Articles and White Papers
atsec employees' expertise is in demand: we are members of international boards, speakers on conferences, and authors of books and articles.
Here are some examples of our reports and publications. You can sort them by 
You can also select specific topics like
| Topic |
Event/ Medium |
Author/ Speaker |
|---|---|---|
FRITSA: Do You Understand How all of your IT Security Assurance Efforts fit Together?  read more] |
ISSA Austin | Fiona Pattinson |
| atsec Newsletter China 12/2011 read more] |
Newsletter | various |
FRITSA: Do You Understand How All of Your IT Security Assurance Efforts Fit Together?  read more] |
ISSA Austin Meeting | Fiona Pattinson |
| Evaluating Third-Party Code: How Can It Be Trusted? read more] |
12th ICCC | Cavness |
| From FIPS 140-2 to CC read more] |
12th ICCC | Mao |
| Comparative Study Between the Chinese Standards and the Common Criteria read more] |
12th ICCC | Mao, Chen, Liu |
| Fighting the Bean Counters read more] |
12th ICCC | Krummeck |
| An Access Control Model for Applications on Mobile Devices using Common Criteria Certifications read more] |
12th ICCC | Kurth, Huynh |
| atsec Newsletter USA 10/2011 read more] |
Newsletter | various |
| atsec Newsletter China 09/2011 read more] |
Newsletter | various |
| Linux security best practices for Linux server systems read more] |
TechTarget | King Ables |
| Escrowed Data and the Digital Envelope read more] |
Paper | King Ables |
| atsec Newsletter Germany 08/2011 read more] |
Newsletter | various |
| atsec Newsletter China 06/2011 read more] |
Newsletter | various |
| atsec Newsletter USA 07/2011 read more] |
Newsletter | various |
| FIPS 140-2 Validation for Project Managers and Developers read more] |
Presentation | Fiona Pattinson |
| atsec Newsletter Germany 04/2011 read more] |
Newsletter | various |
| Penetration Testing as an Auditing Tool read more] |
ISACA Austin Meeting | Jeremy Powell |
| Payment Card Industry Assessments & Privacy read more] |
IAPP Austin | Pattinson |
| atsec Newsletter USA 02/2011 read more] |
Newsletter | various |
| atsec Newsletter Germany 01/2011 read more] |
Newsletter | various |
| Inherent Problems in the Information Technology Supply Chain read more] |
Poster for 26th ACSAC | Courtney Cavness |
| Inherent Problems in the Information Technology Supply Chain read more] |
26th ACSAC poster session | Courtney Cavness |
| SIEM – Ein Praxisbericht read more] |
16. DFN Workshop 2009 | Wimmer, Hofherr |
| S(I|E)M – Ein Praxisbericht read more] |
White paper | Wimmer, Hofherr |
| atsec Newsletter USA 12/2010 read more] |
Newsletter | various |
| atsec Newsletter China 11/2010 read more] |
Newsletter | various |
| Building the IBM 4758 Secure Coprocessor read more] |
IBM Research Publications | Weingart et al. |
| What to expect from a PCI QSA led assessment read more] |
Presentation | Fiona Pattinson |
| Migrating to OSPP read more] |
11th ICCC Conference | Krummeck, Penny, Robinson |
| Improving the Flexibility and Applicability of Protection Profiles read more] |
11th ICCC Conference | Helmut Kurth |
| Becoming a CNAS Laboratory read more] |
11th ICCC Conference | Yi Mao |
| Untrusted Developers: Code Integrity in a Distributed Development Environment read more] |
ISSA Journal, vol. 8, no. 10, pp. 38-41. | Cavness, C., Kurth, H. & Mueller |
| Chipkarten im Gesundheitswesen. Technikfolgen-Abschätzung zur Sicherheit in der Informationstechnik. | Bundesamt f. Sicherheit i.d. Informationstechnik (BSI), 1995, 113 S.(Schriftenreihe zur IT-Sicherheit in der IT-Technik Band 5) (ISI-B-20-95) | Gerald Krummeck |
