发布求助
文献互助 智能选刊 最新文献

2009 International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
Methodology to Align Business and IT Policies: Use Case from an IT Company 对齐业务和IT策略的方法:来自IT公司的用例
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.47
C. Feltus, Christophe Incoul, Jocelyn Aubert, B. Gâteau, André Adelsbach, Marc Camy
{"title":"Methodology to Align Business and IT Policies: Use Case from an IT Company","authors":"C. Feltus, Christophe Incoul, Jocelyn Aubert, B. Gâteau, André Adelsbach, Marc Camy","doi":"10.1109/ARES.2009.47","DOIUrl":"https://doi.org/10.1109/ARES.2009.47","url":null,"abstract":"Governance of IT is becoming more and more necessary in the current financial economic situation. One declination of that statement is the definition of corporate and IT policies. To improve that matter, the paper has for objective to propose a methodology for defining policies that are closer to the business processes, and based on the strict definition of a responsibility model that clarify all actor’s responsibility. This responsibility model is mainly defined based on the three concepts of capability, the accountability and the commitment. The methodology is illustrated and validated based on a case study conducted in an IT company.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"125 23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116948267","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Choosing Parameters to Achieve a Higher Success Rate for Hellman Time Memory Trade Off Attack 选择参数以获得更高的Hellman时间记忆权衡攻击成功率
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.140
N. Saran, A. Doganaksoy
{"title":"Choosing Parameters to Achieve a Higher Success Rate for Hellman Time Memory Trade Off Attack","authors":"N. Saran, A. Doganaksoy","doi":"10.1109/ARES.2009.140","DOIUrl":"https://doi.org/10.1109/ARES.2009.140","url":null,"abstract":"In 1980, Hellman proposed the Time Memory Trade Off (TMTO) attack and applied it on block cipher DES (Data Encryption Standard). Time Memory Trade Off attack is one of the methods that inverts a one way function. The resistance to TMTO attacks is an important criterion in the design of a modern cipher. Unlike the exhaustive search and table lookup methods, TMTO is a probabilistic method, that is, the search operation may not find a preimage even if there exists one. Up to now, there are some approximate bounds for success rates of Hellman table by Hellman and Kusuda et al. In this study, we give a more precise approximation for the coverage of a single Hellman table. There is no precise guideline in the literature that points out how to choose parameters for Hellman TMTO. We present a detailed analysis of the success rate of Hellman table via new parameters and also show how to choose parameters to achieve a higher success rate. The results are experimentally confirmed. We also discuss the Hellman's TMTO Curve.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"17 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115724888","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Multidimensional Management of Information Security – A Metrics Based Approach Merging Business and Information Security Topics 信息安全的多维管理——一种融合业务和信息安全主题的基于度量的方法
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.26
Sebastian Sowa, Roland Gabriel
{"title":"Multidimensional Management of Information Security – A Metrics Based Approach Merging Business and Information Security Topics","authors":"Sebastian Sowa, Roland Gabriel","doi":"10.1109/ARES.2009.26","DOIUrl":"https://doi.org/10.1109/ARES.2009.26","url":null,"abstract":"Currently as even more in the future, enterprises of whatever size and structure highly dependent on information and information processing technologies. A lot effort has been made for securing these assets, focusing on technical and selected organizational solutions mainly. As the rising dependability on information security comes along with an even stronger increase in the necessity to manage information security also by using a business pair of glasses, activities like communication to security stakeholders or to justify resources needed substantiate the development of models and methods to support information security management entities. A multidimensional approach able to cope with these challenges by integrating business and security topics is presented in the current paper.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114206988","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Polymorphic Worm Detection by Analyzing Maximum Length of Instruction Sequence in Network Packets 分析网络数据包中指令序列最大长度的多态蠕虫检测
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.103
K. Tatara, Y. Hori, K. Sakurai
