Articles and White Papers
atsec employees' expertise is in demand: we are members of international boards, speakers on conferences, and authors of books and articles.
Here are some examples of our reports and publications. You can sort them by 
You can also select specific topics like
| Topic |
Event/ Medium |
Author/ Speaker |
|---|---|---|
| Authentication Framework for Smart Cards,” Lecture Notes In Informatics (Gesellschaft für Informatik Edition) | BIOSIG 2003: Biometrics and Electronic Signatures vol. P-31, 51-59, 2003. ISBN 3-88579-360-1 | A. Vassilev |
| Examining the impact of .NET on smart card middleware | Software Architecture and Design Conference, Houston, Texas, September 8-10, 2003 | A. Vassilev |
Authentication Framework for Real People  read more] |
E-Smart 2004, September 22-24, 2004, Sophia-Antipolis, French Riviera, France | A. Vassilev |
| Microsoft Smart Card Cryptographic Support with Cryptoflex .NET Smart Card | Cartes 2005 International Conference, Paris, France | A. Vassilev |
You say potayto, I say potato: Bridging PKI standards with a .NET smart card  read more] |
E-Smart 2006, September, 2006, Sophia-Antipolis, French Riviera, France | A. Vassilev |
| Do Federal Security Regulations help? | Opinion, Information Security, p.10, January 2007 | A. Vassilev |
| The futility of secrets? | Opinion, Information Security, p.10, March 2007 | A. Vassilev |
Security benefits from OS virtualization: Real or Virtual?  read more] |
White paper | A. Vassilev |
| Smart cards and the holy grail of Internet security read more] |
Keynote presentation at the International symposium on Recent Developments in Cryptography and Information Security, August 29-31, 2007 | A. Vassilev |
| Personal Brokerage of Web Service Access read more] |
IEEE Security and Privacy, vol. 5, no. 5, pp. 24-31, Sept/Oct, 2007 | A. Vassilev |
| Dumm gelaufen - Stromausfall am Wochenende read more] |
Behoerdenspiegel, Germany | atsec GmbH |
| How Does Your Company’s Identity Security Compare with that of the Federal Government? read more] |
ISSA Meeting | Auston Holt |
| Evaluating Third-Party Code: How Can It Be Trusted? read more] |
12th ICCC | Cavness |
| Untrusted Developers: Code Integrity in a Distributed Development Environment read more] |
ISSA Journal, vol. 8, no. 10, pp. 38-41. | Cavness, C., Kurth, H. & Mueller |
| Untrusted Developers - Code Integrity in a Distributed Development Environment read more] |
White Paper | Cavness, Kurth, Mueller |
| Inherent Problems in the Information Technology Supply Chain read more] |
26th ACSAC poster session | Courtney Cavness |
| Inherent Problems in the Information Technology Supply Chain read more] |
Poster for 26th ACSAC | Courtney Cavness |
| Certifying Information Security Management Systems read more] |
White Paper | Fiona Pattinson |
| Comparison of CC Functionality & FISMA 800-53 Controls read more] |
White paper | Fiona Pattinson |
| What to expect from a PCI QSA led assessment read more] |
Presentation | Fiona Pattinson |
| FIPS 140-2 Validation for Project Managers and Developers read more] |
Presentation | Fiona Pattinson |
| FRITSA: Do You Understand How All of Your IT Security Assurance Efforts Fit Together? read more] |
ISSA Austin Meeting | Fiona Pattinson |
| FRITSA: Do You Understand How all of your IT Security Assurance Efforts fit Together? read more] |
ISSA Austin | Fiona Pattinson |
| Richtig investieren in die IT-Sicherheit | KES 3, Juli 2002 | Gerald Krummeck |
| Pragmatische Umsetzung von Sicherheitspolitiken auf dem Weg ins Internet | 5. Deutscher IT-Sicherheitskongreß des BSI 1997 | Gerald Krummeck |
| Firewalls – Anforderungen, Konzepte und Lösungen | unix / mail 14 | Gerald Krummeck |
| Schlechte Karten für Schnüffler im Netz | vdi-Nachrichten (1996) | Gerald Krummeck |
