论文和白皮书

atsec员工的专业知识是被公认的:我们是诸多国际组织的成员、会议的讲演者、以及书籍和论文的作者。

如下是我们一些报告和发表物。

主题
事件/ 媒体
作者/ 讲演者
商户和服务提供商分级和验证要求
[ read more]
Paper Haiwei Bai
基于PCI DSS的云用户数据安全标准白皮书(简版)
[ read more]
White Paper atsec与腾讯云
应用《网络设备安全保证计划》来提高电信设备的安全保障
[ read more]
Paper Zhipeng Zhang and Yan Liu
下一代密码模块安全标准探讨
[ read more]
Paper Di Li
PCI DSS V3.2再回首
——谈谈在2018年强制执行的要求
[ read more]
Paper Guohua Shen and Xiangdong Gao
参考PCI最佳实践合规GDPR个人数据保护
[ read more]
Paper Haiwei Bai and Yan Liu
PCI DSS V3.2变更分析
[ read more]
Paper Xiangdong Gao
全球支付卡安全产业动态
[ read more]
支付技术及信息安全研讨会 Yan Liu
支付产业数据安全保护机制
[ read more]
支付技术及信息安全研讨会 Di Li
Improving Policy based Security Specifications
[ read more]
2015 Community
Meetings
Gordon McIntosh
PCI DSS合规建设ASV扫描介绍
[ read more]
Paper Jinyun Chen and Changlong Wang
atsec Newsletter China 05/2015
[ read more]
Newsletter
国际CC认证体系和CCRA简介
[ read more]
Paper Yan
PA DSS 3.0标准更新解读
[ read more]
Paper Li Zhang
采用OTTPS保护
供应链安全
[ read more]
Paper Todd and Yan
PCI SSC 2014CM Payment Security In China
[ read more]
2014 Community
Meetings
Yan Liu
atsec Newsletter China 01/2014
[ read more]
Newsletter
PCI DSS标准V3.0变更分析
[ read more]
Paper Xiangdong Gao
ISO's Cryptographic Module Work
[ read more]
White Paper Fiona Pattinson
Implementation and assessment on cryptography for payment solutions
[ read more]
ICMC 2013 Yan Liu
atsec Newsletter China 04/2013
[ read more]
Newsletter
atsec Newsletter China 12/2012
[ read more]
Newsletter
Mobile Payment Solution
[ read more]
13th ICCC Yan Liu
浅谈信用卡收单机构和发卡机构PCI DSS合规
[ read more]
Paper Yan Liu
Why and How to Get Cryptographic Modules FIPS Validated
[ read more]
Whitepaper Yi Mao
Understanding Information Entropy
[ read more]
Whitepaper Yi Mao
IT Security Evaluation in China
[ read more]
13th ICCC Yi Mao
Experience with OSPP Evaluations
[ read more]
13th ICCC Krummeck
atsec Newsletter China 08/2012
[ read more]
Newsletter
众人拾柴火焰高,共筑支付安全
[ read more]
Paper Haiwei Bai
atsec移动支付安全方案简介
[ read more]
CMIS 2012 Yan Liu
atsec Newsletter China 04/2012
[ read more]
Newsletter
Is your randomness predictable?
(or, how to properly seed crypto libraries)
[ read more]
BSides Austin 2012 Ochel
atsec Newsletter USA 04/2012
[ read more]
Newsletter
水涨船高,我眼中的外部安全扫描
[ read more]
Paper Changlong Wang & Jinyun Chen
Common Criteria and Packages
[ read more]
Whitepaper Pattinson
atsec Newsletter Germany 02/2011
[ read more]
Newsletter various
FRITSA: Do You Understand How all of your IT Security Assurance Efforts fit Together?
[ read more]
ISSA Austin Fiona Pattinson
atsec Newsletter China 12/2011
[ read more]
Newsletter various
中国产品迎来FIPS 140丰收年
[ read more]
Paper Haiwei Bai
从研发角度理解CC
[ read more]
Paper Li Zhang
参考OWASP实现安全开发
[ read more]
Paper Xiangdong Gao
迎接支付安全的挑战,期待支付安全的春天
[ read more]
Paper Yan Liu & Jinyun Chen
PCI DSS合规建设ASV扫描介绍
[ read more]
Paper Jinyun Chen
如何高效地执行信息安全风险评估
[ read more]
Paper Xiangdong Gao
感受第十二届国际CC会议
[ read more]
Paper Haiwei Bai & Yan Liu
渗透测试助力PCI DSS合规建设
[ read more]
Paper Jinyun Chen
采用NASPO标准进行风险管理
[ read more]
Paper Li Zhang
Evaluating Third-Party Code: How Can It Be Trusted?
