Logo des Repositoriums

Auflistung nach Autor:in "Katt, Basel"

1 - 2 von 2
  • Konferenzbeitrag
    Meeting EHR security requirements: authentication as a security service
    (perspeGKtive 2010. Workshop „Innovative und sichere Informationstechnologie für das Gesundheitswesen von morgen“, 2010) Katt, Basel; Trojer, Thomas; Breu, Ruth; Schabetsberger, Thomas; Wozak, Florian
    Electronic Health Record (EHR) is a promising concept to collect and manage electronic health information of all citizens. Integration the Heathcare Enterprise (IHE) was one of the first initiatives that aims at standardizing the way healthcare systems exchanging information in a distributed environment. Based on EHR concepts and IHE profiles different approaches have been introduced in the industry and the literature to implement and apply solutions for different stakeholders in the healthcare domain (see e.g., http://www.ith-icoserve.com/). Due to the sensitivity of the data dealt with in these systems, security is a major concern that must be considered. In previous work we have presented a general architectural solution to apply the evolving Security as a Service (SeAAS) paradigm in distributed architectures for EHR in conformance to IHE-proposed profiles. While our architecture proposed is generic and covers all security requirements, we focus in this work on one security requirement, namely, authentication and show how it can be offered as a service while adhering to IHE profiles.1
  • Konferenzbeitrag
    Source Code Patterns of Buffer Overflow Vulnerabilities in Firefox
    (SICHERHEIT 2018, 2018) Schuckert, Felix; Hildner, Max; Katt, Basel; Langweg, Hanno
    We investigated 50 randomly selected buffer overflow vulnerabilities in Firefox. The source code of these vulnerabilities and the corresponding patches were manually reviewed and patterns were identified. Our main contribution are taxonomies of errors, sinks and fixes seen from a developer's point of view. The results are compared to the CWE taxonomy with an emphasis on vulnerability details. Additionally, some ideas are presented on how the taxonomy could be used to improve the software security education.