发布求助
文献互助 智能选刊 最新文献

2006 Securecomm and Workshops最新文献

筛选
英文 中文
Leveraging IPsec for Mandatory Per-Packet Access Control 利用IPsec进行强制逐包访问控制
2006 Securecomm and Workshops Pub Date : 2006-08-01 DOI: 10.1109/SECCOMW.2006.359530
T. Jaeger, Dave King, Kevin R. B. Butler, Serge E. Hallyn, Joy Latten, Xiaolan Zhang
{"title":"Leveraging IPsec for Mandatory Per-Packet Access Control","authors":"T. Jaeger, Dave King, Kevin R. B. Butler, Serge E. Hallyn, Joy Latten, Xiaolan Zhang","doi":"10.1109/SECCOMW.2006.359530","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359530","url":null,"abstract":"Mandatory access control (MAC) enforcement is becoming available for commercial environments. For example, Linux 2.6 includes the Linux security modules (LSM) framework that enables the enforcement of MAC policies (e.g., type enforcement or multi-level security) for individual systems. While this is a start, we envision that MAC enforcement should span multiple machines. The goal is to be able to control interaction between applications on different machines based on MAC policy. In this paper, we describe a recent extension of the LSM framework that enables labeled network communication via IPsec that is now available in mainline Linux as of version 2.6.16. This functionality enables machines to control communication with processes on other machines based on the security label assigned to an IPsec security association. We outline a security architecture based on labeled IPsec to enable distributed MAC authorization. In particular, we examine the construction of a xinetd service that uses labeled IPsec to limit client access on Linux 2.6.16 systems. We also discuss the application of labeled IPsec to distributed storage and virtual machine access control","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134308917","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
Distributed Authentication of Program Integrity Verification in Wireless Sensor Networks 无线传感器网络中程序完整性验证的分布式认证
2006 Securecomm and Workshops Pub Date : 2006-08-01 DOI: 10.1145/1341731.1341735
Katharine Chang, K. Shin
{"title":"Distributed Authentication of Program Integrity Verification in Wireless Sensor Networks","authors":"Katharine Chang, K. Shin","doi":"10.1145/1341731.1341735","DOIUrl":"https://doi.org/10.1145/1341731.1341735","url":null,"abstract":"Security in wireless sensor networks has become important as sensor networks are being used for an increasing number of applications. The severe resource constraints in each sensor make it very challenging to secure sensor networks. Moreover, sensors are usually deployed in hostile and unattended environments, and hence, are susceptible to various attacks, including node capture, physical tampering, and manipulation of the sensor program. The authors of T. Park and K.G. Shin, (2005) proposed a soft tamper-proofing scheme that verifies the integrity of the program in each sensor device, called the program integrity verification (PIV). This paper addresses how to authenticate PIV servers (PIVSes) in a fully-distributed manner. Our distributed authentication protocol of PIVSes (DAPP) uses the Blundo scheme (C. Blundo et al., 1992) and allows sensors to authenticate PIVSes without requiring commonly-used trusted third parties, such as authentication servers (ASes), in the network. We implement and evaluate both the DAPP and the PIV on Mica2 Motes and laptops. We also analyze the security of DAPP under different attack models, demonstrating its capability to deal with various types of attacks","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"81 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133604264","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
DaTA -- Data-Transparent Authentication Without Communication Overhead 数据——没有通信开销的数据透明认证
2006 Securecomm and Workshops Pub Date : 2006-08-01 DOI: 10.1109/SECCOMW.2006.359567
Songqing Chen, Shiping Chen, Xinyuan Wang, S. Jajodia
{"title":"DaTA -- Data-Transparent Authentication Without Communication Overhead","authors":"Songqing Chen, Shiping Chen, Xinyuan Wang, S. Jajodia","doi":"10.1109/SECCOMW.2006.359567","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359567","url":null,"abstract":"With the development of Internet computing techniques, continuous data streams from remote sites are commonly used in scientific and commercial applications. Correspondingly, there is increasing demand of assuring the integrity and authenticity of received data streams. Existing strategies of assuring data integrity and authenticity mainly use message authentication codes (MAC) generated on data blocks and transfer the MAC to the receiver for authentication through either out of band communication or in band communication. Transferring the MAC via out of band communication inevitably introduces communication overhead and additional complexity to synchronize the out of band communication with the data communication. Transferring the MAC via in band channel can be achieved by either appending the MAC to the original data or embedding the MAC into the original data, which would either incur communication overhead or change the original data. It would be desirable to be able to authenticate the stream data without any communication overhead and changing the original data at the same time. To deal with data packet or block loss, many of existing stream data authentication schemes rely on hash chaining, the current usage of which results in uncertainty in authenticating the subsequent data blocks once the first data packet or block loss is detected. In this paper, we propose a novel application layer authentication strategy called DaTA. This authentication scheme requires no change to the original data and causes no additional communication overhead. In addition, it can continue authenticating the rest of data stream even if some data loss has been detected. Our analysis shows that our authentication scheme is robust against packet loss and network jitter. We have implemented a prototype system to evaluate its performance. Our empirical results show that our proposed scheme is efficient and practical under various network conditions","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115060842","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
