{"title":"Work in Progress: Streamlined IT Risk Management through a Micro Risk Management System (μRMS)","authors":"Timothy E. Wright, M. Chapple, Robert M. Winding","doi":"10.1109/SECCOMW.2006.359565","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359565","url":null,"abstract":"This paper proposes a lightweight and automated approach to network security risk management called the micro risk management system (μRMS). The goal of μRMS is to provide a streamlined means of performing efficient, continuous, and qualitative IT risk management","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125851328","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
G. Kataria, Gaurav Anand, Rudolph Araujo, R. Krishnan, A. Perrig
{"title":"A Distributed Stealthy Coordination Mechanism for Worm Synchronization","authors":"G. Kataria, Gaurav Anand, Rudolph Araujo, R. Krishnan, A. Perrig","doi":"10.1109/SECCOMW.2006.359536","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359536","url":null,"abstract":"Once a critical mass of nodes is infected by a worm it becomes very difficult to stop the worm from infecting a large fraction of vulnerable nodes. Therefore, the focus of strategies for worm defense has been to detect the worm before it reaches that critical mass. In this paper we present a novel distributed coordination technique for worm propagation and synchronization that can persist under the radar of detection mechanisms long enough to achieve critical mass for a full fledged attack. We discuss the stealthy worm propagation and synchronization approach exploiting a P2P file-sharing network","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130587517","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Enabling Confidentiality in Content-Based Publish/Subscribe Infrastructures","authors":"C. Raiciu, David S. Rosenblum","doi":"10.1109/SECCOMW.2006.359552","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359552","url":null,"abstract":"Content-based publish/subscribe (CBPS) is an interaction model where the interests of subscribers are stored in a content-based forwarding infrastructure to guide routing of notifications to interested parties. In this paper, we focus on answering the following question: can we implement content-based publish/subscribe while keeping subscriptions and notifications confidential from the forwarding brokers? Our contributions include a systematic analysis of the problem, providing a formal security model and showing that the maximum level of attainable security in this setting is restricted. We focus on enabling provable confidentiality for commonly used applications and subscription languages in CBPS and present a series of practical provably secure protocols, some of which are novel and others adapted from existing work. We have implemented these protocols in Siena, a popular CBPS system. Evaluation results show that confidential content-based publish/subscribe is practical: a single broker serving 1000 subscribers is able to route more than 100 notifications per second with our solutions","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130611198","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Patrick Traynor, Michael Chien, Scott Weaver, Boniface Hicks, P. Mcdaniel
{"title":"Non-Invasive Methods for Host Certification","authors":"Patrick Traynor, Michael Chien, Scott Weaver, Boniface Hicks, P. Mcdaniel","doi":"10.1109/SECCOMW.2006.359539","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359539","url":null,"abstract":"Determining whether a user or system is exercising appropriate security practices is difficult in any context. Such difficulties are particularly pronounced when uncontrolled or unknown platforms join public networks. Commonly practiced techniques used to vet these hosts, such as system scans, have the potential to infringe upon the privacy of users. In this paper, we show that it is possible for clients to prove both the presence and proper functioning of security infrastructure without allowing unrestricted access to their system. We demonstrate this approach, specifically applied to anti-virus security, by requiring clients seeking admission to a network to positively identify the presence or absence of malcode in a series of puzzles. The implementation of this mechanism and its application to real networks are also explored. In so doing, we demonstrate that it is not necessary for an administrator to be invasive to determine whether a client implements good security practices","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121546291","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Reputation-Based Algorithm for Managing Trust in File Sharing Networks","authors":"L. Srour, A. Kayssi, A. Chehab","doi":"10.1109/SECCOMW.2006.359538","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359538","url":null,"abstract":"Peer-to-peer file sharing networks, such as Gnutella, have gained large success and reached millions of users. However, the decentralized and anonymous characteristics of these networks open the door to abuses by malicious peers spreading tampered resources such as viruses and worms. Moreover, file sharing networks are vulnerable to problems and security concerns such as the selfishness of users which brings on the free-riding problem, the zero-cost identity problem, and the collusion among nodes to incorrectly promote or malign other nodes. To address these problems, we propose a robust reputation framework that integrates aspects of multiple trust domains and trust dimensions, a fairness participation scheme and an access control mechanism. We show that our system is highly effective in preventing the spread of malicious content and in promoting fairness under various threat models","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116294844","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Outsourcing Security Analysis with Anonymized Logs","authors":"Jianqing Zhang, N. Borisov, W. Yurcik","doi":"10.1109/SECCOMW.2006.359577","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359577","url":null,"abstract":"As security monitoring grows both more complicated and more sophisticated, there is an increased demand for outsourcing these tasks to managed security service providers (MSSPs). However, the core problem of sharing private security logs creates a barrier to the widespread adoption of this business model. In this paper we analyze the logs used for security analysis with the concern of privacy and propose the constraints on anonymization of security monitor logs. We believe if the anonymization solution fulfills the constraints, MSSPs can detect the attacks efficiently and protect