Building Security

14,000,000 Leading Edge Experts on the ideXlab platform

Scan Science and Technology

Contact Leading Edge Experts & Companies

Scan Science and Technology

Contact Leading Edge Experts & Companies

The Experts below are selected from a list of 1728 Experts worldwide ranked by ideXlab platform

Gregory Mcgraw - One of the best experts on this subject based on the ideXlab platform.

  • Four Software Security Findings
    Computer, 2016
    Co-Authors: Gregory Mcgraw
    Abstract:

    Analyzing data from 78 firms using the Building Security In Maturity Model (BSIMM) revealed four truths about software Security that will help firms protect and secure their assets. © 2016 IEEE.

  • Cyber War is Inevitable (Unless We Build Security In)
    Journal of Strategic Studies, 2013
    Co-Authors: Gregory Mcgraw
    Abstract:

    The information systems controlling our critical infrastructure are vulnerable to cyber attack. Cyber war is therefore inevitable unless we improve our cyber defenses. The only way to do this is by Building Security into systems at the design stage.

  • Building Security In maturity model
    2012 Faulkner Information Services, 2011
    Co-Authors: Gregory Mcgraw, Brian Chess, Gary Mcgraw, Sammy Miques
    Abstract:

    The Building Security In Maturity Model (BSIMM) is the result of a multi-year study of real- world software Security initiatives. We present the model as built directly out of data observed in forty-two software Security initiatives, from firms including: Adobe, Aon, Bank of America, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, Fannie Mae, Fidelity, Google, Intel, Intuit, Mashery, McKesson, Microsoft, Nokia, QUALCOMM, Sallie Mae, SAP, Scripps Networks Interactive, Sony Ericsson, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, Visa, VMware, Wells Fargo, and Zynga. The BSIMM is a measuring stick for software Security. The best way to use the BSIMM is to compare and contrast your own initiative with the data presented in the BSIMM. You can then identify goals and objectives of your own and look to the BSIMM to determine which further activities make sense for you. The BSIMM data show that high maturity initiatives are well rounded—carrying out numerous activities in all twelve of the practices described by the model. The model also describes how mature software Security initiatives evolve, change, and improve over time.

  • Software Security: Building Security in
    Proceedings - International Symposium on Software Reliability Engineering ISSRE, 2006
    Co-Authors: Gregory Mcgraw
    Abstract:

    Summary form only given. Software Security has come a long way in the last few years, but we've really only just begun. I will present a detailed approach to getting past theory and putting software Security into practice. The three pillars of software Security are applied risk management, software Security best practices (which I call touchpoints), and knowledge. By describing a manageably small set of touchpoints based around the software artifacts that you already produce, I avoid religious warfare over process and get on with the business of software Security. That means you can adopt the touchpoints without radically changing the way you work. The touchpoints I will describe include: code review using static analysis tools; architectural risk analysis; penetration testing; Security testing; abuse case development; and Security requirements. Like the yin and the yang, software Security requires a careful balance-attack and defense, exploiting and designing, breaking and Building-bound into a coherent package. Create your own Security Development Lifecycle by enhancing your existing software development lifecycle with the touchpoints

Gary Mcgraw - One of the best experts on this subject based on the ideXlab platform.

  • Software Security and the Building Security in maturity model (BSIMM)
    Journal of Computing Sciences in Colleges, 2015
    Co-Authors: Gary Mcgraw
    Abstract:

    Using the framework described in my book "Software Security: Building Security In" I will discuss and describe the state of the practice in software Security. This talk is peppered with real data from the field, based on my work with several large companies as a Cigital consultant. As a discipline, software Security has made great progress over the last decade. Of the many large-scale software Security initiatives we are aware of, sixty-seven --- all household names --- are currently included in the BSIMM study. Those companies among the sixty-seven who graciously agreed to be identified include: Adobe, Aetna, Bank of America, Box, Capital One, Comerica Bank, EMC, Epsilon, F-Secure, Fannie Mae, Fidelity, Goldman Sachs, HSBC, Intel, Intuit, JPMorgan Chase & Co., Lender Processing Services Inc., Marks and Spencer, Mashery, McAfee, McKesson, Microsoft, NetSuite, Neustar, Nokia, Nokia Siemens Networks, PayPal, Pearson Learning Technologies, QUALCOMM, Rackspace, Salesforce, Sallie Mae, SAP, Sony Mobile, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, TomTom, Vanguard, Visa, VMware, Wells Fargo, and Zynga. The BSIMM was created by observing and analyzing real-world data from leading software Security initiatives. The BSIMM can help you determine how your organization compares to other real software Security initiatives and what steps can be taken to make your approach more effective.

