发布求助
文献互助 智能选刊 最新文献

Information Security Technical Report最新文献

筛选
英文 中文
Share with strangers: Privacy bubbles as user-centered privacy control for mobile content sharing applications 与陌生人分享:隐私气泡作为移动内容共享应用程序中以用户为中心的隐私控制
Information Security Technical Report Pub Date : 2013-02-01 DOI: 10.1016/j.istr.2012.10.004
Delphine Christin , Pablo Sánchez López , Andreas Reinhardt , Matthias Hollick , Michaela Kauer
{"title":"Share with strangers: Privacy bubbles as user-centered privacy control for mobile content sharing applications","authors":"Delphine Christin ,&nbsp;Pablo Sánchez López ,&nbsp;Andreas Reinhardt ,&nbsp;Matthias Hollick ,&nbsp;Michaela Kauer","doi":"10.1016/j.istr.2012.10.004","DOIUrl":"10.1016/j.istr.2012.10.004","url":null,"abstract":"<div><p>A continually increasing number of pictures and videos is shared in online social networks. Current sharing platforms, however, only offer limited options to define who has access to the content. Users may either share it with individuals or groups from their social graph, or make it available to the general public. Sharing content with users to which no social ties exist, even if they were physically close to the places where content was created and witnessed the same event, is however not supported by most existing platforms. We thus propose a novel approach to share content with such users based on so-called <em>privacy bubbles</em>. Privacy bubbles metaphorically represent the private sphere of the users and automatically confine the access to the content generated by the bubble creator to people within the bubble. Bubbles extend in both time and space, centered around the collection time and place, and their size can be adapted to the user's preferences. We confirm the user acceptance of our concept through a questionnaire-based study with 175 participants, and a prototype implementation shows the technical feasibility of our scheme.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"17 3","pages":"Pages 105-116"},"PeriodicalIF":0.0,"publicationDate":"2013-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2012.10.004","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133811439","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Continuous keystroke dynamics: A different perspective towards biometric evaluation 连续击键动力学:对生物特征评估的不同视角
Information Security Technical Report Pub Date : 2012-02-01 DOI: 10.1016/j.istr.2012.02.001
Patrick Bours
{"title":"Continuous keystroke dynamics: A different perspective towards biometric evaluation","authors":"Patrick Bours","doi":"10.1016/j.istr.2012.02.001","DOIUrl":"10.1016/j.istr.2012.02.001","url":null,"abstract":"<div><p>In this paper we will describe a way to evaluate a biometric continuous keystroke dynamics system. Such a system will continuously monitor the typing behaviour of a user and will determine if the current user is still the genuine one or not, so that the system can be locked if a different user is detected. The main focus of this paper will be the way to evaluate the performance of such a biometric authentication system. The purpose of a performance evaluation for a static and for a continuous biometric authentication system differ greatly. For a static biometric system it is important to know how often a wrong decision is made. On the other hand, the purpose of a performance evaluation for a continuous biometric authentication system is not to see <em>if</em> an impostor is detected, but <em>how fast</em> he is detected. The performance of a continuous keystroke dynamic system will be tested based on this new evaluation method.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"17 1","pages":"Pages 36-43"},"PeriodicalIF":0.0,"publicationDate":"2012-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2012.02.001","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114352785","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 149
Feature extraction from vein images using spatial information and chain codes 基于空间信息和链码的静脉图像特征提取
Information Security Technical Report Pub Date : 2012-02-01 DOI: 10.1016/j.istr.2012.02.003
Anika Pflug , Daniel Hartung , Christoph Busch
{"title":"Feature extraction from vein images using spatial information and chain codes","authors":"Anika Pflug ,&nbsp;Daniel Hartung ,&nbsp;Christoph Busch","doi":"10.1016/j.istr.2012.02.003","DOIUrl":"10.1016/j.istr.2012.02.003","url":null,"abstract":"<div><p>The pattern formed by subcutaneous blood vessels is unique attribute of each individual and can therefore be used as a biometric characteristic. Exploiting the specific near infrared light absorption properties of blood, the capture procedure for this biometric characteristic is convenient and allows contact-less sensors. However, image skeletons extracted from vein images are often unstable, because the raw vein images suffer from low contrast. We propose a new chain code based feature en- coding method, using spatial and orientation properties of vein patterns, which is capable of dealing with noisy and unstable image skeletons. Chain code comparison and a selection of preprocessing methods have been evaluated in a series of different experiments in single and multi-reference scenarios on two different vein image databases. The experiments showed that chain code comparison outperforms minutiae-based approaches and similarity based mix matching.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"17 1","pages":"Pages 26-35"},"PeriodicalIF":0.0,"publicationDate":"2012-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2012.02.003","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117024349","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 28