An Intellilgent Infrastructure Strategy to Improving the Performance and Detection Capability of Intrusion Detection Systems 一种提高入侵检测系统性能和检测能力的智能基础架构策略
2006 Securecomm and Workshops Pub Date : 2006-08-01 DOI: 10.1109/SECCOMW.2006.359566
E. Hooper
{"title":"An Intellilgent Infrastructure Strategy to Improving the Performance and Detection Capability of Intrusion Detection Systems","authors":"E. Hooper","doi":"10.1109/SECCOMW.2006.359566","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359566","url":null,"abstract":"Network and host Intrusion Detection Systems (IDS) are used to identify suspicious network traffic. However, a high percentage of alerts generated by such systems are liable to be false positives. False positives create considerable administrative overheads, since these alerts typically require manual intervention from a network administrator In order to reduce the number of false positives, we propose a novel infrastructure approach involving what we call network quarantine channels. The network quarantine channels and associated techniques are used to perform further interaction with hosts that have been identified as the source of suspicious traffic. The network quarantine channels are used to provide a more accurate assessment of the potential attacks sent by suspicious hosts, before sending the final status of the alerts to the IDS monitor for the network administrator's response.","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129750126","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
System Anomaly Detection: Mining Firewall Logs 系统异常检测:挖掘防火墙日志
2006 Securecomm and Workshops Pub Date : 2006-08-01 DOI: 10.1109/SECCOMW.2006.359572
Robert M. Winding, Timothy E. Wright, M. Chapple
{"title":"System Anomaly Detection: Mining Firewall Logs","authors":"Robert M. Winding, Timothy E. Wright, M. Chapple","doi":"10.1109/SECCOMW.2006.359572","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359572","url":null,"abstract":"This paper describes an application of data mining and machine learning to discovering network traffic anomalies in firewall logs. There is a variety of issues and problems that can occur with systems that are protected by firewalls. These systems can be improperly configured, operate unexpected services, or fall victim to intrusion attempts. Firewall logs often generate hundreds of thousands of audit entries per day. It is often easy to use these records for forensics if one knows that something happened and when. However, it can be burdensome to attempt to manually review logs for anomalies. This paper uses data mining techniques to analyze network traffic, based on firewall audit logs, to determine if statistical analysis of the logs can be used to identify anomalies","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"51 5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126357185","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 29
Protecting Against Distributed Denial of Service (DDoS) Attacks Using Distributed Filtering 利用分布式过滤防范分布式拒绝服务攻击
2006 Securecomm and Workshops Pub Date : 2006-08-01 DOI: 10.1109/SECCOMW.2006.359548
J. Trostle
{"title":"Protecting Against Distributed Denial of Service (DDoS) Attacks Using Distributed Filtering","authors":"J. Trostle","doi":"10.1109/SECCOMW.2006.359548","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359548","url":null,"abstract":"We present a new scheme, distributed filtering service or DFS, for protecting services against distributed denial of service (DDoS) attacks. Our system is proactive and requires no changes to the Internet core, and no changes to existing ISP routers. DFS can be deployed incrementally, and benefits are obtained immediately. The key to our approach is forcing traffic destined for protected services to widely dispersed filtering points on the Internet, using IP anycast. DFS requires no unicast address nodes that can be targetted by an attacker; we are unaware of any other DDoS defensive system with this property. We also use two other techniques that have not been well used in DDoS defensive systems: key logging and the IPsec replay window. For the latter, we model attacks and give lower bounds for its effectiveness. We analyze DFS's resistance against large scale DDoS flooding attacks; DFS offers relatively strong protection against DDoS attacks","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129061104","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
On Filtering of DDoS Attacks Based on Source Address Prefixes 基于源地址前缀的DDoS攻击过滤研究
2006 Securecomm and Workshops Pub Date : 2006-08-01 DOI: 10.1109/SECCOMW.2006.359537
G. Pack, Jaeyoung Yoon, Eli Collins, Cristian Estan
{"title":"On Filtering of DDoS Attacks Based on Source Address Prefixes","authors":"G. Pack, Jaeyoung Yoon, Eli Collins, Cristian Estan","doi":"10.1109/SECCOMW.2006.359537","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359537","url":null,"abstract":"Distributed denial of service (DDoS) attacks are a grave threat to Internet services and even to the network itself. Widely distributed \"zombie\" computers subverted by malicious hackers are used to orchestrate massive attacks. Any defense against such flooding attacks must solve the hard problem of distinguishing the packets that are part of the attack from legitimate traffic, so that the attack can be filtered out without much collateral damage. We explore one technique that can be used as part of DDoS defenses: using ACL rules that distinguish the attack packets from the legitimate traffic based on source addresses in packets. One advantage of this technique is that the ACL rules can be deployed in routers deep inside the network where the attack isn't large enough to cause loss of legitimate traffic due to congestion. The most important disadvantage is that the ACL rules can also cause collateral damage by discarding some legitimate traffic. We use simulations to study this damage how it is influenced by various factors. Our technique is much better than uninformed dropping due to congestion, but it produces larger collateral damage than more processing-intensive approaches. For example it can reduce the attack size by a factor of 3 while also dropping between 2% and 10% of the legitimate traffic. We recommend the use of source address prefix based filtering in combination with other techniques, for example as a coarse pre-filter that ensures that devices performing the processing-intensive filtering are not overwhelmed","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127860620","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