  • Security fatigue? Shift your paradigm
    Computer, 2014
    Co-Authors: Gary Mcgraw
    Abstract:

    Software Security is the fastest growing paradigm in the IT Security field, and the Building Security in Maturity Model (BSIMM) project offers real-world measurements for assessment.

  • Building Security In maturity model
    2012 Faulkner Information Services, 2011
    Co-Authors: Gregory Mcgraw, Brian Chess, Gary Mcgraw, Sammy Miques
    Abstract:

    The Building Security In Maturity Model (BSIMM) is the result of a multi-year study of real- world software Security initiatives. We present the model as built directly out of data observed in forty-two software Security initiatives, from firms including: Adobe, Aon, Bank of America, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, Fannie Mae, Fidelity, Google, Intel, Intuit, Mashery, McKesson, Microsoft, Nokia, QUALCOMM, Sallie Mae, SAP, Scripps Networks Interactive, Sony Ericsson, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, Visa, VMware, Wells Fargo, and Zynga. The BSIMM is a measuring stick for software Security. The best way to use the BSIMM is to compare and contrast your own initiative with the data presented in the BSIMM. You can then identify goals and objectives of your own and look to the BSIMM to determine which further activities make sense for you. The BSIMM data show that high maturity initiatives are well rounded—carrying out numerous activities in all twelve of the practices described by the model. The model also describes how mature software Security initiatives evolve, change, and improve over time.

Syazilawati Mohamed - One of the best experts on this subject based on the ideXlab platform.

  • CSIE (6) - Design of Fusion Classifiers for Voice-Based Access Control System of Building Security
    2009 WRI World Congress on Computer Science and Information Engineering, 2009
    Co-Authors: Syazilawati Mohamed, Wahyudi Martono
    Abstract:

    Secure Buildings are currently protected from unauthorized access by a variety of devices. Nowadays, there are many kinds of devices to guarantee the Building Security such as PIN pads, keys both conventional and electronic, identity cards, cryptographic and dual control procedures. In this paper, voice-based biometric system is introduced for access control. The ability to verify the identity of a person by analyzing his/her speech, or speaker verification, is an attractive and relatively unobtrusive means of providing Security for admission into an important or secured place. An individual’s voice cannot be stolen, lost, forgotten, guessed, or impersonated with accuracy. In the field of speaker verification, the main objective is to achieve the highest possible classification accuracy. The proposed system focused on combining the classification scores. In score fusion, each feature set is modeled separately, and the output score of the classifiers are combined to give the overall match score. Furthermore, for each classifier score, an a priori weight is set based on the level of confidence of the feature set and the classifier. The classifiers involved in this work are Gaussian Mixture Models (GMMs), Multilayer Feedforward Network (MFN) and Support Vector Machines (SVMs). Experimental result confirms that in terms of false acceptance rate (FAR) and false rejection rate (FRR), the Fusion Classifiers is effective to use in the proposed system.

  • Design of Fusion Classifiers for Voice-Based Access Control System of Building Security
    2009 WRI World Congress on Computer Science and Information Engineering, 2009
    Co-Authors: Syazilawati Mohamed, Wahyudi Martono
    Abstract:

    Secure Buildings are currently protected from unauthorized access by a variety of devices. Nowadays, there are many kinds of devices to guarantee the Building Security such as PIN pads, keys both conventional and electronic, identity cards, cryptographic and dual control procedures. In this paper, voice-based biometric system is introduced for access control. The ability to verify the identity of a person by analyzing his/her speech, or speaker verification, is an attractive and relatively unobtrusive means of providing Security for admission into an important or secured place. An individualpsilas voice cannot be stolen, lost, forgotten, guessed, or impersonated with accuracy. In the field of speaker verification, the main objective is to achieve the highest possible classification accuracy. The proposed system focused on combining the classification scores. In score fusion, each feature set is modeled separately, and the output score of the classifiers are combined to give the overall match score. Furthermore, for each classifier score, an a priori weight is set based on the level of confidence of the feature set and the classifier. The classifiers involved in this work are Gaussian mixture models (GMMs), multilayer feedforward network (MFN) and support vector machines (SVMs). Experimental result confirms that in terms of false acceptance rate (FAR) and false rejection rate (FRR), the fusion classifiers is effective to use in the proposed system.