| Informationstechnik zur Fahrerunterstützung im Straßenverkehr. Technikfolgen-Abschätzung zur Sicherheit in der Informationstechnik. | Bundesamt f. Sicherheit i.d. Informationstechnik (BSI), 1995, 104 S. (Schriftenreihe zur IT-Sicherheit in der IT-Technik, Band 6) (ISI-B-21-95) | Gerald Krummeck |
| Eine Frage der inneren Sicherheit | Frankfurter Allgemeine Zeitung (1996) | Gerald Krummeck |
| Schlechte Karten für Schnüffler im Netz | vdi-Nachrichten (1996) | Gerald Krummeck |
| Firewalls – Anforderungen, Konzepte und Lösungen | unix / mail 14 | Gerald Krummeck |
| Pragmatische Umsetzung von Sicherheitspolitiken auf dem Weg ins Internet | 5. Deutscher IT-Sicherheitskongreß des BSI 1997 | Gerald Krummeck |
| Richtig investieren in die IT-Sicherheit | KES 3, Juli 2002 | Gerald Krummeck |
| Distributed Cache Index | Conference of Communication in Distributed Systems, Frankfurt (Germany), 1999 | Isabell Fouquet |
| atsec Newsletter Germany 09/2010 read more] |
Newsletter | various |
| Untrusted Developers - Code Integrity in a Distributed Development Environment read more] |
White Paper | Cavness, Kurth, Mueller |
| atsec Newsletter USA 07/2010 read more] |
Newsletter | various |
| How Does Your Company’s Identity Security Compare with that of the Federal Government? read more] |
ISSA Meeting | Auston Holt |
| Are You Prepared to Successfully Pass a PCI-DSS and/or a FISMA Certification Assessment? read more] |
SHARE Conference | Pattinson |
| Security Assurance: Contrasting FISMA and ISO/IEC 27001 read more] |
White Paper | Pattinson |
| atsec Newsletter USA 02/2010 read more] |
Newsletter | various |
| Payment Card Industry Compliance For Large Computing Systems read more] |
White Paper | various |
| atsec Newsletter Germany 12/2009 read more] |
Newsletter | various |
| Beyond Common Criteria’s Mutual Recognition read more] |
White Paper | Ochel |
| KVM Security Comparison read more] |
White Paper | Mueller |
| Secure Network Zones read more] |
ISSE 2009 | Wimmer |
| Evidence based Evaluations Chances and Challenges read more] |
10th ICCC | Kurth |
| Trusting Virtual Trust read more] |
10th ICCC | Powell |
| Taking White Hats to the Laundry: How to Strengthen Testing in CC read more] |
10th ICCC | Vassilev |
| An Attack Surface based Approach to Evaluation read more] |
10th ICCC | Kurth |
| Beyond Common Criteria’s Mutual Recognition read more] |
White Paper | Ochel |
| atsec Newsletter Germany 08/2009 read more] |
Newsletter | various authors |
| Assurance in Implementation Correctness of Cryptographic Algorithms Gained Through the NIST Cryptographic Algorithm Validation Program read more] |
Whitepaper | Pattinson |
| Heiter bis Wolkig read more] |
iX - 5/2009 | Mueller |
| Common Criteria: National Validation Scheme Differences: CCEVS, CSEC and BSI read more] |
Whitepaper | Pattinson, Hake, Krummeck, Persson |
| Secure Coding Guidelines read more] |
White paper | Shiralkar, Grove |
| Penetration Testing in der Praxis read more] |
Talk at FH BRS | Wienzek |
FIPS 140-2 DTR XML Templates  read more] |
ZIP archive | Masino |
| Introducing Assurance Measures for Security Target read more] |
9th ICCC, Korea | Mao |
| Integration of Architectural Requirements into the CC Structure | 9th ICCC, Korea | Kurth, Pingel |
| Measuring the Effectiveness of a Security Development Process | 9th ICCC, Korea | Kurth, Grimm |
| Designing the Trusted Service Bus for EAL5 read more] |
9th ICCC, Korea | Ochel |
| Comparison of CC Functionality & FISMA 800-53 Controls read more] |
White paper | Fiona Pattinson |
| Using SCAP to Detect Vulnerabilities read more] |
White paper | S. Weingart |
| Personal Brokerage of Web Service Access read more] |
