发布求助
文献互助 智能选刊 最新文献

2009 International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
Using XACML for Embedded and Fine-Grained Access Control Policy 使用XACML实现嵌入式和细粒度访问控制策略
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.102
G. Hsieh, K. Foster, Gerald Emamali, G. Patrick, L. Marvel
{"title":"Using XACML for Embedded and Fine-Grained Access Control Policy","authors":"G. Hsieh, K. Foster, Gerald Emamali, G. Patrick, L. Marvel","doi":"10.1109/ARES.2009.102","DOIUrl":"https://doi.org/10.1109/ARES.2009.102","url":null,"abstract":"XACML (eXtensible Access Control Markup Language) is an access control policy language standardized by the OASIS (Organization for Advancement of Structured Information Standards). We have extended the standard XACML languages and processing models to allow the access control policies be embedded with digital content in the same XACML-like document. The original content can be further divided into multiple parts, each of which is encapsulated by its own XACML statements that specify the access control policy specific to this part, such that different policies can be applied to and enforced for different parts of the digital content. These embedded and fine-grained access control policy capabilities can be used to facilitate the protection, management and sharing of information no matter where the information resides. We have also developed an initial prototype of this XACML based mechanism for proof-of-concept purpose.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"213 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123576142","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Statistical Failure Analysis of a Web Server System Web服务器系统故障统计分析
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.122
Toshiya Fujii, T. Dohi
{"title":"Statistical Failure Analysis of a Web Server System","authors":"Toshiya Fujii, T. Dohi","doi":"10.1109/ARES.2009.122","DOIUrl":"https://doi.org/10.1109/ARES.2009.122","url":null,"abstract":"Failure phenomena of web server systems are considered to depend on their workload characteristics. In this paper we focus on an Apache server system and analyze the real access/error logs. Based on parametric and non-parametric statistics, we characterize the web server failure from both theoretical and empirical points of view. As the result, it can be shown that the number of sessions strongly affects to the failure rate property of the Apache server.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"2 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120808828","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
A New Approach for the Construction of Fault Trees from System Simulink 基于systemsimulink的故障树构造新方法
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.172
G. L. Shabgahi, F. Tajarrod
{"title":"A New Approach for the Construction of Fault Trees from System Simulink","authors":"G. L. Shabgahi, F. Tajarrod","doi":"10.1109/ARES.2009.172","DOIUrl":"https://doi.org/10.1109/ARES.2009.172","url":null,"abstract":"Fault tree analysis is a common method for reliability, safety, and availability assessment of digital systems. Since 70s, a number of construction and analysis methods have been introduced in the literature. The main difference between these methods is the starting model from which the tree is constructed. This paper presents a novel methodology for the construction of fault tree from a system Simulink model, and introduces a fault tree analysis approach in the Simulink environment. The analysis method evaluates static fault tree of a system. The method is introduced and explained in details and its correctness and completeness is validated by using a number of examples. The limitations of the proposed methodology are related to the limitations of the MATLAB-Simulink toolbox. Important advantages of the method are also stated.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125944169","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Towards Efficient ID-Based Signature Schemes with Batch Verifications from Bilinear Pairings 基于双线性对批量验证的高效id签名方案
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.10
Yuh-Min Tseng, Tsu-Yang Wu, Jui-Di Wu