Corrigendum to “Social networking as a nexus for engagement and exploitation of young people” [Inform Secur Tech Rep 16 (2) (2011) 44–50] “社交网络作为参与和利用年轻人的纽带”的勘误表[信息安全技术代表16 (2)(2011)44-50]
Information Security Technical Report Pub Date : 2012-02-01 DOI: 10.1016/j.istr.2012.02.002
Ethel Quayle , Max Taylor
{"title":"Corrigendum to “Social networking as a nexus for engagement and exploitation of young people” [Inform Secur Tech Rep 16 (2) (2011) 44–50]","authors":"Ethel Quayle ,&nbsp;Max Taylor","doi":"10.1016/j.istr.2012.02.002","DOIUrl":"10.1016/j.istr.2012.02.002","url":null,"abstract":"","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"17 1","pages":"Page 44"},"PeriodicalIF":0.0,"publicationDate":"2012-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2012.02.002","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123814225","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Economics and the cyber challenge 经济和网络挑战
Information Security Technical Report Pub Date : 2012-02-01 DOI: 10.1016/j.istr.2011.12.003
Simon Walker
{"title":"Economics and the cyber challenge","authors":"Simon Walker","doi":"10.1016/j.istr.2011.12.003","DOIUrl":"10.1016/j.istr.2011.12.003","url":null,"abstract":"<div><p>Economics can be used as a tool to explain, describe, and to a certain extent predict many forms of human behaviour. However, there is only a limited body of work on its application to information security, much of which is acknowledged as partial or incomplete. As a consequence, there is a paucity of robust explanatory or predictive models that are tuned for the peculiarities of the “cyber” challenge, either to organisations, or, at a higher level, the nation state.</p><p>The effect of this is that the base arguments for information security business cases are often weak or flawed; as a result, there is an argument that both organisations and nation states will therefore tend to underinvest in information security. To improve this position, there would be benefits for information security, as a profession adopting economic models used in other areas of endeavour that historically have suffered similar problems. One potential model is full-cost accounting.</p><p>However, there are a number of further implications. These include an underlining of the importance of information security professional “speaking business language”. Also highlighted is the potential value of building a common knowledge base of the true cost of security failures, akin to the actuarial bodies of knowledge used in the insurance industry, rather than the partial and imperfect measures in use today.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"17 1","pages":"Pages 9-18"},"PeriodicalIF":0.0,"publicationDate":"2012-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.12.003","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115786490","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Integrated assessment and mitigation of physical and digital security threats: Case studies on virtualization 物理和数字安全威胁的综合评估和缓解:虚拟化案例研究
Information Security Technical Report Pub Date : 2011-08-01 DOI: 10.1016/j.istr.2011.08.003
André van Cleeff , Wolter Pieters , Roel Wieringa , Frits van Tiel
{"title":"Integrated assessment and mitigation of physical and digital security threats: Case studies on virtualization","authors":"André van Cleeff ,&nbsp;Wolter Pieters ,&nbsp;Roel Wieringa ,&nbsp;Frits van Tiel","doi":"10.1016/j.istr.2011.08.003","DOIUrl":"10.1016/j.istr.2011.08.003","url":null,"abstract":"<div><p>Virtualization is one of the enabling technologies of cloud computing. It turns once dedicated physical computing resources such as servers into digital resources that can be provisioned on demand. Cloud computing thus tends to replace physical with digital security controls, and cloud security must be understood in this context. In spite of extensive research on new hardware-enabled solutions such as trusted platforms, not enough is known about the actual physical-digital security trade-off in practice. In this paper, we review what is currently known about security aspects of the physical-digital trade-off, and then report on three case studies of private clouds that use virtualization technology, with the purpose of identifying generalizable guidelines for security trade-off analysis. We identify the important security properties of physical and digital resources, analyze how these have been traded off against each other in these cases, and what the resulting security properties were, and we identify limits to virtualization from a security point of view. The case studies show that physical security mechanisms all work through inertness and visibility of physical objects, whereas digital security mechanisms require monitoring and auditing. We conclude with a set of guidelines for trading off physical and digital security risks and mitigations. Finally, we show how our findings can be used to combine physical and digital security in new ways to improve virtualization and therefore also cloud security.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"16 3","pages":"Pages 142-149"},"PeriodicalIF":0.0,"publicationDate":"2011-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.08.003","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121297363","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Analysis of recommended cloud security controls to validate OpenPMF “policy as a service” 分析推荐的云安全控制以验证OpenPMF“策略即服务”
Information Security Technical Report Pub Date : 2011-08-01 DOI: 10.1016/j.istr.2011.08.001
Ulrich Lang , Rudolf Schreiner
