Digital signatures are a key technology for many Internet-based commercial and administrative applications and, therefore, an increasingly popular target of attacks. Due to their strong cryptographic properties an attacker is more likely to subvert them with malicious software, ie Trojan horse programs. We show that by fusing two techniques, our… (More)
We survey existing security metrics in software architecture and software engineering. Metrics are adapted to indicate resistance of an application against local malicious software (malware) attacks. A repository of generic attacks is presented as well as the concept of resistance classes for software products.
Electronic signatures are introduced by more and more countries as legally binding means for signing electronic documents with the primary hope of boosting e-commerce and e-government. Given that the underlying cryptographic methods are sufficiently strong, attacks by Trojan horse programs on electronic signatures are becoming increasingly popular. Most of… (More)
This paper presents a classification of attacks by malicious software. Unlike previous schemes, it focuses on application software instead of operating systems. We classify attacks pertaining to input, processing, and output of an application. Our scheme can be used to adapt testing strategies and is intended as a step towards developing a security metric… (More)
1. Abstract The protection qualities of discretionary access control systems realised by today's prevalent operating systems are based on an assessment of the trustworthiness of users. By starting a program a user transfers his trustworthiness to it, ie, there is the tacit assumption that the program's trustwor-thiness at least matches that of the user.… (More)
Technology aimed at making life easier for game developers is an issue of controversy among security experts. Objections arise out of concerns of stability of a game-friendly platform. However, this kind of programming interfaces can be used to promote security as well. We use Microsoft's DirectX platform to access input and output devices directly. Thereby… (More)