发布求助
文献互助 智能选刊 最新文献

2009 International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
Ascertaining the Financial Loss from Non-dependable Events in Business Interactions by Using the Monte Carlo Method 用蒙特卡罗方法确定业务交互中不可靠事件的财务损失
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.136
O. Hussain, T. Dillon
{"title":"Ascertaining the Financial Loss from Non-dependable Events in Business Interactions by Using the Monte Carlo Method","authors":"O. Hussain, T. Dillon","doi":"10.1109/ARES.2009.136","DOIUrl":"https://doi.org/10.1109/ARES.2009.136","url":null,"abstract":"Risk Assessment in business interactions is carried out to determine beforehand the occurrence of undesirable events and their associated consequences. In the literature, approaches have been proposed by which an interaction initiating agent can ascertain the occurrence of undesirable event/s and determine their consequences in an interaction. But those approaches just consider those events that are related to the performance of the other agent, with whom the interaction initiating agent is forming an interaction. It is possible that there may also be such events that are not dependent on the other agent's performance, but will directly or indirectly have an impact on the successful completion of the business interaction. In this paper, we will highlight the importance of considering such event/s during the process of risk assessment, and propose a methodology by which the interaction initiating agent can determine and quantify their effect on the successful completion of its business interaction.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128309750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Trusting User Defined Context in MANETs: Experience from the MIDAS Approach 在MANETs中信任用户定义上下文:来自MIDAS方法的经验
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.112
Vegar Westerlund, Thomas Pronstad, Inger Anne Tøndel, Leendert W. M. Wienhofen
{"title":"Trusting User Defined Context in MANETs: Experience from the MIDAS Approach","authors":"Vegar Westerlund, Thomas Pronstad, Inger Anne Tøndel, Leendert W. M. Wienhofen","doi":"10.1109/ARES.2009.112","DOIUrl":"https://doi.org/10.1109/ARES.2009.112","url":null,"abstract":"The MIDAS project has developed a middleware platform for context aware MANET services. A key problem with MANETs is the lack of a central authority and pre-existing trust. Thus it is hard to enable a trusted environment where context can be verified and trusted by peers. This paper describes how the MIDAS middleware can become \"secure enough\" for typical applications by identifying which existing security mechanisms are most apt to use. Benefits and shortcomings of the suggested solution are analysed and discussed.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128624125","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Investigating the Implications of Virtual Machine Introspection for Digital Forensics 调查虚拟机自省对数字取证的影响
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.173
K. Nance, Bria N Hay, M. Bishop
{"title":"Investigating the Implications of Virtual Machine Introspection for Digital Forensics","authors":"K. Nance, Bria N Hay, M. Bishop","doi":"10.1109/ARES.2009.173","DOIUrl":"https://doi.org/10.1109/ARES.2009.173","url":null,"abstract":"Researchers and practitioners in computer forensics currently must base their analysis on information that is either incomplete or produced by tools that may themselves be compromised as a result of the intrusion. Complicating these issues are the techniques employed by the investigators themselves. If the system is quiescent when examined, most of the information in memory has been lost. If the system is active, the kernel and programs used by the forensic investigators are likely to influence the results and as such are themselves suspect. Using virtual machines and a technique called virtual machine introspection can help overcome these limits, but it introduces its own research challenges. Recent developments in virtual machine introspection have led to the identification of four initial priority research areas in virtual machine introspection including virtual machine introspection tool development, applications of virtual machine introspection to non-quiescent virtual machines, virtual machine introspection covert operations, and virtual machine introspection detection.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124727860","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 41
Towards Intrusion Detection for Encrypted Networks 加密网络入侵检测研究
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.76
V. Goh, J. Zimmermann, M. Looi