{"title":"Analysis of recommended cloud security controls to validate OpenPMF “policy as a service”","authors":"Ulrich Lang ,&nbsp;Rudolf Schreiner","doi":"10.1016/j.istr.2011.08.001","DOIUrl":"10.1016/j.istr.2011.08.001","url":null,"abstract":"<div><p>This paper describes some of the findings of a cloud research project the authors carried out in Q2/2011. As part of the project, the authors first identified security concerns related to cloud computing, and gaps in cloud-related standards/regulations. The authors then identified several hard-to-implement, but highly cloud-relevant, security requirements in numerous cloud (and non-cloud) regulations and guidance documents, especially related to “least privilege”, “information flow control”, and “incident monitoring/auditing/analysis”. Further study revealed that there are significant cloud technology gaps in cloud (and non-cloud) platforms, which make it difficult to effectively implement those security policy requirements. The project concluded that model-driven security policy automation offered as a cloud service and tied into the protected cloud platform is ideally suited to achieve correct, consistent, low-effort/cost policy implementation for cloud applications.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"16 3","pages":"Pages 131-141"},"PeriodicalIF":0.0,"publicationDate":"2011-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.08.001","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123181118","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Looking at clouds from both sides: The advantages and disadvantages of placing personal narratives in the cloud 从两个角度看云:将个人叙述放在云中的利弊
Information Security Technical Report Pub Date : 2011-08-01 DOI: 10.1016/j.istr.2011.09.001
Lizzie Coles-Kemp , Joseph Reddington , Patricia A.H. Williams
{"title":"Looking at clouds from both sides: The advantages and disadvantages of placing personal narratives in the cloud","authors":"Lizzie Coles-Kemp ,&nbsp;Joseph Reddington ,&nbsp;Patricia A.H. Williams","doi":"10.1016/j.istr.2011.09.001","DOIUrl":"10.1016/j.istr.2011.09.001","url":null,"abstract":"<div><p>This article explores the nature of cloud computing in the context of processing sensitive personal data as part of a personal narrative. In so doing, it identifies general security concerns about cloud computing and presents examples of cloud technologies used to process such data. The use of personal narratives in electronic patient records and in voice output communication aids is compared and contrasted and the implications of the advent of cloud computing for these two scenarios are considered.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"16 3","pages":"Pages 115-122"},"PeriodicalIF":0.0,"publicationDate":"2011-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.09.001","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124414780","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
Internet cloud security: The illusion of inclusion 互联网云安全:包容的幻觉
Information Security Technical Report Pub Date : 2011-08-01 DOI: 10.1016/j.istr.2011.08.005
David Teneyuca
{"title":"Internet cloud security: The illusion of inclusion","authors":"David Teneyuca","doi":"10.1016/j.istr.2011.08.005","DOIUrl":"10.1016/j.istr.2011.08.005","url":null,"abstract":"<div><p>Cloud computing has swelled into an estimated $46 billion market, representing roughly 17% of global software sales. This translates into a technology tsunami that can overwhelm the end user if they are not cautious about Internet safety. The ubiquity associated with cloud computing has created a huge false sense of security. Data, information, and applications are rapidly populating the “cloud environment”. Society is experiencing the illusion of inclusion. They see the cloud as one service from one source. The general public has no notion of the perils that lurk in the cloud. The word haze may be a better description for this atmosphere. This article will describe and discuss cloud computing technology. Furthermore, it will examine what the cloud pioneers Apple, Google and Amazon, are doing to safeguard the cloud and how they cope with the illusion of inclusion.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"16 3","pages":"Pages 102-107"},"PeriodicalIF":0.0,"publicationDate":"2011-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.08.005","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132474425","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 59
Commentary : Cloud computing – A security problem or solution? 评论:云计算——安全问题还是解决方案?
Information Security Technical Report Pub Date : 2011-08-01 DOI: 10.1016/j.istr.2011.08.004
P.G. Dorey , A. Leite
{"title":"Commentary : Cloud computing – A security problem or solution?","authors":"P.G. Dorey ,&nbsp;A. Leite","doi":"10.1016/j.istr.2011.08.004","DOIUrl":"10.1016/j.istr.2011.08.004","url":null,"abstract":"<div><p>The move to cloud computing is the next stage of an unstoppable trend in the breakdown of the enterprise perimeter, both technically and organisationally. This new paradigm presents a number of security challenges that still need to be resolved but sufficient change in the IT environment has already happened - so that most organisations are working in a transitional state where security exploits are happening across the enterprise boundary. In this situation, the compartmentalisation introduced by migrating to cloud services could result in much improved security.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"16 3","pages":"Pages 89-96"},"PeriodicalIF":0.0,"publicationDate":"2011-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.08.004","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114134649","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 62
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信