[ read more]
12th ICCC Cavness
From FIPS 140-2 to CC
[ read more]
12th ICCC Yi Mao
Comparative Study Between the Chinese Standards and the
[ read more]
12th ICCC Yi Mao, Chen, Liu
Fighting the Bean Counters
[ read more]
12th ICCC Krummeck
An Access Control Model for Applications on Mobile Devices using
[ read more]
12th ICCC Kurth, Huynh
atsec Newsletter USA 07/2011
[ read more]
Newsletter various
atsec Newsletter Germany 04/2011
[ read more]
Newsletter various
atsec Newsletter Germany 08/2011
[ read more]
Newsletter various
atsec Newsletter China 09/2011
[ read more]
Newsletter various
atsec Newsletter China 06/2011
[ read more]
Newsletter various
Penetration Testing as an Auditing Tool
[ read more]
ISACA Austin Meeting Jeremy Powell
移动支付领域安全建设的参考标准
[ read more]
China Mobile Payment Industry Summit Jinyun Chen
atsec Newsletter China 03/2011
[ read more]
Newsletter various
Penetration Testing as an Auditing Tool
[ read more]
ISACA Austin Meeting Jeremy Powell
Payment Card Industry Assessments & Privacy
[ read more]
IAPP Austin Pattinson
atsec Newsletter USA 02/2011
[ read more]
Newsletter various
PCI DSS数据安全标准V2.0变更分析
[ read more]
Paper Xiangdong Gao
atsec Newsletter Germany 01/2011
[ read more]
Newsletter various
SCAP标准简介
[ read more]
IETF79 Li Zhang
Inherent Problems in the Information Technology Supply Chain
[ read more]
26th ACSAC poster session Courtney Cavness
atsec Newsletter USA 12/2010
[ read more]
Newsletter various
atsec Newsletter China 11/2010
[ read more]
Newsletter various
Building the IBM 4758 Secure Coprocessor
[ read more]
IBM Research Publications Weingart et al.
What to expect from a PCI QSA led assessment
[ read more]
Presentation Fiona Pattinson
Migrating to OSPP
[ read more]
11th ICCC Conference Krummeck, Penny, Robinson
Improving the Flexibility and Applicability of Protection Profiles
[ read more]
11th ICCC Conference Helmut Kurth
Becoming a CNAS Laboratory
[ read more]
11th ICCC Conference Yi Mao
Untrusted Developers: Code Integrity in a Distributed Development Environment
[ read more]
ISSA Journal 10/2010 Cavness, Kurth, Mueller
atsec Newsletter Germany 09/2010
[ read more]
Newsletter various
atsec Newsletter US 07/2010
[ read more]
Newsletter various
How Does Your Company抯 Identity Security Compare with that of the Federal Government?
[ read more]
ISSA Meeting Auston Holt
Are You Prepared to Successfully Pass a PCI-DSS and/or a FISMA Certification Assessment?