{"title":"Towards Intrusion Detection for Encrypted Networks","authors":"V. Goh, J. Zimmermann, M. Looi","doi":"10.1109/ARES.2009.76","DOIUrl":"https://doi.org/10.1109/ARES.2009.76","url":null,"abstract":"Traditionally, network-based Intrusion Detection Systems (NIDS) monitor network traffic for signs of malicious activities. However, with the growing use of Virtual Private Networks (VPNs) that encrypt network traffic, the NIDS can no longer analyse the encrypted data. This essentially negates any protection offered by the NIDS. Although the encrypted traffic can be decrypted at a network gateway for analysis, this compromises on data confidentiality. In this paper, we propose a detection framework which allows a traditional NIDS to continue functioning, without compromising the confidentiality afforded by the VPN. Our approach uses Shamir's secret-sharing scheme and randomised network proxies to enable detection of malicious activities in encrypted channels. Additionally, this approach is able to detect any malicious attempts to forge network traffic with the intention of evading detection. Our experiments show that the probability of a successful evasion is low, at about 0.98% in the worst case. We implement our approach in a prototype and present some preliminary results. Overall, the proposed approach is able to consistently detect intrusions and does not introduce any additional false positives.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"281 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121045859","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
Identity-Based Hybrid Signcryption 基于身份的混合签名加密
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.44
Fagen Li, Masaaki Shirase, T. Takagi
{"title":"Identity-Based Hybrid Signcryption","authors":"Fagen Li, Masaaki Shirase, T. Takagi","doi":"10.1109/ARES.2009.44","DOIUrl":"https://doi.org/10.1109/ARES.2009.44","url":null,"abstract":"Signcryption is a cryptographic primitive that fulfills both the functions of digital signature and public key encryption simultaneously, at a cost significantly lower than that required by the traditional signature-then-encryption approach. In this paper, we address a question whether it is possible to construct a hybrid signcryption scheme in identity-based setting. This question seems to have never been addressed in the literature. We answer the question positively in this paper. In particular, we extend the concept of signcryption key encapsulation mechanism to the identity-based setting. We show that an identity-based signcryption scheme can be constructed by combining an identity-based signcryption key encapsulation mechanism with a data encapsulation mechanism. We also give an example of identity-based signcryption key encapsulation mechanism.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121140647","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Static Code Analysis to Detect Software Security Vulnerabilities - Does Experience Matter? 静态代码分析检测软件安全漏洞——经验重要吗?
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.163
D. Baca, K. Petersen, B. Carlsson, L. Lundberg
{"title":"Static Code Analysis to Detect Software Security Vulnerabilities - Does Experience Matter?","authors":"D. Baca, K. Petersen, B. Carlsson, L. Lundberg","doi":"10.1109/ARES.2009.163","DOIUrl":"https://doi.org/10.1109/ARES.2009.163","url":null,"abstract":"Code reviews with static analysis tools are today recommended by several security development processes. Developers are expected to use the tools' output to detect the security threats they themselves have introduced in the source code. This approach assumes that all developers can correctly identify a warning from a static analysis tool (SAT) as a security threat that needs to be corrected. We have conducted an industry experiment with a state of the art static analysis tool and real vulnerabilities. We have found that average developers do not correctly identify the security warnings and only developers with specific experiences are better than chance in detecting the security vulnerabilities. Specific SAT experience more than doubled the number of correct answers and a combination of security experience and SAT experience almost tripled the number of correct security answers.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116211748","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 57
State of Cybersecurity and the Roadmap to Secure Cyber Community in Cambodia 柬埔寨网络安全状况和网络社区安全路线图
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.144
S. Cheang, Sinawong Sang
{"title":"State of Cybersecurity and the Roadmap to Secure Cyber Community in Cambodia","authors":"S. Cheang, Sinawong Sang","doi":"10.1109/ARES.2009.144","DOIUrl":"https://doi.org/10.1109/ARES.2009.144","url":null,"abstract":"This paper presents background information and the progress of the government effort on Cyber Security in Cambodia. Firstly, this study establishes a framework to assess the current effort of Cambodian government on cybersecurity. Secondly, the results of the assessment are used to develop policy implication, serving as roadmap to secure national online community. Furthermore, this paper discusses the process to establish management and technical incident response capability of the national Computer Emergency Response Team to contain the on-going cyber incident.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"99 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116425481","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Generation of Prototypes for Masking Sequences of Events 事件掩蔽序列原型的生成
