发布求助
文献互助 智能选刊 最新文献

2009 International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
A Framework for Understanding Botnets 理解僵尸网络的框架
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.65
Justin Leonard, Shouhuai Xu, R. Sandhu
{"title":"A Framework for Understanding Botnets","authors":"Justin Leonard, Shouhuai Xu, R. Sandhu","doi":"10.1109/ARES.2009.65","DOIUrl":"https://doi.org/10.1109/ARES.2009.65","url":null,"abstract":"Botnets have become a severe threat to the cyberspace. However, existing studies are typically conducted in an ad hoc fashion, by demonstrating specific analysis on captured bot programs or bot communication mechanisms so as to suggest means to counter them. Although suchstudies are important, another perhaps even more important problem that is largely left unaddressed is: How should we build a unified framework that can help us understand botnets in a systematic fashion? In this paper we make a first step towards the goal by presenting a framework, which especially suggests a general architecture that could be coupled with certain advanced techniques that have not been exploited in existing botnets. The framework also suggests a set of attributes that can be used to measure and compare botnets. Moreover, the dynamic nature of botnets (e.g., a victim machine may be powered-offduring some time intervals) implies that a botnet, and thus its attributes, are stochastic in nature. This means that a meaningful comparison between botnet attributes should be based on the concept of stochastic order.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129250117","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 40
Measuring Voter-Controlled Privacy 衡量选民控制的隐私
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.81
H. Jonker, S. Mauw, Jun Pang
{"title":"Measuring Voter-Controlled Privacy","authors":"H. Jonker, S. Mauw, Jun Pang","doi":"10.1109/ARES.2009.81","DOIUrl":"https://doi.org/10.1109/ARES.2009.81","url":null,"abstract":"In voting, the notion of receipt-freeness has been proposed to express that a voter cannot gain any information to prove that she has voted in a certain way. Receipt-freeness aims to prevent vote buying, even when a voter chooses to renounce her privacy. In this paper, we distinguish various ways that a voter can communicate with the intruder to reduce her privacy and classify them according to their ability to reduce the privacy of a voter. We develop a formal framework combining knowledge reasoning and trace equivalences to formally model voting protocols and define vote privacy for the voters. Our framework is quantitative, in the sense that it defines a measure for the privacy of a voter. Therefore, the framework can precisely measure the level of privacy for a voter for each of the identified privacy classes. The quantification allows our framework to capture receipts that reduce, but not nullify, the privacy of the voter. This has not been identified and dealt with by other formal approaches.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121678110","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Deploying Security Policy in Intra and Inter Workflow Management Systems 在内部和内部工作流管理系统中部署安全策略
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.152
S. Ayed, N. Cuppens-Boulahia, F. Cuppens
{"title":"Deploying Security Policy in Intra and Inter Workflow Management Systems","authors":"S. Ayed, N. Cuppens-Boulahia, F. Cuppens","doi":"10.1109/ARES.2009.152","DOIUrl":"https://doi.org/10.1109/ARES.2009.152","url":null,"abstract":"Workfow Management Systems (WFMS) are concerned with the control and coordination of operational business processes, called workflows. When workflow technology is deployed in domains where processes have simple coordinative requirements, the flow of control and data may be easily mapped onto process effectiveness.With the diversity of resources, subjects and activities in the system, ensuring a secure execution environment of the workflow becomes a critical issue. In this paper, we are interested in deploying a WFMS security policy. We investigate this issue either within intra or inter organizational workflows. The later case is more complex and requires more sophisticated control since it includes communications between different organizations.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121522206","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
On Equilibrium Distribution Properties in Software Reliability Modeling 软件可靠性建模中的均衡分布特性研究
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.121
Xiao Xiao, T. Dohi