privacy simultaneously","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129675637","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Preventing Cross Site Request Forgery Attacks","authors":"N. Jovanović, E. Kirda, Christopher Krügel","doi":"10.1109/SECCOMW.2006.359531","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359531","url":null,"abstract":"The Web has become an indispensable part of our lives. Unfortunately, as our dependency on the Web increases, so does the interest of attackers in exploiting Web applications and Web-based information systems. Previous work in the field of Web application security has mainly focused on the mitigation of cross site scripting (XSS) and SQL injection attacks. In contrast, cross site request forgery (XSRF) attacks have not received much attention. In an XSRF attack, the trust of a Web application in its authenticated users is exploited by letting the attacker make arbitrary HTTP requests on behalf of a victim user. The problem is that Web applications typically act upon such requests without verifying that the performed actions are indeed intentional. Because XSRF is a relatively new security problem, it is largely unknown by Web application developers. As a result, there exist many Web applications that are vulnerable to XSRF. Unfortunately, existing mitigation approaches are time-consuming and error-prone, as they require manual effort to integrate defense techniques into existing systems. In this paper, we present a solution that provides a completely automatic protection from XSRF attacks. More precisely, our approach is based on a server-side proxy that detects and prevents XSRF attacks in a way that is transparent to users as well as to the Web application itself. We provide experimental results that demonstrate that we can use our prototype to secure a number of popular open-source Web applications, without negatively affecting their behavior","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125387303","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A Framework for Identifying Compromised Nodes in Sensor Networks","authors":"Qing Zhang, Ting Yu, P. Ning","doi":"10.1109/SECCOMW.2006.359546","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359546","url":null,"abstract":"Sensor networks are often subject to physical attacks. Once a node's cryptographic key is compromised, an attacker may completely impersonate it, and introduce arbitrary false information into the network. Basic cryptographic security mechanisms are often not effective in this situation. Most techniques to address this problem focus on detecting and tolerating false information introduced by compromised nodes. They cannot pinpoint exactly where the false information is introduced and who is responsible for it. We still lack effective techniques to accurately identify compromised nodes so that they can be excluded from a sensor network once and for all. In this paper, we propose an application-independent framework for identifying compromised sensor nodes. The framework provides an appropriate abstraction of application-specific detection mechanisms, and models the unique properties of sensor networks. Based on the framework, we develop alert reasoning algorithms to identify compromised nodes. The algorithm assumes that compromised nodes may collude at will. We show that our algorithm is optimal in the sense that it identifies the largest number of compromised nodes without introducing false positives. We evaluate the effectiveness of the designed algorithm through comprehensive experiments","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116215862","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A Unified Framework for Trust Management","authors":"Weiliang Zhao, V. Varadharajan, G. Bryan","doi":"10.1109/SECCOMW.2006.359574","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359574","url":null,"abstract":"In this paper, we propose a unified framework for trust management that can cover a broad variety of trust mechanisms including reputations, credentials, local data and environment parameters. The proposed trust management framework leverages established standards and it covers a broad variety of situations in different environments. This framework can provide utilizing and enabling tools for trust management. Under this framework, different trust mechanisms can be assembled together when multiple mechanisms of trust are necessary. Here, we refer to our trust management system as TrustEngine. The TrustEngine follows the initial ideas of PolicyMaker to separate generic mechanisms of trust management from application-specific policies which are defined by each application. TrustEngine has a generic set of functions, interfaces, and data storage for trust management in distributed environments. TrustEngine is an open system and it can easily include new trust components. We describe the architecture and implementation details of TrustEngine. We provide an application scenario to illustrate the usage of TrustEngine in the real world. We believe that the development of trust management in real applications can be automated to substantially higher level based on our proposed framework","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"146 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122946597","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Message Dropping Attacks in Overlay Networks: Attack Detection and Attacker Identification","authors":"Liang Xie, Sencun Zhu","doi":"10.1145/1341731.1341736","DOIUrl":"https://doi.org/10.1145/1341731.1341736","url":null,"abstract":"Overlay multicast networks are used by service providers to distribute contents such as Web pages, streaming multimedia data, or security updates to a large number of users. However, such networks are extremely vulnerable to message dropping attacks by malicious or selfish nodes that intentionally drop packets they are required to forward. It is difficult to detect such attacks both efficiently and effectively, not mentioning to further identify the attackers, especially when members in the overlay switch between online/offline statuses frequently. We propose a random-sampling-based scheme to detect such attacks, and a path-resolving-based scheme to identify the attack nodes. Our schemes work for dynamic overlay networks and do not assume the global knowledge of the overlay hierarchy. Analysis and simulation results show that our schemes are bandwidth-efficient and they both have high detection/identification rates but low false positive rates","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133567219","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