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.55
A. Valls, Cristina Gómez-Alonso, V. Torra
{"title":"Generation of Prototypes for Masking Sequences of Events","authors":"A. Valls, Cristina Gómez-Alonso, V. Torra","doi":"10.1109/ARES.2009.55","DOIUrl":"https://doi.org/10.1109/ARES.2009.55","url":null,"abstract":"Sequences of categorical data are in common use to represent sequences of events. In order to transfer such data to third parties for their analysis, masking methods can be applied to satisfy privacy laws and avoid the disclosure of sensitive information. Masking methods distort the data so that privacy is kept at the expenses of some information loss. %Different methods exist, each one trying to find a good trade-off between the risk of disclosure and the information loss. Microaggregation is one of the existing masking methods. In microaggregation small clusters are automatically built and the values of the members of a cluster are substituted by the values of the prototype of that cluster. Due to the fact that microaggregation is an NP-hard problem, heuristic approaches have been developed. Existing methods are mainly devoted to numerical and categorical data. The extension of these methods to sequences of categorical data requires the definition of special algorithms for clustering and prototyping.Artificial Intelligence offers techniques and tools that are appropriate for symbolic data. As in our context the sequences are defined in terms of categorical (symbolic) values, such AI techniques are of special relevance. In this paper, we will use them to propose a new method for generating the prototype of a small group of sequences of categorical values. These results can later be used in e.g. microaggregation.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126707603","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
The Anatomy of Electronic Evidence – Quantitative Analysis of Police E-Crime Data 电子证据的解剖——警察电子犯罪数据的定量分析
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.118
B. Turnbull, Robert Taylor, B. Blundell
{"title":"The Anatomy of Electronic Evidence – Quantitative Analysis of Police E-Crime Data","authors":"B. Turnbull, Robert Taylor, B. Blundell","doi":"10.1109/ARES.2009.118","DOIUrl":"https://doi.org/10.1109/ARES.2009.118","url":null,"abstract":"By understanding the past and present, the future can be predicted. This work seeks to understand how an Australian policing agency is currently receiving and analyzing sources of electronic evidence in the investigation of criminal activity. It shows how many devices are received, what kinds of device make up each analysis job, and for investigation into which crimes. From this, trends and workloads may be understood and future investments in equipment and research direction can be decided. The outcomes of this work may also allow for strategies to maximize training to non-technical staff and highlight investigative areas that may benefit from more use of electronic evidence. Finally, charting the trends in how commonly different electronic devices are analysed may allow for better handling of crime scenes and expand what is collected for different crime types. This work seeks to understand which types of crime are making most use of electronic evidence sources, to prepare for future changes in the discipline.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131307638","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
Information Security Optimization: From Theory to Practice 信息安全优化:从理论到实践
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.106
David Simms
{"title":"Information Security Optimization: From Theory to Practice","authors":"David Simms","doi":"10.1109/ARES.2009.106","DOIUrl":"https://doi.org/10.1109/ARES.2009.106","url":null,"abstract":"Organizations face a significant challenge in designing and implementing appropriate information security measures. There are many sources of guidance on good and best practice relating to platforms, architectures and industries, but this guidance needs to be interpreted in the context of the specific risks faced by the organization, the desire to mitigate those risks, and the requirements for user friendliness, system performance and system availability driven by the user community. The process of identifying, justifying, implementing and maintaining the correct balance between security and ease of access for authorized users requires careful consideration at a number of phases, including the assessment of risks, the identification of appropriate standards, the definition of policies and the education of users, and organizations also need to implement mechanisms for the regular and effective review and update of the measures taken. This paper discusses the issues involved in implementing an optimized information security policy, the common pitfalls encountered by organizations in this respect, and presents an outline framework for such implementations.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132567098","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信