Articles and White Papers
atsec employees' expertise is in demand: we are members of international boards, speakers on conferences, and authors of books and articles.
Here are some examples of our reports and publications. You can sort them by 
You can also select specific topics like
| Topic |
Event/ Medium |
Author/ Speaker |
|---|---|---|
An Attack Surface based Approach to Evaluation  read more] |
10th ICCC | Kurth |
| Taking White Hats to the Laundry: How to Strengthen Testing in CC read more] |
10th ICCC | Vassilev |
| Trusting Virtual Trust read more] |
10th ICCC | Powell |
| Evidence based Evaluations Chances and Challenges read more] |
10th ICCC | Kurth |
Becoming a CNAS Laboratory  read more] |
11th ICCC Conference | Yi Mao |
| Improving the Flexibility and Applicability of Protection Profiles read more] |
11th ICCC Conference | Helmut Kurth |
| Migrating to OSPP read more] |
11th ICCC Conference | Krummeck, Penny, Robinson |
| An Access Control Model for Applications on Mobile Devices using Common Criteria Certifications read more] |
12th ICCC | Kurth, Huynh |
| Fighting the Bean Counters read more] |
12th ICCC | Krummeck |
| Comparative Study Between the Chinese Standards and the Common Criteria read more] |
12th ICCC | Mao, Chen, Liu |
| From FIPS 140-2 to CC read more] |
12th ICCC | Mao |
| Evaluating Third-Party Code: How Can It Be Trusted? read more] |
12th ICCC | Cavness |
| Wireless Intrusion detection read more] |
14. DFN-CERT Workshop "Sicherheit in vernetzten Systemen" | Hofherr |
| Apparent Differences Between the US TCSEC and the European ITSEC | 14th Nat'l Computer Security Conf., Washington, 1991 | Kurth |
| SIEM – Ein Praxisbericht read more] |
16. DFN Workshop 2009 | Wimmer, Hofherr |
| The TMach Experience | 18th NISSC, Baltimore, 1995 | Kurth |
| Integration of Digital Signatures into the European Business Register | 19th NISSC, Baltimore, 1996 | Kurth |
| The Future of Electronic Commerce | 20th NISSC, Baltimore, 1997 | Kurth |
| Reflections on Trusting Trusted Third Parties | 23rd NISSC, Baltimore, 2000 | Kurth |
| Inherent Problems in the Information Technology Supply Chain read more] |
26th ACSAC poster session | Courtney Cavness |
| Pragmatische Umsetzung von Sicherheitspolitiken auf dem Weg ins Internet | 5. Deutscher IT-Sicherheitskongreß des BSI 1997 | Gerald Krummeck |
| The Evaluated Configuration - Defining a user-friendly Target of Evaluation read more] |
5th International Common Criteria Conference, Berlin, 09/2004 | Mueller, Ochel |
| "BS 7799-2 and the CC" Supporting the Business of Software Development read more] |
5th International Common Criteria Conference, Berlin, 09/2004 | Pattinson |
| Deriving Security for Mixed IT System Architectures from Evaluated Products read more] |
6th International Common Criteria Conference, Tokyo, 2005 | Ochel |
| Problem areas in electronic signatures read more] |
7. Deutscher Präventionstag, Düsseldorf | Ochel |
| Addressing consumer needs to increase the demand for Common read more] |
7th ICCC Conference, Lanzarote | Ochel |
| Applying the Draft CC Version 3.0 to Linux - Experience from a Trial Evaluation read more] |
7th ICCC Conference, Lanzarote | Kurth |
| How to Write Site Security Targets read more] |
7th ICCC Conference, Lanzarote | Krummeck |
| XML-based Security Targets for tool-supported evaluations read more] |
8th ICCC, Rome | Ochel |
CC in the Real World  read more] |
8th ICCC, Rome | Pattinson |
| Secure System Design read more] |
8th ICCC, Rome | Pattinson |
| Economical Use of Formal Methods read more] |
8th ICCC, Rome | Yi Mao |
| How To Eat A Mammoth read more] |
8th ICCC, Rome | Krummeck |
| Operating System Evaluations - What security functionality is expected read more] |
8th ICCC, Rome | Kurth, Farrel (IBM) |