{"title":"On Equilibrium Distribution Properties in Software Reliability Modeling","authors":"Xiao Xiao, T. Dohi","doi":"10.1109/ARES.2009.121","DOIUrl":"https://doi.org/10.1109/ARES.2009.121","url":null,"abstract":"The non-homogeneous Poisson processes (NHPPs) have gained much popularity in actual software testing phases to assess the software reliability, the number of remaining faults in the software, the software release schedule, {it{etc}}. In this paper, we propose a novel modeling approach for the NHPP-based software reliability models (SRMs) to describe the stochastic behavior of software fault-detection processes. The fundamental idea is to apply the equilibrium distribution to the fault-detection time distribution. We study the equilibrium distribution properties in software reliability modeling and compare the resulting NHPP-based SRMs with the existing ones.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"583 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113994389","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Enhancing Automated Detection of Vulnerabilities in Java Components 增强Java组件中漏洞的自动检测
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.9
P. Parrend
{"title":"Enhancing Automated Detection of Vulnerabilities in Java Components","authors":"P. Parrend","doi":"10.1109/ARES.2009.9","DOIUrl":"https://doi.org/10.1109/ARES.2009.9","url":null,"abstract":"Java-based systems are built from components from various providers that are integrated together. Generic coding best practices are gaining momentum, but no tool is availableso far that guarantees that the interactions between these components are performed in a secure manner. We propose the 'Weak Component Analysis' (WCA) tool, which performs static analysis of the component code to identify exploitable vulnerabilities. Three types of classes can be identified in Java components, that each can be exploited through specific vulnerabilities. Internal classes which are not available for other components can be abused in an indirect manner. Shared classes which are provided by libraries can be abused through class-level vulnerabilities. Shared objects, i.e. instantiated classes, which are made available as local services in Service-oriented Programming platforms such as OSGi, Spring and Guice can be abused through object-level vulnerabilities in addition to class-level vulnerabilities.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"278 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132639136","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
An LPN-Problem-Based Lightweight Authentication Protocol for Wireless Communications 基于lpn问题的无线通信轻量级认证协议
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.33
Ya-Fen Chang, Yen-Cheng Lai
{"title":"An LPN-Problem-Based Lightweight Authentication Protocol for Wireless Communications","authors":"Ya-Fen Chang, Yen-Cheng Lai","doi":"10.1109/ARES.2009.33","DOIUrl":"https://doi.org/10.1109/ARES.2009.33","url":null,"abstract":"Radio frequency identification (RFID) is a popular technology, but some problems still need to be overcome. Hopper and Blum proposed a light-weight authentication protocol, HB protocol, which is especially suitable for devices with low computation ability such as passive RFID tags. Later, HB protocol was proven to be insecure, and Munilla and Peinado amended it by proposing HB-MP and HB-MP¢ protocols. However, only the tag is authenticated by the reader in these protocols. In this paper, we will present an enhancement of the HB-protocol family with mutual authentication to have only the legal reader obtain the legal reader's data. The proposed protocol is light-weight because only scalar dot product operation of binary vectors and XOR operation are adopted. Moreover, it is computational secure since its security is based on solving LPN problem, an NP-complete problem.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"67 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132713884","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Routing Protocol Security Using Symmetric Key Based Techniques 使用基于对称密钥技术的路由协议安全性
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.147
Bruhadeshwar Bezawada, Kishore Kothapalli, M. Poornima, M. Divya
{"title":"Routing Protocol Security Using Symmetric Key Based Techniques","authors":"Bruhadeshwar Bezawada, Kishore Kothapalli, M. Poornima, M. Divya","doi":"10.1109/ARES.2009.147","DOIUrl":"https://doi.org/10.1109/ARES.2009.147","url":null,"abstract":"In this paper, we address the security of routing protocols. Internet routing protocols are subject to attacks in the control plane as well as the data plane. In the control plane, a routing protocol, e.g., BGP, OSPF, exchanges routing state updates and enables routers to compute the best paths towards various destinations. During this phase, an attacker can modify or inject malicious control messages leading to incorrect computation of routing paths. In the data plane, the routers forward the data along the paths computed in the control plane. Even if an attacker is not successful during the control phase, he can choose not to use the correct routing paths and forward data along routes that benefit him. Research shows that, attacks on the control plane can be mitigated by ensuring message integrity and, attacks on the data plane can be mitigated by ensuring route integrity. Earlier works have addressed these two problems independently with many interesting solutions. However, due to the nature of these solutions, network architects cannot deploy security at both planes without increasing the overhead on the network. In this paper, we focus on an integrated approach and propose the use of symmetric key protocols for addressing the security at both the control and data planes. We describe approaches that enable the reuse of the symmetric key protocols thereby eliminating the need for separate solutions at different planes. We used symmetric key protocols as they are efficient and scalable. Our experimental results show that our approaches are practical and can be incrementally deployed as well.