSR 2023, held in Lyon, France, on April 22-23, 2023. The papers broadly cover cryptographic techniques, network security, identity management, security processes, standardization procedures, and more in the area of existing and newly developed security standards. .

This book constitutes the refereed proceedings of the 6th International Conference on Security Standardisation Research, SSR 2020, held in London, UK, in November 2020.* The papers cover a range of topics in the field of security standardisation research, including cryptographic evaluation, standards development, analysis with formal methods, potential future areas of standardisation, and improving existing standards. * The conference was held virtually due to the COVID-19 pandemic.

This book constitutes the proceedings of the First International Conference on Security Standardisation Research, SSR 2014, which was held in London, UK, in December 2014. The 14 full papers presented in this volume were carefully reviewed and selected from 22 submissions. The papers cover a range of topics in the field of security standardisation research, including cryptographic evaluation, standards development, analysis with formal methods, potential future areas of standardisation, and improving existing standards.

This book constitutes the refereed proceedings of the Third International Conference on Security Standardisation Research, SSR 2016, held in Gaithersburg, MD, USA, in December 2016.The accepted papers cover a range of topics in the field of security standardisation research, including hash-based signatures, algorithm agility, secure protocols, access control, secure APIs, payment security and key distribution.

This book constitutes the refereed proceedings of the Second International Conference on Security Standardisation Research, SSR 2015, held in Tokyo, Japan, in December 2015. The 13 papers presented in this volume were carefully reviewed and selected from 18 submissions. They are organized in topical sections named: bitcoin and payment; protocol and API; analysis on cryptographic algorithm; privacy; and trust and formal analysis.

Information security metrics are seen as an important factor in making sound decisions about various aspects of security, ranging from the design of security architectures and controls to the effectiveness and efficiency of security operations. Security metrics strive to offer a quantitative and objective basis for security assurance. During the last few decades, researchers have made various attempts to develop measures and systems of measurement for computer security with varying degrees of success. This paper provides an overview of the security metrics area and looks at possible avenues of research that could be pursued to advance the state of the art.

Security threats are a significant problem for information technology companies today. This book focuses on how to mitigate these threats by using security standards and provides ways to address associated problems faced by engineers caused by ambiguities in the standards. The security standards are analysed, fundamental concepts of the security standards presented, and the relations to the elementary concepts of security requirements engineering (SRE) methods explored. Using this knowledge, engineers can build customised methods that support the establishment of security standards. Standards such as Common Criteria or ISO 27001 are explored and several extensions are provided to well-known SRE methods such as Si*, CORAS, and UML4PF to support the establishment of these security standards. Through careful analysis of the activities demanded by the standards, for example the activities to establish an Information Security Management System (ISMS) in compliance with the ISO 27001 standard, methods are proposed which incorporate existing security requirement approaches and patterns. Understanding Pattern and Security Requirements engineering methods is important for software engineers, security analysts and other professionals that are tasked with establishing a security standard, as well as researchers who aim to investigate the problems with establishing security standards. The examples and explanations in this book are designed to be understandable by all these readers.