| Eine Frage der inneren Sicherheit | Frankfurter Allgemeine Zeitung (1996) | Gerald Krummeck |
| Informationstechnik zur Fahrerunterstützung im Straßenverkehr. Technikfolgen-Abschätzung zur Sicherheit in der Informationstechnik. | Bundesamt f. Sicherheit i.d. Informationstechnik (BSI), 1995, 104 S. (Schriftenreihe zur IT-Sicherheit in der IT-Technik, Band 6) (ISI-B-21-95) | Gerald Krummeck |
| Chipkarten im Gesundheitswesen. Technikfolgen-Abschätzung zur Sicherheit in der Informationstechnik. | Bundesamt f. Sicherheit i.d. Informationstechnik (BSI), 1995, 113 S.(Schriftenreihe zur IT-Sicherheit in der IT-Technik Band 5) (ISI-B-20-95) | Gerald Krummeck |
| Improving the Flexibility and Applicability of Protection Profiles read more] |
11th ICCC Conference | Helmut Kurth |
| WLAN Sicherheit | Book, Heise Verlag | Hofherr |
| Wireless Intrusion Detection und Prevention Systeme – Ein Überblick read more] |
BSI Kongress 2007, Bonn | Hofherr |
| Wireless Intrusion detection read more] |
14. DFN-CERT Workshop "Sicherheit in vernetzten Systemen" | Hofherr |
| infoSecEvaluations. setLocation(“Austin”); read more] |
UT lecture | Holt, Powell |
| Distributed Cache Index | Conference of Communication in Distributed Systems, Frankfurt (Germany), 1999 | Isabell Fouquet |
| Penetration Testing as an Auditing Tool read more] |
ISACA Austin Meeting | Jeremy Powell |
| Escrowed Data and the Digital Envelope read more] |
Paper | King Ables |
| Linux security best practices for Linux server systems read more] |
TechTarget | King Ables |
| How to Write Site Security Targets read more] |
7th ICCC Conference, Lanzarote | Krummeck |
| How To Eat A Mammoth read more] |
8th ICCC, Rome | Krummeck |
| Fighting the Bean Counters read more] |
12th ICCC | Krummeck |
| Migrating to OSPP read more] |
11th ICCC Conference | Krummeck, Penny, Robinson |
| Paper Output Labeling in a Dedicated System Running under MVS, Proceedings of the | 8th NCSC, Gaithersburg, 1985 | Kurth |
| Security Apects in CALS | CALS Europe, 1990 | Kurth |
| Formale Spezifikation und Verifikation - Ein Überblick | VIS, 1991 | Kurth |
| Apparent Differences Between the US TCSEC and the European ITSEC | 14th Nat'l Computer Security Conf., Washington, 1991 | Kurth |
| Security Evaluations in Practice | Panel, ESORICS, 1994 | Kurth |
| The TMach Experience | 18th NISSC, Baltimore, 1995 | Kurth |
| Proceedings of ESORICS `96 | ESORICS, Rome, 1996 | Kurth |
| Security Assurance in Information Systems | S. K. Katsikas and D. Gritzalis (ed), Information Systems Security: Facing the Information Society of the of the 21st Centrury, Chapman & Hall, 1996 | Kurth |
| Integration of Digital Signatures into the European Business Register | 19th NISSC, Baltimore, 1996 | Kurth |
| The Future of Electronic Commerce | 20th NISSC, Baltimore, 1997 | Kurth |
| Business Use of Cryptography read more] |
The Copenhagen Hearing, 1998 | Kurth |
| KRISIS - Key Recovery in Secure Information Systems | The Open Group Security Program Group Meeting, Amsterdam, 1998 | Kurth |
| Reflections on Trusting Trusted Third Parties | 23rd NISSC, Baltimore, 2000 | Kurth |
| Increased information flow needs for high-assurance composite evaluations read more] |
Second IEEE International Information Assurance Workshop, 2004 | Kurth |
| "Aktuelle Erfahrungen mit der Evaluierung von Open Source Software" | Kurth | |
| How Useful are Product Security Certifications for Users of Products? read more] |
ZISC Information Security Colloquium SS 2005 | Kurth |
| Applying the Draft CC Version 3.0 to Linux - Experience from a Trial Evaluation read more] |
7th ICCC Conference, Lanzarote | Kurth |
| An Attack Surface based Approach to Evaluation read more] |
10th ICCC | Kurth |