IEEE Security and Privacy, vol. 5, no. 5, pp. 24-31, Sept/Oct, 2007 | A. Vassilev |
| Smart cards and the holy grail of Internet security read more] |
Keynote presentation at the International symposium on Recent Developments in Cryptography and Information Security, August 29-31, 2007 | A. Vassilev |
| Security benefits from OS virtualization: Real or Virtual? read more] |
White paper | A. Vassilev |
| The futility of secrets? | Opinion, Information Security, p.10, March 2007 | A. Vassilev |
| Do Federal Security Regulations help? | Opinion, Information Security, p.10, January 2007 | A. Vassilev |
You say potayto, I say potato: Bridging PKI standards with a .NET smart card  read more] |
E-Smart 2006, September, 2006, Sophia-Antipolis, French Riviera, France | A. Vassilev |
| Microsoft Smart Card Cryptographic Support with Cryptoflex .NET Smart Card | Cartes 2005 International Conference, Paris, France | A. Vassilev |
| Authentication Framework for Real People read more] |
E-Smart 2004, September 22-24, 2004, Sophia-Antipolis, French Riviera, France | A. Vassilev |
| Examining the impact of .NET on smart card middleware | Software Architecture and Design Conference, Houston, Texas, September 8-10, 2003 | A. Vassilev |
| Authentication Framework for Smart Cards,” Lecture Notes In Informatics (Gesellschaft für Informatik Edition) | BIOSIG 2003: Biometrics and Electronic Signatures vol. P-31, 51-59, 2003. ISBN 3-88579-360-1 | A. Vassilev |
| Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defenses 2008 read more] |
Whitepaper | Weingart |
| Operating System Evaluations - What security functionality is expected read more] |
8th ICCC, Rome | Kurth, Farrel (IBM) |
| How To Eat A Mammoth read more] |
8th ICCC, Rome | Krummeck |
| Economical Use of Formal Methods read more] |
8th ICCC, Rome | Yi Mao |
| Secure System Design read more] |
8th ICCC, Rome | Pattinson |
| CC in the Real World read more] |
8th ICCC, Rome | Pattinson |
| XML-based Security Targets for tool-supported evaluations read more] |
8th ICCC, Rome | Ochel |
| CC quick reference read more] |
atsec document | Pattinson |
| Dumm gelaufen - Stromausfall am Wochenende read more] |
Behoerdenspiegel, Germany | atsec GmbH |
| A quick quide to the Linux evaluations read more] |
White Paper | Mueller, Pattinson |
| Certifying Information Security Management Systems read more] |
White Paper | Fiona Pattinson |
| Wireless Intrusion Detection und Prevention Systeme – Ein Überblick read more] |
BSI Kongress 2007, Bonn | Hofherr |
| Wireless Intrusion detection read more] |
14. DFN-CERT Workshop "Sicherheit in vernetzten Systemen" | Hofherr |
| Common Criteria Certification in China: A comparison with the schemes of the CCRA read more] |
atsec website | Kurth, Liu, Ochel, Pattinson, Li |
| How to Write Site Security Targets read more] |
7th ICCC Conference, Lanzarote | Krummeck |
| Applying the Draft CC Version 3.0 to Linux - Experience from a Trial Evaluation read more] |
7th ICCC Conference, Lanzarote | Kurth |
| Addressing consumer needs to increase the demand for Common read more] |
7th ICCC Conference, Lanzarote | Ochel |
| IT Security Assurance and Common Criteria read more] |
TickIT International | Pattinson |
| WLAN Sicherheit | Book, Heise Verlag | Hofherr |
| atsec publishes Content Description of PAS 56:2003 "Guide to business continuity management" read more] |
atsec website | Rauer |
| Efficient CC Evaluations read more] |
atsec website | Mueller |
| How Useful are Product Security Certifications for Users of Products? read more] |
ZISC Information Security Colloquium SS 2005 | Kurth |
| Information Security Assurance - Why there's no single solution read more] |