Towards Communal Governed Transactions Among Decentralized Trading Agents 分散式交易主体间的共同治理交易
2006 Securecomm and Workshops Pub Date : 2006-08-01 DOI: 10.1109/SECCOMW.2006.359541
A. Tarigan
{"title":"Towards Communal Governed Transactions Among Decentralized Trading Agents","authors":"A. Tarigan","doi":"10.1109/SECCOMW.2006.359541","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359541","url":null,"abstract":"We present a concept in completing transaction among collaborative agents where neither trusted authority nor intermediate facilitator exists. Agents collectively intend and accept that there are valuable objects to be used as medium of exchange. This object, which we call an institutional-token, belongs to an agent through collective acceptance of ownership relation which binds that object to the agent. Transaction between buyer and seller is completed as follows: buyer and seller propose new ownership of the token to all agents, the agents collectively reject prior ownership which binds the token to the buyer and at the same time collectively accept the new ownership relation which binds the same token to the seller in order to \"transfer\" token to the new owner. Buyer rates the outcome of the transaction and updates its opinion about trustworthiness of the seller. Based on its opinion, agent participates in every collective trust decision whether or not the proposed transaction may proceed. This collaboration scheme enables community to govern transactions in individual level and thus social control emerges to block possible bad behavior, to protect buyer from risky transactions, and to induce good behavior. Finally we describe an implementation scenario in a decentralized P2P file trading community using set of communication protocols and threshold cryptography","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123275699","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols 可证明的安全无处不在的系统:普遍可组合的RFID认证协议
2006 Securecomm and Workshops Pub Date : 2006-08-01 DOI: 10.1109/SECCOMW.2006.359563
M. Burmester, T. Le, B. D. Medeiros
{"title":"Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols","authors":"M. Burmester, T. Le, B. D. Medeiros","doi":"10.1109/SECCOMW.2006.359563","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359563","url":null,"abstract":"This paper examines two unlinkably anonymous, simple RFID identification protocols that require only the ability to evaluate hash functions and generate random values, and that are provably secure against Byzantine adversaries. The main contribution is a universally composable security model tuned for RFlD applications. By making specific setup, communication, and concurrency assumptions that are realistic in the RFID application setting, we arrive at a model that guarantees strong security and availability properties, while still permitting the design of practical RFID protocols. We show that two protocols are provably secure within the new security model. Our proofs do not employ random oracles - the protocols are shown to be secure in the standard model under the assumption of existence of pseudo-random function families","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"54 5","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114037612","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 132
On Mobile Viruses Exploiting Messaging and Bluetooth Services 关于利用短信和蓝牙服务的移动病毒
2006 Securecomm and Workshops Pub Date : 2006-08-01 DOI: 10.1109/SECCOMW.2006.359562
A. Bose, K. Shin
{"title":"On Mobile Viruses Exploiting Messaging and Bluetooth Services","authors":"A. Bose, K. Shin","doi":"10.1109/SECCOMW.2006.359562","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359562","url":null,"abstract":"The exponential growth of mobile messaging worldwide has made it an indispensable tool for social and business interactions. The interoperability between SMS (short messaging service) and IM (instant messaging) networks has enabled mobile users to communicate over the Internet seamlessly. However, the proliferation of cellular phones and handheld devices with messaging capability has also attracted virus writers who increasingly develop malware targeted to mobile handheld devices. The mobile viruses discovered so far have exploited vulnerabilities in Bluetooth to infect a nearby device and then use SMS to spread itself to other devices in the mobile network. This problem is expected to become worse with the growth of MMS (multimedia messaging service), mobile games, mobile commerce and peer-to-peer file-sharing in the near future. We investigate the propagation of mobile worms and viruses that spread primarily via SMS/MMS messages and short-range radio interfaces such as Bluetooth. First, we study these vulnerabilities in-depth so that appropriate malware behavior models can be developed. Next, we study the propagation of a mobile virus similar to Commwarrior in a cellular network using data from a real-life SMS customer network. Each handheld device is modeled as an autonomous mobile agent capable of sending SMS messages to others (via an SMS center), and is capable of discovering other devices equipped with Bluetooth. Since mobile malware targets specific mobile OSs, we consider diversity of deployed software stacks in the network. Our results reveal that hybrid worms that use SMS/MMS and proximity scanning (via Bluetooth) can spread rapidly within a cellular network, making them potential threats in public meeting places such as sports stadiums, train stations, and airports","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"273 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127712082","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 130
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信