发布求助
文献互助 智能选刊 最新文献

Information Security Technical Report最新文献

筛选
英文 中文
Feature extraction from vein images using spatial information and chain codes 基于空间信息和链码的静脉图像特征提取
Information Security Technical Report Pub Date : 2012-02-01 DOI: 10.1016/j.istr.2012.02.003
Anika Pflug , Daniel Hartung , Christoph Busch
{"title":"Feature extraction from vein images using spatial information and chain codes","authors":"Anika Pflug ,&nbsp;Daniel Hartung ,&nbsp;Christoph Busch","doi":"10.1016/j.istr.2012.02.003","DOIUrl":"10.1016/j.istr.2012.02.003","url":null,"abstract":"<div><p>The pattern formed by subcutaneous blood vessels is unique attribute of each individual and can therefore be used as a biometric characteristic. Exploiting the specific near infrared light absorption properties of blood, the capture procedure for this biometric characteristic is convenient and allows contact-less sensors. However, image skeletons extracted from vein images are often unstable, because the raw vein images suffer from low contrast. We propose a new chain code based feature en- coding method, using spatial and orientation properties of vein patterns, which is capable of dealing with noisy and unstable image skeletons. Chain code comparison and a selection of preprocessing methods have been evaluated in a series of different experiments in single and multi-reference scenarios on two different vein image databases. The experiments showed that chain code comparison outperforms minutiae-based approaches and similarity based mix matching.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"17 1","pages":"Pages 26-35"},"PeriodicalIF":0.0,"publicationDate":"2012-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2012.02.003","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117024349","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 28
Corrigendum to “Social networking as a nexus for engagement and exploitation of young people” [Inform Secur Tech Rep 16 (2) (2011) 44–50] “社交网络作为参与和利用年轻人的纽带”的勘误表[信息安全技术代表16 (2)(2011)44-50]
Information Security Technical Report Pub Date : 2012-02-01 DOI: 10.1016/j.istr.2012.02.002
Ethel Quayle , Max Taylor
{"title":"Corrigendum to “Social networking as a nexus for engagement and exploitation of young people” [Inform Secur Tech Rep 16 (2) (2011) 44–50]","authors":"Ethel Quayle ,&nbsp;Max Taylor","doi":"10.1016/j.istr.2012.02.002","DOIUrl":"10.1016/j.istr.2012.02.002","url":null,"abstract":"","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"17 1","pages":"Page 44"},"PeriodicalIF":0.0,"publicationDate":"2012-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2012.02.002","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123814225","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Economics and the cyber challenge 经济和网络挑战
Information Security Technical Report Pub Date : 2012-02-01 DOI: 10.1016/j.istr.2011.12.003
Simon Walker
{"title":"Economics and the cyber challenge","authors":"Simon Walker","doi":"10.1016/j.istr.2011.12.003","DOIUrl":"10.1016/j.istr.2011.12.003","url":null,"abstract":"<div><p>Economics can be used as a tool to explain, describe, and to a certain extent predict many forms of human behaviour. However, there is only a limited body of work on its application to information security, much of which is acknowledged as partial or incomplete. As a consequence, there is a paucity of robust explanatory or predictive models that are tuned for the peculiarities of the “cyber” challenge, either to organisations, or, at a higher level, the nation state.</p><p>The effect of this is that the base arguments for information security business cases are often weak or flawed; as a result, there is an argument that both organisations and nation states will therefore tend to underinvest in information security. To improve this position, there would be benefits for information security, as a profession adopting economic models used in other areas of endeavour that historically have suffered similar problems. One potential model is full-cost accounting.</p><p>However, there are a number of further implications. These include an underlining of the importance of information security professional “speaking business language”. Also highlighted is the potential value of building a common knowledge base of the true cost of security failures, akin to the actuarial bodies of knowledge used in the insurance industry, rather than the partial and imperfect measures in use today.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"17 1","pages":"Pages 9-18"},"PeriodicalIF":0.0,"publicationDate":"2012-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.12.003","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115786490","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Integrated assessment and mitigation of physical and digital security threats: Case studies on virtualization 物理和数字安全威胁的综合评估和缓解:虚拟化案例研究
Information Security Technical Report Pub Date : 2011-08-01 DOI: 10.1016/j.istr.2011.08.003
André van Cleeff , Wolter Pieters , Roel Wieringa , Frits van Tiel