[ read more]
SHARE Conference Pattinson
Making Sure of Security: Contrasting FISMA and ISO/IEC 27001
[ read more]
White Paper Pattinson
atsec Newsletter US 02/2010
[ read more]
Newsletter various
Payment Card Industry Compliance For Large Computing Systems
[ read more]
White Paper various
atsec Newsletter Germany 12/2009
[ read more]
Newsletter various
Secure Network Zones
[ read more]
ISSE 2009 Wimmer
Evidence based Evaluations Chances and Challenges
[ read more]
10th ICCC Kurth
Trusting Virtual Trust
[ read more]
10th ICCC Powell
Taking White Hats to the Laundry: How to Strengthen Testing in CC
[ read more]
10th ICCC Vassilev
An Attack Surface based Approach to Evaluation
[ read more]
10th ICCC Kurth
atsec Newsletter Germany 08/2009
[ read more]
Newsletter various authors
Assurance in Implementation Correctness of Cryptographic Algorithms Gained Through the NIST Cryptographic Algorithm Validation Program
[ read more]
Whitepaper Pattinson
Heiter bis Wolkig
[ read more]
iX - 5/2009 Mueller
Common Criteria: National Validation Scheme Differences: CCEVS, CSEC and BSI
[ read more]
Whitepaper Pattinson, Hake, Krummeck, Persson
Secure Coding Guidelines
[ read more]
White paper Shiralkar, Grove
Penetration Testing in der Praxis
[ read more]
Talk at FH BRS Wienzek
FIPS 140-2 DTR XML Templates
[ read more]
ZIP archive Masino
Introducing Assurance Measures for Security Target
[ read more]
9th ICCC, Korea Yi Mao
Integration of Architectural Requirements into the CC Structure 9th ICCC, Korea Kurth, Pingel
Measuring the Effectiveness of a Security Development Process 9th ICCC, Korea Kurth, Grimm
Designing the Trusted Service Bus for EAL5
[ read more]
9th ICCC, Korea Ochel
Comparison of CC Functionality & FISMA 800-53 Controls
[ read more]
White paper Fiona Pattinson
Using SCAP to Detect Vulnerabilities
[ read more]
White paper S. Weingart
Personal Brokerage of Web Service Access
[ read more]
IEEE Security and Privacy, vol. 5, no. 5, pp. 24-31, Sept/Oct, 2007 A. Vassilev
Smart cards and the holy grail of Internet security
[ read more]
Keynote presentation at the International symposium on Recent Developments in Cryptography and Information Security, August 29-31, 2007 A. Vassilev
Security benefits from OS virtualization: Real or Virtual?
[ read more]
White paper A. Vassilev
The futility of secrets? Opinion, Information Security, p.10, March 2007 A. Vassilev
Do Federal Security Regulations help? Opinion, Information Security, p.10, January 2007 A. Vassilev
You say potayto, I say potato: Bridging PKI standards with a .NET smart card
[ read more]
E-Smart 2006, September, 2006, Sophia-Antipolis, French Riviera, France A. Vassilev
Microsoft Smart Card Cryptographic Support with Cryptoflex .NET Smart Card Cartes 2005 International Conference, Paris, France A. Vassilev
Authentication Framework for Real People
[ read more]
E-Smart 2004, September 22-24, 2004, Sophia-Antipolis, French Riviera, France A. Vassilev
Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defenses 2008
[ read more]
Whitepaper Weingart
Operating System Evaluations - What security functionality is expected
[ read more]
8th ICCC, Rome Kurth, Farrel (IBM)
How To Eat A Mammoth
[ read more]
8th ICCC, Rome Krummeck
Economical Use of Formal Methods
[ read more]
8th ICCC, Rome Yi Mao
Secure System Design
[ read more]
8th ICCC, Rome Pattinson
CC in the Real World
[ read more]
8th ICCC, Rome Pattinson
XML-based Security Targets for tool-supported evaluations
[ read more]
8th ICCC, Rome Ochel
CC quick reference
[ read more]
atsec document Pattinson
Dumm gelaufen - Stromausfall am Wochenende
[ read more]
Behoerdenspiegel, Germany atsec GmbH
A quick quide to the Linux evaluations
[ read more]
White Paper Mueller, Pattinson
Certifying Information Security Management Systems
[ read more]
White Paper Fiona Pattinson
Wireless Intrusion Detection und Prevention Systeme � Ein 躡erblick
[ read more]
BSI Kongress 2007, Bonn Hofherr
Wireless Intrusion detection
[ read more]
14. DFN-CERT Workshop "Sicherheit in vernetzten Systemen" Hofherr
How to Write Site Security Targets
[ read more]
7th ICCC Conference, Lanzarote Krummeck
Applying the Draft CC Version 3.0 to Linux - Experience from a Trial Evaluation
[ read more]
7th ICCC Conference, Lanzarote Kurth
Addressing consumer needs to increase the demand for Common
[ read more]
7th ICCC Conference, Lanzarote Ochel
IT Security Assurance and Common Criteria
[ read more]
TickIT International Pattinson
WLAN Sicherheit Book, Heise Verlag Hofherr
Efficient CC Evaluations
[ read more]
atsec website Mueller
Information Security Assurance - Why there's no single solution
[ read more]
Information Storage + Security Journal Pattinson
Deriving Security for Mixed IT System Architectures from Evaluated Products
[ read more]
6th International Common Criteria Conference, Tokyo, 2005 Ochel
"Aktuelle Erfahrungen mit der Evaluierung von Open Source Software" 04/2005 Kurth
Garantiert sicher - Evaluierung von IT-Sicherheit.
