Disputas: Süleyman Kondacki

Süleyman Kondacki ved Institutt for informatikk vil forsvare sin avhandling for graden dr.philos. (doctor philosophiae): CSAIF: A Compound Security Analysis and Implementation Framework

Tid og sted: 9. des. 2008 13:15, Lille auditorium, Informatikkbygningen, Gaustad

Prøveforelesninger

Se prøveforelesning Se prøveforelesning

Bedømmelseskomité

Associate Professor Christian Damsgaard Jensen, Institut for Informatik og Matematisk Modellering, Danmarks Tekniske Universitet, Kgs. Lyngby, Danmark
Professor Svein Johan Knapskog, Institutt for telematikk, NTNU, Trondheim
Førsteamanuensis II Naci Akkøk, Institutt for informatikk, Universitetet i Oslo

Leder av disputas: Dag Langmyhr

Sammendrag

This dissertation presents a framework of concepts (CSAIF) for integrating management tasks in information security. CSAIF is a compound framework comprised of risk analysis, security planning, validation and improvement, and evaluation methodologies. These methodologies are intended to enable information security administrators and evaluators to easily maintain lifecycle security in a proactive manner. The research resulted in useful methodologies, models, and tools, such as determination of risk propagation and validation methods applied to security designs, evaluation of operational and newly designed security solutions, realistic worm/virus spread and extinction models, and design of a secure protocol used for security assesssments over the Internet and public networks.

As presented in a collection of publications, there are several contributions of CSAIF: primarily, it offers the development of efficient, scalable, and easily applicable methods for self-risk assessment, improved security design, and guidance for lifecycle security maintenance. It also provides complementary functions that can be used by test and evaluation facilities and institutions. The CSAIF framework builds on a compound (interrelated) concept, which contains security threat analysis, worm modeling, new approaches for quantitative risk management, design validation (assessment and improvement), and a remote security evaluation protocol called RSEP. It also provides guidelines and specifications that can be used to improve existing solutions and to develop assessment tools.

The thesis is based on a collection of research work published by the doctoral candidate, while involved in various information security projects internationally, mostly in Turkey.

Kontaktperson

For mer informasjon, kontakt Lena Korsnes.

Publisert 30. mars 2012 15:40 - Sist endret 13. apr. 2012 10:17