{"title":"Towards Efficient ID-Based Signature Schemes with Batch Verifications from Bilinear Pairings","authors":"Yuh-Min Tseng, Tsu-Yang Wu, Jui-Di Wu","doi":"10.1109/ARES.2009.10","DOIUrl":"https://doi.org/10.1109/ARES.2009.10","url":null,"abstract":"Many group-oriented applications and multicast communications often need to verify which group members have sent/received a message. However, individual verification of signed messages would require a significant computation cost. A secure signature scheme with supporting variant batch verifications extremely improves performance. In 2003, Cha and Cheon proposed an efficient identity (ID)-based signature scheme with bilinear pairings. Recently, Yoon et al. pointed out that their scheme does not provide batch verifications for multiple signatures. In this paper, we examine and discuss twelve kinds of Cha-Cheon like signature schemes and security properties. We obtain an efficient ID-based signature scheme supporting batch verifications. In the random oracle model and under the computational Diffie-Hellman assumption, we show that this new scheme is secure against existential forgery attacks under various types of batch verifications.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124665233","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Finding Preimages of Multiple Passwords Secured with VSH 寻找与VSH安全的多个密码的镜像
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.25
Kimmo Halunen, Pauli Rikula, J. Röning
{"title":"Finding Preimages of Multiple Passwords Secured with VSH","authors":"Kimmo Halunen, Pauli Rikula, J. Röning","doi":"10.1109/ARES.2009.25","DOIUrl":"https://doi.org/10.1109/ARES.2009.25","url":null,"abstract":"In this paper we present an improvement to the preimage attacks on Very Smooth Hash (VSH) function. VSH was proposed as a collision resistant hash function by Contini et al., but it has been found lacking in preimage resistance by Saarinen. With our method, we show how to find preimages of multiple passwords secured by VSH. We also demonstrate that our method is faster in finding preimages of multiple passwords than the methods proposed earlier. We tested the methods with five, ten and fifty randomised alphanumeric passwords. The results show that our method is many times faster than the original method of Saarinen and almost three times faster than the improved method proposed by Halunen et al. Furthermore, we argue that the methods presented previously and our method are essentially the only significantly different methods derivable from Saarinen's work.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129858218","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Position Paper: Secure Infrastructure for Scientific Data Life Cycle Management 意见书:科学数据生命周期管理的安全基础设施
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.99
Marco Descher, T. Feilhauer, Thomas Ludescher, P. Masser, B. Wenzel, P. Brezany, I. Elsayed, A. Wöhrer, A. Tjoa, David Huemer
{"title":"Position Paper: Secure Infrastructure for Scientific Data Life Cycle Management","authors":"Marco Descher, T. Feilhauer, Thomas Ludescher, P. Masser, B. Wenzel, P. Brezany, I. Elsayed, A. Wöhrer, A. Tjoa, David Huemer","doi":"10.1109/ARES.2009.99","DOIUrl":"https://doi.org/10.1109/ARES.2009.99","url":null,"abstract":"Within the Austrian Grid project phase 2, three different groups, each allocated to a different work package, join their efforts to implement a grid infrastructure for the european research project \"Breath Gas Analysis for molecular oriented diseases''. This position paper provides background on the task and the resulting requirements, a presentation on solutions developed during related projects in the application domain, identifies problems that have not yet been solved, and finally presents the intended solution to be developed.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128469530","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
BRICK: A Binary Tool for Run-Time Detecting and Locating Integer-Based Vulnerability BRICK:用于运行时检测和定位基于整数的漏洞的二进制工具
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.77
Ping Chen, Yi Wang, Zhi Xin, Bing Mao, Li Xie
{"title":"BRICK: A Binary Tool for Run-Time Detecting and Locating Integer-Based Vulnerability","authors":"Ping Chen, Yi Wang, Zhi Xin, Bing Mao, Li Xie","doi":"10.1109/ARES.2009.77","DOIUrl":"https://doi.org/10.1109/ARES.2009.77","url":null,"abstract":"Integer-based vulnerability is an extremely serious bug for programs written in languages such as C/C++. However,in practice, very few software security tools can efficiently detect and accurately locate such vulnerability. In addition, previous methods mainly depend on source code analysis and recompilation which are impractical when protecting the program without source code. In this paper,we present the design, implementation, and evaluation of BRICK (Binary Run-time Integer-based vulnerability Checker), a tool for run-time detecting and locating integer-based vulnerability. Given an integer-based vulnerability exploit, BRICK is able to catch the value which falls out of the range of its corresponding type, then find the root cause for this vulnerability, and finally locate the vulnerability code and give a warning, based on its checking scheme. BRICK is implemented on the dynamic binary instrumentation framework Valgrind and its type inference plug-in: Catchconv. Preliminary experimental results are quit promising: BRICK can detect and locate most of integer-based vulnerability in real software, and has very low false positives and negatives.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"123 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128618576","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 38