| Paper Output Labeling in a Dedicated System Running under MVS, Proceedings of the | 8th NCSC, Gaithersburg, 1985 | Kurth |
| Designing the Trusted Service Bus for EAL5 read more] |
9th ICCC, Korea | Ochel |
| Measuring the Effectiveness of a Security Development Process | 9th ICCC, Korea | Kurth, Grimm |
| Integration of Architectural Requirements into the CC Structure | 9th ICCC, Korea | Kurth, Pingel |
| Introducing Assurance Measures for Security Target read more] |
9th ICCC, Korea | Mao |
| "Aktuelle Erfahrungen mit der Evaluierung von Open Source Software" | Kurth | |
| The AIX Survival Guide read more] |
Addison-Wesley | Siegert |
| CC quick reference read more] |
atsec document | Pattinson |
| Efficient CC Evaluations read more] |
atsec website | Mueller |
| atsec publishes Content Description of PAS 56:2003 "Guide to business continuity management" read more] |
atsec website | Rauer |
| Common Criteria Certification in China: A comparison with the schemes of the CCRA read more] |
atsec website | Kurth, Liu, Ochel, Pattinson, Li |
| Dumm gelaufen - Stromausfall am Wochenende read more] |
Behoerdenspiegel, Germany | atsec GmbH |
| Authentication Framework for Smart Cards,” Lecture Notes In Informatics (Gesellschaft für Informatik Edition) | BIOSIG 2003: Biometrics and Electronic Signatures vol. P-31, 51-59, 2003. ISBN 3-88579-360-1 | A. Vassilev |
| WLAN Sicherheit | Book, Heise Verlag | Hofherr |
| Wireless Intrusion Detection und Prevention Systeme – Ein Überblick read more] |
BSI Kongress 2007, Bonn | Hofherr |
| Is your randomness predictable? (or, how to properly seed crypto libraries) read more] |
BSides Austin 2012 | Ochel |
| Informationstechnik zur Fahrerunterstützung im Straßenverkehr. Technikfolgen-Abschätzung zur Sicherheit in der Informationstechnik. | Bundesamt f. Sicherheit i.d. Informationstechnik (BSI), 1995, 104 S. (Schriftenreihe zur IT-Sicherheit in der IT-Technik, Band 6) (ISI-B-21-95) | Gerald Krummeck |
| Chipkarten im Gesundheitswesen. Technikfolgen-Abschätzung zur Sicherheit in der Informationstechnik. | Bundesamt f. Sicherheit i.d. Informationstechnik (BSI), 1995, 113 S.(Schriftenreihe zur IT-Sicherheit in der IT-Technik Band 5) (ISI-B-20-95) | Gerald Krummeck |
| Falsch Verbunden - Gefahr durch DNS-Spoofing [dangers of DNS spoofing] read more] |
c't, 10/1997 | Weidner |
| Security Apects in CALS | CALS Europe, 1990 | Kurth |
| Security Assurance: Smart Cards and the Bigger Picture read more] |
CardTech Secur tech, 2004 | Pattinson |
| Microsoft Smart Card Cryptographic Support with Cryptoflex .NET Smart Card | Cartes 2005 International Conference, Paris, France | A. Vassilev |
| Distributed Cache Index | Conference of Communication in Distributed Systems, Frankfurt (Germany), 1999 | Isabell Fouquet |
| Authentication Framework for Real People read more] |
E-Smart 2004, September 22-24, 2004, Sophia-Antipolis, French Riviera, France | A. Vassilev |
| You say potayto, I say potato: Bridging PKI standards with a .NET smart card read more] |
E-Smart 2006, September, 2006, Sophia-Antipolis, French Riviera, France | A. Vassilev |
| Proceedings of ESORICS `96 | ESORICS, Rome, 1996 | Kurth |
| Eine Frage der inneren Sicherheit | Frankfurter Allgemeine Zeitung (1996) | Gerald Krummeck |
| Payment Card Industry Assessments & Privacy read more] |
IAPP Austin | Pattinson |
| e-business Risk Management with Tivoli Risk Manager read more] |
IBM Redbook, 2001 | Wimmer |
| Building the IBM 4758 Secure Coprocessor read more] |
IBM Research Publications | Weingart et al. |
| Personal Brokerage of Web Service Access read more] |
IEEE Security and Privacy, vol. 5, no. 5, pp. 24-31, Sept/Oct, 2007 | A. Vassilev |
| Information Security Assurance - Why there's no single solution read more] |
