发布求助
文献互助 智能选刊 最新文献

2009 International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
Post-Distribution Provisioning and Personalization of a Payment Application on a UICC-Based Secure Element 基于uicc安全元素的支付应用分发后配置和个性化
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.98
V. Alimi, M. Pasquet
{"title":"Post-Distribution Provisioning and Personalization of a Payment Application on a UICC-Based Secure Element","authors":"V. Alimi, M. Pasquet","doi":"10.1109/ARES.2009.98","DOIUrl":"https://doi.org/10.1109/ARES.2009.98","url":null,"abstract":"The Near Field Communication technology is currently leveraged by large standardization efforts and attempts at ¿nding suitable ecosystem and business models. In this context, the GlobalPlatform consortium released requirements to allow multiple actors to manage card content con¿dentially; and to adapt the platform to the Universal Integrated Circuit Card (UICC) in what is referred to as Mobile Pro¿le. These speci¿cations need to be experimented, tested and validated. This is what the project VACAMS (Validation of Content Application Systems) aims to achieve. The project stakeholders (Oberthur Card Systems, Trusted Labs and GREYC) will bring their respective expertise in smart cards engineering, testing methodology and secure electronic transactions. The experimentation will consist in developping a UICC Secure Element complying with the GlobalPlatform speci¿cations and pro¿le, and in loading and personalizing \"over the air\" a payment application after the issuance of the mobile device. It will take place on an experimental electronic payment platform at ENSICAEN.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131499587","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
An Authentication Watermark Algorithm for JPEG images 一种用于JPEG图像的认证水印算法
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.8
Xi Shi, Fenlin Liu, Daofu Gong, Jing Jing
{"title":"An Authentication Watermark Algorithm for JPEG images","authors":"Xi Shi, Fenlin Liu, Daofu Gong, Jing Jing","doi":"10.1109/ARES.2009.8","DOIUrl":"https://doi.org/10.1109/ARES.2009.8","url":null,"abstract":"In this paper, an authentication watermark algorithm for JPEG images is proposed, which is basing on the current watermark algorithm proposing and realizing a counterfeiting attack for the current watermarking algorithm security. In order to reduce the miss alarm caused by the mode of embedding watermark, in this algorithm the watermark embedded coefficients are as a factor of the watermark generation, and embedding watermark information by adopting the lowest bit substitute, so as to resist the counterfeiting attack effectively and improve the security of the current algorithm. The theoretical analysis and the realization show that the watermark algorithm presented by this paper has a lower miss alarm probability compared with the current algorithm, and further more the algorithm security.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130896038","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Prioritisation and Selection of Software Security Activities 软件安全活动的优先次序和选择
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.52
David Byers, N. Shahmehri
{"title":"Prioritisation and Selection of Software Security Activities","authors":"David Byers, N. Shahmehri","doi":"10.1109/ARES.2009.52","DOIUrl":"https://doi.org/10.1109/ARES.2009.52","url":null,"abstract":"Software security is accomplished by introducing security-related activities into the software development process or by altering existing activities so that security is taken into account. Since the importance of software security has only relatively recently received the recognition it deserves, security is not ingrained into the development processes in common use today. A variety of approaches to software security have been proposed, but they rarely support developers in determining which security activities are appropriate for them and which they should choose to implement. An exception to this rule is the Sustainable Software Security Process (S3P). This paper describes the final step of the S3P, which helps developers estimate the cost of security-related activities and select the combination of security activities that best suits their needs. This is accomplished by applying the Analytic Hierarchy Process and an automated search heuristic, scatter search, to the models created as part of the S3P.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"127 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127073342","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
An Improvement to a Decentralized Management Method for Uniquely Accessible Attribute Information 一种唯一可访问属性信息分散管理方法的改进
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.21
Yoshio Kakizaki, Y. Yoshida, H. Tsuji