{"title":"Polymorphic Worm Detection by Analyzing Maximum Length of Instruction Sequence in Network Packets","authors":"K. Tatara, Y. Hori, K. Sakurai","doi":"10.1109/ARES.2009.103","DOIUrl":"https://doi.org/10.1109/ARES.2009.103","url":null,"abstract":"Intrusion detection system records worm's signature, and detects the attack that lurks in traffic based on it. However, to detect the worm that corrects, and changes some oneself, a highly accurate detection technique for distinguishing the code that seems to be the worm included in traffic is requested. In this paper, we pay attention to the Toth et al.'s method to extract the executable codeincluded in the data flows on the network and detect the attack by measuring the length of them. Then, we describe the problem of their method and how to solve it.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114692703","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
The Accountability Problem of Flooding Attacks in Service-Oriented Architectures 面向服务架构中泛洪攻击的责任问题
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.11
Meiko Jensen, Jörg Schwenk
{"title":"The Accountability Problem of Flooding Attacks in Service-Oriented Architectures","authors":"Meiko Jensen, Jörg Schwenk","doi":"10.1109/ARES.2009.11","DOIUrl":"https://doi.org/10.1109/ARES.2009.11","url":null,"abstract":"The threat of Denial of Service attacks poses a serious problem to the security of network-based services in general. For flooding attacks against service-oriented applications, this threat is dramatically amplified with potentially much higher impact and very little effort on the attacker's side. Additionally, due to the high distribution of a SOA application's components, fending such attacks becomes a far more complex task.In this paper, we present the problem of accountability, referring to the issue of resolving the attacker in a highly distributed service-oriented application. Using a general flooding attack model, we illustrate the problem's parameters, and we finally discuss some general solution approaches.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127380857","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
A Mobile Ambients-Based Approach for Network Attack Modelling and Simulation 基于移动环境的网络攻击建模与仿真方法
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.125
V. N. Franqueira, P. V. Eck, R. Wieringa, R. Lopes
{"title":"A Mobile Ambients-Based Approach for Network Attack Modelling and Simulation","authors":"V. N. Franqueira, P. V. Eck, R. Wieringa, R. Lopes","doi":"10.1109/ARES.2009.125","DOIUrl":"https://doi.org/10.1109/ARES.2009.125","url":null,"abstract":"Attack Graphs are an important support for assessment and subsequent improvement of network security. They reveal possible paths an attacker can take to break through security perimeters and traverse a network to reach valuable assets deep inside the network. Although scalability is no longer the main issue, Attack Graphs still have some problems that make them less useful in practice. First, Attack Graphs remain difficult to relate to the network topology. Second, Attack Graphs traditionally only consider the exploitation of vulnerable hosts. Third, Attack Graphs do not rely on automatic identification of potential attack targets. We address these gaps in our MsAMS (Multi-step Attack Modelling and Simulation) tool, based on Mobile Ambients. The tool not only allows the modelling of more static aspects of the network, such as the network topology, but also the dynamics of network attacks. In addition to Mobile Ambients, we use the PageRank algorithm to determine targets and hub scores produced by the HITS (Hypertext Induced Topic Search) algorithm to guide the simulation of an attacker searching for targets.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122031169","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
On the Security of Untrusted Memory 关于不可信内存的安全性
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.7
Jörn-Marc Schmidt, S. Tillich
{"title":"On the Security of Untrusted Memory","authors":"Jörn-Marc Schmidt, S. Tillich","doi":"10.1109/ARES.2009.7","DOIUrl":"https://doi.org/10.1109/ARES.2009.7","url":null,"abstract":"Embedded systems can be used in versatile applications. At the same time, more and more functionality is demanded from these systems, which necessitates an increase in the size of program and data memory. Thus, an external chip providing additional memory can be added to the microcontroller, which is the system's core component. However, the connection between microcontroller chip and external memory is an easy target for an attacker. A small alteration in an external program memory can already lead to a radical change in the overall behavior of the embedded system. In security-related applications, such a change in behavior can result in potentially catastrophic consequences. Although there have been proposals for schemes to protect certain aspects of the use of external memories, none provides a comprehensive analysis of potential threats and respective countermeasures. Therefore, we propose a new scheme to detect all manipulations of data in the external memory as well as to prevent an adversary from learning potentially compromising information about the program running inside the microcontroller. Although our scheme entails a non-negligible overhead in terms of processing effort and memory, it is, to the best of our knowledge, the first to provide a practical, uniform and coherent protection for external memory.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128052204","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