[ read more]
iX Magazin f黵 professionelle Informationstechnik, 05/2005 Ochel
"BS 7799-2 and the CC" Supporting the Business of Software Development
[ read more]
5th International Common Criteria Conference, Berlin, 09/2004 Pattinson
The Evaluated Configuration - Defining a user-friendly Target of Evaluation
[ read more]
5th International Common Criteria Conference, Berlin, 09/2004 Mueller, Ochel
Second IEEE International Information Assurance Workshop, 2004 Kurth
Security Assurance: Smart Cards and the Bigger Picture
[ read more]
CardTech Secur tech, 2004 Pattinson
Debian on Handheld Computers
[ read more]
UKUUG Linux 2003 Conference, Edinburgh, Scotland, 2003 Weidner
PKI soll sichere Kommunikation gew鋒rleisten
[ read more]
Magazin fuer professionelle Informationstechnik, 09/2001 Ochel, Weissmann
e-business Risk Management with Tivoli Risk Manager
[ read more]
IBM Redbook, 2001 Wimmer
Revision control using RCS and vic
[ read more]
Internal Training, 2001 Weidner
Unix tools and software compilation
[ read more]
Internal Training, 2001 Weidner
Reflections on Trusting Trusted Third Parties 23rd NISSC, Baltimore, 2000 Kurth
KRISIS - Key Recovery in Secure Information Systems The Open Group Security Program Group Meeting, Amsterdam, 1998 Kurth
Business Use of Cryptography
[ read more]
The Copenhagen Hearing, 1998 Kurth
Falsch Verbunden - Gefahr durch DNS-Spoofing [dangers of DNS spoofing]
[ read more]
c't, 10/1997 Weidner
The Future of Electronic Commerce 20th NISSC, Baltimore, 1997 Kurth
Kabelsalat: Ethernet f黵 Einsteiger
[ read more]
Linux Magazin, 05/1996 Weidner
Integration of Digital Signatures into the European Business Register 19th NISSC, Baltimore, 1996 Kurth
Security Assurance in Information Systems S. K. Katsikas and D. Gritzalis (ed), Information Systems Security: Facing the Information Society of the of the 21st Centrury, Chapman & Hall, 1996 Kurth
Proceedings of ESORICS `96 ESORICS, Rome, 1996 Kurth
Linux for Workgroups
[ read more]
Linux Magazin, 08/1995 Weidner
Security Assurance Issues for TTP Services TEDIS EDITT Workshop, Barcelona, 1995 Kurth u.a.
The TMach Experience 18th NISSC, Baltimore, 1995 Kurth
"Der Weihnachtsmann kommt nicht" (Software selbst installiert) Linux Magazin, 12/1994 Weidner
"Emacs-Zaubereien: GNU Calc"
[ read more]
Linux Magazin, 11/1994 Weidner
"Emacs-Zaubereien: gcc und gdb" Linux Magazin, 10/1994 Weidner
Security Evaluations in Practice Panel, ESORICS, 1994 Kurth
Apparent Differences Between the US TCSEC and the European ITSEC 14th Nat'l Computer Security Conf., Washington, 1991 Kurth
Formale Spezifikation und Verifikation - Ein 躡erblick VIS, 1991 Kurth
Security Apects in CALS CALS Europe, 1990 Kurth
Paper Output Labeling in a Dedicated System Running under MVS, Proceedings of the 8th NCSC, Gaithersburg, 1985 Kurth
Problem areas in electronic signatures
[ read more]
7. Deutscher Pr鋠entionstag, D黶seldorf Ochel
The AIX Survival Guide
[ read more]
Addison-Wesley Siegert