Information Storage + Security Journal | Pattinson |
| Unix tools and software compilation read more] |
Internal Training, 2001 | Weidner |
| Revision control using RCS and vic read more] |
Internal Training, 2001 | Weidner |
| Penetration Testing as an Auditing Tool read more] |
ISACA Austin Meeting | Jeremy Powell |
| FRITSA: Do You Understand How all of your IT Security Assurance Efforts fit Together? read more] |
ISSA Austin | Fiona Pattinson |
| FRITSA: Do You Understand How All of Your IT Security Assurance Efforts Fit Together? read more] |
ISSA Austin Meeting | Fiona Pattinson |
| Untrusted Developers: Code Integrity in a Distributed Development Environment read more] |
ISSA Journal, vol. 8, no. 10, pp. 38-41. | Cavness, C., Kurth, H. & Mueller |
| How Does Your Company’s Identity Security Compare with that of the Federal Government? read more] |
ISSA Meeting | Auston Holt |
| Secure Network Zones read more] |
ISSE 2009 | Wimmer |
| Heiter bis Wolkig read more] |
iX - 5/2009 | Mueller |
| Garantiert sicher - Evaluierung von IT-Sicherheit. read more] |
iX Magazin für professionelle Informationstechnik, 05/2005 | Ochel |
| Richtig investieren in die IT-Sicherheit | KES 3, Juli 2002 | Gerald Krummeck |
| Smart cards and the holy grail of Internet security read more] |
Keynote presentation at the International symposium on Recent Developments in Cryptography and Information Security, August 29-31, 2007 | A. Vassilev |
| Kabelsalat: Ethernet für Einsteiger read more] |
Linux Magazin, 05/1996 | Weidner |
| Linux for Workgroups read more] |
Linux Magazin, 08/1995 | Weidner |
| "Emacs-Zaubereien: gcc und gdb" | Linux Magazin, 10/1994 | Weidner |
| "Emacs-Zaubereien: GNU Calc" read more] |
Linux Magazin, 11/1994 | Weidner |
| "Der Weihnachtsmann kommt nicht" (Software selbst installiert) | Linux Magazin, 12/1994 | Weidner |
| PKI soll sichere Kommunikation gewährleisten read more] |
Magazin fuer professionelle Informationstechnik, 09/2001 | Ochel, Weissmann |
| atsec Newsletter USA 02/2010 read more] |
Newsletter | various |
| atsec Newsletter Germany 12/2009 read more] |
Newsletter | various |
| atsec Newsletter Germany 08/2009 read more] |
Newsletter | various authors |
| atsec Newsletter USA 07/2010 read more] |
Newsletter | various |
| atsec Newsletter Germany 09/2010 read more] |
Newsletter | various |
| atsec Newsletter China 11/2010 read more] |
Newsletter | various |
| atsec Newsletter USA 12/2010 read more] |
Newsletter | various |
| atsec Newsletter Germany 01/2011 read more] |
Newsletter | various |
| atsec Newsletter USA 02/2011 read more] |
Newsletter | various |
| atsec Newsletter Germany 04/2011 read more] |
Newsletter | various |
| atsec Newsletter USA 07/2011 read more] |
Newsletter | various |
| atsec Newsletter China 06/2011 read more] |
Newsletter | various |
| atsec Newsletter Germany 08/2011 read more] |
Newsletter | various |
| atsec Newsletter China 09/2011 read more] |
Newsletter | various |
| atsec Newsletter USA 10/2011 read more] |
Newsletter | various |
| atsec Newsletter China 12/2011 read more] |
Newsletter | various |
| atsec Newsletter Germany 02/2011 read more] |
Newsletter | various |
| atsec Newsletter USA 04/2012 read more] |
Newsletter | various |
| atsec Newsletter China 04/2012 read more] |
Newsletter | various |
| Do Federal Security Regulations help? | Opinion, Information Security, p.10, January 2007 | A. Vassilev |
| The futility of secrets? | Opinion, Information Security, p.10, March 2007 | A. Vassilev |
| Security Evaluations in Practice | Panel, ESORICS, 1994 | Kurth |
| Escrowed Data and the Digital Envelope read more] |
Paper | King Ables |
| Inherent Problems in the Information Technology Supply Chain read more] |
Poster for 26th ACSAC | Courtney Cavness |