{"title":"Integrated assessment and mitigation of physical and digital security threats: Case studies on virtualization","authors":"André van Cleeff ,&nbsp;Wolter Pieters ,&nbsp;Roel Wieringa ,&nbsp;Frits van Tiel","doi":"10.1016/j.istr.2011.08.003","DOIUrl":"10.1016/j.istr.2011.08.003","url":null,"abstract":"<div><p>Virtualization is one of the enabling technologies of cloud computing. It turns once dedicated physical computing resources such as servers into digital resources that can be provisioned on demand. Cloud computing thus tends to replace physical with digital security controls, and cloud security must be understood in this context. In spite of extensive research on new hardware-enabled solutions such as trusted platforms, not enough is known about the actual physical-digital security trade-off in practice. In this paper, we review what is currently known about security aspects of the physical-digital trade-off, and then report on three case studies of private clouds that use virtualization technology, with the purpose of identifying generalizable guidelines for security trade-off analysis. We identify the important security properties of physical and digital resources, analyze how these have been traded off against each other in these cases, and what the resulting security properties were, and we identify limits to virtualization from a security point of view. The case studies show that physical security mechanisms all work through inertness and visibility of physical objects, whereas digital security mechanisms require monitoring and auditing. We conclude with a set of guidelines for trading off physical and digital security risks and mitigations. Finally, we show how our findings can be used to combine physical and digital security in new ways to improve virtualization and therefore also cloud security.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"16 3","pages":"Pages 142-149"},"PeriodicalIF":0.0,"publicationDate":"2011-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.08.003","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121297363","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Analysis of recommended cloud security controls to validate OpenPMF “policy as a service” 分析推荐的云安全控制以验证OpenPMF“策略即服务”
Information Security Technical Report Pub Date : 2011-08-01 DOI: 10.1016/j.istr.2011.08.001
Ulrich Lang , Rudolf Schreiner
{"title":"Analysis of recommended cloud security controls to validate OpenPMF “policy as a service”","authors":"Ulrich Lang ,&nbsp;Rudolf Schreiner","doi":"10.1016/j.istr.2011.08.001","DOIUrl":"10.1016/j.istr.2011.08.001","url":null,"abstract":"<div><p>This paper describes some of the findings of a cloud research project the authors carried out in Q2/2011. As part of the project, the authors first identified security concerns related to cloud computing, and gaps in cloud-related standards/regulations. The authors then identified several hard-to-implement, but highly cloud-relevant, security requirements in numerous cloud (and non-cloud) regulations and guidance documents, especially related to “least privilege”, “information flow control”, and “incident monitoring/auditing/analysis”. Further study revealed that there are significant cloud technology gaps in cloud (and non-cloud) platforms, which make it difficult to effectively implement those security policy requirements. The project concluded that model-driven security policy automation offered as a cloud service and tied into the protected cloud platform is ideally suited to achieve correct, consistent, low-effort/cost policy implementation for cloud applications.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"16 3","pages":"Pages 131-141"},"PeriodicalIF":0.0,"publicationDate":"2011-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.08.001","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123181118","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Looking at clouds from both sides: The advantages and disadvantages of placing personal narratives in the cloud 从两个角度看云:将个人叙述放在云中的利弊
Information Security Technical Report Pub Date : 2011-08-01 DOI: 10.1016/j.istr.2011.09.001
Lizzie Coles-Kemp , Joseph Reddington , Patricia A.H. Williams
{"title":"Looking at clouds from both sides: The advantages and disadvantages of placing personal narratives in the cloud","authors":"Lizzie Coles-Kemp ,&nbsp;Joseph Reddington ,&nbsp;Patricia A.H. Williams","doi":"10.1016/j.istr.2011.09.001","DOIUrl":"10.1016/j.istr.2011.09.001","url":null,"abstract":"<div><p>This article explores the nature of cloud computing in the context of processing sensitive personal data as part of a personal narrative. In so doing, it identifies general security concerns about cloud computing and presents examples of cloud technologies used to process such data. The use of personal narratives in electronic patient records and in voice output communication aids is compared and contrasted and the implications of the advent of cloud computing for these two scenarios are considered.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"16 3","pages":"Pages 115-122"},"PeriodicalIF":0.0,"publicationDate":"2011-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.09.001","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124414780","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
Positive perspectives on cloud security 对云安全的积极看法
Information Security Technical Report Pub Date : 2011-08-01 DOI: 10.1016/j.istr.2011.08.002
Piers Wilson
{"title":"Positive perspectives on cloud security","authors":"Piers Wilson","doi":"10.1016/j.istr.2011.08.002","DOIUrl":"10.1016/j.istr.2011.08.002","url":null,"abstract":"<div><p>The adoption of cloud computing has faced challenges and there are concerns about the risks, the loss of control of data and the assurance of security and access control. This paper aims to show that these should be viewed as requirements which need to be fulfilled, but that the overriding benefits from cloud computing are such that businesses could face real challenges in future if they resist adoption and so the risks need to be, and can be, faced with a more positive outlook given this more balanced view.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"16 3","pages":"Pages 97-101"},"PeriodicalIF":0.0,"publicationDate":"2011-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.08.002","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114436540","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 32