  • A Comparison of Gaussian Mixture and Artificial Neural Network Models for Voiced-based Access Control System of Building Security
    INTERNATIONAL SYMPOSIUM OF INFORMATION TECHNOLOGY 2008 VOLS 1-4 PROCEEDINGS: COGNITIVE INFORMATICS: BRIDGING NATURAL AND ARTIFICIAL KNOWLEDGE, 2008
    Co-Authors: Winda Astuti, Syazilawati Mohamed
    Abstract:

    Secure Buildings are currently protected from unauthorized access by a variety of devices. Nowadays, there are many kinds of devices to guarantee the Building Security such as PIN pods, keys both conventional and electronic, identity cards, cryptographic and dual control procedures. However, these conventional devices can be stolen, forgotten, lost, guessed or impersonated with accuracy. Biometric system based on behavioral and/or physiological characteristics of person becomes popular as an alternative method to overcome the problem of conventional method In this paper, voice-based biometric system is introduced for access control of Building Security. The ability to verify the identity of a person by analyzing his/her speech, or speaker verification, is an attractive and relatively unobtrusive means of providing Security for admission into an important or secured place. An individual's voice cannot be stolen, lost, forgotten, guessed, or impersonated with accuracy. In the proposed system, the access may be authorized simply by means of an enrolled user speaking into a microphone attached to the system. The proposed system then will decide whether to accept or reject the user's identity claim or possibly to report insufficient confidence and request additional input before making the decision. Two approaches are adopted and evaluated to model the authorized persons, namely classical Gaussian Mixture Model (GMM) and artificial neural network (ANN). Experimental result confirms that in terms of false acceptance rate (FAR) and false rejection rate (FRR), the proposed voice-based access control with ANN model is better than that with GMM.

  • intelligent voice based door access control system using adaptive network based fuzzy inference systems anfis for Building Security
    Journal of Computer Science, 2007
    Co-Authors: Winda Astuti, Syazilawati Mohamed
    Abstract:

    Secure Buildings are currently protected from unauthorized access by a variety of devices. Even though there are many kinds of devices to guarantee the system safety such as PIN pads, keys both conventional and electronic, identity cards, cryptographic and dual control procedures, the people voice can also be used. The ability to verify the identity of a speaker by analyzing speech, or speaker verification, is an attractive and relatively unobtrusive means of providing Security for admission into an important or secured place. An individual’s voice cannot be stolen, lost, forgotten, guessed, or impersonated with accuracy. Due to these advantages, this paper describes design and prototyping a voice-based door access control system for Building Security. In the proposed system, the access may be authorized simply by means of an enrolled user speaking into a microphone attached to the system. The proposed system then will decide whether to accept or reject the user’s identity claim or possibly to report insufficient confidence and request additional input before making the decision. Furthermore, intelligent system approach is used to develop authorized person models based on theirs voice. Particularly Adaptive-Network-based Fuzzy Inference Systems is used in the proposed system to identify the authorized and unauthorized people. Experimental result confirms the effectiveness of the proposed intelligent voice-based door access control system based on the false acceptance rate and false rejection rate.

Simon Herd - One of the best experts on this subject based on the ideXlab platform.

  • Building Security and trust in online banking
    Human Factors in Computing Systems, 2005
    Co-Authors: Maria Nilsson, Anne Adams, Simon Herd
    Abstract:

    Growing threats to online banking Security (e.g. phishing, personal identify fraud) and the personal nature of the data make the balance between Security, trust and usability vital. However, there is little published research about what influences users' perceptions of online banking Security and trust. This study identifies that the type of authentication system used can affect users' subsequent perceived control, situational awareness and trust. The results from a questionnaire and in-depth interviews with 86 participants were triangulated to compare two different authentication processes, namely, a 'Security box' (i.e. random system generated passwords at the users' location) and 'fixed passwords' (i.e. user owned and constant). The Security box and login procedures were perceived significantly more trustworthy and secure at any location than 'fixed passwords'. Four main concepts were identified: "trust" "the authentication system", "location" and "control". The implications of these findings for HCI are discussed.