| Evidence based Evaluations Chances and Challenges read more] |
10th ICCC | Kurth |
| Security Assurance Issues for TTP Services | TEDIS EDITT Workshop, Barcelona, 1995 | Kurth u.a. |
| Operating System Evaluations - What security functionality is expected read more] |
8th ICCC, Rome | Kurth, Farrel (IBM) |
| Measuring the Effectiveness of a Security Development Process | 9th ICCC, Korea | Kurth, Grimm |
| An Access Control Model for Applications on Mobile Devices using Common Criteria Certifications read more] |
12th ICCC | Kurth, Huynh |
| Common Criteria Certification in China: A comparison with the schemes of the CCRA read more] |
atsec website | Kurth, Liu, Ochel, Pattinson, Li |
| Integration of Architectural Requirements into the CC Structure | 9th ICCC, Korea | Kurth, Pingel |
| Introducing Assurance Measures for Security Target read more] |
9th ICCC, Korea | Mao |
| From FIPS 140-2 to CC read more] |
12th ICCC | Mao |
| Comparative Study Between the Chinese Standards and the Common Criteria read more] |
12th ICCC | Mao, Chen, Liu |
FIPS 140-2 DTR XML Templates  read more] |
ZIP archive | Masino |
| Efficient CC Evaluations read more] |
atsec website | Mueller |
| Heiter bis Wolkig read more] |
iX - 5/2009 | Mueller |
| KVM Security Comparison read more] |
White Paper | Mueller |
| The Evaluated Configuration - Defining a user-friendly Target of Evaluation read more] |
5th International Common Criteria Conference, Berlin, 09/2004 | Mueller, Ochel |
| A quick quide to the Linux evaluations read more] |
White Paper | Mueller, Pattinson |
| Problem areas in electronic signatures read more] |
7. Deutscher Präventionstag, Düsseldorf | Ochel |
| Beyond Common Criteria’s Mutual Recognition read more] |
White Paper | Ochel |
| Garantiert sicher - Evaluierung von IT-Sicherheit. read more] |
iX Magazin für professionelle Informationstechnik, 05/2005 | Ochel |
| Deriving Security for Mixed IT System Architectures from Evaluated Products read more] |
6th International Common Criteria Conference, Tokyo, 2005 | Ochel |
| Addressing consumer needs to increase the demand for Common read more] |
7th ICCC Conference, Lanzarote | Ochel |
| XML-based Security Targets for tool-supported evaluations read more] |
8th ICCC, Rome | Ochel |
| Designing the Trusted Service Bus for EAL5 read more] |
9th ICCC, Korea | Ochel |
| Beyond Common Criteria’s Mutual Recognition read more] |
White Paper | Ochel |
| Is your randomness predictable? (or, how to properly seed crypto libraries) read more] |
BSides Austin 2012 | Ochel |
| PKI soll sichere Kommunikation gewährleisten read more] |
Magazin fuer professionelle Informationstechnik, 09/2001 | Ochel, Weissmann |
| Are You Prepared to Successfully Pass a PCI-DSS and/or a FISMA Certification Assessment? read more] |
SHARE Conference | Pattinson |
| Security Assurance: Contrasting FISMA and ISO/IEC 27001 read more] |
White Paper | Pattinson |
| Security Assurance: Smart Cards and the Bigger Picture read more] |
CardTech Secur tech, 2004 | Pattinson |
| "BS 7799-2 and the CC" Supporting the Business of Software Development read more] |
5th International Common Criteria Conference, Berlin, 09/2004 | Pattinson |
| Information Security Assurance - Why there's no single solution read more] |
Information Storage + Security Journal | Pattinson |
| IT Security Assurance and Common Criteria read more] |
TickIT International | Pattinson |
| CC quick reference read more] |
atsec document | Pattinson |
| CC in the Real World read more] |
8th ICCC, Rome | Pattinson |
| Secure System Design read more] |
8th ICCC, Rome | Pattinson |
| Assurance in Implementation Correctness of Cryptographic Algorithms Gained Through the NIST Cryptographic Algorithm Validation Program read more] |
Whitepaper | Pattinson |