Trust in the Cloud 对云的信任
Information Security Technical Report Pub Date : 2011-08-01 DOI: 10.1016/j.istr.2011.08.006
Imad M. Abbadi, Andrew Martin
{"title":"Trust in the Cloud","authors":"Imad M. Abbadi,&nbsp;Andrew Martin","doi":"10.1016/j.istr.2011.08.006","DOIUrl":"10.1016/j.istr.2011.08.006","url":null,"abstract":"<div><p>Cloud infrastructure is expected to be able to support Internet scale critical applications (e.g. hospital systems and smart grid systems). Critical infrastructure services and organizations alike will not outsource their critical applications to a public Cloud without strong assurances that their requirements will be enforced. Central to this concern is that the user should be provided with evidence of the trustworthiness of the elements of the Cloud. Establishing Cloud’s trust model is important but the Cloud’s infrastructure complexity and dynamism makes it difficult to address.</p><p>Establishing trust in the Cloud is one of the key objectives of the EU funded TClouds (Trustworthy Clouds) project<span><sup>1</sup></span>. In TClouds we focus on building trust models that provide various levels of transparency in the context of technical complexities and trust establishment. These trust models are not only beneficial to a Cloud’s users, but also to Cloud providers, collaborating Clouds-of-Clouds, and external auditors. In this paper we explore this problem, and summarize some of the recent results from the TClouds project in context of trust establishment.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"16 3","pages":"Pages 108-114"},"PeriodicalIF":0.0,"publicationDate":"2011-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.08.006","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132796836","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 91
Considerations for mobile authentication in the Cloud 云中的移动身份验证注意事项
Information Security Technical Report Pub Date : 2011-08-01 DOI: 10.1016/j.istr.2011.09.009
Zaheer Ahmad , Keith E. Mayes , Song Dong , Kostas Markantonakis
{"title":"Considerations for mobile authentication in the Cloud","authors":"Zaheer Ahmad ,&nbsp;Keith E. Mayes ,&nbsp;Song Dong ,&nbsp;Kostas Markantonakis","doi":"10.1016/j.istr.2011.09.009","DOIUrl":"10.1016/j.istr.2011.09.009","url":null,"abstract":"<div><p>The Cloud promises significant benefits and opportunities for key players in the mobile communication industry as well as the end users. However, along with these opportunities comes a plethora of security issues including potential attacks, identity authentication, personal data management and privacy. There are issues with the use of legacy security mechanisms and interoperability of the various Smartphone platforms as well as the virtualisation products that are meant to assist with Smartphone security and stability. This paper first considers the general security concerns and how a Subscriber Identity Module-based security framework could be used. It goes on to introduce Smartphone virtualisation and proposes a framework for comparing product capabilities. Finally, use cases are discussed related to personal data security, including data on removable components.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"16 3","pages":"Pages 123-130"},"PeriodicalIF":0.0,"publicationDate":"2011-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.09.009","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123448253","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
Internet cloud security: The illusion of inclusion 互联网云安全:包容的幻觉
Information Security Technical Report Pub Date : 2011-08-01 DOI: 10.1016/j.istr.2011.08.005
David Teneyuca
{"title":"Internet cloud security: The illusion of inclusion","authors":"David Teneyuca","doi":"10.1016/j.istr.2011.08.005","DOIUrl":"10.1016/j.istr.2011.08.005","url":null,"abstract":"<div><p>Cloud computing has swelled into an estimated $46 billion market, representing roughly 17% of global software sales. This translates into a technology tsunami that can overwhelm the end user if they are not cautious about Internet safety. The ubiquity associated with cloud computing has created a huge false sense of security. Data, information, and applications are rapidly populating the “cloud environment”. Society is experiencing the illusion of inclusion. They see the cloud as one service from one source. The general public has no notion of the perils that lurk in the cloud. The word haze may be a better description for this atmosphere. This article will describe and discuss cloud computing technology. Furthermore, it will examine what the cloud pioneers Apple, Google and Amazon, are doing to safeguard the cloud and how they cope with the illusion of inclusion.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"16 3","pages":"Pages 102-107"},"PeriodicalIF":0.0,"publicationDate":"2011-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.08.005","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132474425","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 59
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信