{"title":"An Improvement to a Decentralized Management Method for Uniquely Accessible Attribute Information","authors":"Yoshio Kakizaki, Y. Yoshida, H. Tsuji","doi":"10.1109/ARES.2009.21","DOIUrl":"https://doi.org/10.1109/ARES.2009.21","url":null,"abstract":"In this paper,we improve a decentralized management method for uniquely accessible attribute information. The previous method has the problem of the inconsistency in access policy. In our new method,the user has always to redirect from the identity provider to the attribute provider, because the user cannot make requests directly to the attribute provider. Our method makes it possible for the identity provider alone to manage the access policy. As a result,the problem of inconsistency in access policy is solved. Moreover, illegal requests are prevented from using this redirection.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"64 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123900167","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Advanced Flooding Attack on a SIP Server 高级flood攻击SIP服务器
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.15
Xianglin Deng, Malcolm Shore
{"title":"Advanced Flooding Attack on a SIP Server","authors":"Xianglin Deng, Malcolm Shore","doi":"10.1109/ARES.2009.15","DOIUrl":"https://doi.org/10.1109/ARES.2009.15","url":null,"abstract":"Voice over IP is gaining more popularity in today's communications. The Session Initiation Protocol (SIP) is the most popular VoIP signalling protocol is vulnerable to many kinds of attacks. Among all these attack, flood-based denial of service attacks have been identified as the biggest threat to SIP. Even though a great deal of research has been conducted into mitigating denial of service attacks, only a small proportion have been specific to SIP. This paper examines how denial of service attacks affect the performance of a SIP-based system, and proposes an Improved Security-Enhanced SIP System (ISESS) to mitigate such attacks. Experimental results are provided to demonstrate the effectiveness of ISESS. The experimental results show that with ISESS, during a flood-based denial of service attack, the performance of the system can be improved substantially.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124451545","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
Security Credential Mapping in Grids 网格中的安全凭证映射
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.93
Mehran Ahsant, Esteban Talavera Gonzalez, J. Basney
{"title":"Security Credential Mapping in Grids","authors":"Mehran Ahsant, Esteban Talavera Gonzalez, J. Basney","doi":"10.1109/ARES.2009.93","DOIUrl":"https://doi.org/10.1109/ARES.2009.93","url":null,"abstract":"Federating security and trust is one of the most significant architectural requirements in grids. In this regard, one challenging issue is the cross-organizational authentication and identification. Organizations participated in Virtual Organizations (VOs) may use different security infrastructures that implement different authentication and identification protocols. Thus, arises an architectural need to provide a mechanism for a lightweight, rapid and interoperable translation of security credentials from an original format to a format understandable by recipients. In this paper, we describe the development and the implementation of an architecture for credential mapping in grids using off-the-shelf technologies and standard specifications. Our open-source implementation of this architecture provides support for an on-the-fly exchange for different types of security credentials used by diverse grid security infrastructures.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"185 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114742085","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
AVISPA in the Validation of Ambient Intelligence Scenarios 环境智能场景验证中的AVISPA
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.80
A. Muñoz, A. Maña, D. Serrano
{"title":"AVISPA in the Validation of Ambient Intelligence Scenarios","authors":"A. Muñoz, A. Maña, D. Serrano","doi":"10.1109/ARES.2009.80","DOIUrl":"https://doi.org/10.1109/ARES.2009.80","url":null,"abstract":"Ambient Intelligence (AmI) refers to an environment that is sensitive, responsive, interconnected, contextualized, transparent, intelligent, and acting on behalf of humans. AmI environments impose some constraints in the connectivity framework, power computing as well as energy budget. This makes of AmI a significantly different case within distributed systems. The combination of heterogeneity, dynamism, sheer number of devices, along with the growing demands placed on software security and dependability, make application development vastly more complex. Also, the provision of security and dependability for applications becomes increasingly difficult to achieve with the existing security engineering mechanisms and tools. Furthermore the validation of these mechanisms is even a hard task. In this paper we present an approach to model dynamic changes in ambient intelligence scenarios using the Avispa (Automated Validation of Internet Security Protocols and Applications) model-checking tool suite. The main goal ofour approach consists on providing a starting point in the use of Formal Description Techniques (FDM) for AmI scenarios. The paper studies and assesses the suitability of the Avispa tool for security validation in Ambient Intelligent environments and proposes mechanisms to capture the dynamic context changes in these environments.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115007663","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