Information Storage + Security Journal | Pattinson |
| Deriving Security for Mixed IT System Architectures from Evaluated Products read more] |
6th International Common Criteria Conference, Tokyo, 2005 | Ochel |
| "Aktuelle Erfahrungen mit der Evaluierung von Open Source Software" | Kurth | |
| Garantiert sicher - Evaluierung von IT-Sicherheit. read more] |
iX Magazin für professionelle Informationstechnik, 05/2005 | Ochel |
| "BS 7799-2 and the CC" Supporting the Business of Software Development read more] |
5th International Common Criteria Conference, Berlin, 09/2004 | Pattinson |
| The Evaluated Configuration - Defining a user-friendly Target of Evaluation read more] |
5th International Common Criteria Conference, Berlin, 09/2004 | Mueller, Ochel |
| Increased information flow needs for high-assurance composite evaluations read more] |
Second IEEE International Information Assurance Workshop, 2004 | Kurth |
| Security Assurance: Smart Cards and the Bigger Picture read more] |
CardTech Secur tech, 2004 | Pattinson |
| Debian on Handheld Computers read more] |
UKUUG Linux 2003 Conference, Edinburgh, Scotland, 2003 | Weidner |
| PKI soll sichere Kommunikation gewährleisten read more] |
Magazin fuer professionelle Informationstechnik, 09/2001 | Ochel, Weissmann |
| e-business Risk Management with Tivoli Risk Manager read more] |
IBM Redbook, 2001 | Wimmer |
| Revision control using RCS and vic read more] |
Internal Training, 2001 | Weidner |
| Unix tools and software compilation read more] |
Internal Training, 2001 | Weidner |
| Reflections on Trusting Trusted Third Parties | 23rd NISSC, Baltimore, 2000 | Kurth |
| KRISIS - Key Recovery in Secure Information Systems | The Open Group Security Program Group Meeting, Amsterdam, 1998 | Kurth |
| Business Use of Cryptography read more] |
The Copenhagen Hearing, 1998 | Kurth |
| Falsch Verbunden - Gefahr durch DNS-Spoofing [dangers of DNS spoofing] read more] |
c't, 10/1997 | Weidner |
| The Future of Electronic Commerce | 20th NISSC, Baltimore, 1997 | Kurth |
| Kabelsalat: Ethernet für Einsteiger read more] |
Linux Magazin, 05/1996 | Weidner |
| Integration of Digital Signatures into the European Business Register | 19th NISSC, Baltimore, 1996 | Kurth |
| Security Assurance in Information Systems | S. K. Katsikas and D. Gritzalis (ed), Information Systems Security: Facing the Information Society of the of the 21st Centrury, Chapman & Hall, 1996 | Kurth |
| Proceedings of ESORICS `96 | ESORICS, Rome, 1996 | Kurth |
| Linux for Workgroups read more] |
Linux Magazin, 08/1995 | Weidner |
| Security Assurance Issues for TTP Services | TEDIS EDITT Workshop, Barcelona, 1995 | Kurth u.a. |
| The TMach Experience | 18th NISSC, Baltimore, 1995 | Kurth |
| "Der Weihnachtsmann kommt nicht" (Software selbst installiert) | Linux Magazin, 12/1994 | Weidner |
| "Emacs-Zaubereien: GNU Calc" read more] |
Linux Magazin, 11/1994 | Weidner |
| "Emacs-Zaubereien: gcc und gdb" | Linux Magazin, 10/1994 | Weidner |
| Security Evaluations in Practice | Panel, ESORICS, 1994 | Kurth |
| Apparent Differences Between the US TCSEC and the European ITSEC | 14th Nat'l Computer Security Conf., Washington, 1991 | Kurth |
| Formale Spezifikation und Verifikation - Ein Überblick | VIS, 1991 | Kurth |
| Security Apects in CALS | CALS Europe, 1990 | Kurth |
| Paper Output Labeling in a Dedicated System Running under MVS, Proceedings of the | 8th NCSC, Gaithersburg, 1985 | Kurth |
| Problem areas in electronic signatures read more] |
7. Deutscher Präventionstag, Düsseldorf | Ochel |
| The AIX Survival Guide read more] |
Addison-Wesley | Siegert |