| What to expect from a PCI QSA led assessment read more] |
Presentation | Fiona Pattinson |
| FIPS 140-2 Validation for Project Managers and Developers read more] |
Presentation | Fiona Pattinson |
| Security Assurance in Information Systems | S. K. Katsikas and D. Gritzalis (ed), Information Systems Security: Facing the Information Society of the of the 21st Centrury, Chapman & Hall, 1996 | Kurth |
| Increased information flow needs for high-assurance composite evaluations read more] |
Second IEEE International Information Assurance Workshop, 2004 | Kurth |
| Are You Prepared to Successfully Pass a PCI-DSS and/or a FISMA Certification Assessment? read more] |
SHARE Conference | Pattinson |
| Examining the impact of .NET on smart card middleware | Software Architecture and Design Conference, Houston, Texas, September 8-10, 2003 | A. Vassilev |
| Penetration Testing in der Praxis read more] |
Talk at FH BRS | Wienzek |
| Linux security best practices for Linux server systems read more] |
TechTarget | King Ables |
| Security Assurance Issues for TTP Services | TEDIS EDITT Workshop, Barcelona, 1995 | Kurth u.a. |
| Business Use of Cryptography read more] |
The Copenhagen Hearing, 1998 | Kurth |
| KRISIS - Key Recovery in Secure Information Systems | The Open Group Security Program Group Meeting, Amsterdam, 1998 | Kurth |
| IT Security Assurance and Common Criteria read more] |
TickIT International | Pattinson |
| Debian on Handheld Computers read more] |
UKUUG Linux 2003 Conference, Edinburgh, Scotland, 2003 | Weidner |
| Firewalls – Anforderungen, Konzepte und Lösungen | unix / mail 14 | Gerald Krummeck |
| infoSecEvaluations. setLocation(“Austin”); read more] |
UT lecture | Holt, Powell |
| Schlechte Karten für Schnüffler im Netz | vdi-Nachrichten (1996) | Gerald Krummeck |
| Formale Spezifikation und Verifikation - Ein Überblick | VIS, 1991 | Kurth |
| Secure Coding Guidelines read more] |
White paper | Shiralkar, Grove |
| Beyond Common Criteria’s Mutual Recognition read more] |
White Paper | Ochel |
| Security Assurance: Contrasting FISMA and ISO/IEC 27001 read more] |
White Paper | Pattinson |
| Payment Card Industry Compliance For Large Computing Systems read more] |
White Paper | various |
| Using SCAP to Detect Vulnerabilities read more] |
White paper | S. Weingart |
| Certifying Information Security Management Systems read more] |
White Paper | Fiona Pattinson |
| A quick quide to the Linux evaluations read more] |
White Paper | Mueller, Pattinson |
| Security benefits from OS virtualization: Real or Virtual? read more] |
White paper | A. Vassilev |
| Comparison of CC Functionality & FISMA 800-53 Controls read more] |
White paper | Fiona Pattinson |
| KVM Security Comparison read more] |
White Paper | Mueller |
| Beyond Common Criteria’s Mutual Recognition read more] |
White Paper | Ochel |
| Untrusted Developers - Code Integrity in a Distributed Development Environment read more] |
White Paper | Cavness, Kurth, Mueller |
| S(I|E)M – Ein Praxisbericht read more] |
White paper | Wimmer, Hofherr |
| Common Criteria: National Validation Scheme Differences: CCEVS, CSEC and BSI read more] |
Whitepaper | Pattinson, Hake, Krummeck, Persson |
| Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defenses 2008 read more] |
Whitepaper | Weingart |
| Assurance in Implementation Correctness of Cryptographic Algorithms Gained Through the NIST Cryptographic Algorithm Validation Program read more] |
Whitepaper | Pattinson |
| Common Criteria and Packages read more] |
Whitepaper | Pattinson |
FIPS 140-2 DTR XML Templates  read more] |
ZIP archive | Masino |
| How Useful are Product Security Certifications for Users of Products? read more] |
ZISC Information Security Colloquium SS 2005 | Kurth |