| Payment Card Industry Assessments & Privacy read more] |
IAPP Austin | Pattinson |
| Common Criteria and Packages read more] |
Whitepaper | Pattinson |
| Common Criteria: National Validation Scheme Differences: CCEVS, CSEC and BSI read more] |
Whitepaper | Pattinson, Hake, Krummeck, Persson |
| Trusting Virtual Trust read more] |
10th ICCC | Powell |
| atsec publishes Content Description of PAS 56:2003 "Guide to business continuity management" read more] |
atsec website | Rauer |
| Using SCAP to Detect Vulnerabilities read more] |
White paper | S. Weingart |
| Secure Coding Guidelines read more] |
White paper | Shiralkar, Grove |
| The AIX Survival Guide read more] |
Addison-Wesley | Siegert |
| atsec Newsletter USA 02/2010 read more] |
Newsletter | various |
| Payment Card Industry Compliance For Large Computing Systems read more] |
White Paper | various |
| atsec Newsletter Germany 12/2009 read more] |
Newsletter | various |
| atsec Newsletter USA 07/2010 read more] |
Newsletter | various |
| atsec Newsletter Germany 09/2010 read more] |
Newsletter | various |
| atsec Newsletter China 11/2010 read more] |
Newsletter | various |
| atsec Newsletter USA 12/2010 read more] |
Newsletter | various |
| atsec Newsletter Germany 01/2011 read more] |
Newsletter | various |
| atsec Newsletter USA 02/2011 read more] |
Newsletter | various |
| atsec Newsletter Germany 04/2011 read more] |
Newsletter | various |
| atsec Newsletter USA 07/2011 read more] |
Newsletter | various |
| atsec Newsletter China 06/2011 read more] |
Newsletter | various |
| atsec Newsletter Germany 08/2011 read more] |
Newsletter | various |
| atsec Newsletter China 09/2011 read more] |
Newsletter | various |
| atsec Newsletter USA 10/2011 read more] |
Newsletter | various |
| atsec Newsletter China 12/2011 read more] |
Newsletter | various |
| atsec Newsletter Germany 02/2011 read more] |
Newsletter | various |
| atsec Newsletter USA 04/2012 read more] |
Newsletter | various |
| atsec Newsletter China 04/2012 read more] |
Newsletter | various |
| atsec Newsletter Germany 08/2009 read more] |
Newsletter | various authors |
| Taking White Hats to the Laundry: How to Strengthen Testing in CC read more] |
10th ICCC | Vassilev |
| "Emacs-Zaubereien: gcc und gdb" | Linux Magazin, 10/1994 | Weidner |
| "Emacs-Zaubereien: GNU Calc" read more] |
Linux Magazin, 11/1994 | Weidner |
| "Der Weihnachtsmann kommt nicht" (Software selbst installiert) | Linux Magazin, 12/1994 | Weidner |
| Linux for Workgroups read more] |
Linux Magazin, 08/1995 | Weidner |
| Kabelsalat: Ethernet für Einsteiger read more] |
Linux Magazin, 05/1996 | Weidner |
| Falsch Verbunden - Gefahr durch DNS-Spoofing [dangers of DNS spoofing] read more] |
c't, 10/1997 | Weidner |
| Unix tools and software compilation read more] |
Internal Training, 2001 | Weidner |
| Revision control using RCS and vic read more] |
Internal Training, 2001 | Weidner |
| Debian on Handheld Computers read more] |
UKUUG Linux 2003 Conference, Edinburgh, Scotland, 2003 | Weidner |
| Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defenses 2008 read more] |
Whitepaper | Weingart |
| Building the IBM 4758 Secure Coprocessor read more] |
IBM Research Publications | Weingart et al. |
| Penetration Testing in der Praxis read more] |
Talk at FH BRS | Wienzek |
| e-business Risk Management with Tivoli Risk Manager read more] |
IBM Redbook, 2001 | Wimmer |
| Secure Network Zones read more] |
ISSE 2009 | Wimmer |
| S(I|E)M – Ein Praxisbericht read more] |
White paper | Wimmer, Hofherr |
| SIEM – Ein Praxisbericht read more] |
16. DFN Workshop 2009 | Wimmer, Hofherr |
| Economical Use of Formal Methods read more] |
8th ICCC, Rome | Yi Mao |
| Becoming a CNAS Laboratory read more] |
11th ICCC Conference | Yi Mao |
