发布求助
文献互助 智能选刊 最新文献

Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.最新文献

筛选
英文 中文
Searching covert channels by identifying malicious subjects in the time domain 在时域内通过识别恶意对象来搜索隐蔽信道
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437799
Chang-da Wang, Shiguang Ju
{"title":"Searching covert channels by identifying malicious subjects in the time domain","authors":"Chang-da Wang, Shiguang Ju","doi":"10.1109/IAW.2004.1437799","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437799","url":null,"abstract":"Covert channel has three basic elements, i.e. sender subject, receiver subject and medium object. If the sender and receiver subjects change the medium object while they are communicating, though the sender and receiver are the origin, the security kernel will look them as different covert channels. By this method, covert communications between sender and receiver subjects can avoid being suppressed for covert channels of less than 100 bits per second are usually considered acceptable. Regardless the medium object's influence, a new search method was presented to overcome that vulnerability by identifying the malicious subjects in time domain.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128799029","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
SILT: integrated logging management for security-enhanced Linux 淤泥:集成日志管理的安全增强的Linux
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437831
N. Davis, P. Holloway, John Hale
{"title":"SILT: integrated logging management for security-enhanced Linux","authors":"N. Davis, P. Holloway, John Hale","doi":"10.1109/IAW.2004.1437831","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437831","url":null,"abstract":"Security-enhanced Linux offers a robust mandatory access control protection scheme that enhances standard Unix-based permissions, and allows for greater overall system security. While a wide array of configuration tools are currently available, system administration of SELinux is still cumbersome. One area that could ease some of the configuration burdens is kernel event logging, specifically for security-enhanced Linux generated events. This paper proposes a tool, called SILT, designed to enhance SELinux logging. A flexible interface supports command-line and graphical logging configuration. Backend scripts tune the logging facility, according to user direction.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"75 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123385179","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
On the security of random key pre-distribution schemes 随机密钥预分发方案的安全性研究
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437811
M. Ramkumar, N. Memon
{"title":"On the security of random key pre-distribution schemes","authors":"M. Ramkumar, N. Memon","doi":"10.1109/IAW.2004.1437811","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437811","url":null,"abstract":"Key pre-distribution (KPD) schemes, which are inherently trade-offs between security and complexity, are perhaps well suited for securing large-scale deployments of resource constrained nodes without persistent access to a trusted authority (TA). However, the need to offset their inherent security limitations, calls for some degree of tamper-resistance of nodes. Obviously, if absolute tamper-resistance is guaranteed, KPD schemes are rendered secure. In practice, however, tamper-resistance will have some limitations, which will be exploited by attackers. In this paper, we analyze the security of deployments of random key pre-distribution schemes based on some assumptions on the \"extent of tamper-resistance\". We argue that a \"limited extent of tamper-resistance\" when used in conjunction with a mechanism for \"periodic key updates\", drastically improves the security of (especially random) KPD schemes.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"10 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120909852","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
A secure logging scheme for Forensic Computing 用于取证计算的安全日志记录方案
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437843
N. Kawaguchi, S. Ueda, N. Obata, R. Miyaji, S. Kaneko, H. Shigeno, K. Okada
{"title":"A secure logging scheme for Forensic Computing","authors":"N. Kawaguchi, S. Ueda, N. Obata, R. Miyaji, S. Kaneko, H. Shigeno, K. Okada","doi":"10.1109/IAW.2004.1437843","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437843","url":null,"abstract":"In this paper, we propose a secure logging scheme for Forensic Computing. Forensic Computing is the process conducted to identify the method of an attack and intruders in the case of system compromise. In Forensic Computing, trustworthy logs admissible for court are needed. Moreover, since the log contains various confidential information, the confidentiality of the log must be preserved. Our scheme achieves the integrity of logs and fine-grained access control for logs with small overhead size using the signature tree and Forward Integrity.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131642733","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Network abuse detection via flow content characterization 网络滥用检测通过流量内容表征
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437829
M. Kharrazi, K. Shanmugasundaram, N. Memon
{"title":"Network abuse detection via flow content characterization","authors":"M. Kharrazi, K. Shanmugasundaram, N. Memon","doi":"10.1109/IAW.2004.1437829","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437829","url":null,"abstract":"One of the growing problems faced by network administrators is the abuse of computing resources by authorized and unauthorized personnel. The nature of abuse may vary from using unauthorized applications to serving unauthorized content. Proliferation of peer-to-peer networks and the availability of proxies for tunneling makes it difficult to detect such abuse and easy to circumvent security policies. This paper presents a novel method to detect abuse of resources on a network based solely on the payload content type. The proposed method does not depend on packet headers and other simple packet characteristics and hence is able to better detect incidents of abuse.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127802251","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Developing and delivering hands-on information assurance exercises: experiences with the cyber defense lab at UMBC 开发和交付实际操作的信息保障练习:UMBC网络防御实验室的经验
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437823
A. Sherman, B. O. Roberts, William E. Byrd, M. Baker, J. Simmons