P2F: A User-Centric Privacy Protection Framework P2F:以用户为中心的隐私保护框架
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.167
Maryam Jafari-lafti, Chin-Tser Huang, C. Farkas
{"title":"P2F: A User-Centric Privacy Protection Framework","authors":"Maryam Jafari-lafti, Chin-Tser Huang, C. Farkas","doi":"10.1109/ARES.2009.167","DOIUrl":"https://doi.org/10.1109/ARES.2009.167","url":null,"abstract":"In this paper, we present an end-user tool called the Privacy Protection Framework (P2F) which aims to support users in protecting their privacy when obtaining web-based services. P2F acts as a recommendation tool that analyzes the user's transaction history and privacy preferences in addition to real-world privacy privacy guidelines to prevent undesirable disclosure of personal data. The framework is based on a novel qualitative privacy compromise risk assessment approach designed to support decision-making in settings where server-side support for user-centric privacy protection frameworks is minimal or unkown. Our risk assessment model uses service provider properties, likelihood of collusion between providers, the sensitivity of the personal data to be released, and undesirable transaction linkability to determine the privacy compromise potential of a transaction.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114637689","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
An Analysis of Fault Effects and Propagations in AVR Microcontroller ATmega103(L) AVR单片机ATmega103(L)故障影响及传播分析
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.169
Alireza Rohani, H. Zarandi
{"title":"An Analysis of Fault Effects and Propagations in AVR Microcontroller ATmega103(L)","authors":"Alireza Rohani, H. Zarandi","doi":"10.1109/ARES.2009.169","DOIUrl":"https://doi.org/10.1109/ARES.2009.169","url":null,"abstract":"This paper presents an analysis of the effects and propagations of transient faults by simulation-based fault injection into the AVR microcontroller. This analysis is done by injecting 20000 transient faults into main components of the AVR microcontroller that is described in VHDL language. The sensitivity level of various points of the AVR microcontroller such as ALU, Instruction-Register, Program-Counter, Register-file and Flag Registers against fault manifestation is considered and evaluated. The behavior of AVR microcontroller against injected faults is reported and shown that about 41.46% of faults are recovered in simulation time, 53.84% of faults are effective faults and reminding 4.70% of faults are latent faults; moreover a comparison of the behavior of AVR microcontroller in fault injection experiments against some common microprocessors is done. Results of fault analyzing will be used in the future research to propose the fault-tolerant AVR microcontroller.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115052062","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
Comparison of Risk Analysis Methods: Mehari, Magerit, NIST800-30 and Microsoft's Security Management Guide 风险分析方法的比较:Mehari, Magerit, NIST800-30和微软的安全管理指南
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.75
Amril Syalim, Y. Hori, K. Sakurai
{"title":"Comparison of Risk Analysis Methods: Mehari, Magerit, NIST800-30 and Microsoft's Security Management Guide","authors":"Amril Syalim, Y. Hori, K. Sakurai","doi":"10.1109/ARES.2009.75","DOIUrl":"https://doi.org/10.1109/ARES.2009.75","url":null,"abstract":"In this paper we compare four risk analysis methods: Mehari, Magerit, NIST800-30 and Microsoft's Security Management Guide. Mehari is a method for risk analysis and risk management developed by CLUSIF (Club de la Securite del' Information Francais). Magerit is a risk analysis and management methodology for information systems developed by CSAE (Consejo Superior de Administracion Electronica). NIST800-30 is a risk management guide for information technology systems recommended by the National Institute of Standard and Technology (NIST) in NIST Special Publication 800-30. Microsoft’s Security Management Guide is a security risk management guide developed by Microsoft. In this paper, we compare those methods based on two main criteria: the first criterion is the steps that are used by the methods to conduct the risk assessment, the second one is the contents of the methods and supplementary documents provided with them. We found that all methods follow the first three general steps of risk analysis. However, the Mehari method, the Magerit method and the Microsoft Security Management Guide do not include control recommendations. Control recommendations in these methods are proposed as the next step to security management (i.e. after risk analysis). All methods provide a detailed guide for risk analysis. However, only three methods — Mehari, Magerit and the one proposed in the Microsoft Security Management Guide—provide supplementary documents for risk assessment.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"127 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123442755","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 58
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信