An Inclusive Information Society Needs a Global Approach of Information Security 包容的信息社会需要全球性的信息安全策略
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.127
S. Ghernaouti-Helie
{"title":"An Inclusive Information Society Needs a Global Approach of Information Security","authors":"S. Ghernaouti-Helie","doi":"10.1109/ARES.2009.127","DOIUrl":"https://doi.org/10.1109/ARES.2009.127","url":null,"abstract":"The information economy and the information society heavily depend on information security. Developing an inclusive and reliable information society should avoid any infrastructure or security divides. To master information related risks and cyberthreats, and to bring effective information security solutions to the end-users, a global and interdisciplinary approach is required. This paper considers information security issues in a holistic way, putting the individual and the question of responsibility at the core of the debate. It also points out main stakes and challenges that governments have to face when developing a national cybersecurity policy, curriculum and culture in regards of local and international needs.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123428623","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
A Reconfigurable-Permutation Algorithm for M_S-Box M_S-Box的可重构置换算法
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.70
Hiroshi Kudou, S. Nakayama, A. Watanabe, T. Nagase, Y. Yoshioka
{"title":"A Reconfigurable-Permutation Algorithm for M_S-Box","authors":"Hiroshi Kudou, S. Nakayama, A. Watanabe, T. Nagase, Y. Yoshioka","doi":"10.1109/ARES.2009.70","DOIUrl":"https://doi.org/10.1109/ARES.2009.70","url":null,"abstract":"The developments of differential and linear cryptanalysis methods were capable to breach the security of the DES cipher. Accordingly, the National Institute of Standards and Technology (NIST) issued a new standard named Advanced Encryption Standard (AES) which had SPN (Substitution Permutation Network) structure as a new next generation code standard method as a replacement for DES. However, this method has also found a hole in the security level of the AES, especially in the AES’s S-box. This paper proposes a new mutable nonlinear transformation algorithm for AES S-box to enhance the complexity of the S-Box's structure called M_S-box that effectively provides an optimal degree of resistance against differential cryptanalysis and especially the linear cryptanalysis. The structure of the AES S-box has been expanded and modified to be congruent with the proposed algorithm and to obtain good nonlinearity of the S-box. The Cryptanalysis of the model is based on the maximum average differential probability (MADP) and maximum average linear hull probability (MALHP). The results show that proposed model significantly improves MADP and MALHP. Furthermore, the results that have been obtained exhibit good enough confusions to achieve high security level.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123830365","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
A Knowledge Management Approach to Support a Secure Software Development 支持安全软件开发的知识管理方法
2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI: 10.1109/ARES.2009.155
F. Nunes, A. D. Belchior, A. Albuquerque
{"title":"A Knowledge Management Approach to Support a Secure Software Development","authors":"F. Nunes, A. D. Belchior, A. Albuquerque","doi":"10.1109/ARES.2009.155","DOIUrl":"https://doi.org/10.1109/ARES.2009.155","url":null,"abstract":"Organizations that want to increase their profits from reliable and secure software product need to invest in software security approaches. However, secure software is not easily achieved and the actual scenario is that investments in software development process improvement do not assure software that resist from attacks or do not present security vulnerabilities. The PSSS (Process to Support Software Security) may help obtaining secure software as it proposes security activities to be integrated into software development life cycles. This paper resumes the application of the PSSS and proposes the support of a knowledge management environment based, specially, on security inspections of the artifacts generated during the processes execution. It also proposes a checklist to security inspections on the software requirements. This will improve how the security aspects are being considered during the development of secure software and will help to establish the security as an important discipline on the organizational culture.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131513703","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信