Open Access. Powered by Scholars. Published by Universities.®
- Discipline
- Publication
- Publication Type
Articles 1 - 2 of 2
Full-Text Articles in Computer Engineering
A Formal Specification In Jml Of The Java Security Package, Poonam Agarwal, Carlos E. Rubio-Medrano, Yoonsik Cheon, Patricia J. Teller
A Formal Specification In Jml Of The Java Security Package, Poonam Agarwal, Carlos E. Rubio-Medrano, Yoonsik Cheon, Patricia J. Teller
Departmental Technical Reports (CS)
The Java security package allows a programmer to add security features to Java applications. Although the package provides a complex application programming interface (API), its informal description, e.g., Javadoc comments, is often ambiguous or imprecise. Nonetheless, the security of an application can be compromised if the package is used without a concrete understanding of the precise behavior of the API classes and interfaces, which can be attained via formal specification. In this paper, we present our experiences in formally specifying the Java security package in JML, a formal behavior interface specification language for Java. We illustrate portions of our JML …
Alphaco: A Teaching Case On Information Technology Audit And Security, Hüseyin Tanriverdi, Joshua Bertsch, Jonathan Harrison, Po-Ling Hsiao, Ketan S. Mesuria, David Hendrawirawan
Alphaco: A Teaching Case On Information Technology Audit And Security, Hüseyin Tanriverdi, Joshua Bertsch, Jonathan Harrison, Po-Ling Hsiao, Ketan S. Mesuria, David Hendrawirawan
Journal of Digital Forensics, Security and Law
Recent regulations in the United States (U.S.) such as the Sarbanes-Oxley Act of 2002 require top management of a public firm to provide reasonable assurance that they institute internal controls that minimize risks over the firm’s operations and financial reporting. External auditors are required to attest to the management’s assertions over the effectiveness of those internal controls. As firms rely more on information technology (IT) in conducting business, they also become more vulnerable to IT related risks. IT is critical for initiating, recording, processing, summarizing and reporting accurate financial and non-financial data. Thus, understanding IT related risks and instituting internal …