Measuring Peer-to-Peer Botnets Using Control Flow Stability 利用控制流稳定性测量点对点僵尸网络
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.59
Binbin Wang, Zhitang Li, Hao Tu, Jie Ma
{"title":"Measuring Peer-to-Peer Botnets Using Control Flow Stability","authors":"Binbin Wang, Zhitang Li, Hao Tu, Jie Ma","doi":"10.1109/ARES.2009.59","DOIUrl":"https://doi.org/10.1109/ARES.2009.59","url":null,"abstract":"Currently, botnets use peer-to-peer (P2P) networks for command and control (C&C) communication. In contrast to traditional centralized-organized botnets, P2P-based botnets do not have a central point of failure for botnets and are consequently more concealable and robust, which degrades the performance of botnet detection approaches significantly. Considering that the C&C flows related to a P2P-based bot exhibit stability on statistical meaning due to the impartial position in botnet and performing pre-programmed control activities automatically, a novel detection approach based on the control flow stability is proposed in this paper. The measurement of control flow stability is firstly derived from the P2P-based C&C case study and the definition of control flow stability. After analyzing the stability of Storm bots and comparing the results to that of normal P2P client, a stability detection algorithm that can tune the accuracy of detecting results is developed. Extensive experimental results show the proposed approach is very efficient and can detect P2P-based botnet with low false positive ratio.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128727142","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
Reusable Security Requirements for Healthcare Applications 医疗保健应用程序的可重用安全需求
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.107
Jostein Jensen, Inger Anne Tøndel, M. Jaatun, P. H. Meland, Herbjørn Andresen
{"title":"Reusable Security Requirements for Healthcare Applications","authors":"Jostein Jensen, Inger Anne Tøndel, M. Jaatun, P. H. Meland, Herbjørn Andresen","doi":"10.1109/ARES.2009.107","DOIUrl":"https://doi.org/10.1109/ARES.2009.107","url":null,"abstract":"Healthcare information systems are currently being migrated from paper based journals to fully digitalised information platforms. Protecting patient privacy is thus becoming an increasingly complex task, where several national and international legal requirements must be met. These legal requirements present only high-level goals for privacy protection, leaving the details of security requirements engineering to the developers of electronic healthcare systems. Our objective has been to map legal requirements for sensitive personal information to a set of reusable technical information security requirements. This paper presents examples of such requirements extracted from legislation applicable to the healthcare domain.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128987390","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
An Empirically Derived Loss Taxonomy Based on Publicly Known Security Incidents 基于公开安全事件的经验导出的损失分类
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.85
Frank Innerhofer-Oberperfler, R. Breu
{"title":"An Empirically Derived Loss Taxonomy Based on Publicly Known Security Incidents","authors":"Frank Innerhofer-Oberperfler, R. Breu","doi":"10.1109/ARES.2009.85","DOIUrl":"https://doi.org/10.1109/ARES.2009.85","url":null,"abstract":"In this paper we focus on the losses related to information and IT security incidents. The loss dimension in terms of business impacts is often treated only superficially in current standards, best practices and the research literature. The main focus lies often on the impacts on properties of information and services like confidentiality, integrity and availability. We make a step in the direction of filling this gap by developing a more systematic taxonomy of losses. For this purpose publicly announced security incidents have been analysed using causeconsequence diagrams to identify different types of losses. The identified causes of incidents and the resulting types of losses have been classified using an enterprise model to distinguish different levels of abstraction. This exploratory and descriptive research yielded a) a preliminary taxonomy of losses related to security incidents, b) a validation of the enterprise model used as a frame for the analysis and c) different paths of propagation of causes of incidents.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"222 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131952813","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信