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133934154","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Detecting Stepping-Stone Connection Using Association Rule Mining 利用关联规则挖掘检测踏脚石连接
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.101
Ying-Wei Kuo, S. S. Huang
{"title":"Detecting Stepping-Stone Connection Using Association Rule Mining","authors":"Ying-Wei Kuo, S. S. Huang","doi":"10.1109/ARES.2009.101","DOIUrl":"https://doi.org/10.1109/ARES.2009.101","url":null,"abstract":"A main concern for network intrusion detection systems is the ability of an intruder to evade the detection by routing through a chain of intermediate stepping-stone hosts. The intruders have developed some evasion techniques such as injecting chaff packets or timing jitter. Such evasion techniques cause most of the previous timing-based detection algorithms to fail. In this paper, we address these issues and devise a methodology to defeat these counter measures. Our algorithm uses modified association rule mining to detect stepping-stones. It is based on finding as many matched pairs of packets as possible within the fixed length intervals and then decide whether it is a stepping-stone connection by the matched rate. This algorithm allows checking multiple connections at once and therefore greatly increasing the efficiency compared to others. We examine the selected parameters and provide different trade-offs among false rates. Our experiments report a very good performance with very high detection rate and low false detection rate when using carefully selected parameter values.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114369890","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Generalized Robust Combiners for Oblivious Transfer 遗忘迁移的广义鲁棒组合子
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.160
G. Umadevi, Sarat C. Addepalli, K. Srinathan
{"title":"Generalized Robust Combiners for Oblivious Transfer","authors":"G. Umadevi, Sarat C. Addepalli, K. Srinathan","doi":"10.1109/ARES.2009.160","DOIUrl":"https://doi.org/10.1109/ARES.2009.160","url":null,"abstract":"A robust combiner for a cryptographic primitive gives a secure implementation of the primitive when at least some of the input candidates are secure. Such constructions provide robustness against insecure implementations and incorrect assumptions underlying the candidate schemes. Robust combiners are useful tools for ensuring better security in applied cryptography. Combiners from the perspective of threshold schemes have been previously studied. However, such threshold schemes typically fail to capture all possible scenarios. In this paper, we characterize the possibility of a transparent black-box combiner for oblivious transfer (OT), given an access structure over the candidate implementations. We also propose a circuit-based framework for the construction of such combiners, and hence reduce the problem of optimal OT combiners to circuit optimization.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114711949","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Secure and Efficient Mutual Authentication Protocol for Low-Cost RFID Systems 一种安全高效的低成本RFID系统相互认证协议
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.83
George Poulopoulos, K. Markantonakis, K. Mayes
{"title":"A Secure and Efficient Mutual Authentication Protocol for Low-Cost RFID Systems","authors":"George Poulopoulos, K. Markantonakis, K. Mayes","doi":"10.1109/ARES.2009.83","DOIUrl":"https://doi.org/10.1109/ARES.2009.83","url":null,"abstract":"In this work we propose a mutual authentication protocol for RFID (Radio Frequency Identification) systems incorporating low-cost RFID tags. These tags, due to their limited computational capabilities do not incorporate advanced cryptographic primitives. As a result, there are various threats against users’ privacy and against the security of such systems. Our protocol, PMM, utilizes a hash function and a pseudorandom number generator that can be hardware implemented in a low-cost RFID tag. As we will demonstrate, our protocol offers a high level of security by preventing replay attacks, Denial-of-Service attacks, tracking attacks, tag spoofing and by offering forward security and an enhanced protection of user privacy.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117336788","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信