  • CHI Extended Abstracts - Building Security and trust in online banking
    CHI '05 extended abstracts on Human factors in computing systems - CHI '05, 2005
    Co-Authors: Maria Nilsson, Anne Adams, Simon Herd
    Abstract:

    Growing threats to online banking Security (e.g. phishing, personal identify fraud) and the personal nature of the data make the balance between Security, trust and usability vital. However, there is little published research about what influences users' perceptions of online banking Security and trust. This study identifies that the type of authentication system used can affect users' subsequent perceived control, situational awareness and trust. The results from a questionnaire and in-depth interviews with 86 participants were triangulated to compare two different authentication processes, namely, a 'Security box' (i.e. random system generated passwords at the users' location) and 'fixed passwords' (i.e. user owned and constant). The Security box and login procedures were perceived significantly more trustworthy and secure at any location than 'fixed passwords'. Four main concepts were identified: "trust" "the authentication system", "location" and "control". The implications of these findings for HCI are discussed.

Haibo Ge - One of the best experts on this subject based on the ideXlab platform.

  • ICCT - Design and Implementation of Modbus Protocol for Intelligent Building Security
    2019 IEEE 19th International Conference on Communication Technology (ICCT), 2019
    Co-Authors: Haibo Ge
    Abstract:

    Internet of Things is a system where appliances are embedded with software, sensors and actuators. The devices are able to transfer data over a network and also communicate with each other [1]. The literature reports that many systems based on single mode of monitoring, power or lighting are not integrated into one control system, so there are complex control cumbersome, high operating costs. To solve this problem, we propose a Modbus protocol design for intelligent Building Security, All these perception-control-management are integrated into one system. This system adopts the Modbus protocol format for the data communication, the hardware system with processor as ARM5708 industry as the core development board development and design, Using Linux operating system, JavaWeb development and database management technology to achieve data interaction, display, storage, identification and other functions, Completed an embedded network communication protocol gateway and industrial design, and connects the traditional serial connection Modbus fieldbus and Ethernet communication, and finally the application is realized through Modbus TCP protocol. Compared with the previous Building Security design, we adopted Modbus bus control, which saved the resources of the core development board and effectively applied the Modbus TCP protocol and Modbus RTU protocol. The webpage control end realizes the collection of the temperature and humidity gas concentration of the intelligent Building and the detection of the human body infrared. For the purpose of verification and testing, a three-story Building prototype was built.

  • Design and Implementation of Modbus Protocol for Intelligent Building Security
    2019 IEEE 19th International Conference on Communication Technology (ICCT), 2019
    Co-Authors: Haibo Ge
    Abstract:

    Internet of Things is a system where appliances are embedded with software, sensors and actuators. The devices are able to transfer data over a network and also communicate with each other [1]. The literature reports that many systems based on single mode of monitoring, power or lighting are not integrated into one control system, so there are complex control cumbersome, high operating costs. To solve this problem, we propose a Modbus protocol design for intelligent Building Security, All these perception-control-management are integrated into one system. This system adopts the Modbus protocol format for the data communication, the hardware system with processor as ARM5708 industry as the core development board development and design, Using Linux operating system, JavaWeb development and database management technology to achieve data interaction, display, storage, identification and other functions, Completed an embedded network communication protocol gateway and industrial design, and connects the traditional serial connection Modbus fieldbus and Ethernet communication, and finally the application is realized through Modbus TCP protocol. Compared with the previous Building Security design, we adopted Modbus bus control, which saved the resources of the core development board and effectively applied the Modbus TCP protocol and Modbus RTU protocol. The webpage control end realizes the collection of the temperature and humidity gas concentration of the intelligent Building and the detection of the human body infrared. For the purpose of verification and testing, a three-story Building prototype was built.