{"title":"Developing and delivering hands-on information assurance exercises: experiences with the cyber defense lab at UMBC","authors":"A. Sherman, B. O. Roberts, William E. Byrd, M. Baker, J. Simmons","doi":"10.1109/IAW.2004.1437823","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437823","url":null,"abstract":"In summer 2003, we developed four new hands-on information assurance educational exercises for use in the UMBC undergraduate and graduate curricula. Exercise topics comprise buffer overflow attacks, vulnerability scanning, password security and policy, and flaws in the wired equivalent privacy (WEP) protocol. During each exercise, each student carries out structured activities using a laptop from a mobile cart that can be rolled into any classroom. These dedicated, isolated machines permit a student to make mistakes safely, even while acting as the system administrator, without adversely affecting any other user. Each exercise is organized in a modular fashion to facilitate varied use for different courses, levels, and available time. Our experiences delivering these exercises show that practical hands-on activities motivate students and enhance learning. In this paper we describe our exercises and share lessons learned, including the importance of careful planning, ethical considerations, the rapid obsolescence of tools, and the difficulty of including exercises in already busy courses.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132821689","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Mining data relationships for database damage assessment in a post information warfare scenario 后信息战场景下数据库损害评估的数据关系挖掘
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437845
Y. Hu, B. Panda
{"title":"Mining data relationships for database damage assessment in a post information warfare scenario","authors":"Y. Hu, B. Panda","doi":"10.1109/IAW.2004.1437845","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437845","url":null,"abstract":"After the detection of a cyber attack on a database system, the intrusion response team of any organization needs to know the damage profile immediately in order to design an appropriate response strategy. Unfortunately obtaining the precise damage status can take up to hours even days. This is because existing approaches to database damage assessment involve significant amount of work including scanning the log file or other auxiliary data structures. Our approach concentrates on making an estimated damage profile as soon as possible. This model is based exclusively on a priori knowledge of data relationships mined during normal database operation phase. This knowledge can be used during damage assessment phase for faster damage assessment.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"259 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133839311","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Limitations of on demand secure routing protocols 随需应变安全路由协议的局限性
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437797
P. Ramachandran, Alec Yasinsac
{"title":"Limitations of on demand secure routing protocols","authors":"P. Ramachandran, Alec Yasinsac","doi":"10.1109/IAW.2004.1437797","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437797","url":null,"abstract":"Routing in mobile ad hoc networks is an open and active area of research. Recently, many have attempted to add value to routing protocols by improving efficiency and security of these protocols. In this paper, we show that a whole class of routing protocols for dynamic networks is vulnerable to a subtle attack. We illustrate this attack on several well known protocols and describe the fundamental properties of this attack and of the protocols that are vulnerable to it. We also propose potential approaches to overcoming the vulnerability that we address.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"192 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116146017","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Towards the specification of access control policies on multiple operating systems 针对多操作系统的访问控制策略规范
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437819
L. Teo, Gail-Joon Ahn
{"title":"Towards the specification of access control policies on multiple operating systems","authors":"L. Teo, Gail-Joon Ahn","doi":"10.1109/IAW.2004.1437819","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437819","url":null,"abstract":"In the past, operating systems tended to lack well-defined access control policy specification languages and syntax. For example, a UNIX operating system that is based on the discretionary access control (DAC) paradigm has decentralized security policies based on technology that has been developed over the years. With such policies, it is difficult to identify the permissions given to each user, and who has what access to which resources. With the advent of recent security-enhanced operating systems such as SELinux, this is no longer the case; the access control policy for almost all resources is now stored centrally and applied universally throughout the system. This is certainly more manageable but is not without costs. Firstly, such policies tend to be complex. Secondly, as more of such systems are developed, each system would have its own policy specification syntax. A system administrator who intends to evaluate or migrate to a new system would have to learn the syntax of the new system. In this paper, we propose a solution to this problem by introducing the initial design of a new policy specification language that can be used to represent access control policies for multiple operating systems. To serve its purpose, this language must be flexible enough to cater to many operating systems, while being sufficiently extensible to support the specific features of each target operating system. We present the criteria, features, and approach that we are using to design the language. We also describe the role of two systems - SELinux and Systrace - in the design of our language. We also discuss our consideration of ASL as a potential candidate language, and why we chose to design our own language instead.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128038924","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Protocol anomaly detection and verification 协议异常检测和验证
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437800
InSeon Yoo
{"title":"Protocol anomaly detection and verification","authors":"InSeon Yoo","doi":"10.1109/IAW.2004.1437800","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437800","url":null,"abstract":"'How to distinguish protocol anomalies from network traffic?' 'How to normalize protocol usage against misuse problem based on the same protocol specification?' and 'How to detect and verify protocol anomalies in realtime?', we seek to answer these questions. In order to solve these questions, we have normalized layer-3 and layer-4 protocol usage, and we have designed a packet verifier with a packet inspection engine and a SanityChecker. In this work, we specify TCP transaction behaviours declaratively in a high-level language called Specification and Description Language (SDL). This specification is compiled into an inspection engine program for observing packets. In addition, the SanityChecker covers protocol header anomalies.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126631300","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信